Dell PowerConnect W-Series FIPS Dell PowerConnect W-600 Controller Series Secu - Page 25

Table 6 CSPs Used in Aruba Mobility Controllers CSPs CSPs type Generation Storage and Zeroization Use IKEv1/IKEv2 DiffieHellman shared secret 128 octet or 32/48 octet (Elliptic curve Diffie Hellman) intermediate value used for cryptographic key derivation Established during the Diffie-Hellman Key Agreement Stored in plaintext in volatile memory. Zeroized when session is closed. Key agreement in IKEv1/IKEv2 IKEv1/IKEv2 session authentication key 160-bit HMAC-SHA1or 256 byte HMAC-SHA256-128 or 384 byte HMAC-SHA-384-192 key Established as a result of Diffie-Hellman key agreement. Stored in plaintext in volatile memory. Zeroized when session is closed. IKEv1/IKEv2 payload integrity verification IKEv1/IKEv2 session encryption key 168-bit Triple-DES or Established as a result Stored in plaintext in volatile IKEv1/IKEv2 payload 128/192/256-bit AES- of Diffie-Hellman key memory. Zeroized when encryption CBC key agreement. session is closed. SSH session keys 168-bit Triple-DES or 128/192/256-bit AES keys Established during the SSH key exchange using the DiffieHellman key agreement Stored in plaintext in volatile memory. Zeroized when the session is closed. Secure SSH traffic SSH session authentication key 160-bit HMAC-SHA-1 Established during the SSH key exchange using the DiffieHellman key agreement Stored in plaintext in volatile memory. Zeroized when the session is closed. Secure SSH traffic SSH Diffie-Hellman Private Key 768/1024-bit DiffieHellman private key. Note: Key size 768 bits is not allowed in FIPS mode. Generated internally during the SSH session negotiations Stored in the volatile memory. Used in establishing the Zeroized after the session is session key for an SSH closed. session. TLS pre-master secret 48 byte secret Externally generated Stored in plaintext in volatile Key agreement during memory. Zeroized when the TLS session is closed. TLS session encryption AES 128, 192, 256 key Generated in the module Stored in plaintext in volatile Key agreement during memory. Zeroized when the 802.1x connection session is closed. TLS session authentication key 160-bit HMAC-SHA1 Generated in the key module Stored in plaintext in volatile Key agreement during memory. Zeroized when the 802.1x connection session is closed. RSA Private Key RSA 1024/2048 bit key Generated in the module Stored in flash memory encrypted with KEK. Zeroized by the CO command write erase all. Used by TLS and EAPTLS/PEAP protocols during the handshake, used for signing OCSP responses, and used by IKEv1/IKEv2 for device authentication and for signing certificates ECDSA Private Key ECDSA suite B P-256 Generated in the and P-384 curves module Stored in flash memory encrypted with KEK. Zeroized by the CO command write erase all. Used by TLS and EAPTLS/PEAP protocols during the handshake. Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement FIPS 140-2 Level 2 Features | 23