FIPS 140-2 Non-Proprietary Security Policy for Aruba AP-92, AP-93, AP-104, AP-105, AP-175 Dell W-AP92, W-AP93, W-AP104, W-AP105 and W- AP175 Wireless Access Points Version 1.2 October 2012 Aruba Networks™ 1322 Crossman Ave. Sunnyvale, CA 94089-1113 1 2 Copyright © 2012 Aruba Networks, Inc. Aruba Networks trademarks include ,Aruba Networks®, Aruba Wireless Networks®, the registered Aruba ® the Mobile Edge Company logo, Aruba Mobility Management System , Mobile Edge Architecture , People Move. Networks Must Follow , RFProtect , Green Island®. All ® ® ® rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: http://www.arubanetworks.com/open_source Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting it) voids the warranty. Copyright © 2011 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®,the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. Dell™, the DELL™ logo, andPowerConnect™ are trademarks of Dell Inc. 3 1  INTRODUCTION .................................................................................................................................6  1.1  ARUBA DELL RELATIONSHIP ........................................................................................................... 6  1.2  ACRONYMS AND ABBREVIATIONS ................................................................................................... 6  2  PRODUCT OVERVIEW ......................................................................................................................8  2.1  AP-92.............................................................................................................................................. 8  2.1.1  Physical Description............................................................................................................... 8  2.1.1.1  Dimensions/Weight ............................................................................................................ 9  2.1.1.2  Interfaces ............................................................................................................................ 9  2.1.1.3  Indicator LEDs ................................................................................................................... 9  2.2  AP-93............................................................................................................................................ 10  2.2.1  Physical Description............................................................................................................. 10  2.2.1.1  Dimensions/Weight .......................................................................................................... 11  2.2.1.2  Interfaces .......................................................................................................................... 11  2.2.1.3  Indicator LEDs ................................................................................................................. 11  2.3  AP-104 SERIES .............................................................................................................................. 12  2.3.1  Physical Description............................................................................................................. 13  2.3.1.1  Dimensions/Weight .......................................................................................................... 13  2.3.1.2  Interfaces .......................................................................................................................... 13  2.3.1.3  Indicator LEDs ................................................................................................................. 13  2.4  AP-105 SERIES .............................................................................................................................. 14  2.4.1  Physical Description............................................................................................................. 15  2.4.1.1  Dimensions/Weight .......................................................................................................... 15  2.4.1.2  Interfaces .......................................................................................................................... 15  2.4.1.3  Indicator LEDs ................................................................................................................. 15  2.5  AP-175 SERIES .............................................................................................................................. 16  2.5.1  Physical Description............................................................................................................. 17  2.5.1.1  Dimensions/Weight .......................................................................................................... 17  2.5.1.2  Interfaces .......................................................................................................................... 17  2.5.1.3  Indicator LEDs ................................................................................................................. 18  3  MODULE OBJECTIVES ...................................................................................................................19  3.1  SECURITY LEVELS ......................................................................................................................... 19  3.2  PHYSICAL SECURITY ..................................................................................................................... 19  3.2.1  Applying TELs ...................................................................................................................... 19  3.2.2  AP-92 TEL Placement .......................................................................................................... 20  3.2.2.1  To detect access to restricted ports: .................................................................................. 20  3.2.2.2  To detect opening of the chassis cover: ............................................................................ 20  3.2.3  AP-93 TEL Placement .......................................................................................................... 23  4 3.2.3.1  To detect access to restricted ports: .................................................................................. 23  3.2.3.2  To detect opening of the chassis cover: ............................................................................ 23  3.2.4  AP-104 TEL Placement ........................................................................................................ 25  3.2.4.1  To detect opening of the chassis cover: ............................................................................ 25  3.2.4.2  To detect access to restricted ports: .................................................................................. 25  3.2.5  AP-105 TEL Placement ........................................................................................................ 27  3.2.5.1  To detect opening of the chassis cover: ............................................................................ 28  3.2.5.2  To detect access to restricted ports: .................................................................................. 28  3.2.6  AP-175 TEL Placement ........................................................................................................ 30  3.2.6.1  To detect access to restricted ports: .................................................................................. 30  3.2.6.2  To detect opening of the chassis cover: ............................................................................ 30  3.2.7  Inspection/Testing of Physical Security Mechanisms ........................................................... 32  3.3  MODES OF OPERATION .................................................................................................................. 33  3.3.1  Configuring Remote AP FIPS Mode ..................................................................................... 33  3.3.2  Configuring Control Plane Security (CPSec) protected AP FIPS mode .............................. 34  3.3.3  Configuring Remote Mesh Portal FIPS Mode ...................................................................... 35  3.3.4  Configuring Remote Mesh Point FIPS Mode ....................................................................... 36  3.3.5  Verify that the module is in FIPS mode ................................................................................ 37  3.4  OPERATIONAL ENVIRONMENT....................................................................................................... 