Matrix Creation Of Critical Security Parameter (Csp) Versus The Services (Roles & Identity) - Juniper NS-5400-P00A-S00 Manual

• Local DSA/RSA Public Key: Used by the IKE peer to verify digital signatures.
• SSH Server/Host DSA Public Key: Used by the SSH client to verify digital
signatures.
• SSH Client DSA Public Key: Used by the device to verify digital signatures.
• Diffie Hellman Public Key Components: Used by the DH Key Agreement
protocol.
J. Matrix Creation of Critical Security Parameter (CSP)
versus the Services (Roles & Identity)
The following matrixes define the set of services to the CSPs of the module,
providing information on generation, destruction and usage. They also correlate
the User roles and the Crypto-Officer roles to the set of services to which they
have privileges.
The matrices use the following convention:
G: Generate
D: Delete
U: Usage
N/A: Not Available
Table 3: Crypto-Officer
Crypto-Officer
CSP \ Services
IPSEC HMAC SHA-1 Key
IPSEC ESP Key
IKE Pre-shared Key
IKE Encryption Key
IKE HMAC SHA-1 Key
Password
SSH Server/Host DSA Private Key
SSH Encryption Key
SSH HMAC SHA-1 Key
HA Key
IKE RSA/DSA Private Key
PRNG Algorithm Key
Diffie Hellman Private Key Components G
Juniper NS-5400 Security Policy
Set UnsetClear/DeleteGetExecSavePingReset
G D N/A U
G D N/A U
G D N/A U
N/A N/A D N/A N/A
N/A N/A D N/A N/A
G1 D2 N/A U
G D D U
N/A N/A D N/A N/A
N/A N/A D N/A N/A
G D N/A N/A U
N/A D N/A N/A G,D,U N/A
N/A N/A N/A N/A G,U
N/A N/A N/A N/A
Exit Trace-route
N/A U N/A N/A N/A N/A
N/A U N/A N/A N/A N/A
G U N/A N/A N/A N/A
N/A N/A D N/A N/A
N/A N/A D N/A N/A
N/A U N/A N/A N/A N/A
G U N/A D N/A N/A
(Server Key)
N/A N/A D N/A N/A
N/A N/A D N/A N/A
U N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A D N/A N/A
N/A N/A D N/A N/A
15