Dell PowerConnect W-Series FIPS Dell PowerConnect W-600 Controller Series Secu - Page 24
Critical Security Parameters, CSPs Used in Aruba Mobility Controllers
View all Dell PowerConnect W-Series FIPS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 24 highlights
Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength) EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength) RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Critical Security Parameters The following are the Critical Security Parameters (CSPs) used in the switch. Table 6 CSPs Used in Aruba Mobility Controllers CSPs CSPs type Generation Storage and Zeroization Use Key Encryption Key (KEK) Triple-DES 168-bit key Hard Coded Stored in Flash and zeroized by using the CLI command wipe out flash Encrypts IKEv1/IKEv2 Pre-shared key, RADIUS server shared secret, RSA private key, ECDSA private key, 802.11i pre-shared key and Passwords. IKEv1/IKEv2 Pre-shared 64 character pre- key shared key CO configured Stored encrypted in Flash with the KEK. Zeroized by changing (updating) the preshared key through the User interface. User and module authentication during IKEv1, IKEv2 RADIUS server shared 6-128 character shared CO configured secret secret Stored encrypted in Flash with the KEK. Zeroized by changing (updating) the preshared key through the User interface. Module and RADIUS server authentication Enable secret 6-64 character password CO configured Store in ciphertext in flash. Zeroized by changing (updating) through the user interface. Administrator authentication IPSec session encryption keys 168-bit Triple-DES or 128/192/256-bit AESCBC or 128/256-bit AES-GCM keys Established during the Stored in plaintext in volatile Diffie-Hellman key memory. Zeroized when the agreement session is closed. Secure IPSec traffic IPSec session authentication keys HMAC SHA-1 key Established during the Stored in plaintext in volatile User authentication Diffie-Hellman key memory. Zeroized when the agreement session is closed. SSH Diffie-Hellman shared secret 128-octet intermediate Established during the Stored in plain text in volatile Key agreement in SSH value used for key SSH Diffie-Hellman memory, Zeroized when derivation key agreement session is closed. IKEv1/IKEv2 DiffieHellman private key 768/1024-bit (MODP group) or 256/384-bit (Elliptic curve group) Diffie-Hellman private key. Note: Key size 768 bits is not allowed in FIPS mode. Generated internally during IKEv1/IKEv2 negotiations Stored in the volatile memory. Used in establishing the Zeroized after the session is session key for an closed. IPSec session 22 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement