Aruba Networks FIPS 140-2 manual Gmk, Gtk

Page 34

 

 

 

STORAGE

 

CSP

CSP TYPE

GENERATION

And

USE

 

 

 

ZEROIZATI

 

 

 

 

ON

 

 

 

 

 

 

802.11i Group Master Key

256-bit

Generated from approved

Stored in

Used to derive

(GMK)

secret used

RNG

plaintext in

Group

 

to derive

 

volatile

Transient Key

 

GTK

 

memory;

(GTK)

 

 

 

zeroized on

 

 

 

 

reboot

 

 

 

 

 

 

802.11i Group Transient

256-bit

Internally derived by AP

Stored in

Used to derive

Key (GTK)

shared secret

which assumes

plaintext in

multicast

 

used to

“authenticator” role in

volatile

cryptographic

 

derive group

handshake

memory;

keys

 

(multicast)

 

zeroized on

 

 

encryption

 

reboot

 

 

and integrity

 

 

 

 

keys

 

 

 

 

 

 

 

 

802.11i Group AES-CCM

128-bit

Derived from 802.11

Stored in

Used to protect

Data Encryption/MIC Key

AES-CCM

group key handshake

plaintext in

multicast

 

key derived

 

volatile

message

 

from GTK

 

memory;

confidentiality

 

 

 

zeroized on

and integrity

 

 

 

reboot

(AES-CCM)

 

 

 

 

 

RSA private Key

1024/2048-

Generated on the AP

Stored in and

Used for

 

bit RSA

(remains in AP at all

protected by

IKEv1/IKEv2

 

private key

times)

AP’s non-

authentication

 

 

 

volatile

when AP is

 

 

 

memory.

authenticating

 

 

 

zeroized by the

using

 

 

 

‘ap wipe out

certificate

 

 

 

flash’

based

 

 

 

command

authentication

 

 

 

 

 

34

Page 33 Page 35
Image 34
Page 33 Page 35
Contents Fips 140-2 Non-Proprietary Security Policy Page Aruba AP-120 Series ServicesAruba Dell Relationship Acronyms and Abbreviations Security Levels Physical SecurityPage Acronyms and Abbreviations IntroductionAruba Dell Relationship GHzLAN Physical Description Product OverviewAruba AP-120 Series Aruba Part Number Dell Corresponding Part NumberPWR Indicator LEDs Label Function Action StatusEnet Label Function Action Status Physical Security Module ObjectivesSecurity Levels Applying TELsAruba AP-124 TEL Placement AP-124 Front viewAP-124 Back view Aruba AP-125 TEL Placement AP-124 Bottom viewAP-125 Front view AP-125 Right view Inspection/Testing of Physical Security Mechanisms AP-125 Bottom viewConfiguring Remote AP Fips Mode Modes of OperationEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Verify that the module is in Fips mode Operational EnvironmentLogical Interfaces Fips 140-2 Logical Interfaces Module Physical InterfaceCrypto Officer Authentication Roles, Authentication and ServicesRoles Strength of Authentication Mechanisms User AuthenticationWireless Client Authentication Authentication Mechanism StrengthWPA2-PSK Service Description CSPs Accessed see section ServicesCrypto Officer Services WPA2 PSKService Description CSPs User ServicesService Wireless Client Services Unauthenticated Services ∙ FTP ∙ Tftp ∙ NTPCryptographic Algorithms Non-FIPS Approved AlgorithmsCritical Security Parameters HmacRNG PTK PSKAES-CCM GMK GTKSelf Tests For an AES Cavium hardware Post failure
Top Page Image Contents