Reference Guide
Aruba 3000, 6000/M3 Mobility Controller FIPS 140-2 Level 2 Security Policy|21
Critical Security Parameters
The following are the Critical Security Parameters (CSPs) used in the controller.
Table7‐CSPs/KeysUsedinArubaControllers
# Name CSPs type Generation
Storage and
Zeroization
Use
1
Key Encryption Key
(KEK)
Triple-DES 168-bit key
Hardcoded during
manufacturing
Stored in Flash.
Zeroized by using
command ‘wipe out
flash’
Encrypts IKEv1/IKEv2
Pre-shared key,
RADIUS server
shared secret, RSA
private key, ECDSA
private key, 802.11i
pre-shared key and
Passwords.
2 DRBG entropy input
SP800-90a DRBG (512
bits)
Derived using NON-
FIPS approved HW
RNG
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG initialization
3 DRBG seed
SP800-90a DRBG (384
bits)
Generated per SP800-
90A using a derivation
function
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG initialization
4 DRBG key SP800-90a (256 bits)
Generated per SP800-
90A
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG
5 DRBG V SP800-90a (128 bits)
Generated per SP800-
90A
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG
6 RNG seed
FIPS 186-2 RNG Seed
(512 bits)
Derived using NON-
FIPS approved HW
RNG
Stored in plaintext in
volatile memory.
Zeroized on reboot.
Seed 186-2 General
purpose (x-change
Notice); SHA-1 RNG