Dell AP-135, AP-134, W-AP135, W-AP134 manual Gmk, Gtk

Page 33

			STORAGE
CSP	CSP TYPE	GENERATION	And	USE
			ZEROIZATI
			ON

802.11i Group Master Key	256-bit	Generated from approved	Stored in	Used to derive
(GMK)	secret used	RNG	plaintext in	Group
	to derive		volatile	Transient Key
	GTK		memory;	(GTK)
			zeroized on
			reboot

802.11i Group Transient	256-bit	Internally derived by AP	Stored in	Used to derive
Key (GTK)	shared secret	which assumes	plaintext in	multicast
	used to	“authenticator” role in	volatile	cryptographic
	derive group	handshake	memory;	keys
	(multicast)		zeroized on
	encryption		reboot
	and integrity
	keys

802.11i Group AES-CCM	128-bit	Derived from 802.11	Stored in	Used to protect
Data Encryption/MIC Key	AES-CCM	group key handshake	plaintext in	multicast
	key derived		volatile	message
	from GTK		memory;	confidentiality
			zeroized on	and integrity
			reboot	(AES-CCM)

RSA private Key	1024/2048-	Generated on the AP	Stored in and	Used for
	bit RSA	(remains in AP at all	protected by	IKEv1/IKEv2
	private key	times)	AP’s non-	authentication
			volatile	when AP is
			memory.	authenticating
			zeroized by the	using
			‘ap wipe out	certificate
			flash’	based
			command	authentication

33

Image 33

Contents Fips 140-2 Non-Proprietary Security Policy Page Security Levels Physical Security Aruba Dell Relationship Acronyms and AbbreviationsModes of Operation Operational Environment Logical InterfacesServices Aruba Dell Relationship IntroductionAcronyms and Abbreviations CPSecSHA AP-134 Product OverviewPhysical Description Aruba Part Number Dell Corresponding Part NumberPWR AP-134 Indicator LEDs Label Function Action StatusENET0 ENET1AP-135 AP-135 Indicator LEDs Label Function Action Status Security Levels Module ObjectivesPhysical Security Applying TELsAP-134 Front view 2 AP-134 TEL PlacementAP-134 Top View 3 AP-135 TEL PlacementAP-135 Front view AP-135 Top view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interface Module Physical Interface Logical InterfacesRoles, Authentication and Services Crypto Officer AuthenticationRoles Wireless Client Authentication User AuthenticationStrength of Authentication Mechanisms Authentication Mechanism StrengthWPA2-PSK Crypto Officer Services ServicesWPA2 PSK KEKPMK User ServicesPTK Eapol MICUnauthenticated Services Wireless Client Services∙ FTP ∙ Tftp ∙ NTP Non-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG AES-CCM PSKGTK GMKSelf Tests For an AES Atheros hardware Post failure