Manualshelf

Specifications

ManualsBrandsAruba ManualsComputer equipment620
61626364656667686970
Security Target Version 1.0 9/29/2014
69
ECDSA Private
Key
ECDSA suite B
P-256 and P-384
curves
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized
by the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake.
ECDSA Public
Key
ECDSA suite B
P-256 and P-384
curves
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized
by the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake.
802.11i Pre-
Shared Key (PSK)
8-63 character
802.11i pre-
shared secret for
use in 802.11i (SP
800
108) key
derivation
CO configured Stored in flash
memory encrypted
with KEK. Zeroized
by the CO command
write erase all.
Used by the 802.11i
protocol
802.11i Pair-Wise
Master key (PMK)
802.11i secret key
(256-bit)
Derived during the
EAP-TLS/PEAP
handshake
Stored in the volatile
memory. Zeroized on
reboot.
Used by the 802.11i
protocol
802.11i session
key
AES-CCM key
(128 bits), AES-
GCM key
(128/256 bits)
Derived from 802.11
PMK
Stored in plaintext in
volatile memory.
Zeroized on reboot.
Used for 802.11i
encryption
SNMPv3
authentication
password
8-64 character
password
CO configured Stored in flash
memory encrypted
with KEK. Zeroized
by the CO command
write erase all.
Used for SNMPv3
authentication
SNMPv3 privacy
password
8-64 character
password
CO configured Stored in flash
memory encrypted
with KEK. Zeroized
by the CO command
write erase all.
Used to derive
SNMPv3 session key
SNMPv3 session
key
AES-CFB key
(128 bits)
Derived from
SNMPv3 privacy
password using an
approved KDF
Stored in volatile
memory. Zeroized
on reboot.
Secure channel for
SNMPv3 management
Table 7
Entropy source (FCS_RBG_EXT.1.2) is described in a separate document, “Aruba Mobility Controller Entropy
Documentation” prepared according to NDPP Annex D. To TOE uses its RBG capability to generate an “x” for each
of its DH groups, For IKEv1 the TOE makes a call to OpenSSL’s DRBG and for IKEv2 via a call to the ArubaOS
Crypto Module (Mocana) FIPS186 RNG. Similarly, the TOE generates nonces such that the probability a specific
nonce value will be repeated during the lifetime of a specific IPsec SA satisfies the restrictions specified in
FCS_IPSEC_EXT.1.6 with IKEv1 calling DRBG and IKEv2 calling RNG.
Additionally, the TOE is designed to zeroize secret and private keys when they are no longer required by the TOE.
This function has also been subject to FIPS 140 certification. Zeroization is accomplished by overwriting the secret
or private key with all zeroes.