37  3.5  LOGICAL INTERFACES ................................................................................................................... 37  4  ROLES, AUTHENTICATION AND SERVICES ............................................................................39  4.1  ROLES ........................................................................................................................................... 39  4.1.1  Crypto Officer Authentication .............................................................................................. 40  4.1.2  User Authentication .............................................................................................................. 40  4.1.3  Wireless Client Authentication ............................................................................................. 40  4.1.4  Strength of Authentication Mechanisms ............................................................................... 40  4.2  SERVICES ...................................................................................................................................... 42  4.2.1  Crypto Officer Services......................................................................................................... 42  4.2.2  User Services ........................................................................................................................ 43  4.2.3  Wireless Client Services ....................................................................................................... 44  4.2.4  Unauthenticated Services ..................................................................................................... 45  5  CRYPTOGRAPHIC ALGORITHMS ..............................................................................................46  6  CRITICAL SECURITY PARAMETERS .........................................................................................47  7  SELF TESTS........................................................................................................................................51  5 1 Introduction This document constitutes the non-proprietary Cryptographic Module Security Policy for the AP-92, AP- 93, AP-104, AP-105 and AP-175 Wireless Access Points with FIPS 140-2 Level 2 validation from Aruba Networks. This security policy describes how the AP meets the security requirements of FIPS 140-2 Level 2, and how to place and maintain the AP in a secure FIPS 140-2 mode. This policy was prepared as part of the FIPS 140-2 Level 2 validation of the product. FIPS 140-2 (Federal Information Processing Standards Publication 140-2, Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Web-site at: http://csrc.nist.gov/groups/STM/cmvp/index.html This document can be freely distributed. 1.1 Aruba Dell Relationship Aruba Networks is the OEM for the Dell PowerConnect W line of products. Dell products are identical to the Aruba products other than branding and Dell software is identical to Aruba software other than branding. For example, Aruba "AP-92-F1" is equivalent to Dell "W-AP92-F1", and "ArubaOS_6.12.3- FIPS " is equivalent to "DELL_PCW_6.1.2.3-FIPS” Table 1 - Corresponding Aruba and Dell Part Numbers Aruba Part Number Aruba Firmware Dell Corresponding Dell Firmware Part Number AP-92-F1 ArubaOS_6.1.2.3-FIPS W-AP92-F1 Dell_PCW_6.1.2.3-FIPS AP-93-F1 ArubaOS_6.1.2.3-FIPS W-AP93-F1 Dell_PCW_6.1.2.3-FIPS AP-104-F1 ArubaOS_6.1.2.3-FIPS W-AP104-F1 Dell_PCW_6.1.2.3-FIPS AP-105-F1 ArubaOS_6.1.2.3-FIPS W-AP105-F1 Dell_PCW_6.1.2.3-FIPS AP-175P-F1 ArubaOS_6.1.2.3-FIPS W-AP175P-F1 Dell_PCW_6.1.2.3-FIPS AP-175AC-F1 ArubaOS_6.1.2.3-FIPS W-AP175AC-F1 Dell_PCW_6.1.2.3-FIPS AP-175DC-F1 ArubaOS_6.1.2.3-FIPS W-AP175DC-F1 Dell_PCW_6.1.2.3-FIPS NOTE: References to Aruba, ArubaOS, Aruba AP-92, Aruba AP-93, Aruba AP-104, Aruba AP-105 and Aruba AP-175 wireless access points apply to both the Aruba and Dell versions of these products and documentation. 1.2 Acronyms and Abbreviations   AES Advanced Encryption Standard AP Access Point CBC Cipher Block Chaining CLI Command Line Interface CO Crypto Officer CPSec Control Plane Security protected CSEC Communications Security Establishment Canada CSP Critical Security Parameter 6 ECO External Crypto Officer EMC Electromagnetic Compatibility EMI Electromagnetic Interference FE Fast Ethernet GE Gigabit Ethernet GHz Gigahertz HMAC Hashed Message Authentication Code Hz Hertz IKE Internet Key Exchange IPSec Internet Protocol security KAT Known Answer Test KEK Key Encryption Key L2TP Layer-2 Tunneling Protocol LAN Local Area Network LED Light Emitting Diode SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SPOE Serial & Power Over Ethernet TEL Tamper-Evident Label TFTP Trivial File Transfer Protocol WLAN Wireless Local Area Network 7 2 Product Overview This section introduces the various Aruba Wireless Access Points, providing a brief overview and summary of the physical features of each model covered by this FIPS 140-2 security policy. 2.1 AP-92 This section introduces the Aruba AP-92 Wireless Access Point (AP) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. Figure 1 - AP-92 Wireless Access Point The Aruba AP-92 is robust-performance 802.11n (2x2:2) MIMO, single radio supporting 2.4 GHz or 5 GHz (802.11a/ b/g/n), indoor wireless access points capable of delivering wireless data rates of up to 300Mbps. This multi-function access point provides wireless LAN access, air monitoring, and wireless intrusion detection and prevention. The access point works in conjunction with Aruba Mobility Controllers to deliver high-speed, secure user-centric network services in education, enterprise, finance, government, healthcare, and retail applications. 2.1.1 Physical Description The Aruba AP-92 series Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard plastic case. The module contains 802.11 a/b/g/n transceiver and supports external antennas through dual, detachable antenna interface The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: Aruba Part Number Dell Corresponding Part Number AP-92-F1 W-AP92-F1 8 The exact firmware versions validated were: • ArubaOS_6.1.2.3-FIPS • Dell_PCW_6.1.2.3-FIPS 2.1.1.1 Dimensions/Weight The AP has the following physical dimensions: • 120 mm x 130 mm x 35 mm (4.7" x 5.1" x 1.4") • 255 g (9 oz) 2.1.1.2 Interfaces The module provides the following network interfaces: • 1 x 10/100/1000 Base-T Ethernet (RJ45) Auto-sensing link speed and MDI/MDX • Antenna 2x RP-SMA antenna interfaces (supports up to 2x2 MIMO with spatial diversity) o • 1 x RJ-45 console interface The module provides the following power interfaces: • 48 V DC 802.3af power over Ethernet • 12 V DC for external AC supplied power (adapter sold separately) 2.1.1.3 Indicator LEDs There are 4 bicolor (power, ENET and WLAN) LEDs which operate as follows: Table 2- AP-92 Indicator LEDs Label Function Action Status PWR AP power / ready status Off No power to AP Red Initial power-up condition Flashing – Green Device booting, not ready On – Green Device ready ENET Ethernet Network Link Off Ethernet link unavailable Status / Activity On – Amber 10/100Mbs Ethernet link negotiated On – Green 1000Mbs Ethernet link negotiated Flashing Ethernet link activity 11b/g/n 2.4GHz Radio Status Off 2.4GHz radio disabled On – Amber 2.4GHz radio enabled in WLAN mode 9 Label Function Action Status On – Green 2.4GHz radio enabled in 802.11n mode Flashing - Green 2.4GHz Air monitor or RF protect sensor 11a/n 5GHz Radio Status Off 5GHz radio disabled On - Amber 5GHz radio enabled in WLAN mode On – Green 5GHz radio enabled in 802.11n mode Flashing - Green 5GHz Air monitor or RF protect sensor 2.2 AP-93 This section introduces the Aruba AP-93 Wireless Access Point (AP) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. Figure 2 - AP-93 Wireless Access Point The Aruba AP-93 is robust-performance 802.11n (2x2:2) MIMO, single radio supporting 2.4 GHz or 5 GHz (802.11a/ b/g/n), indoor wireless access points capable of delivering wireless data rates of up to 300Mbps. This multi-function access point provides wireless LAN access, air monitoring, and wireless intrusion detection and prevention. The access point works in conjunction with Aruba Mobility Controllers to deliver high-speed, secure user-centric network services in education, enterprise, finance, government, healthcare, and retail applications. 2.2.1 Physical Description The Aruba AP-93 series Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard plastic case. The module contains 802.11 a/b/g/n transceiver and 2 integrated omni-directional multi-band dipole antenna elements (supporting up to 2x2 MIMO with spatial diversity). 