Table of Contents
Advertisement
Table 6 CSPs Used in Aruba Mobility Controllers
CSPs
skeyid
skeyid_d
802.11i Pre-Shared Key
(PSK)
802.11i Pair-Wise
Master key (PMK)
802.11i session key
Data link (Layer 2)
encryption key
Data link (Layer 2)
integrity key
Passwords
ArubaOS OpenSSL RNG
Seed for FIPS compliant
ANSI X9.31, Appendix
A2.4 using AES-128 key
algorithm
ArubaOS OpenSSL RNG
Seed key for FIPS
compliant ANSI X9.31,
Appendix A2.4 using
AES-128 key algorithm
ArubaOS cryptographic
Module RNG seed for
FIPS compliant 186-2
General purpose (x-
change Notice); SHA-1
RNG
24
| FIPS 140-2 Level 2 Features
CSPs type
Generation
Intermediate 160-bit/
Established during the
256-byte/384-byte
Diffie-Hellman Key
value used in key
Agreement
derivation
Intermediate 160-bit/
Established during the
256-byte/384-byte
Diffie-Hellman Key
value used in key
Agreement
derivation
802.11i pre-shared
CO configured
secret key (256-bit)
802.11i secret key
Derived during the
(256-bit)
EAP-TLS/PEAP
handshake
AES-CCM key (128
Derived from 802.11
bit), AES-GCM key
PMK
(128/256-bit)
AES key (256 bit)
Derived during the
EAP-TLS handshake
HMAC-SHA1 key (160-
Derived during EAP-
bit)
TLS handshake
storage and
zeroization: Stored in
plaintext in volatile
memory
6-character password
CO configured
Seed (16 bytes)
Derived using NON-
FIPS approved HW
RNG (/dev/urandom)
Seed key (16 bytes,
Derived using NON-
AES-128 key
FIPS approved HW
algorithm)
RNG (/dev/urandom)
Seed (64 bytes)
Derived using NON-
FIPS approved HW
RNG (/dev/urandom)
Storage and Zeroization
Stored in plaintext in volatile
memory. Zeroized when
session is closed.
Stored in plaintext in volatile
memory. Zeroized when
session is closed.
Stored in flash memory
encrypted with KEK. Zeroized
by the CO command write
erase all.
Stored in the volatile memory.
Zeroized on reboot.
Stored in plaintext in volatile
memory. Zeroized on reboot.
Stored in plaintext in volatile
memory. Zeroized on reboot.
Stored in plaintext in volatile
memory. Zeroized on reboot.
Stored encrypted in Flash
with KEK. Zeroized by either
deleting the password
configuration file or by
overwriting the password
with a new one.
Stored in plaintext in volatile
memory only. Zeroized on
reboot.
Stored in plaintext in volatile
memory only. Zeroized on
reboot.
Stored in plaintext in volatile
memory. Zeroized on reboot.
Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement
Use
Key agreement in
IKEv1/IKEv2
Key agreement in
IKEv1/IKEv2
Used by the 802.11i
protocol
Used by the 802.11i
protocol
Used for 802.11i
encryption
Used to encrypt
tunneled Layer 2 frames
Used to integrity-
protect tunneled Layer
2 frames
Authentication for
accessing the
management
interfaces, RADIUS
authentication
Seed ANSI X9.31 RNG
Seed ANSI X9.31 RNG
Seed 186-2 General
purpose (x-change
Notice); SHA-1 RNG
Advertisement
Table of Contents
