Dell Aruba 620 Manuale integrativo - Pagina 24

Sfoglia online o scarica il pdf Manuale integrativo per Interruttore Dell Aruba 620. Dell Aruba 620 42. Controllers with arubaos fips firmware non-proprietary security policy fips 140-2 level 2 release supplement

Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits of encryption
strength; non-compliant less than 80-bits of encryption strength)
EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits
of encryption strength)
RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Critical Security Parameters

The following are the Critical Security Parameters (CSPs) used in the switch.
Table 6 CSPs Used in Aruba Mobility Controllers
CSPs
Key Encryption Key
(KEK)
IKEv1/IKEv2 Pre-shared
key
RADIUS server shared
secret
Enable secret
IPSec session
encryption keys
IPSec session
authentication keys
SSH Diffie-Hellman
shared secret
IKEv1/IKEv2 Diffie-
Hellman private key
22
| FIPS 140-2 Level 2 Features
CSPs type
Generation
Triple-DES 168-bit key
Hard Coded
64 character pre-
CO configured
shared key
6-128 character shared
CO configured
secret
6-64 character
CO configured
password
168-bit Triple-DES or
Established during the
128/192/256-bit AES-
Diffie-Hellman key
CBC or 128/256-bit
agreement
AES-GCM keys
HMAC SHA-1 key
Established during the
Diffie-Hellman key
agreement
128-octet intermediate
Established during the
value used for key
SSH Diffie-Hellman
derivation
key agreement
768/1024-bit (MODP
Generated internally
group) or 256/384-bit
during IKEv1/IKEv2
(Elliptic curve group)
negotiations
Diffie-Hellman private
key.
Note: Key size 768 bits
is not allowed in FIPS
mode.
Storage and Zeroization
Stored in Flash and zeroized
by using the CLI command
wipe out flash
Stored encrypted in Flash
with the KEK. Zeroized by
changing (updating) the pre-
shared key through the User
interface.
Stored encrypted in Flash
with the KEK. Zeroized by
changing (updating) the pre-
shared key through the User
interface.
Store in ciphertext in flash.
Zeroized by changing
(updating) through the user
interface.
Stored in plaintext in volatile
memory. Zeroized when the
session is closed.
Stored in plaintext in volatile
memory. Zeroized when the
session is closed.
Stored in plain text in volatile
memory, Zeroized when
session is closed.
Stored in the volatile memory.
Zeroized after the session is
closed.
Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Use
Encrypts IKEv1/IKEv2
Pre-shared key,
RADIUS server shared
secret, RSA private key,
ECDSA private key,
802.11i pre-shared key
and Passwords.
User and module
authentication during
IKEv1, IKEv2
Module and RADIUS
server authentication
Administrator
authentication
Secure IPSec traffic
User authentication
Key agreement in SSH
Used in establishing the
session key for an
IPSec session