Reference Guide
Aruba 3000, 6000/M3 Mobility Controller FIPS 140-2 Level 2 Security Policy|17
802.11i with EAP-
TLS
Access the module’s 802.11i
services in order to secure
network traffic
802.11i inputs,
commands and data
802.11i outputs,
status, and data
29, 30, 31, 32 (read)
34, 35 (read/write)
Self-Tests
Run Power-On Self-Tests and
Conditional Tests
None
Error messages
logged if a failure
occurs
None
Authentication Mechanisms
The Aruba Controller supports role-based authentication. Role-based authentication is performed before
the Crypto Officer enters privileged mode using admin password via Web Interface or SSHv2 or by
entering enable command and password in console. Role-based authentication is also performed for
User authentication.
This includes password and RSA/ECDSA-based authentication mechanisms. The strength of each
authentication mechanism is described below.
Table6‐EstimatedStrengthofAuthenticationMechanisms
Authentication Type Role Strength
Password-based authentication
(CLI and Web Interface)
Crypto Officer
Passwords are required to be a minimum of eight characters and a
maximum of 32 with a minimum of one letter and one number. If six
(6) integers, one (1) special character and one (1) alphabet are used
without repetition for an eight (6) digit PIN, the probability of
randomly guessing the correct sequence is one (1) in 251,596,800
(this calculation is based on the assumption that the typical standard
American QWERTY computer keyboard has 10 Integer digits, 52
alphabetic characters, and 32 special characters providing 94
characters to choose from in total. The calculation should be 10 x 9 x
8 x 7 X6 X5 x 32 x 52 = 251,596,800). Therefore, the associated
probability of a successful random attempt is approximately 1 in 8,
386, 560, which is less than 1 in 1,000,000 required by FIPS 140-2.
RSA-based authentication
(IKEv1/IKEv2)
User
When using RSA based authentication, RSA key pair has modulus
size of 2048 bits, thus providing 112 bits of strength. Assuming the
low end of that range, the associated probability of a successful
random attempt is 1 in 2^112, which is less than 1 in 1,000,000
required by FIPS 140-2.