Specifications

ManualsBrandsCisco ManualsComputer equipmentA9014CFD

Cisco Aggregation Services Router (ASR) 901 Series Security Target

Page 48 of 50

Name

Description

Zeroization

skeyid_d, IKE Session Encryption Key and IKE

Session Authentication Key. All values

overwritten by 0’s. This key is stored in DRAM.

ISAKMP preshared

The function calls the free operation with the

poisoning mechanism that overwrites the value

with 0x0d. This key is stored in DRAM.

Zeroized using the

following command:

# no crypto isakmp key

Overwritten with: 0x0d

IKE RSA Private

Key

The operation uses the free operation with the

poisoning mechanism that overwrites the value

with 0x0d. (This function is used by the module

when zeroizing bad key pairs from RSA Key

generations.) This key is stored in NVRAM.

Zeroized using the

following command:

# crypto key zeroize rsa

Overwritten with: 0x0d

IPsec encryption key

The function zeroizes an _ike_flow structure that

includes the encryption and authentication keys.

The entire object is overwritten by 0’s using

memset. This key is stored in DRAM.

Automatically when IPsec

session terminated.

Overwritten with: 0x00

IPsec authentication

key

The function zeroizes an _ike_flow structure that

includes the encryption and authentication keys.

The entire object is overwritten by 0’s using

memset. This key is stored in DRAM.

Automatically when IPsec

session terminated.

Overwritten with: 0x00

RADIUS secret

The function calls aaa_free_secret, which uses the

poisoned free operation to zeroize the memory

from the secret structure by overwriting the space

with 0x0d and releasing the memory. This key is

stored in NVRAM.

Zeroized using the

following command:

# no radius-server key

Overwritten with: 0x0d

TACACS+ secret

The function calls aaa_free_secret, which uses the

poisoned free operation to zeroize the memory

from the secret structure by overwriting the space

with 0x0d and releasing the memory. This key is

stored in NVRAM.

Zeroized using the

following command:

# no tacacs-server key

Overwritten with: 0x0d

SSH Private Key

Once the function has completed the operations

requiring the RSA key object, the module over

writes the entire object (no matter its contents)

using memset. This overwrites the key with all

0’s. This key is stored in NVRAM.

Zeroized using the

following command:

# crypto key zeroize rsa

Overwritten with: 0x00

SSH Session Key

The results zeroized using the poisioning in free to

overwrite the values with 0x00. This is called by

the ssh_close function when a session is ended. .

This key is stored in DRAM.

Automatically when the

SSH session is terminated.

Overwritten with: 0x00