30
6 Critical Security Parameters
The following Critical Security Parameters (CSPs) are used by the module:
CSP
CSP TYPE
GENERATION
STORAGE
And
ZEROIZATI
ON
USE
Key Encryption Key
(KEK)
Triple-DES
168-bits key
Hard-coded
Stored in flash,
zeroized by the
‘ap wipe out
flash’
command.
Encrypts
IKEv1/IKEv2
preshared keys
and
configuration
parameters
IKEv1/IKEv2 Pre-shared
secret
64 character
preshared
key
CO configured
Encrypted in
flash using the
KEK; zeroized
by updating
through
administrative
interface, or by
the ‘ap wipe
out flash’
command.
Module and
crypto officer
authentication
during
IKEv1/IKEv2;
entered into
the module in
plaintext
during
initialization
and encrypted
over the IPSec
session
subsequently.
IPSec session encryption
keys
168-bit
Triple-DES,
or
128/192/256
bit AES
keys;
Established during
Diffie-Hellman key
agreement
Stored in
plaintext in
volatile
memory;
zeroized when
session is
closed or
system powers
off
Secure IPSec
traffic
IPSec session
authentication keys
HMAC
SHA-1 keys
Established during
Diffie-Hellman key
agreement
Stored in
plaintext in
volatile
memory;
zeroized when
session is
closed or
system powers
off
Secure IPSec
traffic