Specifications
65
For non-volatile memories other than EEPROM and Flash, the zeroization shall be executed by
overwriting three or more times using a different alternating data pattern each time.
FCS_COP.1(1)
AES-128 is used within TLS and DTLS ciphersuites (for CAPWAP, HTTPS, EAP-FAST and
EAP-TLS), for AES Key Wrap to distribute 802.11i PMKs, and for encryption of 802.11i keys
and traffic.
The APs perform FIPS 140-2 validated end-to-end AES-CCMP wireless encryption and
decryption between a wireless device and the AP. End-to-end wireless encryption is
implemented in the TOE through the use of EAP-TLS, EAP-FAST, EAP-MSCHAPv2, EAP-
GCT, or WPA2-PSK. To carry out encryption the AP, and Controller components of the TOE,
and the ACS/ISE play a role. The encryption algorithm used is AES-CCM (CCMP) mode of
operation with a 128-bit key.
Controllers support Cisco Access Points operating in CAPWAP mode and configured with Wi-
Fi Protected Access 2 (WPA2) security. WPA2 is the approved Wi-Fi Alliance interoperable
implementation of the IEEE 802.11i standard. When WPA2-PSK is used only the APs are
involved with the encryption and decryption that takes place with a wireless client. WPA2
protects all wireless communications between the wireless client and other trusted networked
devices on the wired network with AES-CCMP encryption. CAPWAP protects all control and
bridging traffic between trusted network access points and the module with AES-CBC
encryption. CAPWAP also protects all client data traffic between the Access Points and the
Controller on the 5508 Controller and 1131, 1142, 1242, 1252, 1262, 3502E, and 3502I series
access points. This utilizes a secondary AES-CBC (with 128 bit keys) protected DTLS tunnel
For encryption implemented with EAP-TLS, EAP-MSCHAPv2, EAP-GCT, and EAP-FAST the
APs, Controllers, and ACS/ISEs all play a role in the cryptographic key generation and
encryption process. The TOE uses the IEEE 802.11i Pairwise key hierarchy to establish session-
specific keys from the Pairwise Master Key (PMK). The PMK is generated by the ACS/ISE
(Radius server) in coordination with the wireless client and encrypted with the AES key wrap
protocol and passed to the Controller/WiSM. The PMK is then used to generate the session
specific Pairwise Transient Key (PTK). The Controller/WiSM then passes the (PTK) to the AP.
The AP uses the PTK to generate the individual session keys (Key Encryption Key (KEK), Key
Confirmation Key (KCK) and Temporal Key (TK) for encrypting the wireless traffic with each
wireless client that has been authenticated. The KEK is used by the EAPOL-Key frames to
provide confidentiality. The KCK is used by IEEE 802.11i to provide data origin authenticity
The TK, also known as the CCMP key, is the 802.11i session key for unicast communications.
Cryptographic keys are stored in flash and in SDRAM for active keys.
FCS_COP.1(2)
RSA is used for authentication and key distribution in the CAPWAP, HTTPS, EAP-FAST and
EAP-TLS, and for verification of software images downloaded from the controller to the AP.
DSA is used for authentication and key distribution for SSH. All DSA and RSA keys used in the
evaluated configuration will have a key size of 2048 bits.
FCS_COP.1(3)
SHA-1 is used as part of the TLS and DTLS protocols that underlie CAPWAP, HTTPS, EAP-
FAST and EAP-TLS, as part of HMAC-SHA-1 for SNMPv3 authentication between the
Controller and SNMPv3 applications, and key integrity protection within the 802.11i protocol.
SHA-256 is also supported for digital signatures.
FCS_COP.1(4)
Diffie-Hellman is used for anonymous and authenticated TLS DHE ciphersuite options for EAP-
FAST and EAP-TLS.
FCS_COP_(EXT).1
The Access Points implement FIPS 140-2 approved X9.31 RNGs, seeded with system entropy at
startup.
The Controllers implement the FIPS 140-2 approved FIPS 186-2 RNG, seeded with system
entropy at startup.
The FIPS approved RNGs are used for generation of security relevant random values (e.g.
nonces, Diffie-Hellman parameters) and cryptographic keys.
FDP_PUD_(EXT).1
The administrator has control over whether or not unencrypted data will be allowed to pass