Manuals / Motorola / Computer Equipment / Network Router

Motorola S2500 manual Definition of Critical Security Parameters CSPs, Description/Usage

Models: S2500

1 18

Download 18 pages 22.72 Kb

Page 12

MNR S2500 Security Policy

Version 1.3, Revision Date: 1/13/2009

Definition of Critical Security Parameters (CSPs)

The following CSPs are contained within the module:

Key		Description/Usage

KEK		This is the master key that encrypts persistent CSPs stored within the module.
		KEK-protected keys include PSK and passwords.
		Encryption of keys uses AES128ECB

IKE Preshared Keys		Used to authenticate peer to peer during IKE session

SKEYID		Generated for IKE Phase 1 by hashing preshared keys with responder/receiver
		nonce

SKEYID_d		Phase 1 key used to derive keying material for IKE SAs

SKEYID_a		Key used for integrity and authentication of the phase 1 exchange

SKEYID_e		Key used for TDES or AES data encryption of phase 1 exchange

Ephemeral DH Phase-1		Generated for IKE Phase 1 key establishment
private key (a)

Ephemeral DH Phase-2		Phase 2 Diffie Hellman private keys used in PFS for key renewal
private key (a)

IPSEC Session keys		128/192/256-bit AES-CBC and 168-bit TDES keys are used to encrypt and
		authenticate IPSEC ESP packets

FRF.17 Session Keys		168-bit TDES-CBC and 128/192/256-bit AES-CBC keys are used to encrypt
		and authenticate FRF.17 Mode 2

SSH-RSA Private Key		Key used to authenticate oneself to peer

SSH-DSA Private Key		Key used to authenticate oneself to peer

SSH Session Keys		168-bit TDES-CBC and 128/192/256-bit AES-CBC keys are used to encrypt
		and authenticate SSH packets

SSH DH Private Key		Generated for SSH key establishment

RNG Seed		Initial seed for FIPS-approved deterministic RNG

Network Manager Password		7 (to 15 ) character password used to authenticate to the CO Role (Crypto
(Root)		Officer)

User(Admin)		7 (to 15) character password used to authenticate to the User Role

User Accounts		7 (to 15) character password used to authenticate accounts created on the
		module

	Table 8 – Critical Security Parameters (CSPs)

Page 12

Image 12

Motorola S2500 manual Definition of Critical Security Parameters CSPs, The following CSPs are contained within the module

Contents

Motorola Network Router MNR S2500 Security Policy Document Version Revision Date 1/13/2009TABLE OF CONTENTS PageMNR S2500 Security Policy Version 1.3, Revision Date 1/13/20091. Module Overview Optional Interface Cardsnot included in cryptographic module boundary 2. Security Level 3. Modes of OperationSecurity Requirements Section LevelFirmware Implementations Allowed AlgorithmsNon-FIPS approved algorithms Entering FIPS Mode SETDefault !portlist -CRYPTO CONTrol = EnabledTable 3 - FIPS Approved mode configuration StepSHOW -CRYPTO CONFiguration MNR S2500 Security Policy Version 1.3, Revision Date 1/13/20095. Identification and Authentication Policy 4. Ports and InterfacesAssumption of roles The definition of all supported roles is shown in Table 5 below 6. Access Control Policy Authenticated ServicesUnauthenticated Services Roles and Services ServiceAdmin MaintenanceDefinition of Critical Security Parameters CSPs The following CSPs are contained within the moduleDescription/Usage Table 8 - Critical Security Parameters CSPsDefinition of CSPs Modes of Access Definition of Public KeysTable 10 - Services to CSP Access mapping RebootEnable Ports Access Control7. Operational Environment 8. Security Rules9. Crypto Officer Guidance 10. Physical Security Policy 11. Mitigation of Other Attacks Policy12. Definitions and Acronyms Physical Security MechanismsPFS - Perfect Forward Secrecy RNG - Random Number Generator SHA - Secure Hash Algorithm SSH - Secure ShellSNMP - Simple Network Management Protocol Page