Dell Aruba 620 Посібник з доповнення - Сторінка 24

Переглянути онлайн або завантажити pdf Посібник з доповнення для Перемикач Dell Aruba 620. Dell Aruba 620 42 сторінки. Controllers with arubaos fips firmware non-proprietary security policy fips 140-2 level 2 release supplement

Друкувати сторінку

Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits of encryption



strength; non-compliant less than 80-bits of encryption strength)

EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits



of encryption strength)

RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)



Critical Security Parameters

The following are the Critical Security Parameters (CSPs) used in the switch.

Table 6 CSPs Used in Aruba Mobility Controllers

CSPs

Key Encryption Key

(KEK)

IKEv1/IKEv2 Pre-shared

key

RADIUS server shared

secret

Enable secret

IPSec session

encryption keys

IPSec session

authentication keys

SSH Diffie-Hellman

shared secret

IKEv1/IKEv2 Diffie-

Hellman private key

| FIPS 140-2 Level 2 Features

CSPs type

Generation

Triple-DES 168-bit key

Hard Coded

64 character pre-

CO configured

shared key

6-128 character shared

CO configured

secret

6-64 character

CO configured

password

168-bit Triple-DES or

Established during the

128/192/256-bit AES-

Diffie-Hellman key

CBC or 128/256-bit

agreement

AES-GCM keys

HMAC SHA-1 key

Established during the

Diffie-Hellman key

agreement

128-octet intermediate

Established during the

value used for key

SSH Diffie-Hellman

derivation

key agreement

768/1024-bit (MODP

Generated internally

group) or 256/384-bit

during IKEv1/IKEv2

(Elliptic curve group)

negotiations

Diffie-Hellman private

key.

Note: Key size 768 bits

is not allowed in FIPS

mode.

Storage and Zeroization

Stored in Flash and zeroized

by using the CLI command

wipe out flash

Stored encrypted in Flash

with the KEK. Zeroized by

changing (updating) the pre-

shared key through the User

interface.

Stored encrypted in Flash

with the KEK. Zeroized by

changing (updating) the pre-

shared key through the User

interface.

Store in ciphertext in flash.

Zeroized by changing

(updating) through the user

interface.

Stored in plaintext in volatile

memory. Zeroized when the

session is closed.

Stored in plaintext in volatile

memory. Zeroized when the

session is closed.

Stored in plain text in volatile

memory, Zeroized when

session is closed.

Stored in the volatile memory.

Zeroized after the session is

closed.

Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement

Use

Encrypts IKEv1/IKEv2

Pre-shared key,

RADIUS server shared

secret, RSA private key,

ECDSA private key,

802.11i pre-shared key

and Passwords.

User and module

authentication during

IKEv1, IKEv2

Module and RADIUS

server authentication

Administrator

authentication

Secure IPSec traffic

User authentication

Key agreement in SSH

Used in establishing the

session key for an

IPSec session