Dell AP-135, AP-134, W-AP135, W-AP134 manual Gmk, Gtk

Page 33

 

 

 

STORAGE

 

CSP

CSP TYPE

GENERATION

And

USE

 

 

 

ZEROIZATI

 

 

 

 

ON

 

 

 

 

 

 

802.11i Group Master Key

256-bit

Generated from approved

Stored in

Used to derive

(GMK)

secret used

RNG

plaintext in

Group

 

to derive

 

volatile

Transient Key

 

GTK

 

memory;

(GTK)

 

 

 

zeroized on

 

 

 

 

reboot

 

 

 

 

 

 

802.11i Group Transient

256-bit

Internally derived by AP

Stored in

Used to derive

Key (GTK)

shared secret

which assumes

plaintext in

multicast

 

used to

“authenticator” role in

volatile

cryptographic

 

derive group

handshake

memory;

keys

 

(multicast)

 

zeroized on

 

 

encryption

 

reboot

 

 

and integrity

 

 

 

 

keys

 

 

 

 

 

 

 

 

802.11i Group AES-CCM

128-bit

Derived from 802.11

Stored in

Used to protect

Data Encryption/MIC Key

AES-CCM

group key handshake

plaintext in

multicast

 

key derived

 

volatile

message

 

from GTK

 

memory;

confidentiality

 

 

 

zeroized on

and integrity

 

 

 

reboot

(AES-CCM)

 

 

 

 

 

RSA private Key

1024/2048-

Generated on the AP

Stored in and

Used for

 

bit RSA

(remains in AP at all

protected by

IKEv1/IKEv2

 

private key

times)

AP’s non-

authentication

 

 

 

volatile

when AP is

 

 

 

memory.

authenticating

 

 

 

zeroized by the

using

 

 

 

‘ap wipe out

certificate

 

 

 

flash’

based

 

 

 

command

authentication

 

 

 

 

 

33

Image 33
Contents Fips 140-2 Non-Proprietary Security Policy Page Security Levels Physical Security Aruba Dell Relationship Acronyms and AbbreviationsModes of Operation Operational Environment Logical InterfacesServices Aruba Dell Relationship IntroductionAcronyms and Abbreviations CPSecSHA AP-134 Product OverviewPhysical Description Aruba Part Number Dell Corresponding Part NumberPWR AP-134 Indicator LEDs Label Function Action StatusENET0 ENET1AP-135 AP-135 Indicator LEDs Label Function Action Status Security Levels Module ObjectivesPhysical Security Applying TELsAP-134 Front view 2 AP-134 TEL PlacementAP-134 Top View 3 AP-135 TEL PlacementAP-135 Front view AP-135 Top view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interface Module Physical Interface Logical InterfacesRoles, Authentication and Services Crypto Officer AuthenticationRoles Wireless Client Authentication User AuthenticationStrength of Authentication Mechanisms Authentication Mechanism StrengthWPA2-PSK Crypto Officer Services ServicesWPA2 PSK KEKPMK User ServicesPTK Eapol MICUnauthenticated Services Wireless Client Services∙ FTP ∙ Tftp ∙ NTP Non-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG AES-CCM PSKGTK GMKSelf Tests For an AES Atheros hardware Post failure