Aruba Networks FIPS 140-2 manual User Services, Service Description CSPs

Page 27

Service

Description

CSPs

Accessed (see section 6

 

 

below for complete description of

 

 

CSPs)

 

 

 

 

 

Creation/use of secure

The module supports use of

IKE Preshared Secret

management session between

IPSec for securing the

DH Private Key

module and CO

management channel.

 

 

 

 

DH Public Key

 

 

IPSec session encryption

 

 

 

keys

 

 

IPSec session

 

 

 

authentication keys

 

 

RSA key pair

 

 

 

 

Creation/use of secure mesh

The module requires secure

WPA2-PSK

channel

connections between mesh points

802.11i PMK

 

using 802.11i

 

 

 

 

 

802.11i PTK

 

 

802.11i EAPOL MIC

 

 

 

Key

 

 

802.11i EAPOL

 

 

 

Encryption Key

 

 

802.11i AES-CCM key

 

 

802.11i GMK

 

 

802.11i GTK

 

 

802.11i AES-CCM key

 

 

 

System Status

CO may view system status

See creation/use of secure

 

information through the secured

management session above.

 

management channel

 

 

 

 

 

 

4.2.2 User Services

The User services defined in Remote AP FIPS mode and CPSec protected AP FIPS mode shares the same services with the Crypto Officer role, please refer to Section 4.2.1, “Crypto Officer Services”. The following services are provided for the User role defined in Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode.

Service

Generation and use of 802.11i cryptographic keys

Description

When the module is in mesh configuration, the inter-module mesh links are secured with 802.11i.

CSPs Accessed (see section 6 below for complete description of CSPs)

802.11i PMK

802.11i PTK

802.11i EAPOL MIC Key

802.11i EAPOL Encryption Key

27

Page 26 Page 28
Image 27
Page 26 Page 28
Contents Fips 140-2 Non-Proprietary Security Policy Page Security Levels Physical Security ServicesAruba Dell Relationship Acronyms and Abbreviations Aruba AP-120 SeriesPage GHz IntroductionAruba Dell Relationship Acronyms and AbbreviationsLAN Aruba Part Number Dell Corresponding Part Number Product OverviewAruba AP-120 Series Physical DescriptionIndicator LEDs Label Function Action Status PWREnet Label Function Action Status Applying TELs Module ObjectivesSecurity Levels Physical SecurityAP-124 Front view Aruba AP-124 TEL PlacementAP-124 Back view AP-124 Bottom view Aruba AP-125 TEL PlacementAP-125 Front view AP-125 Right view AP-125 Bottom view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interfaces Module Physical Interface Logical InterfacesRoles, Authentication and Services Crypto Officer AuthenticationRoles Authentication Mechanism Strength User AuthenticationWireless Client Authentication Strength of Authentication MechanismsWPA2-PSK WPA2 PSK ServicesCrypto Officer Services Service Description CSPs Accessed see sectionUser Services Service Description CSPsService Wireless Client Services ∙ FTP ∙ Tftp ∙ NTP Unauthenticated ServicesNon-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG PSK PTKAES-CCM GTK GMKSelf Tests For an AES Cavium hardware Post failure
Top Page Image Contents