10 The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: Aruba Part Number Dell Corresponding Part Number AP-93-F1 W-AP93-F1 The exact firmware versions validated were: • ArubaOS_6.1.2.3-FIPS • Dell_PCW_6.1.2.3-FIPS 2.2.1.1 Dimensions/Weight The AP has the following physical dimensions: • 120 mm x 130 mm x 35 mm (4.7" x 5.1" x 1.4") • 255 g (9 oz) 2.2.1.2 Interfaces The module provides the following network interfaces: • 1 x 10/100/1000 Base-T Ethernet (RJ45) Auto-sensing link speed and MDI/MDX • Antenna (internal) • 1 x RJ-45 console interface The module provides the following power interfaces: • 48 V DC 802.3af power over Ethernet • 12 V DC for external AC supplied power (adapter sold separately) 2.2.1.3 Indicator LEDs There are 4 bicolor (power, ENET and WLAN) LEDs which operate as follows: Table 3- AP-93 Indicator LEDs Label Function Action Status PWR AP power / ready status Off No power to AP Red Initial power-up condition Flashing – Green Device booting, not ready On – Green Device ready ENET Ethernet Network Link Off Ethernet link unavailable Status / Activity On – Amber 10/100Mbs Ethernet link negotiated On – Green 1000Mbs Ethernet link negotiated 11 Label Function Action Status Flashing Ethernet link activity 11b/g/n 2.4GHz Radio Status Off 2.4GHz radio disabled On – Amber 2.4GHz radio enabled in WLAN mode On – Green 2.4GHz radio enabled in 802.11n mode Flashing - Green 2.4GHz Air monitor or RF protect sensor 11a/n 5GHz Radio Status Off 5GHz radio disabled On - Amber 5GHz radio enabled in WLAN mode On – Green 5GHz radio enabled in 802.11n mode Flashing - Green 5GHz Air monitor or RF protect sensor 2.3 AP-104 Series This section introduces the Aruba AP-104 series Wireless Access Points (APs) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. Figure 3 - AP-104 Wireless Access Point The Aruba AP-104 is high-performance 802.11n (2x2:2) MIMO, dual-radio (concurrent 802.11a/n + b/g/n) indoor wireless access points capable of delivering combined wireless data rates of up to 600Mbps. This multi-function access point provides wireless LAN access, air monitoring, and wireless intrusion detection and prevention over the 2.4GHz and 5GHz RF spectrum. The access point works in conjunction with Aruba Mobility Controllers to deliver high-speed, secure user-centric network services in education, enterprise, finance, government, healthcare, and retail applications. 12 2.3.1 Physical Description The Aruba AP-104 Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard plastic case. The module contains two dual-band 2.4-GHz/5-GHz 802.11 a/b/g/n transceivers, and 4 x external antenna connectors (supporting up to 2x2 MIMO with spatial diversity). The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: Aruba Part Number Dell Corresponding Part Number AP-104-F1 W-AP104-F1 The exact firmware versions validated were: • ArubaOS_6.1.2.3-FIPS • Dell_PCW_6.1.2.3-FIPS 2.3.1.1 Dimensions/Weight The AP has the following physical dimensions: • 132 mm x 135 mm x 45 mm (5.2" x 5.3" x 1.8") • 0.3 kg (10.56 oz) 2.3.1.2 Interfaces The module provides the following network interfaces: • 1 x 10/100/1000 Base-T Ethernet (RJ45) Auto-sensing link speed and MDI/MDX • Antenna (external) • 1 x RJ-45 console interface The module provides the following power interfaces: • 48 V DC 802.3af power over Ethernet • 12 V DC for external AC supplied power (adapter sold separately) 2.3.1.3 Indicator LEDs There are 4 bicolor (power, ENET and WLAN) LEDs which operate as follows: Table 4- AP-104 Indicator LEDs Label Function Action Status PWR AP power / ready status Off No power to AP Red Initial power-up condition 13 Flashing – Green Device booting, not ready On – Green Device ready ENET Ethernet Network Link Off Ethernet link unavailable Status / Activity On – Amber 10/100Mbs Ethernet link negotiated On – Green 1000Mbs Ethernet link negotiated Flashing Ethernet link activity 11b/g/n 2.4GHz Radio Status Off 2.4GHz radio disabled On – Amber 2.4GHz radio enabled in WLAN mode On – Green 2.4GHz radio enabled in 802.11n mode Flashing - Green 2.4GHz Air monitor or RFprotect sensor 11a/n 5GHz Radio Status Off 5GHz radio disabled On - Amber 5GHz radio enabled in WLAN mode On – Green 5GHz radio enabled in 802.11n mode Flashing - Green 5GHz Air monitor or RFprotect sensor 2.4 AP-105 Series This section introduces the Aruba AP-105 series Wireless Access Points (APs) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. Figure 3 - AP-105 Wireless Access Point The Aruba AP-105 is high-performance 802.11n (2x2:2) MIMO, dual-radio (concurrent 802.11a/n + b/g/n) indoor wireless access points capable of delivering combined wireless data rates of up to 600Mbps. This multi-function access point provides wireless LAN access, air monitoring, and wireless intrusion detection and prevention over the 2.4GHz and 5GHz RF spectrum. The access point works in conjunction with Aruba Mobility Controllers to deliver high-speed, secure user-centric network services in education, enterprise, finance, government, healthcare, and retail applications. 14 2.4.1 Physical Description The Aruba AP-105 Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard plastic case. The module contains two dual-band 2.4-GHz/5-GHz 802.11 a/b/g/n transceivers, and 4 x integrated, omni-directional antenna elements (supporting up to 2x2 MIMO with spatial diversity). The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: Aruba Part Number Dell Corresponding Part Number AP-105-F1 W-AP105-F1 The exact firmware versions validated were: • ArubaOS_6.1.2.3-FIPS • Dell_PCW_6.1.2.3-FIPS 2.4.1.1 Dimensions/Weight The AP has the following physical dimensions: • 132 mm x 135 mm x 45 mm (5.2" x 5.3" x 1.8") • 0.3 kg (10.56 oz) 2.4.1.2 Interfaces The module provides the following network interfaces: • 1 x 10/100/1000 Base-T Ethernet (RJ45) Auto-sensing link speed and MDI/MDX • Antenna (internal) • 1 x RJ-45 console interface The module provides the following power interfaces: • 48 V DC 802.3af power over Ethernet • 12 V DC for external AC supplied power (adapter sold separately) 2.4.1.3 Indicator LEDs There are 4 bicolor (power, ENET and WLAN) LEDs which operate as follows: Table 4- AP-105 Indicator LEDs Label Function Action Status PWR AP power / ready status Off No power to AP Red Initial power-up condition Flashing – Green Device booting, not ready On – Green Device ready 15 ENET Ethernet Network Link Off Ethernet link unavailable Status / Activity On – Amber 10/100Mbs Ethernet link negotiated On – Green 1000Mbs Ethernet link negotiated Flashing Ethernet link activity 11b/g/n 2.4GHz Radio Status Off 2.4GHz radio disabled On – Amber 2.4GHz radio enabled in WLAN mode On – Green 2.4GHz radio enabled in 802.11n mode Flashing - Green 2.4GHz Air monitor or RFprotect sensor 11a/n 5GHz Radio Status Off 5GHz radio disabled On - Amber 5GHz radio enabled in WLAN mode On – Green 5GHz radio enabled in 802.11n mode Flashing - Green 5GHz Air monitor or RFprotect sensor 2.5 AP-175 Series This section introduces the Aruba AP-175 series Wireless Access Points (APs) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. Figure 4 - AP-175 Wireless Access Point The Aruba AP-175 is high-performance 802.11n (2x2:2) MIMO, dual-radio (concurrent 802.11a/n + b/g/n) indoor wireless access points capable of delivering combined wireless data rates of up to 600Mbps. This multi-function access point provides wireless LAN access, air monitoring, and wireless intrusion detection and prevention over the 2.4GHz and 5GHz RF spectrum. The multifunction AP-175 is an affordable, fully hardened outdoor 802.11n access point (AP) that provides maximum deployment flexibility in high-density campuses, storage yards, warehouses, container/transportation facilities, extreme industrial production areas and other harsh environments. 