Reference Guide
22|
Aruba 7200 Series Controllers FIPS 140-2 Level 2 Security Policy
Table 6 CSPs/Keys Used in Aruba Controllers
21
IKEv1/IKEv2 session
encryption key
Triple-DES (168
bits/AES (128/196/256
bits)
Established as a result
of IKEv1/IKEv2 service
implementation.
Stored in plaintext in
volatile memory.
Zeroized when
session is closed.
IKEv1/IKEv2 payload
encryption
22
IPSec session
encryption keys
Triple-DES (168 bits /
AES (128/196/256 bits)
Established during the
IPSec service
implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
Secure IPSec traffic
23
IPSec session
authentication keys
HMAC-SHA-1 (160
bits)
Established during the
IPSec service
implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
User authentication
24 SSHv2 session keys AES (128/196/256 bits)
Established during the
SSHv2 key exchange
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
Secure SSHv2 traffic
25
SSHv2 session
authentication key
HMAC-SHA-1 (160-bit)
Established during the
SSHv2 key exchange
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
Secure SSHv2 traffic
26 TLS pre-master secret 48 byte secret Externally generated
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
TLS key agreement
27
TLS session
encryption key
AES 128/192/256 bits
Generated in the
module during the TLS
service implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
TLS session
encryption
28
TLS session
authentication key
HMAC-SHA-1/256/384
(160/256/384 bits)
Generated in the
module during the TLS
service implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
TLS session
authentication