Definition Of Critical Security Parameters (Csps) - Motorola S2500 Security Manual

Definition of Critical Security Parameters (CSPs)

The following CSPs are contained within the module:
Key
KEK
IKE Preshared Keys
SKEYID
SKEYID_d
SKEYID_a
SKEYID_e
Ephemeral DH Phase-1
private key (a)
Ephemeral DH Phase-2
private key (a)
IPSEC Session keys
FRF.17 Session Keys
SSH-RSA Private Key
SSH-DSA Private Key
SSH Session Keys
SSH DH Private Key
RNG Seed
Network Manager Password
(Root)
User(Admin)
User Accounts
Description/Usage
This is the master key that encrypts persistent CSPs stored within the module.
KEK-protected keys include PSK and passwords.
Encryption of keys uses AES128ECB
Used to authenticate peer to peer during IKE session
Generated for IKE Phase 1 by hashing preshared keys with responder/receiver
nonce
Phase 1 key used to derive keying material for IKE SAs
Key used for integrity and authentication of the phase 1 exchange
Key used for TDES or AES data encryption of phase 1 exchange
Generated for IKE Phase 1 key establishment
Phase 2 Diffie Hellman private keys used in PFS for key renewal
128/192/256-bit AES-CBC and 168-bit TDES keys are used to encrypt and
authenticate IPSEC ESP packets
168-bit TDES-CBC and 128/192/256-bit AES-CBC keys are used to encrypt
and authenticate FRF.17 Mode 2
Key used to authenticate oneself to peer
Key used to authenticate oneself to peer
168-bit TDES-CBC and 128/192/256-bit AES-CBC keys are used to encrypt
and authenticate SSH packets
Generated for SSH key establishment
Initial seed for FIPS-approved deterministic RNG
7 (to 15 ) character password used to authenticate to the CO Role
)
Officer
7 (to 15) character password used to authenticate to the User Role
7 (to 15) character password used to authenticate accounts created on the
module
Table 8 – Critical Security Parameters (CSPs)
MNR S2500 Security Policy
Version 1.3, Revision Date: 1/13/2009
(
Crypto
Page 12