Critical Security Parameters And Private Keys - Avaya G250 Administration

FIPS

Critical security parameters and private keys

Table 37 describes the CSPs (Critical Security Parameters) defined in the module.
Table 37: Critical security parameters
Key
IKE Pre-shared Keys
HASH_I, HASH_R
IKE Pre-Shared Session Key
(SKEYID)
IKE Ephemeral DH shared
secret (g^ab)
IKE Ephemeral DH private key
(a)
IKE Ephemeral DH private key
(a)
IKE Session phase-1 Secret
(SKEYID_d)
IKE Session phase-1 HMAC
Key (SKEYID_a)
IKE Session phase-1
Encrypted Key (SKEYID_e)
IKE Session phase-1 TDES
key (SKEYID_e)
IKE Session phase-1 DES key
IKE Session phase-1 AES key
Noncie, Noncer
IPSEC SA phase-2 TDES key
IPSEC SA phase-2 DES key
500 Administration for the Avaya G250 and Avaya G350 Media Gateways
Description/Usage
This key generates IKE SKEYID_d during pre-sharedkey
authentication. The first-time key must be entered manually
(via RS232 connected to the PC acting as terminal
emulation). Other keys can be defined remotely over
encrypted and authenticated IPSEC tunnel.
Used for generation of SKEYID, SKEYID_d, SKEYID_a,
SKEYID_e. Generated for VPN IKE phase-1 key
establishment.
Generated for VPN IKE phase-1 by hashing pre-shared keys
with responder/receiver nonce
Generated for VPN IKE phase-1 key establishment
The private exponent used in DH exchange. Generated for
VPN IKE phase-1 key establishment.
The private exponent used in DH exchange. Generated for
VPN IKE phase-1 key establishment.
phase-1 key used to derive keying material for IPSec SAs
Key used for integrity and authentication of the ISAKMP SA
Shared key used for extraction of encryption keys protecting
the ISAKMP SA
Key used for TDES data encryption of ISAKMP SA
Key used for DES data encryption of ISAKMP SA
Key used for AES data encryption of ISAKMP SA
phase-2 initiator and responder nonce
phase-2, basic quick mode
phase-2, basic quick mode
1 of 2