Cryptographic Key Management - Cisco 2811 - Voice Security Bundle Router Operations
Integrated services routers with aim-vpn/epii-plus
Hide thumbs
Also See for 2811 - Voice Security Bundle Router:
- Hardware manual (186 pages) ,
- Manual (111 pages) ,
- Quick start manual (45 pages)
Table of Contents
Advertisement
The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive
backing. Any attempt to open the router will damage the tamper evidence seals or the material of
the module cover. Since the tamper evidence seals have non-repeated serial numbers, they can be
inspected for damage and compared against the applied serial numbers to verify that the module
has not been tampered. Tamper evidence seals can also be inspected for signs of tampering,
which include the following: curled corners, bubbling, crinkling, rips, tears, and slices. The word
"OPEN" may appear if the label was peeled back.
2.5 Cryptographic Key Management
The router securely administers both cryptographic keys and other critical security parameters
such as passwords. The tamper evidence seals provide physical protection for all keys. All keys
are also protected by the password-protection on the Crypto Officer role login, and can be
zeroized by the Crypto Officer. All zeroization consists of overwriting the memory that stored
the key. Keys are exchanged and entered electronically or via Internet Key Exchange (IKE) or
SSL handshake protocols.
The routers support the following FIPS-2 approved algorithm implementations:
Algorithm
AES
Triple-DES
SHA-1, SHA-256, SHA-512
HMAC-SHA-1
X9.31 PRNG
RSA
AES
Triple-DES
SHA-1
HMAC-SHA-1
AES
Triple-DES
SHA-1
HMAC-SHA-1
X9.31 PRNG
RSA
The router is in the approved mode of operation only when FIPS 140-2 approved algorithms are
used (except DH and RSA key transport which are allowed in the approved mode for key
establishment despite being non-approved).
Note: The module supports DH key sizes of 1024 and 1536 bits and RSA key sizes of 1024,
1536 and 2048 bits. Therefore, the Diffie Hellmann Key agreement, key establishment
methodology provides between 80-bits and 96-bits of encryption strength per NIST 800-57. RSA
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Software (IOS) Implementations
Onboard NetGX Implementations
AIM Module Implementations
19
Algorithm Certificate Number
795
683
794
436
456
379
265
347
344
77
100
213
401
38
80
383
Hide quick links:
Advertisement
Table of Contents
