background image

 

16 

3  Module Objectives 

This section describes the assurance levels for each of the areas described in the FIPS 140-2 Standard. In 
addition, it provides information on placing the module in a FIPS 140-2 approved configuration. 

3.1  Security Levels 

 

Section  Section Title 

Level 

Cryptographic Module Specification 

Cryptographic Module Ports and Interfaces 

Roles, Services, and Authentication 

Finite State Model 

Physical Security 

Operational Environment 

N/A 

Cryptographic Key Management 

EMI/EMC 

Self-tests 

10 

Design Assurance 

11 

Mitigation of Other Attacks 

N/A 

 

3.2  Physical Security 

The Aruba Wireless AP is a scalable, multi-processor standalone network device and is enclosed in a robust 
plastic housing. The AP enclosure is resistant to probing

 

(please note that this feature has not been tested as 

part of the FIPS 140-2 validation) and is opaque within the visible spectrum. The enclosure of the AP has 
been designed to satisfy FIPS 140-2 Level 2 physical security requirements. 

 

3.2.1  Applying TELs 

The Crypto Officer is responsible for securing and having control at all times of any unused tamper evident 
labels. The Crypto Officer should employ TELs as follows: 

 

Before applying a TEL, make sure the target surfaces are clean and dry. 

 

Do not cut, trim, punch, or otherwise alter the TEL. 

 

Apply the wholly intact TEL firmly and completely to the target surfaces. 

 

Ensure that TEL placement is not defeated by simultaneous removal of multiple modules. 

 

Allow 24 hours for the TEL adhesive seal to completely cure. 

 

Record the position and serial number of each applied TEL in a security log. 

For physical security, the AP requires Tamper-Evident Labels (TELs) to allow detection of the opening of 
the device, and to block the  serial console port (on the bottom of the device).   The tamper-evident labels 
shall be installed for the  module to operate in a FIPS approved  mode of operation. To protect the device 
from tampering, TELs should be applied by the Crypto Officer as pictured below: 

Содержание PowerConnect W-AP105

Страница 1: ...0 2 Non Proprietary Security Policy for Aruba AP 92 AP 93 AP 105 AP 175 Dell W AP92 W AP93 W AP105 and W AP175 Wireless Access Points Version 1 2 Feb 2012 Aruba Networks 1322 Crossman Ave Sunnyvale CA 94089 1113 ...

Страница 2: ...2 ...

Страница 3: ...s 12 2 3 1 3 Indicator LEDs 12 2 4 AP 175 SERIES 13 2 4 1 Physical Description 14 2 4 1 1 Dimensions Weight 14 2 4 1 2 Interfaces 14 2 4 1 3 Indicator LEDs 15 3 MODULE OBJECTIVES 16 3 1 SECURITY LEVELS 16 3 2 PHYSICAL SECURITY 16 3 2 1 Applying TELs 16 3 2 2 AP 92 TEL Placement 17 3 2 2 1 To detect access to restricted ports 17 3 2 2 2 To detect opening of the chassis cover 17 3 2 3 AP 93 TEL Plac...

Страница 4: ... 3 3 4 Configuring Remote Mesh Point FIPS Mode 29 3 3 5 Verify that the module is in FIPS mode 30 3 4 OPERATIONAL ENVIRONMENT 30 3 5 LOGICAL INTERFACES 31 4 ROLES AUTHENTICATION AND SERVICES 32 4 1 ROLES 32 4 1 1 Crypto Officer Authentication 32 4 1 2 User Authentication 33 4 1 3 Wireless Client Authentication 33 4 1 4 Strength of Authentication Mechanisms 33 4 2 SERVICES 35 4 2 1 Crypto Officer S...

Страница 5: ...n be freely distributed 1 1 Aruba Dell Relationship Aruba Networks is the OEM for the Dell PowerConnect W line of products Dell products are identical to the Aruba products other than branding and Dell software is identical to Aruba software other than branding Table 1 Corresponding Aruba and Dell Part Numbers Aruba Part Number Dell Corresponding Part Number AP 92 F1 W AP92 F1 AP 93 F1 W AP93 F1 A...

Страница 6: ...tocol security KAT Known Answer Test KEK Key Encryption Key L2TP Layer 2 Tunneling Protocol LAN Local Area Network LED Light Emitting Diode SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SPOE Serial Power Over Ethernet TEL Tamper Evident Label TFTP Trivial File Transfer Protocol WLAN Wireless Local Area Network ...

Страница 7: ...LAN access air monitoring and wireless intrusion detection and prevention The access point works in conjunction with Aruba Mobility Controllers to deliver high speed secure user centric network services in education enterprise finance government healthcare and retail applications 2 1 1 Physical Description The Aruba AP 92 series Access Point is a multi chip standalone cryptographic module consisti...

