1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Gateway
  5. Media Gateway G250
  6. User manual

Modes Of Operation; Approved Mode Of Operation - Avaya G250 User Manual

Office media gateways w/fips non-proprietary security policy
Hide thumbs Also See for G250:
Table of Contents

Advertisement

Avaya G250 and G250-BRI Branch Office Media Gateways w/FIPS Non-Proprietary Security Policy
Version 1.2

2. Modes of Operation

2.1. Approved mode of operation

In FIPS mode, the cryptographic module supports the following algorithms:
a. RSA digital signature verification during firmware upgrades, and license file
authentication. Support for RSA defined in PKCS#1 standard. RSA implementation as
defined by ANSI X9.31 is not supported.
b. Triple-DES CBC (three key) for IKE encryption and IPSec, and serial number exchange
c. AES-CBC (128, 192, 256 bit) for IPSec and IKE encryption
d. SHA-1 for hashing download image digest, license file digest
e. HMAC SHA-1 for message authentication codes for IKE and IPSEC
f. DES CBC for encryption of IPSec, and IKE (only supported for communication with
legacy systems) (transitional phase only – valid until May 19, 2007)
g. Diffie-Hellman key-agreement protocol (groups 2, 5, 14) used to derive IKE and IPSEC
session keys.
The cryptographic module relies on the implemented deterministic random number generator
(DRNG) that is compliant with X9.31 for generation of all cryptographic keys. The non-
deterministic random seed generator is used for the periodic re-seeding of the PRNG.
The cryptographic module may be configured for FIPS mode via execution of the specified
configuration procedure (Section 2.3).
The user can determine if the cryptographic module is running in FIPS vs. non-FIPS mode via
execution of the show running-config command through the command-line-interface (CLI), and
verification that the configuration meets the requirements specified in (Section 2.3), and
© 2005 Avaya Inc. May be reproduced only in its original entirety [without revision].
Roles, Services and Authentication
Finite State Model
Physical Security
Operational Environment
Cryptographic Key Management
EMI/EMC
Self-Tests
Design Assurance
Mitigation of Other Attacks
Table 1 - Module Security Level Specification
Wednesday, 14 December, 2005
2
1
1
N/A
1
1
1
3
N/A
Page 5 of 23
CID 106595

Advertisement

Table of Contents
loading

Related Manuals for Avaya G250

Related Content for Avaya G250

This manual is also suitable for:

G250-bri

Table of Contents