6 | Critical Security Parameters |
|
| ||
The following Critical Security Parameters (CSPs) are used by the module: |
| ||||
|
|
|
|
|
|
|
|
|
| STORAGE |
|
| CSP | CSP TYPE | GENERATION | And | USE |
|
|
|
| ZEROIZATI |
|
|
|
|
| ON |
|
|
|
|
|
|
|
Key | Encryption Key | Stored in flash, | Encrypts | ||
(KEK) |
| zeroized by the | IKEv1/IKEv2 | ||
|
|
|
| ‘ap wipe out | preshared keys |
|
|
|
| flash’ | and |
|
|
|
| command. | configuration |
|
|
|
|
| parameters |
|
|
|
|
| |
IKEv1/IKEv2 | 64 character | CO configured | Encrypted in | Module and | |
secret | preshared |
| flash using the | crypto officer | |
|
| key |
| KEK; zeroized | authentication |
|
|
|
| by updating | during |
|
|
|
| through | IKEv1/IKEv2; |
|
|
|
| administrative | entered into |
|
|
|
| interface, or by | the module in |
|
|
|
| the ‘ap wipe | plaintext |
|
|
|
| out flash’ | during |
|
|
|
| command. | initialization |
|
|
|
|
| and encrypted |
|
|
|
|
| over the IPSec |
|
|
|
|
| session |
|
|
|
|
| subsequently. |
|
|
|
|
| |
IPSec session encryption | Established during | Stored in | Secure IPSec | ||
keys |
| plaintext in | traffic | ||
|
| or | agreement | volatile |
|
|
| 128/192/256 |
| memory; |
|
|
| bit AES |
| zeroized when |
|
|
| keys; |
| session is |
|
|
|
|
| closed or |
|
|
|
|
| system powers |
|
|
|
|
| off |
|
|
|
|
|
| |
IPSec session | HMAC | Established during | Stored in | Secure IPSec | |
authentication keys | plaintext in | traffic | |||
|
|
| agreement | volatile |
|
|
|
|
| memory; |
|
|
|
|
| zeroized when |
|
|
|
|
| session is |
|
|
|
|
| closed or |
|
|
|
|
| system powers |
|
|
|
|
| off |
|
|
|
|
|
|
|
30