Страница 8: ...ollowing power interfaces 48 V DC 802 3af power over Ethernet 12 V DC for external AC supplied power adapter sold separately 2 1 1 3 Indicator LEDs There are 4 bicolor power ENET and WLAN LEDs which operate as follows Table 2 AP 92 Indicator LEDs Label Function Action Status PWR AP power ready status Off No power to AP Red Initial power up condition Flashing Green Device booting not ready On Green...

Страница 9: ...o supporting 2 4 GHz or 5 GHz 802 11a b g n indoor wireless access points capable of delivering wireless data rates of up to 300Mbps This multi function access point provides wireless LAN access air monitoring and wireless intrusion detection and prevention The access point works in conjunction with Aruba Mobility Controllers to deliver high speed secure user centric network services in education ...

Страница 10: ...ides the following network interfaces 1 x 10 100 1000 Base T Ethernet RJ45 Auto sensing link speed and MDI MDX Antenna internal 1 x RJ 45 console interface The module provides the following power interfaces 48 V DC 802 3af power over Ethernet 12 V DC for external AC supplied power adapter sold separately 2 2 1 3 Indicator LEDs There are 4 bicolor power ENET and WLAN LEDs which operate as follows T...

Страница 11: ...cess Points APs with FIPS 140 2 Level 2 validation It describes the purpose of the AP its physical attributes and its interfaces Figure 3 AP 105 Wireless Access Point The Aruba AP 105 is high performance 802 11n 2x2 2 MIMO dual radio concurrent 802 11a n b g n indoor wireless access points capable of delivering combined wireless data rates of up to 600Mbps This multi function access point provides...

Страница 12: ...P105 F1 The exact firmware versions tested were ArubaOS_6xx_6 1 2 3 FIPS Dell_PCW_6xx_6 1 2 3 FIPS 2 3 1 1 Dimensions Weight The AP has the following physical dimensions 132 mm x 135 mm x 45 mm 5 2 x 5 3 x 1 8 0 3 kg 10 56 oz 2 3 1 2 Interfaces The module provides the following network interfaces 1 x 10 100 1000 Base T Ethernet RJ45 Auto sensing link speed and MDI MDX Antenna internal 1 x RJ 45 co...

Страница 13: ...AP 175 series Wireless Access Points APs with FIPS 140 2 Level 2 validation It describes the purpose of the AP its physical attributes and its interfaces Figure 4 AP 175 Wireless Access Point The Aruba AP 175 is high performance 802 11n 2x2 2 MIMO dual radio concurrent 802 11a n b g n indoor wireless access points capable of delivering combined wireless data rates of up to 600Mbps This multi funct...

Страница 14: ...Part Number Dell Corresponding Part Number AP 175P F1 W AP175P F1 AP 175AC F1 W AP175AC F1 AP 175DC F1 W AP175DC F1 The exact firmware versions tested were ArubaOS_6xx_6 1 2 3 FIPS Dell_PCW_6xx_6 1 2 3 FIPS 2 4 1 1 Dimensions Weight The AP has the following physical dimensions 260 mm x 240 mm x 105 mm 10 2 x 9 4 x4 1 3 25 kg 7 lb 2 4 1 2 Interfaces The module provides the following network interfa...

Страница 15: ...k activity WLAN0 D6 Radio0 Status Off Radio0 disabled On Orange Radio0 enabled WLAN1 D1 Radio1 Status Off Radio1 disabled On Blue Radio1 enabled SS1 D7 D2 Signal Strength Radio0 Radio1 least significant bit On Orange Blue For Radio0 Orange and For Radio1 Blue Off SS1 to SS4 LEDs turn on off depending on the signal strength of the current radio neighbors Stronger the signal more LEDs get lit starti...

Страница 16: ...pectrum The enclosure of the AP has been designed to satisfy FIPS 140 2 Level 2 physical security requirements 3 2 1 Applying TELs The Crypto Officer is responsible for securing and having control at all times of any unused tamper evident labels The Crypto Officer should employ TELs as follows Before applying a TEL make sure the target surfaces are clean and dry Do not cut trim punch or otherwise ...

Страница 17: ...To detect access to restricted ports 1 Spanning the serial port 3 2 2 2 To detect opening of the chassis cover 2 Spanning the bottom and top chassis covers on the right side 3 Spanning the bottom and top chassis covers on the left side Following is the TEL placement for the AP 92 Figure 5 AP 92 Tel placement front view Figure 6 Aruba AP 92 Tel placement left view ...

Страница 18: ...18 Figure7 Aruba AP 92 Tel placement right view Figure 8 Aruba AP 92 Tel placement top view ...