16 2.5.1 Physical Description The Aruba AP-175 Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard case. The module contains two 802.11 a/b/g/n transceivers, and 4 x N- type female interfaces (2 x 2.4 GHz, 2 x 5 GHz) for external antenna support (supports MIMO) The hard case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: Aruba Part Number Dell Corresponding Part Number AP-175P-F1 W-AP175P-F1 AP-175AC-F1 W-AP175AC-F1 AP-175DC-F1 W-AP175DC-F1 The exact firmware versions validated were: • ArubaOS_6.1.2.3-FIPS • Dell_PCW_6.1.2.3-FIPS 2.5.1.1 Dimensions/Weight The AP has the following physical dimensions: • 260 mm x 240 mm x 105 mm (10.2" x 9.4" x4.1") • 3.25 kg (7 lb) 2.5.1.2 Interfaces The module provides the following network interfaces: • 1 x 10/100/1000 Base-T Ethernet (RJ45) Auto-sensing link speed and MDI/MDX • Antenna 4 x N-Type female antenna interfaces o • 1 x RJ-45 console interface The module provides the following power interfaces: • AP-175P: 48-volt DC 802.3at power over Ethernet (PoE+) • AP-175AC: 100-240 volt AC from external AC power source • AP-175DC: 12-48 volt DC from external DC power source 17 2.5.1.3 Indicator LEDs There is an array of LEDs which operate as follows: Table 5- AP-175 Indicator LEDs Label LED Function Action Status Position PWR D11 AP power / system status Off No power to AP Red System Alarm Flashing - Green Power did not connect well or equipment failure On - Green Device ready ENET0 D15 Ethernet Network Link Off Ethernet link unavailable Status / Activity On - Yellow 10/100Mbs Ethernet link negotiated On - Green 1000Mbs Ethernet link negotiated Flashing Ethernet link activity WLAN0 D6 Radio0 Status Off Radio0 disabled On - Orange Radio0 enabled WLAN1 D1 Radio1 Status Off Radio1 disabled On - Blue Radio1 enabled SS1 D7/D2 Signal Strength On - Orange/Blue SS1 to SS4 LEDs turn (Radio0/Radio1) least on/off depending on the (For Radio0: Orange and significant bit signal strength of the current radio neighbors. For Radio1: Blue) SS2 D8/D3 Signal Strength Stronger the signal, more (Radio0/Radio1) second LEDs get lit starting with most significant bit SS1 (least signal strength Off indicator) all the way to SS3 D9/D4 Signal Strength SS4 (highest signal (Radio0/Radio1) least strength indicator). significant bit SS4 D10/D5 Signal Strength (Radio0/Radio1) most significant bit 18 3 Module Objectives This section describes the assurance levels for each of the areas described in the FIPS 140-2 Standard. In addition, it provides information on placing the module in a FIPS 140-2 approved configuration. 3.1 Security Levels Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 2 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key Management 2 8 EMI/EMC 2 9 Self-tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A 3.2 Physical Security The Aruba Wireless AP is a scalable, multi-processor standalone network device and is enclosed in a robust plastic housing. The AP enclosure is resistant to probing (please note that this feature has not been validated as part of the FIPS 140-2 validation) and is opaque within the visible spectrum. The enclosure of the AP has been designed to satisfy FIPS 140-2 Level 2 physical security requirements. 3.2.1 Applying TELs The Crypto Officer must apply Tamper-Evident Labels (TELs) to the AP to allow detection of the opening of the device, and to block the serial console port (on the bottom of the device). The TELs shall be installed for the module to operate in a FIPS Approved mode of operation. Vendor provides FIPS 140 designated TELs which have met the physical security testing requirements for tamper evident labels under the FIPS 140-2 Standard. TELs are not endorsed by the Cryptographic Module Validation Program (CMVP). Aruba provides double the required amount of TELs with shipping and additional replacement TELs can be obtained by calling customer support and requesting part number 4010061-01. The Crypto Officer is responsible for securing and having control at all times of any unused tamper evident labels. The Crypto Officer should employ TELs as follows: • Before applying a TEL, make sure the target surfaces are clean and dry. • Do not cut, trim, punch, or otherwise alter the TEL. • Apply the wholly intact TEL firmly and completely to the target surfaces. • Ensure that TEL placement is not defeated by simultaneous removal of multiple modules. • Allow 24 hours for the TEL adhesive seal to completely cure. 19 • Record the position and serial number of each applied TEL in a security log. Once applied, the TELs included with the AP cannot be surreptitiously broken, removed or reapplied without an obvious change in appearance: Each TEL has a unique serial number to prevent replacement with similar label. To protect the device from tampering, TELs should be applied by the Crypto Officer as pictured below: 3.2.2 AP-92 TEL Placement This section displays all the TEL locations of the Aruba AP-92. The AP-92 requires a minimum of 3 TELs to be applied as follows: 3.2.2.1 To detect access to restricted ports: 1. Spanning the serial port 3.2.2.2 To detect opening of the chassis cover: 2. Spanning the bottom and top chassis covers on the right side 3. Spanning the bottom and top chassis covers on the left side Following is the TEL placement for the AP-92: Figure 5 - AP-92 Tel placement front view Figure 6 - Aruba AP-92 Tel placement left view 20 Figure7 - Aruba AP-92 Tel placement right view Figure 8 - Aruba AP-92 Tel placement top view 21 Figure 9 - Aruba AP-92 Tel placement bottom view 22 3.2.3 AP-93 TEL Placement This section displays all the TEL locations of the Aruba AP-93. The AP-93 requires a minimum of 3 TELs to be applied as follows: 3.2.3.1 To detect access to restricted ports: 1. Spanning the serial port 3.2.3.2 To detect opening of the chassis cover: 2. Spanning the bottom and top chassis covers on the left side 3. Spanning the bottom and top chassis covers on the right side Following is the TEL placement for the AP-93: Figure 10 - Aruba AP-93 Tel placement front view Figure 11 - Aruba AP-93 Tel placement left view Figure 12 - Aruba AP-93 Tel placement right view 23 Figure 13 - Aruba AP-93 Tel placement bottom view Figure 14 - Aruba AP-93 Tel placement top view 24 3.2.4 AP-104 TEL Placement This section displays all the TEL locations of the Aruba AP-104. The AP-104 requires a minimum of 3 TELs to be applied as follows: 3.2.4.1 To detect opening of the chassis cover: 1. Spanning the bottom and top chassis covers on the left side 2. Spanning the bottom and top chassis covers on the right side 3.2.4.2 To detect access to restricted ports: 3. Spanning the serial port Following is the TEL placement for the AP-104: Figure 15 - Aruba AP-104 Tel placement front view Figure 16 - Aruba AP-104 Tel placement left view 25 Figure 17 - Aruba AP-104 Tel placement right view Figure 18 - Aruba AP-104 Tel placement top view 26 Figure 19 - Aruba AP-104 Tel placement bottom view 3.2.5 AP-105 TEL Placement This section displays all the TEL locations of the Aruba AP-105. The AP-105 requires a minimum of 3 TELs to be applied as follows: 27 3.2.5.1 To detect opening of the chassis cover: 4. Spanning the bottom and top chassis covers on the left side 5. Spanning the bottom and top chassis covers on the right side 3.2.5.2 To detect access to restricted ports: 6. Spanning the serial port Following is the TEL placement for the AP-105: Figure 20 - Aruba AP-105 Tel placement front view Figure 21 - Aruba AP-105 Tel placement left view Figure 22 - Aruba AP-105 Tel placement right view 28 Power Input Inlet Figure 23 - Aruba AP-105 Tel placement top view Figure 24 - Aruba AP-105 Tel placement bottom view 29 3.2.6 AP-175 TEL Placement This section displays all the TEL locations of the Aruba AP-175. The AP-175 requires a minimum of 6 TELs to be applied as follows: 3.2.6.1 To detect access to restricted ports: 1. Spanning the USB console port 2. Spanning the power connector plug (AP-175P only) 3. Spanning the hex screw 3.2.6.2 To detect opening of the chassis cover: 4. Spanning the top and bottom chassis covers on the left side 5. Spanning the top and bottom chassis covers on the right side Following is the TEL placement for the AP-175: Figure 25 - Aruba AP-175 Tel placement front view 30 Figure 26 - Aruba AP-175 Tel placement back view Figure 27 - Aruba AP-175 Tel placement left view Figure 28 - Aruba AP-175 Tel placement right view Figure 29 - Aruba AP-175 Tel placement top view 31 Figure 30 - Aruba AP-175 Tel placement bottom view 3.2.7 Inspection/Testing of Physical Security Mechanisms Physical Security Mechanism Recommended Test Frequency Guidance Tamper-evident labels (TELs) Once per month Examine for any sign of removal, replacement, tearing, etc. See images above for locations of TELs Opaque module enclosure Once per month Examine module enclosure for any evidence of new openings or other access to the module internals. 