Psk, Ptk, Aes-Ccm | Aruba Networks FIPS 140-2 specs

			STORAGE
CSP	CSP TYPE	GENERATION	And	USE
			ZEROIZATI
			ON

WPA2 PSK	16-64	CO configured	Encrypted in	Used to derive
	character		flash using the	the PMK for
	shared secret		KEK; zeroized	802.11i mesh
	used to		by updating	connections
	authenticate		through	between APs
	mesh		administrative	and in
	connections		interface, or by	advanced
	and in		the ‘ap wipe	Remote AP
	remote AP		out flash’	connections;
	advanced		command.	programmed
	configuration			into AP by the
				controller over
				the IPSec
				session.

802.11i Pairwise Master	512-bit		In volatile	Used to derive
Key (PMK)	shared secret	Derived from WPA2	memory only;	802.11i
	used to	Derived from WPA2	zeroized on	Pairwise
	used to	PSK	zeroized on	Pairwise
	derive	PSK	reboot	Transient Key
	derive		reboot	Transient Key
	802.11i			(PTK)
	session keys

802.11i Pairwise Transient	512-bit	Derived during 802.11i	In volatile	All session
Key (PTK)	shared secret	4-way handshake	memory only;	encryption/dec
	from which		zeroized on	ryption keys
	Temporal		reboot	are derived
	Keys (TKs)			from the PTK
	are derived

802.11i	128-bit	Derived from PTK	In volatile	Used for
EAPOL MIC Key	shared secret		memory only;	integrity
EAPOL MIC Key	used to		zeroized on	validation in 4-
	used to		zeroized on	validation in 4-
	protect 4-		reboot	way
	way (key)			handshake
	handshake

802.11i EAPOL Encr Key	128-bit	Derived from PTK	In volatile	Used for
	shared secret		memory only;	confidentiality
	used to		zeroized on	in 4-way
	protect 4-		reboot	handshake
	way
	handshakes

802.11i data AES-CCM	128-bit AES-	Derived from PTK	Stored in	Used for
encryption/MIC key	CCM key		plaintext in	802.11i packet
			volatile	encryption and
			memory;	integrity
			zeroized on	verification
			reboot	(this is the
				CCMP or
				AES-CCM
				key)

Aruba Networks FIPS 140-2 manual Psk, Ptk, Aes-Ccm

Models: FIPS 140-2

STORAGE

WPA2 PSK

PSK

(PTK)

AES-CCM