6

Critical Security Parameters

 

 

The following Critical Security Parameters (CSPs) are used by the module:

 

 

 

 

 

 

 

 

 

 

 

STORAGE

 

 

CSP

CSP TYPE

GENERATION

And

USE

 

 

 

 

ZEROIZATI

 

 

 

 

 

ON

 

 

 

 

 

 

 

Key

Encryption Key

Triple-DES

Hard-coded

Stored in flash,

Encrypts

(KEK)

168-bits key

 

zeroized by the

IKEv1/IKEv2

 

 

 

 

‘ap wipe out

preshared keys

 

 

 

 

flash’

and

 

 

 

 

command.

configuration

 

 

 

 

 

parameters

 

 

 

 

 

IKEv1/IKEv2 Pre-shared

64 character

CO configured

Encrypted in

Module and

secret

preshared

 

flash using the

crypto officer

 

 

key

 

KEK; zeroized

authentication

 

 

 

 

by updating

during

 

 

 

 

through

IKEv1/IKEv2;

 

 

 

 

administrative

entered into

 

 

 

 

interface, or by

the module in

 

 

 

 

the ‘ap wipe

plaintext

 

 

 

 

out flash’

during

 

 

 

 

command.

initialization

 

 

 

 

 

and encrypted

 

 

 

 

 

over the IPSec

 

 

 

 

 

session

 

 

 

 

 

subsequently.

 

 

 

 

 

IPSec session encryption

168-bit

Established during

Stored in

Secure IPSec

keys

 

Triple-DES,

Diffie-Hellman key

plaintext in

traffic

 

 

or

agreement

volatile

 

 

 

128/192/256

 

memory;

 

 

 

bit AES

 

zeroized when

 

 

 

keys;

 

session is

 

 

 

 

 

closed or

 

 

 

 

 

system powers

 

 

 

 

 

off

 

 

 

 

 

 

IPSec session

HMAC

Established during

Stored in

Secure IPSec

authentication keys

SHA-1 keys

Diffie-Hellman key

plaintext in

traffic

 

 

 

agreement

volatile

 

 

 

 

 

memory;

 

 

 

 

 

zeroized when

 

 

 

 

 

session is

 

 

 

 

 

closed or

 

 

 

 

 

system powers

 

 

 

 

 

off

 

 

 

 

 

 

 

30

Page 30
Image 30
Dell W-AP135, AP-134, AP-135, W-AP134 manual Critical Security Parameters, Hmac