32 3.3 Modes of Operation The module can be configured to be in the following FIPS approved modes of operations via corresponding Aruba or Dell Mobility Controllers that have been certificated to FIPS level 2: • Remote AP (RAP) FIPS mode – When the module is configured as a Remote AP, it is intended to be deployed in a remote location (relative to the Mobility Controller). The module provides cryptographic processing in the form of IPSec for all traffic to and from the Mobility Controller. • Control Plane Security (CPSec) protected AP FIPS mode – When the module is configured as a Control Plane Security protected AP it is intended to be deployed in a local/private location (LAN, WAN, MPLS) relative to the Mobility Controller). The module provides cryptographic processing in the form of IPSec for all Control traffic to and from the Mobility Controller. • Remote Mesh Portal FIPS mode – When the module is configured in Mesh Portal mode, it is intended to be connected over a physical wire to the mobility controller. These modules serve as the connection point between the Mesh Point and the Mobility Controller. Mesh Portals communicate with the Mobility Controller through IPSec and with Mesh Points via 802.11i session. The Crypto Officer role is the Mobility Controller that authenticates via IKEv1/IKEv2 pre-shared key or RSA certificate authentication method, and Users are the "n" Mesh Points that authenticate via 802.11i preshared key. • Remote Mesh Point FIPS mode – an AP that establishes all wireless path to the Remote Mesh portal in FIPS mode over 802.11 and an IPSec tunnel via the Remote Mesh Portal to the controller. In addition, the module also supports a non-FIPS mode – an un-provisioned AP, which by default does not serve any wireless clients. The Crypto Officer must first enable and then provision the AP into a FIPS AP mode of operation. This section explains how to place the module in FIPS mode in either Remote AP FIPS mode, Control Plane Security AP FIPS Mode, Remote Mesh Portal FIPS mode or Mesh Point FIPS Mode. How to verify that it is in FIPS mode. An important point in the Aruba APs is that to change configurations from any one mode to any other mode requires the module to be re-provisioned and rebooted before any new configured mode can be enabled. The access point is managed by an Aruba Mobility Controller in FIPS mode, and access to the Mobility Controller’s administrative interface via a non-networked general purpose computer is required to assist in placing the module in FIPS mode. The controller used to provision the AP is referred to below as the “staging controller”. The staging controller must be provisioned with the appropriate firmware image for the module, which has been validated to FIPS 140-2, prior to initiating AP provisioning. After setting up the Access Point by following the basic installation instructions in the module User Manual, the Crypto Officer performs the following steps: 3.3.1 Configuring Remote AP FIPS Mode 1. Apply TELs according to the directions in section 3.2 2. Log into the administrative console of the staging controller 3. Deploying the AP in Remote FIPS mode configure the controller for supporting Remote APs, For detailed instructions and steps, see Section “Configuring the Secure Remote Access Point Service” in Chapter “Remote Access Points” of the Aruba OS User Manual. 4. Enable FIPS mode on the controller. This is accomplished by going to the Configuration > Network > Controller > System Settings page (this is the default page when you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 33 5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, you click the Edit button for the appropriate AP group, and then select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save the configuration. 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence of a DC power supply appropriate to the particular model of the module. 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select that AP, click the “Provision” button, which will open the provisioning window. Now provision the AP as Remote AP by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process. a. During the provisioning process as Remote AP if Pre-shared key is selected to be the Remote IP Authentication Method, the IKE pre-shared key (which is at least 8 characters in length) is input to the module during provisioning. Generation of this key is outside the scope of this policy. In the initial provisioning of an AP, this key will be entered in plaintext; subsequently, during provisioning, it will be entered encrypted over the secure IPSec session. If certificate based authentication is chosen, AP’s RSA key pair is used to authenticate AP to controller during IPSec. AP’s RSA private key is contained in the AP’s non volatile memory and is generated at manufacturing time in factory. 9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration 10. Terminate the administrative session 11. Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network. 3.3.2 Configuring Control Plane Security (CPSec) protected AP FIPS mode 1. Apply TELs according to the directions in section 3.2 2. Log into the administrative console of the staging controller 3. Deploying the AP in CPSec AP mode, configure the staging controller with CPSec under Configuration > Controller > Control Plane Security tab. AP will authenticate to the controller using certificate based authentication to establish IPSec. AP is configured with RSA key pair at manufacturing. AP’s certificate is signed by Aruba Certification Authority (trusted by all Aruba controller’s) and the AP’s RSA private key is stored in non-volatile memory. Refer to “Configuring Control Plane Security” Section in ArubaOS User Manual for details on the steps. 4. Enable FIPS mode on the controller. This is accomplished by going to the Configuration > Network > Controller > System Settings page (this is the default page when you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, you click the Edit button for the appropriate AP group, and then select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save the configuration. 34 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence of a DC power supply appropriate to the particular model of the module 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select that AP, click the “Provision” button, which will open the provisioning window. Now provision the CPSec Mode by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process. a. For CPSec AP mode, the AP always uses certificate based authentication to establish IPSec connection with controller. AP uses the RSA key pair assigned to it at manufacturing to authenticate itself to controller during IPSec. Refer to “Configuring Control Plane Security” Section in Aruba OS User Manual for details on the steps to provision an AP with CPSec enabled on controller. 9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration 10. Terminate the administrative session 11. Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network. 3.3.3 Configuring Remote Mesh Portal FIPS Mode 1. Apply TELs according to the directions in section 3.2 2. Log into the administrative console of the staging controller 3. Deploying the AP in Remote Mesh Portal mode, create the corresponding Mesh Profiles on the controller as described in detail in Section “Mesh Profiles” of Chapter “Secure Enterprise Mesh” of the Aruba OS User Manual. a. For mesh configurations, configure a WPA2 PSK which is 16 ASCII characters or 64 hexadecimal digits in length; generation of such keys is outside the scope of this policy. 4. Enable FIPS mode on the controller. This is accomplished by going to the Configuration > Network > Controller > System Settings page (this is the default page when you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, you click the Edit button for the appropriate AP group, and then select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save the configuration. 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence of a DC power supply appropriate to the particular model of the module. 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select 35 that AP, click the “Provision” button, which will open the provisioning window. Now provision the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process. a. During the provisioning process as Remote Mesh Portal, if Pre-shared key is selected to be the Remote IP Authentication Method, the IKE pre-shared key (which is at least 8 characters in length) is input to the module during provisioning. Generation of this key is outside the scope of this policy. In the initial provisioning of an AP, this key will be entered in plaintext; subsequently, during provisioning, it will be entered encrypted over the secure IPSec session. If certificate based authentication is chosen, AP’s RSA key pair is used to authenticate AP to controller during IPSec. AP’s RSA private key is contained in the AP’s non volatile memory and is generated at manufacturing time in factory. b. During the provisioning process as Remote Mesh Portal, the WPA2 PSK is input to the module via the corresponding Mesh cluster profile. This key is stored on flash encrypted. 9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration 10. Terminate the administrative session 11. Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network. To verify that the module is in FIPS mode, do the following: 1. Log into the administrative console of the Aruba Mobility Controller 2. Verify that the module is connected to the Mobility Controller 3. Verify that the module has FIPS mode enabled by issuing command “show ap ap-name config” 4. Terminate the administrative session 3.3.4 Configuring Remote Mesh Point FIPS Mode 1. Apply TELs according to the directions in section 3.2 2. Log into the administrative console of the staging controller 3. Deploying the AP in Remote Mesh Point mode, create the corresponding Mesh Profiles on the controller as described in detail in Section “Mesh Points” of Chapter “Secure Enterprise Mesh” of the Aruba OS User Manual. a. For mesh configurations, configure a WPA2 PSK which is 16 ASCII characters or 64 hexadecimal digits in length; generation of such keys is outside the scope of this policy. 4. Enable FIPS mode on the controller. This is accomplished by going to the Configuration > Network > Controller > System Settings page (this is the default page when you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, you click the Edit button for the appropriate AP group, and then select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save the configuration. 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence of a DC power supply appropriate to the particular model of the module. 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this 36 represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select that AP, click the “Provision” button, which will open the provisioning window. Now provision the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process. a. During the provisioning process as Remote Mesh Point, if Pre-shared key is selected to be the Remote IP Authentication Method, the IKE pre-shared key (which is at least 8 characters in length) is input to the module during provisioning. Generation of this key is outside the scope of this policy. In the initial provisioning of an AP, this key will be entered in plaintext; subsequently, during provisioning, it will be entered encrypted over the secure IPSec session. If certificate based authentication is chosen, AP’s RSA key pair is used to authenticate AP to controller during IPSec. AP’s RSA private key is contained in the AP’s non volatile memory and is generated at manufacturing time in factory. b. During the provisioning process as Mesh Point, the WPA2 PSK is input to the module via the corresponding Mesh cluster profile. This key is stored on flash encrypted. 9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration 10. Terminate the administrative session 11. Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network. 3.3.5 Verify that the module is in FIPS mode For all the approved modes of operations in either Remote AP FIPS mode, Control Plane Security AP FIPS Mode, Remote Mesh Portal FIPS mode or Mesh Point FIPS Mode do the following to verify the module is in FIPS mode: 1. Log into the administrative console of the Aruba Mobility Controller 2. Verify that the module is connected to the Mobility Controller 3. Verify that the module has FIPS mode enabled by issuing command “show ap ap-name config” 4. Terminate the administrative session 3.4 Operational Environment This section does not apply as the operational environment is non-modifiable. 3.5 Logical Interfaces The physical interfaces are divided into logical interfaces defined by FIPS 140-2 as described in the following table. FIPS 140-2 Logical Interface Module Physical Interface 37 Data Input Interface 10/100/1000 Ethernet Ports 802.11a/b/g/n Radio Transceiver Data Output Interface 10/100/1000 Ethernet Ports 802.11a/b/g/n Radio Transceiver Control Input Interface 10/100/1000 Ethernet Ports (PoE) 5V power input jack Status Output Interface 10/100/1000 Ethernet Ports 802.11a/b/g/n Radio Transceiver LEDs Power Interface Power Supply Data input and output, control input, status output, and power interfaces are defined as follows: • Data input and output are the packets that use the networking functionality of the module. • Control input consists of manual control inputs for power and reset through the power interfaces (5V DC or PoE). It also consists of all of the data that is entered into the access point while using the management interfaces. • Status output consists of the status indicators displayed through the LEDs, the status data that is output from the module while using the management interfaces, and the log file. LEDs indicate the physical state of the module, such as power-up (or rebooting), o utilization level, and activation state. The log file records the results of self-tests, configuration errors, and monitoring data. • A power supply is used to connect the electric power cable. Operating power may also be provided via Power Over Ethernet (POE) device when connected. The power is provided through the connected Ethernet cable. • Console port is disabled when operating in each of FIPS modes. The module distinguishes between different forms of data, control, and status traffic over the network ports by analyzing the packet headers and contents. 38 4 Roles, Authentication and Services 4.1 Roles The module supports the roles of Crypto Officer, User, and Wireless Client; no additional roles (e.g., Maintenance) are supported. Administrative operations carried out by the Aruba Mobility Controller map to the Crypto Officer role. The Crypto Officer has the ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. Defining characteristics of the roles depend on whether the module is configured as a Remote AP mode or as a Remote Mesh Portal mode. • Remote AP: Crypto Officer role: the Crypto Officer is the Aruba Mobility Controller that has the o ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. User role: in the configuration, the User operator shares the same services and o authentication techniques as the Mobility Controller in the Crypto Officer role. Wireless Client role: in Remote AP configuration, a wireless client can create a o connection to the module using WPA2 and access wireless network access/bridging services. In advanced Remote AP configuration, when Remote AP cannot communicate with the controller, the wireless client role authenticates to the module via WPA2-PSK only. • CPSec AP: Crypto Officer role: the Crypto Officer is the Aruba Mobility Controller that has the o ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. User role: in the configuration, the User operator shares the same services and o authentication techniques as the Mobility Controller in the Crypto Officer Wireless Client role: in CPSec AP configuration, a wireless client can create a connection o to the module using WPA2 and access wireless network access services. • Remote Mesh Portal FIPS mode: Crypto Officer role: the Crypto Officer is the Aruba Mobility Controller that has the o ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. User role: the adjacent Mesh Point APs in a given mesh cluster. Please notice that o Remote Mesh Portal AP must be physically wired to Mobility Controller. Wireless Client role: in Remote Mesh Portal FIPS AP configuration, a wireless client can o create a connection to the module using WPA2 and access wireless network access services. • Remote Mesh Point FIPS mode: Crypto Officer role: the Crypto Officer role is the Aruba Mobility Controller that has the o ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. The first mesh AP configured is the only AP with the direct wired connection. User role: the adjacent Mesh APs in a given mesh cluster. Please notice that User role can o be a Mesh Point AP or a Mesh Portal AP in the given mesh network. 39 Wireless Client role: in Mesh Remote Mesh Point FIPS AP configuration, a wireless o client can create a connection to the module using WPA2 and access wireless network access services. 4.1.1 Crypto Officer Authentication In each of FIPS approved modes, the Aruba Mobility Controller implements the Crypto Officer role. Connections between the module and the mobility controller are protected using IPSec. Crypto Officer authentication is accomplished via either proof of possession of the IKEv1/IKEv2 pre-shared key or RSA certificate, which occurs during the IKEv1/IKEv2 key exchange. 