User guide

ManualsBrandsAruba ManualsComputer equipment620

Aruba Networks Security Target

Page 44 of 67

ECDSA Public Key

ECDSA suite B P-256

and P-384 curves

Generated in the

module

Stored in flash

memory encrypted

with KEK. Zeroized by

the CO command

write erase all.

Used by TLS and

EAP-TLS/PEAP

protocols during the

handshake.

6.2.3 Roles and Services

6.2.3.1 Crypto Officer Role

The Crypto Officer role has the ability to configure, manage, and monitor all processes and

functions within the TOE. Two management interfaces can be used for this purpose:

 SSHv2 CLI

The Crypto Officer can use the CLI to perform non-security-sensitive and security-sensitive

monitoring and configuration. The CLI can be accessed remotely by using the SSHv2

secured management session over the Ethernet ports or locally over the serial port. In FIPS

mode, the serial port is disabled.

 Web Interface

The Crypto Officer can use the Web Interface as an alternative to the CLI. The Web Interface

provides a highly intuitive, graphical interface for a comprehensive set of controller

management tools. The Web Interface can be accessed from a TLS-enabled Web browser

using HTTPS (HTTP with Secure Socket Layer) on logical port 4343.

See the table below for descriptions of the services available to the Crypto Officer role. Numbers

in the “CSP Access” column refers to the Critical Security Parameters table above.

Table 14 - Crypto-Officer Services

Service

Description

Input

Output

CSP Access

SSH v2.0

Provide authenticated and

encrypted remote management

sessions while using the CLI

SSHv2 key agreement

parameters, SSH

inputs, and data

SSHv2 outputs and

data

6, 16 (read)

8, 9, 24, 25

(read/write)