Key Management - Nortel Contivity Secure IP Services Gateway 4600 Owner's Manual

Authentication Protocol (PAP). MS-CHAP can use no encryption, 40-
bit RC4, 128-bit RC4 encryption. When operated in a FIPS 140-1
compliant manner, MS-CHAP is not enabled with RC4 encryption.
L2TP: Requires authentication using MS-CHAP CHAP, or PAP. MS-
CHAP can use no encryption, 40-bit RC4, 128-bit RC4 encryption.
When operated in a FIPS 140-1 compliant manner, MS-CHAP is not
enabled with RC4 encryption.
L2F: Requires authentication using CHAP, or PAP.
2.5

Key Management

The switch securely administers both cryptographic keys and other critical security
parameters such as User passwords. Ephemeral sessions keys are created during the
negotiation of secure tunnels on behalf of Users who have successfully authenticated
themselves to the switch with their user ID and password. These keys are created for
protocols like MS-CHAP and ISAKMP, which securely negotiate key exchange and then
allow encryption services for PPTP, L2TP, and IPSec.
Keys are destroyed when the appropriate tunnel, Security Association (SA), or session is
terminated and are never archived or released from the device. User passwords can be
destroyed by the Crypto Officer or by Users overwriting their own passwords. All
passwords are stored in the LDAP database in an encrypted format, and never released.
They are used only for authentication in key exchange protocols, which protect Critical
Security Parameters (CSPs) according to their protocol. (Crypto Officers should be aware
that PAP transmits password information in the clear and should not be enabled before
deciding local policy. See notes on PAP in the Contivity Extranet Switch Administrator's
Guide.)
Session Keys: These are ephemeral encryption keys used by the module for
encrypting packets during IPSec tunneling. These keys are derived during the
setup of the tunnel and used only during a secure tunnel session. The IPSec
tunnel may use either 56-bit DES or TDES for encryption. These keys are
created by setting odd parity and checking for known weak keys. The session
keys are internally derived from the Internet Key Exchange (IKE)/ Internet
Security Association Key Management Protocol (ISAKMP-Oakley). These
protocols are based on Diffie-Hellman Key Agreement. IPSec "Pre-shared
keys" may optionally be used with Diffie-Hellman to negotiate a shared
session key from the concatenated and SHA-1 hashed value of the user ID and
password.
DES password key: This key is used to encrypt user passwords to be stored in
the module's internal LDAP database. This key is compiled into the module's
code and can be zeroized using a floppy to erase the firmware. The floppy
disk unit holds a "format" utility. In order to zeroize the DES key (hard-coded
into the module firmware), the crypto officer must run the format utility
13