4.1.2 User Authentication Authentication for the User role depends on the module configuration. When the module is configured as a Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode, the User role is authenticated via the WPA2 pre-shared key. When the module is configured as a Remote AP FIPS mode and CPSec protected AP FIPS mode, the User role is authenticated via the same IKEv1/IKEv2 pre-shared key/RSA certificate that is used by the Crypto Officer 4.1.3 Wireless Client Authentication The wireless client role defined in each of FIPS approved modes authenticates to the module via WPA2. Please notice that WEP and/or Open System configurations are not permitted in FIPS mode. In advanced Remote AP configuration, when Remote AP cannot communicate with the controller, the wireless client role authenticates to the module via WPA2-PSK only. 4.1.4 Strength of Authentication Mechanisms The following table describes the relative strength of each supported authentication mechanism. Authentication Mechanism Strength Mechanism IKEv1/IKEv2 For IKEv1/IKEv2, there are a 95^8 (=6.63 x 10^15) possible pre-shared keys. shared secret (CO In order to test the guessed key, the attacker must complete an IKEv1/IKEv2 role) aggressive mode exchange with the module. IKEv1/IKEv2 aggressive mode consists of a 3 packet exchange, but for simplicity, let’s ignore the final packet sent from the AP to the attacker. An IKEv1/IKEv2 aggressive mode initiator packet with a single transform, using Diffie-Hellman group 2, and having an eight character group name has an IKEv1/IKEv2 packet size of 256 bytes. Adding the eight byte UDP header and 20 byte IP header gives a total size of 284 bytes (2272 bits). The response packet is very similar in size, except that it also contains the HASH_R payload (an additional 16 bytes), so the total size of the second packet is 300 bytes (2400 bits). Assuming a link speed of 1Gbits/sec (this is the maximum rate supported by the module), this gives a maximum idealized guessing rate of 60,000,000,000 / 4,672 = 12,842,466 guesses per minute. This means the odds of guessing a correct key in one minute is less than 12,842,466/(6.63x10^15) = 1.94 x 10^- 9, which is much less than 1 in 10^5. 40 Authentication Mechanism Strength Mechanism Wireless Client For WPA2-PSK there are at least 95^16 (=4.4 x 10^31) possible WPA2-PSK combinations. In order to test a guessed key, the attacker must complete the (Wireless Client 4-way handshake with the AP. Prior to completing the 4-way handshake, the role) attacker must complete the 802.11 association process. That process involves the following packet exchange: • Attacker sends Authentication request (at least 34 bytes) • AP sends Authentication response (at least 34 bytes) • Attacker sends Associate Request (at least 36 bytes) • AP sends Associate Response (at least 36 bytes) Total bytes sent: at least 140. Note that since we do not include the actual 4- way handshake, this is less than half the bytes that would actually be sent, so the numbers we derive will absolutely bound the answer. The theoretical bandwidth limit for IEEE 802.11n is 300Mbit, which is 37,500,000 bytes/sec. In the real world, actual throughput is significantly less than this, but we will use this idealized number to ensure that our estimate is very conservative. This means that the maximum number of associations (assume no delays, no inter-frame gaps) that could be completed is less than 37,500,000/214 = 267,857 per second, or 16,071,429 associations per minute. This means that an attacker could certainly not try more than this many keys per second (it would actually be MUCH less, due to the added overhead of the 4-way handshake in each case), and the probability of a successful attack in any 60 second interval MUST be less than 16,071,429/(4.4 x 10^31), or roughly 1 in 10^25, which is much less than 1 in 10^5. Mesh AP WPA2 Same as Wireless Client WPA2-PSK above PSK (User role) RSA Certificate The module supports RSA 1024 bit keys and 2048-bit RSA keys. RSA 1024 based authentication bit keys correspond to 80 bits of security. The probability of a successful (CO role) random attempt is 1/(2^80), which is less than 1/1,000,000. The probability of a success with multiple consecutive attempts in a one-minute period is less than 1/100,000. 41 4.2 Services The module provides various services depending on role. These are described below. 4.2.1 Crypto Officer Services The CO role in each of FIPS modes defined in section 3.3 has the same services Service Description CSPs Accessed (see section 6 below for complete description of CSPs) FIPS mode enable/disable The CO selects/de-selects FIPS None. mode as a configuration option. • Key Management The CO can configure/modify the IKEv1/IKEv2 shared IKEv1/IKEv2 shared secret (The secret RSA private key is protected by • WPA2 PSK non-volatile memory and cannot • be modified) and the WPA2 PSK KEK (used in advanced Remote AP configuration). Also, the CO/User implicitly uses the KEK to read/write configuration to non- volatile memory. Remotely reboot module The CO can remotely trigger a KEK is accessed when reboot configuration is read during reboot. The firmware verification key and firmware verification CA key are accessed to validate firmware prior to boot. Self-test triggered by CO/User The CO can trigger a KEK is accessed when reboot programmatic reset leading to configuration is read during self-test and initialization reboot. The firmware verification key and firmware verification CA key are accessed to validate firmware prior to boot. Update module firmware The CO can trigger a module The firmware verification key firmware update and firmware verification CA key are accessed to validate firmware prior to writing to flash. Configure non-security related CO can configure various None. module parameters operational parameters that do not relate to security 42 Service Description CSPs Accessed (see section 6 below for complete description of CSPs) • Creation/use of secure The module supports use of IKEv1/IKEv2 Preshared management session between IPSec for securing the Secret module and CO management channel. • DH Private Key • DH Public Key • IPSec session encryption keys • IPSec session authentication keys • RSA key pair • Creation/use of secure mesh The module requires secure WPA2-PSK channel connections between mesh points • 802.11i PMK using 802.11i • 802.11i PTK • 802.11i EAPOL MIC Key • 802.11i EAPOL Encryption Key • 802.11i AES-CCM key • 802.11i GMK • 802.11i GTK • 802.11i AES-CCM key System Status CO may view system status See creation/use of secure information through the secured management session above. management channel 4.2.2 User Services The User services defined in Remote AP FIPS mode and CPSec protected AP FIPS mode shares the same services with the Crypto Officer role, please refer to Section 4.2.1, “Crypto Officer Services”. The following services are provided for the User role defined in Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode: Service Description CSPs Accessed (see section 6 below for complete description of CSPs) • Generation and use of 802.11i When the module is in mesh 802.11i PMK cryptographic keys configuration, the inter-module • 802.11i PTK mesh links are secured with • 802.11i. 802.11i EAPOL MIC Key • 802.11i EAPOL Encryption Key 43 Service Description CSPs Accessed (see section 6 below for complete description of CSPs) • 802.11i AES-CCM key • 802.11i GMK • 802.11i GTK Use of WPA pre-shared key for When the module is in mesh establishment of IEEE 802.11i configuration, the inter-module • WPA2 PSK keys mesh links are secured with 802.11i. This is authenticated with a shared secret 4.2.3 Wireless Client Services The following module services are provided for the Wireless Client role in each of FIPS approved modes defined in section 3.3. Service Description CSPs Accessed (see section 6 below for complete description of CSPs) • Generation and use of 802.11i In all modes, the links between 802.11i PMK cryptographic keys the module and wireless client are • 802.11i PTK secured with 802.11i. • 802.11i EAPOL MIC Key • 802.11i EAPOL Encryption Key • 802.11i AES-CCM key • 802.11i GMK • 802.11i GTK Use of WPA pre-shared key for When the module is in advanced establishment of IEEE 802.11i Remote AP configuration, the • WPA2 PSK keys links between the module and the wireless client are secured with 802.11i. This is authenticated with a shared secret only. Wireless bridging services The module bridges traffic between the wireless client and None the wired network. 