Страница 19: ...of 3 TELs to be applied as follows 3 2 3 1 To detect access to restricted ports 1 Spanning the serial port 3 2 3 2 To detect opening of the chassis cover 2 Spanning the bottom and top chassis covers on the left side 3 Spanning the bottom and top chassis covers on the right side Following is the TEL placement for the AP 93 Figure 10 Aruba AP 93 Tel placement front view ...

Страница 20: ...20 Figure 11 Aruba AP 93 Tel placement left view Figure 12 Aruba AP 93 Tel placement right view Figure 13 Aruba AP 93 Tel placement bottom view ...

Страница 21: ...f 3 TELs to be applied as follows 3 2 4 1 To detect opening of the chassis cover 1 Spanning the bottom and top chassis covers on the left side 2 Spanning the bottom and top chassis covers on the right side 3 2 4 2 To detect access to restricted ports 3 Spanning the serial port Following is the TEL placement for the AP 105 Figure 15 Aruba AP 105 Tel placement front view ...

Страница 22: ...22 Figure 16 Aruba AP 105 Tel placement left view Figure 17 Aruba AP 105 Tel placement right view Power Input Inlet Figure 18 Aruba AP 105 Tel placement top view ...

Страница 23: ... 5 1 To detect access to restricted ports 1 Spanning the USB console port 2 Spanning the power connector plug AP 175P only 3 Spanning the hex screw 3 2 5 2 To detect opening of the chassis cover 4 Spanning the top and bottom chassis covers on the left side 5 Spanning the top and bottom chassis covers on the right side Following is the TEL placement for the AP 175 Figure 19 Aruba AP 175 Tel placeme...

Страница 24: ...24 Figure 20 Aruba AP 175 Tel placement back view Figure 21 Aruba AP 175 Tel placement left view Figure 22 Aruba AP 175 Tel placement right view ...

Страница 25: ...echanisms Physical Security Mechanism Recommended Test Frequency Guidance Tamper evident labels TELs Once per month Examine for any sign of removal replacement tearing etc See images above for locations of TELs Opaque module enclosure Once per month Examine module enclosure for any evidence of new openings or other access to the module internals ...

Страница 26: ...PS Mode How to verify that it is in FIPS mode An important point in the Aruba APs is that to change configurations from any one mode to any other mode requires the module to be re provisioned and rebooted before any new configured mode can be enabled The access point is managed by an Aruba Mobility Controller in FIPS mode and access to the Mobility Controller s administrative interface via a non n...

Страница 27: ...erated at manufacturing time in factory 9 Via the logging facility of the staging controller ensure that the module the AP is successfully provisioned with firmware and configuration 10 Terminate the administrative session 11 Disconnect the module from the staging controller and install it on the deployment network when power is applied the module will attempt to discover and connect to an Aruba M...

Страница 28: ...s according to the directions in section 3 2 2 Log into the administrative console of the staging controller 3 Deploying the AP in Remote Mesh Portal mode create the corresponding Mesh Profiles on the controller as described in detail in Section Mesh Profiles of Chapter Secure Enterprise Mesh of the Aruba OS User Manual a For mesh configurations configure a WPA2 PSK which is 16 ASCII characters or...

Страница 29: ...o the administrative console of the Aruba Mobility Controller 2 Verify that the module is connected to the Mobility Controller 3 Verify that the module has FIPS mode enabled by issuing command show ap ap name ap name config 4 Terminate the administrative session 3 3 4 Configuring Remote Mesh Point FIPS Mode 1 Apply TELs according to the directions in section 3 2 2 Log into the administrative conso...

Страница 30: ...memory and is generated at manufacturing time in factory b During the provisioning process as Mesh Point the WPA2 PSK is input to the module via the corresponding Mesh cluster profile This key is stored on flash encrypted 9 Via the logging facility of the staging controller ensure that the module the AP is successfully provisioned with firmware and configuration 10 Terminate the administrative ses...

Страница 31: ...sts of manual control inputs for power and reset through the power interfaces It also consists of all of the data that is entered into the access point while using the management interfaces Status output consists of the status indicators displayed through the LEDs the status data that is output from the module while using the management interfaces and the log file o LEDs indicate the physical stat...

Страница 32: ...dule via WPA2 PSK only CPSec AP o Crypto Officer Role the Crypto Officer is the Aruba Mobility Controller that has the ability to configure manage and monitor the module including the configuration loading and zeroization of CSPs o User role in the standard configuration the User operator shares the same services and authentication techniques as the Mobility Controller in the Crypto Officer o Wire...

Страница 33: ...Authentication Mechanism Mechanism Strength IKEv1 IKEv2 shared secret CO role For IKEv1 IKEv2 there are a 95 8 6 63 x 10 15 possible pre shared keys In order to test the guessed key the attacker must complete an IKEv1 IKEv2 aggressive mode exchange with the module IKEv1 IKEv2 aggressive mode consists of a 3 packet exchange but for simplicity let s ignore the final packet sent from the AP to the at...

