Service

Description

CSPs

Accessed (see section 6

 

 

below for complete description of

 

 

CSPs)

 

 

 

 

 

Creation/use of secure

The module supports use of

IKE Preshared Secret

management session between

IPSec for securing the

DH Private Key

module and CO

management channel.

 

 

 

 

DH Public Key

 

 

IPSec session encryption

 

 

 

keys

 

 

IPSec session

 

 

 

authentication keys

 

 

RSA key pair

 

 

 

 

Creation/use of secure mesh

The module requires secure

WPA2-PSK

channel

connections between mesh points

802.11i PMK

 

using 802.11i

 

 

 

 

 

802.11i PTK

 

 

802.11i EAPOL MIC

 

 

 

Key

 

 

802.11i EAPOL

 

 

 

Encryption Key

 

 

802.11i AES-CCM key

 

 

802.11i GMK

 

 

802.11i GTK

 

 

802.11i AES-CCM key

 

 

 

System Status

CO may view system status

See creation/use of secure

 

information through the secured

management session above.

 

management channel

 

 

 

 

 

 

4.2.2 User Services

The User services defined in Remote AP FIPS mode and CPSec protected AP FIPS mode shares the same services with the Crypto Officer role, please refer to Section 4.2.1, “Crypto Officer Services”. The following services are provided for the User role defined in Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode.

Service

Generation and use of 802.11i cryptographic keys

Description

When the module is in mesh configuration, the inter-module mesh links are secured with 802.11i.

CSPs Accessed (see section 6 below for complete description of CSPs)

802.11i PMK

802.11i PTK

802.11i EAPOL MIC Key

802.11i EAPOL Encryption Key

27

Page 27
Image 27
Aruba Networks FIPS 140-2 manual User Services, Service Description CSPs