User guide
Aruba Networks Security Target
Page 42 of 67
16
User Passwords
8-64 character
password
CO configured
Stored encrypted in
Flash with KEK.
Zeroized by either
deleting the password
configuration file or by
overwriting the
password with a new
one.
Authentication for
accessing the
management
interfaces, RADIUS
authentication
17
IKEv1/IKEv2 Pre-
shared key
64 character pre-
shared key
CO configured
Stored encrypted in
Flash with the KEK.
Zeroized by changing
(updating) the pre-
shared key through
the User interface.
User and module
authentication during
IKEv1, IKEv2
18
skeyid
HMAC-SHA-1/256/384
(160/256/384 bits)
Established during
IKEv1 negotiation
Stored in plaintext in
volatile memory.
Zeroized when
session is closed.
Key agreement in
IKEv1
19
skeyid_d
HMAC-SHA-1/256/384
(160/256/384 bits)
Established during
IKEv1 negotiation
Stored in plaintext in
volatile memory.
Zeroized when
session is closed.
Key agreement in
IKEv1
20
IKEv1/IKEv2 session
authentication key
HMAC-SHA-1/256/384
(160 / 256 / 384 bits)
Established as a result
of IKEv1/IKEv2 service
implementation.
Stored in plaintext in
volatile memory.
Zeroized when
session is closed.
IKEv1/IKEv2 payload
integrity verification
21
IKEv1/IKEv2 session
encryption key
Triple-DES (168
bits/AES (128/196/256
bits)
Established as a result
of IKEv1/IKEv2 service
implementation.
Stored in plaintext in
volatile memory.
Zeroized when
session is closed.
IKEv1/IKEv2 payload
encryption
22
IPSec session
encryption keys
Triple-DES (168 bits /
AES (128/196/256 bits)
Established during the
IPSec service
implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
Secure IPSec traffic
23
IPSec session
authentication keys
HMAC-SHA-1 (160
bits)
Established during the
IPSec service
implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
User authentication