Dell PowerConnect W-Series FIPS Dell PowerConnect W-600 Controller Series Secu - Page 24

Critical Security Parameters, CSPs Used in Aruba Mobility Controllers

Get Dell PowerConnect W-Series FIPS PDF manuals and user guides View all Dell PowerConnect W-Series FIPS manuals
Add to My Manuals
Save this manual to your list of manuals

Page 24 highlights

 Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength)  EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength)  RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Critical Security Parameters The following are the Critical Security Parameters (CSPs) used in the switch. Table 6 CSPs Used in Aruba Mobility Controllers CSPs CSPs type Generation Storage and Zeroization Use Key Encryption Key (KEK) Triple-DES 168-bit key Hard Coded Stored in Flash and zeroized by using the CLI command wipe out flash Encrypts IKEv1/IKEv2 Pre-shared key, RADIUS server shared secret, RSA private key, ECDSA private key, 802.11i pre-shared key and Passwords. IKEv1/IKEv2 Pre-shared 64 character pre- key shared key CO configured Stored encrypted in Flash with the KEK. Zeroized by changing (updating) the preshared key through the User interface. User and module authentication during IKEv1, IKEv2 RADIUS server shared 6-128 character shared CO configured secret secret Stored encrypted in Flash with the KEK. Zeroized by changing (updating) the preshared key through the User interface. Module and RADIUS server authentication Enable secret 6-64 character password CO configured Store in ciphertext in flash. Zeroized by changing (updating) through the user interface. Administrator authentication IPSec session encryption keys 168-bit Triple-DES or 128/192/256-bit AESCBC or 128/256-bit AES-GCM keys Established during the Stored in plaintext in volatile Diffie-Hellman key memory. Zeroized when the agreement session is closed. Secure IPSec traffic IPSec session authentication keys HMAC SHA-1 key Established during the Stored in plaintext in volatile User authentication Diffie-Hellman key memory. Zeroized when the agreement session is closed. SSH Diffie-Hellman shared secret 128-octet intermediate Established during the Stored in plain text in volatile Key agreement in SSH value used for key SSH Diffie-Hellman memory, Zeroized when derivation key agreement session is closed. IKEv1/IKEv2 DiffieHellman private key 768/1024-bit (MODP group) or 256/384-bit (Elliptic curve group) Diffie-Hellman private key. Note: Key size 768 bits is not allowed in FIPS mode. Generated internally during IKEv1/IKEv2 negotiations Stored in the volatile memory. Used in establishing the Zeroized after the session is session key for an closed. IPSec session 22 | FIPS 140-2 Level 2 Features Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
22
|
FIPS 140-2 Level 2 Features
Aruba 620, 650 and Dell W-620, W-650
|
FIPS 140-2 Level 2 Release Supplement
Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits of encryption
strength; non-compliant less than 80-bits of encryption strength)
EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits
of encryption strength)
RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)
Critical Security Parameters
The following are the Critical Security Parameters (CSPs) used in the switch.
Table 6
CSPs Used in Aruba Mobility Controllers
CSPs
CSPs type
Generation
Storage and Zeroization
Use
Key Encryption Key
(KEK)
Triple-DES 168-bit key
Hard Coded
Stored in Flash and zeroized
by using the CLI command
wipe out flash
Encrypts IKEv1/IKEv2
Pre-shared key,
RADIUS server shared
secret, RSA private key,
ECDSA private key,
802.11i pre-shared key
and Passwords.
IKEv1/IKEv2 Pre-shared
key
64 character pre-
shared key
CO configured
Stored encrypted in Flash
with the KEK. Zeroized by
changing (updating) the pre-
shared key through the User
interface.
User and module
authentication during
IKEv1, IKEv2
RADIUS server shared
secret
6-128 character shared
secret
CO configured
Stored encrypted in Flash
with the KEK. Zeroized by
changing (updating) the pre-
shared key through the User
interface.
Module and RADIUS
server authentication
Enable secret
6-64 character
password
CO configured
Store in ciphertext in flash.
Zeroized by changing
(updating) through the user
interface.
Administrator
authentication
IPSec session
encryption keys
168-bit Triple-DES or
128/192/256-bit AES-
CBC or 128/256-bit
AES-GCM keys
Established during the
Diffie-Hellman key
agreement
Stored in plaintext in volatile
memory. Zeroized when the
session is closed.
Secure IPSec traffic
IPSec session
authentication keys
HMAC SHA-1 key
Established during the
Diffie-Hellman key
agreement
Stored in plaintext in volatile
memory. Zeroized when the
session is closed.
User authentication
SSH Diffie-Hellman
shared secret
128-octet intermediate
value used for key
derivation
Established during the
SSH Diffie-Hellman
key agreement
Stored in plain text in volatile
memory, Zeroized when
session is closed.
Key agreement in SSH
IKEv1/IKEv2 Diffie-
Hellman private key
768/1024-bit (MODP
group) or 256/384-bit
(Elliptic curve group)
Diffie-Hellman private
key.
Note: Key size 768 bits
is not allowed in FIPS
mode.
Generated internally
during IKEv1/IKEv2
negotiations
Stored in the volatile memory.
Zeroized after the session is
closed.
Used in establishing the
session key for an
IPSec session