Dell W-AP135, AP-134, AP-135, W-AP134 manual Critical Security Parameters, Hmac

Page 30

6

Critical Security Parameters

 

 

The following Critical Security Parameters (CSPs) are used by the module:

 

 

 

 

 

 

 

 

 

 

 

STORAGE

 

 

CSP

CSP TYPE

GENERATION

And

USE

 

 

 

 

ZEROIZATI

 

 

 

 

 

ON

 

 

 

 

 

 

 

Key

Encryption Key

Triple-DES

Hard-coded

Stored in flash,

Encrypts

(KEK)

168-bits key

 

zeroized by the

IKEv1/IKEv2

 

 

 

 

‘ap wipe out

preshared keys

 

 

 

 

flash’

and

 

 

 

 

command.

configuration

 

 

 

 

 

parameters

 

 

 

 

 

IKEv1/IKEv2 Pre-shared

64 character

CO configured

Encrypted in

Module and

secret

preshared

 

flash using the

crypto officer

 

 

key

 

KEK; zeroized

authentication

 

 

 

 

by updating

during

 

 

 

 

through

IKEv1/IKEv2;

 

 

 

 

administrative

entered into

 

 

 

 

interface, or by

the module in

 

 

 

 

the ‘ap wipe

plaintext

 

 

 

 

out flash’

during

 

 

 

 

command.

initialization

 

 

 

 

 

and encrypted

 

 

 

 

 

over the IPSec

 

 

 

 

 

session

 

 

 

 

 

subsequently.

 

 

 

 

 

IPSec session encryption

168-bit

Established during

Stored in

Secure IPSec

keys

 

Triple-DES,

Diffie-Hellman key

plaintext in

traffic

 

 

or

agreement

volatile

 

 

 

128/192/256

 

memory;

 

 

 

bit AES

 

zeroized when

 

 

 

keys;

 

session is

 

 

 

 

 

closed or

 

 

 

 

 

system powers

 

 

 

 

 

off

 

 

 

 

 

 

IPSec session

HMAC

Established during

Stored in

Secure IPSec

authentication keys

SHA-1 keys

Diffie-Hellman key

plaintext in

traffic

 

 

 

agreement

volatile

 

 

 

 

 

memory;

 

 

 

 

 

zeroized when

 

 

 

 

 

session is

 

 

 

 

 

closed or

 

 

 

 

 

system powers

 

 

 

 

 

off

 

 

 

 

 

 

 

30

Page 29 Page 31
Image 30
Page 29 Page 31
Contents Fips 140-2 Non-Proprietary Security Policy Page Modes of Operation Aruba Dell Relationship Acronyms and AbbreviationsSecurity Levels Physical Security Operational Environment Logical InterfacesServices Acronyms and Abbreviations IntroductionAruba Dell Relationship CPSecSHA Physical Description Product OverviewAP-134 Aruba Part Number Dell Corresponding Part NumberENET0 AP-134 Indicator LEDs Label Function Action StatusPWR ENET1AP-135 AP-135 Indicator LEDs Label Function Action Status Physical Security Module ObjectivesSecurity Levels Applying TELs2 AP-134 TEL Placement AP-134 Front view3 AP-135 TEL Placement AP-134 Top ViewAP-135 Front view Inspection/Testing of Physical Security Mechanisms AP-135 Top viewConfiguring Remote AP Fips Mode Modes of OperationEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Verify that the module is in Fips mode Operational EnvironmentLogical Interfaces Fips 140-2 Logical Interface Module Physical InterfaceRoles, Authentication and Services Crypto Officer AuthenticationRoles Strength of Authentication Mechanisms User AuthenticationWireless Client Authentication Authentication Mechanism StrengthWPA2-PSK WPA2 PSK ServicesCrypto Officer Services KEKPTK User ServicesPMK Eapol MICWireless Client Services Unauthenticated Services∙ FTP ∙ Tftp ∙ NTP Cryptographic Algorithms Non-FIPS Approved AlgorithmsCritical Security Parameters HmacRNG PSK AES-CCMGMK GTKSelf Tests For an AES Atheros hardware Post failure
Top Page Image Contents