Страница 34: ...he real world actual throughput is significantly less than this but we will use this idealized number to ensure that our estimate is very conservative This means that the maximum number of associations assume no delays no inter frame gaps that could be completed is less than 37 500 000 214 267 857 per second or 16 071 429 associations per minute This means that an attacker could certainly not try ...

Страница 35: ...memory IKEv1 IKEv2 shared secret WPA2 PSK KEK Remotely reboot module The CO can remotely trigger a reboot KEK is accessed when configuration is read during reboot The firmware verification key and firmware verification CA key are accessed to validate firmware prior to boot Self test triggered by CO User reboot The CO can trigger a programmatic reset leading to self test and initialization KEK is a...

Страница 36: ... 11i AES CCM key System Status CO may view system status information through the secured management channel See creation use of secure management session above 4 2 2 User Services The User services defined in Remote AP FIPS mode and CPSec protected AP FIPS mode shares the same services with the Crypto Officer role please refer to Section 4 2 1 Crypto Officer Services The following services are pro...

Страница 37: ...s Generation and use of 802 11i cryptographic keys In all modes the links between the module and wireless client are secured with 802 11i 802 11i PMK 802 11i PTK 802 11i EAPOL MIC Key 802 11i EAPOL Encryption Key 802 11i AES CCM key 802 11i GMK 802 11i GTK Use of WPA pre shared key for establishment of IEEE 802 11i keys When the module is in advanced Remote AP configuration the links between the m...

Страница 38: ...status SYSLOG and module LEDs 802 11 a b g n FTP TFTP NTP GRE tunneling of 802 11 wireless user frames when acting as a Local AP Reboot module by removing replacing power Self test and initialization at power on ...

Страница 39: ...ubaOS Kernel implements the following FIPS approved algorithms o AES Cert 1847 o HMAC Cert 1097 o SHS Cert 1625 o Triple DES Cert 1197 ArubaOS UBOOT Bootloader implements the following FIPS approved algorithms o RSA Cert 935 o SHS Cert 1629 Aruba Atheros hardware CCM implements the following FIPS approved algorithms o AES Cert 1849 Non FIPS Approved Algorithms The cryptographic module implements t...

Страница 40: ...ministrative interface or by the ap wipe out flash command Module and crypto officer authentication during IKEv1 IKEv2 entered into the module in plaintext during initialization and encrypted over the IPSec session subsequently IPSec session encryption keys 168 bit Triple DES or 128 192 256 bit AES keys Established during Diffie Hellman key agreement Stored in plaintext in volatile memory zeroized...

Страница 41: ...tored in plaintext in volatile memory only zeroized on reboot Seed ANSI X9 31 RNG ArubaOS OpenSSL RNG Seed key for FIPS compliant ANSI X9 31 Appendix A2 4 using AES 128 Key algorithm Seed key 16 bytes AES 128 Key algorithm Derived using NON FIPS approved HW RNG dev urandom Stored in plaintext in volatile memory only zeroized on reboot Seed ANSI X9 31 RNG ArubaOS Cryptographic Module RNG Seed for F...

Страница 42: ...ransient Key PTK 802 11i Pairwise Transient Key PTK 512 bit shared secret from which Temporal Keys TKs are derived Derived during 802 11i 4 way handshake In volatile memory only zeroized on reboot All session encryption dec ryption keys are derived from the PTK 802 11i EAPOL MIC Key 128 bit shared secret used to protect 4 way key handshake Derived from PTK In volatile memory only zeroized on reboo...

Страница 43: ...d in plaintext in volatile memory zeroized on reboot Used to derive multicast cryptographic keys 802 11i Group AES CCM Data Encryption MIC Key 128 bit AES CCM key derived from GTK Derived from 802 11 group key handshake Stored in plaintext in volatile memory zeroized on reboot Used to protect multicast message confidentiality and integrity AES CCM RSA private Key 1024 2048 bit RSA private key Gene...

Страница 44: ... SHA1 SHA256 SHA384 and SHA512 KAT o Triple DES KAT ArubaOS Uboot Bootloader Module o Firmware Integrity Test RSA 2048 bit Signature Validation Aruba Atheros hardware CCM o AES CCM KAT The following Conditional Self tests are performed in the module Continuous Random Number Generator Test This test is run upon generation of random data by the module s random number generators to detect failure to ...

Страница 45: ...n ArubaOS OpenSSL AP module and ArubaOS cryptographic module KAT failure AP rebooted DATE TIME Restarting System SW FIPS KAT failed For an AES Atheros hardware POST failure Starting HW SHA1 KAT Completed HW SHA1 AT Starting HW HMAC SHA1 KAT Completed HW HMAC SHA1 KAT Starting HW DES KAT Completed HW DES KAT Starting HW AES KAT Restarting system ...

Отзывы: