Manuals / Aruba Networks / Computer Equipment / Network Router

Aruba Networks FIPS 140-2 manual Critical Security Parameters, Hmac

Models: FIPS 140-2

1 36

Download 36 pages 13.37 Kb

Page 31

6Critical Security Parameters

The following Critical Security Parameters (CSPs) are used by the module:

			STORAGE
CSP	CSP TYPE	GENERATION	And	USE
			ZEROIZATI
			ON

Key Encryption Key	Triple-DES	Hard-coded	Stored in flash,	Encrypts
(KEK)	168-bits key		zeroized by the	IKEv1/IKEv2
			‘ap wipe out	preshared keys
			flash’	and
			command.	configuration
				parameters

IKEv1/IKEv2 Pre-shared	64 character	CO configured	Encrypted in	Module and
secret	preshared		flash using the	crypto officer
	key		KEK; zeroized	authentication
			by updating	during
			through	IKEv1/IKEv2;
			administrative	entered into
			interface, or by	the module in
			the ‘ap wipe	plaintext
			out flash’	during
			command.	initialization
				and encrypted
				over the IPSec
				session
				subsequently.

IPSec session encryption	168-bit	Established during	Stored in	Secure IPSec
keys	Triple-DES,	Diffie-Hellman key	plaintext in	traffic
	or	agreement	volatile
	128/192/256		memory;
	bit AES		zeroized when
	keys;		session is
			closed or
			system powers
			off

IPSec session	HMAC	Established during	Stored in	Secure IPSec
authentication keys	SHA-1 keys	Diffie-Hellman key	plaintext in	traffic
		agreement	volatile
			memory;
			zeroized when
			session is
			closed or
			system powers
			off

31

Image 31

Aruba Networks FIPS 140-2 manual Critical Security Parameters, Hmac

Contents

Fips 140-2 Non-Proprietary Security Policy Page Security Levels Physical Security ServicesAruba Dell Relationship Acronyms and Abbreviations Aruba AP-120 SeriesPage GHz IntroductionAruba Dell Relationship Acronyms and AbbreviationsLAN Aruba Part Number Dell Corresponding Part Number Product OverviewAruba AP-120 Series Physical DescriptionPWR Indicator LEDs Label Function Action StatusEnet Label Function Action Status Applying TELs Module ObjectivesSecurity Levels Physical SecurityAP-124 Front view Aruba AP-124 TEL PlacementAP-124 Back view AP-124 Bottom view Aruba AP-125 TEL PlacementAP-125 Front view AP-125 Right view AP-125 Bottom view Inspection/Testing of Physical Security MechanismsModes of Operation Configuring Remote AP Fips ModeEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Operational Environment Verify that the module is in Fips modeFips 140-2 Logical Interfaces Module Physical Interface Logical InterfacesCrypto Officer Authentication Roles, Authentication and ServicesRoles Authentication Mechanism Strength User AuthenticationWireless Client Authentication Strength of Authentication MechanismsWPA2-PSK WPA2 PSK ServicesCrypto Officer Services Service Description CSPs Accessed see sectionService Description CSPs User ServicesService Wireless Client Services ∙ FTP ∙ Tftp ∙ NTP Unauthenticated ServicesNon-FIPS Approved Algorithms Cryptographic AlgorithmsHmac Critical Security ParametersRNG PTK PSKAES-CCM GTK GMKSelf Tests For an AES Cavium hardware Post failure