Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentASR 900 Series
11121314151617181920
Cisco Aggregation Services Router (ASR) 900 Series Security Target
Page 17 of 52
Algorithm
Cert. #
RSA
1471
ECDSA
493
While the algorithm implementations listed in the preceding table were not tested on the exact
processor installed within the ASR 900, the algorithm certificates are applicable to the TOE
based on the following,
1. The cryptographic implementation which is tested is identical (unchanged) to the
cryptographic implementation on the ASR 900s.
2. The cryptographic implementation does not depend on hardware for cryptographic
acceleration I.e. there are no hardware specific cryptographic dependency. The
cryptographic algorithms are implemented completely in software.
3. This is consistent with the guidance provided in NIST IG G.5 allowing portability
amongst platforms as long as no software modification is required.
The ASR 900 platforms contain the following processors,
1. Freescale P2020 using the Freescale instruction set
2. Cisco Carrier Ethernet ASIC using a processor specific instruction set
The TOE provides cryptography in support of VPN connections and remote administrative
management via SSHv2. The cryptographic services provided by the TOE are described in
Table 10 below.
Table 10 TOE Provided Cryptography
Cryptographic Method
Use within the TOE
Internet Key Exchange
Used to establish initial IPsec session.
Secure Shell Establishment
Used to establish initial SSH session.
RSA/DSA Signature Services
Used in IPsec session establishment.
Used in SSH session establishment.
SP 800-90 RBG
Used in IPsec session establishment.
Used in SSH session establishment.
SHS
Used to provide IPsec traffic integrity verification
Used to provide SSH traffic integrity verification
AES
Used to encrypt IPsec session traffic.
Used to encrypt SSH session traffic.