44 4.2.4 Unauthenticated Services The module provides the following unauthenticated services, which are available regardless of role. No CSPs are accessed by these services. • System status – module LEDs • Reboot module by removing/replacing power • Self-test and initialization at power-on 45 5 Cryptographic Algorithms FIPS-approved cryptographic algorithms have been implemented in hardware and firmware. The firmware supports the following cryptographic implementations. • ArubaOS OpenSSL AP Module implements the following FIPS-approved algorithms: AES (Cert. #1851) o HMAC (Cert. #1099) o RNG (Cert. #970) o RSA (Cert. #934) o SHS (Cert. #1628) o Triple-DES (Cert. #1199) o • ArubaOS Module implements the following FIPS-approved algorithms: AES (Cert. #1850) o HMAC (Cert. #1098) o RNG (Cert. #969) o RSA (Cert. #933) o SHS (Cert. #1627) o Triple-DES (Cert. #1198) o • ArubaOS Kernel implements the following FIPS-approved algorithms: AES (Cert. #1847) o HMAC (Cert. #1097) o SHS (Cert. #1625) o Triple-DES (Cert. #1197) o • ArubaOS UBOOT Bootloader implements the following FIPS-approved algorithms: RSA (Cert. #935) o SHS (Cert. #1629) o • Aruba Atheros hardware CCM implements the following FIPS-approved algorithms: AES (Cert. #1849) o Non-FIPS Approved Algorithms   The cryptographic module implements the following non-approved algorithms that are not permitted for use in the FIPS 140-2 mode of operations: • MD5 In addition, within the FIPS Approved mode of operation, the module supports the following allowed key establishment schemes: • Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) 46 6 Critical Security Parameters The following Critical Security Parameters (CSPs) are used by the module: STORAGE CSP CSP TYPE GENERATION And USE ZEROIZATI ON Key Encryption Key Triple-DES Hard-coded Stored in flash, Encrypts (KEK) 168-bits key zeroized by the IKEv1/IKEv2 ‘ap wipe out preshared keys flash’ and command. configuration parameters IKEv1/IKEv2 Pre-shared 64 character CO configured Encrypted in Module and secret preshared flash using the crypto officer key KEK; zeroized authentication by updating during through IKEv1/IKEv2; administrative entered into interface, or by the module in the ‘ap wipe plaintext out flash’ during command. initialization and encrypted over the IPSec session subsequently. IPSec session encryption 168-bit Established during Stored in Secure IPSec keys Triple-DES, Diffie-Hellman key plaintext in traffic or agreement volatile 128/192/256 memory; bit AES zeroized when keys; session is closed or system powers off IPSec session HMAC Established during Stored in Secure IPSec authentication keys SHA-1 keys Diffie-Hellman key plaintext in traffic agreement volatile memory; zeroized when session is closed or system powers off 47 STORAGE CSP CSP TYPE GENERATION And USE ZEROIZATI ON IKEv1/IKEv2 Diffie- 1024-bit Generated internally Stored in Used in Hellman Private key Diffie- during IKEv1/IKEv2 plaintext in establishing Hellman negotiation volatile the session key private key memory; for IPSec zeroized when session is closed or system is powered off IKEv1/IKEv2 Diffie- 128 bit Octet Generated internally Stored in IKEv1/IKEv2 Hellman shared secret during IKEv1/IKEv2 plaintext in payload negotiation volatile integrity memory; verification zeroized when session is closed or system is powered off ArubaOS OpenSSL RNG Seed (16 Derived using NON- Stored in Seed ANSI Seed for FIPS compliant Bytes) FIPS approved HW RNG plaintext in X9.31 RNG ANSI X9.31, Appendix (/dev/urandom) volatile A2.4 using AES-128 Key memory only; algorithm zeroized on reboot ArubaOS OpenSSL RNG Seed key (16 Derived using NON- Stored in Seed ANSI Seed key for FIPS bytes, AES- FIPS approved HW RNG plaintext in X9.31 RNG compliant ANSI X9.31, 128 Key (/dev/urandom) volatile Appendix A2.4 using algorithm) memory only; AES-128 Key algorithm zeroized on reboot ArubaOS Cryptographic Seed (64 Derived using NON- Stored in Seed 186-2 Module RNG Seed for bytes) FIPS approved HW RNG plaintext in General FIPS compliant 186-2 (/dev/urandom) volatile Purpose (X General Purpose (X memory only; change change Notice); SHA-1 zeroized on Notice); SHA- RNG reboot 1 RNG ArubaOS Cryptographic Seed Key Derived using NON- Stored in Seed 186-2 Module RNG Seed key for (64 bytes) FIPS approved HW RNG plaintext in General FIPS compliant 186-2 (/dev/urandom) volatile Purpose (X General Purpose (X memory only; change change Notice); SHA-1 zeroized on Notice); SHA- RNG reboot 1 RNG 48 STORAGE CSP CSP TYPE GENERATION And USE ZEROIZATI ON WPA2 PSK 16-64 CO configured Encrypted in Used to derive character flash using the the PMK for shared secret KEK; zeroized 802.11i mesh used to by updating connections authenticate through between APs mesh administrative and in connections interface, or by advanced and in the ‘ap wipe Remote AP remote AP out flash’ connections; advanced command. programmed configuration into AP by the controller over the IPSec session. 802.11i Pairwise Master 512-bit In volatile Used to derive Key (PMK) shared secret memory only; 802.11i Derived from WPA2 used to zeroized on Pairwise PSK derive reboot Transient Key 802.11i (PTK) session keys 802.11i Pairwise Transient 512-bit Derived during 802.11i In volatile All session Key (PTK) shared secret 4-way handshake memory only; encryption/dec from which zeroized on ryption keys Temporal reboot are derived Keys (TKs) from the PTK are derived 802.11i 128-bit Derived from PTK In volatile Used for shared secret memory only; integrity EAPOL MIC Key used to zeroized on validation in 4- protect 4- reboot way way (key) handshake handshake 802.11i EAPOL Encr Key 128-bit Derived from PTK In volatile Used for shared secret memory only; confidentiality used to zeroized on in 4-way protect 4- reboot handshake way handshakes 802.11i data AES-CCM 128-bit AES- Derived from PTK Stored in Used for encryption/MIC key CCM key plaintext in 802.11i packet volatile encryption and memory; integrity zeroized on verification reboot (this is the CCMP or AES-CCM key) 49 STORAGE CSP CSP TYPE GENERATION And USE ZEROIZATI ON 802.11i Group Master Key 256-bit Generated from approved Stored in Used to derive (GMK) secret used RNG plaintext in Group to derive volatile Transient Key GTK memory; (GTK) zeroized on reboot 802.11i Group Transient 256-bit Internally derived by AP Stored in Used to derive Key (GTK) shared secret which assumes plaintext in multicast used to “authenticator” role in volatile cryptographic derive group handshake memory; keys (multicast) zeroized on encryption reboot and integrity keys 802.11i Group AES-CCM 128-bit Derived from 802.11 Stored in Used to protect Data Encryption/MIC Key AES-CCM group key handshake plaintext in multicast key derived volatile message from GTK memory; confidentiality zeroized on and integrity reboot (AES-CCM) RSA private Key 1024/2048- Generated on the AP Stored in and Used for bit RSA (remains in AP at all protected by IKEv1/IKEv2 private key times) AP’s non- authentication volatile when AP is memory. authenticating zeroized by the using ‘ap wipe out certificate flash’ based command authentication 50 7 Self Tests The module performs the following Self Tests after being configured into either Remote AP mode or Remote Mesh Portal mode. The module performs both power-up and conditional self-tests. In the event any self-test fails, the module enters an error state, logs the error, and reboots automatically. The module performs the following power-up self-tests: • Aruba Hardware known Answer tests: AES KAT o AES-CCM KAT o HMAC-SHA1 KAT o Triple-DES KAT o • ArubaOS OpenSSL AP Module AES KAT o HMAC (HMAC-SHA1, HMAC-SHA256 and HMAC SHA384) KAT o RNG KAT o RSA KAT o SHA (SHA1, SHA256 and SHA384) KAT o Triple-DES KAT o • ArubaOS Cryptographic Module AES KAT o HMAC (HMAC-SHA1, HMAC-SHA256, HMAC SHA384, and HMAC512) KAT o FIPS 186-2 RNG KAT o RSA (sign/verify) o SHA (SHA1, SHA256, SHA384, and SHA512) KAT o Triple-DES KAT o • ArubaOS Uboot Bootloader Module Firmware Integrity Test: RSA 2048-bit Signature Validation o • Aruba Atheros hardware CCM AES-CCM KAT o The following Conditional Self-tests are performed in the module: • Continuous Random Number Generator Test–This test is run upon generation of random data by the module's random number generators to detect failure to a constant value. The module stores the first random number for subsequent comparison, and the module compares the value of the new random number with the random number generated in the previous round and enters an error state if the comparison is successful. The test is performed for the approved as well as non- approved RNGs. • RSA pairwise Consistency Test • Firmware load test 51 These self-tests are run for the Atheros hardware cryptographic implementation as well as for the Aruba OpenSSL and ArubaOS cryptographic module implementations. Self-test results are written to the serial console. In the event of a KATs failure, the AP logs different messages, depending on the error. For an ArubaOS OpenSSL AP module and ArubaOS cryptographic module KAT failure: AP rebooted [DATE][TIME] : Restarting System, SW FIPS KAT failed For an AES Atheros hardware POST failure: Starting HW SHA1 KAT ...Completed HW SHA1 AT Starting HW HMAC-SHA1 KAT ...Completed HW HMAC-SHA1 KAT Starting HW DES KAT ...Completed HW DES KAT Starting HW AES KAT ...Restarting system. 52