MNR S2500 Security Policy
Version 1.3, Revision Date: 1/13/2009
Definition of Critical Security Parameters (CSPs)
The following CSPs are contained within the module:
Key |
| Description/Usage |
|
|
|
KEK |
| This is the master key that encrypts persistent CSPs stored within the module. |
|
| |
|
| Encryption of keys uses AES128ECB |
|
|
|
IKE Preshared Keys |
| Used to authenticate peer to peer during IKE session |
|
|
|
SKEYID |
| Generated for IKE Phase 1 by hashing preshared keys with responder/receiver |
|
| nonce |
|
|
|
SKEYID_d |
| Phase 1 key used to derive keying material for IKE SAs |
|
|
|
SKEYID_a |
| Key used for integrity and authentication of the phase 1 exchange |
|
|
|
SKEYID_e |
| Key used for TDES or AES data encryption of phase 1 exchange |
|
|
|
Ephemeral DH |
| Generated for IKE Phase 1 key establishment |
private key (a) |
|
|
|
|
|
Ephemeral DH |
| Phase 2 Diffie Hellman private keys used in PFS for key renewal |
private key (a) |
|
|
|
|
|
IPSEC Session keys |
| |
|
| authenticate IPSEC ESP packets |
|
|
|
FRF.17 Session Keys |
| |
|
| and authenticate FRF.17 Mode 2 |
|
|
|
| Key used to authenticate oneself to peer | |
|
|
|
| Key used to authenticate oneself to peer | |
|
|
|
SSH Session Keys |
| |
|
| and authenticate SSH packets |
|
|
|
SSH DH Private Key |
| Generated for SSH key establishment |
|
|
|
RNG Seed |
| Initial seed for |
|
|
|
Network Manager Password |
| 7 (to 15 ) character password used to authenticate to the CO Role (Crypto |
(Root) |
| Officer) |
|
|
|
User(Admin) |
| 7 (to 15) character password used to authenticate to the User Role |
|
|
|
User Accounts |
| 7 (to 15) character password used to authenticate accounts created on the |
|
| module |
|
|
|
| Table 8 – Critical Security Parameters (CSPs) |
Page 12