Aruba Networks FIPS 140-2 manual Critical Security Parameters, Hmac

Page 31

6Critical Security Parameters

The following Critical Security Parameters (CSPs) are used by the module:

 

 

 

STORAGE

 

CSP

CSP TYPE

GENERATION

And

USE

 

 

 

ZEROIZATI

 

 

 

 

ON

 

 

 

 

 

 

Key Encryption Key

Triple-DES

Hard-coded

Stored in flash,

Encrypts

(KEK)

168-bits key

 

zeroized by the

IKEv1/IKEv2

 

 

 

‘ap wipe out

preshared keys

 

 

 

flash’

and

 

 

 

command.

configuration

 

 

 

 

parameters

 

 

 

 

 

IKEv1/IKEv2 Pre-shared

64 character

CO configured

Encrypted in

Module and

secret

preshared

 

flash using the

crypto officer

 

key

 

KEK; zeroized

authentication

 

 

 

by updating

during

 

 

 

through

IKEv1/IKEv2;

 

 

 

administrative

entered into

 

 

 

interface, or by

the module in

 

 

 

the ‘ap wipe

plaintext

 

 

 

out flash’

during

 

 

 

command.

initialization

 

 

 

 

and encrypted

 

 

 

 

over the IPSec

 

 

 

 

session

 

 

 

 

subsequently.

 

 

 

 

 

IPSec session encryption

168-bit

Established during

Stored in

Secure IPSec

keys

Triple-DES,

Diffie-Hellman key

plaintext in

traffic

 

or

agreement

volatile

 

 

128/192/256

 

memory;

 

 

bit AES

 

zeroized when

 

 

keys;

 

session is

 

 

 

 

closed or

 

 

 

 

system powers

 

 

 

 

off

 

 

 

 

 

 

IPSec session

HMAC

Established during

Stored in

Secure IPSec

authentication keys

SHA-1 keys

Diffie-Hellman key

plaintext in

traffic

 

 

agreement

volatile

 

 

 

 

memory;

 

 

 

 

zeroized when

 

 

 

 

session is

 

 

 

 

closed or

 

 

 

 

system powers

 

 

 

 

off

 

 

 

 

 

 

31

Page 30 Page 32
Image 31
Page 30 Page 32
Contents Fips 140-2 Non-Proprietary Security Policy Page Security Levels Physical Security ServicesAruba Dell Relationship Acronyms and Abbreviations Aruba AP-120 SeriesPage GHz IntroductionAruba Dell Relationship Acronyms and AbbreviationsLAN Aruba Part Number Dell Corresponding Part Number Product OverviewAruba AP-120 Series Physical DescriptionPWR Indicator LEDs Label Function Action StatusEnet Label Function Action Status Applying TELs Module ObjectivesSecurity Levels Physical SecurityAP-124 Front view Aruba AP-124 TEL PlacementAP-124 Back view AP-124 Bottom view Aruba AP-125 TEL PlacementAP-125 Front view AP-125 Right view AP-125 Bottom view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interfaces Module Physical Interface Logical InterfacesCrypto Officer Authentication Roles, Authentication and ServicesRoles Authentication Mechanism Strength User AuthenticationWireless Client Authentication Strength of Authentication MechanismsWPA2-PSK WPA2 PSK ServicesCrypto Officer Services Service Description CSPs Accessed see sectionService Description CSPs User ServicesService Wireless Client Services ∙ FTP ∙ Tftp ∙ NTP Unauthenticated ServicesNon-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG PTK PSKAES-CCM GTK GMKSelf Tests For an AES Cavium hardware Post failure
Top Page Image Contents