Dell W-IAP3WN, W-IAP3WNP, W-IAP108, W-IAP109, W-AP114, and W-AP115 Wireless Access Points with Dell AOS FIPS Firmware Non-Proprietary Security Policy FIPS 140-2 January 26, 2015 This is to advise that the Aruba Networks document entitled “FIPS 140-2 Non-Proprietary Security Policy for Aruba RAP-3WN, RAP-3WNP, RAP-108, RAP-109, AP-114 and AP-115 Wireless Access Points” Version 1.3, dated June 2014, applies to Dell W-IAP3WN, W-IAP3WNP, W-IAP108, W-IAP109, W-AP114, and W-AP115 Wireless Access Points with Dell AOS FIPS Firmware. Aruba Networks is the Original Equipment Manufacturer (OEM) for the Dell Networking W-Series of products. This document, provided below, is applicable for use by Dell W-Series customers for security policy information and instruction on how to place and maintain the Wireless Access Points in a secure FIPS 140-2 mode. Dell Networking W-Series products are equivalent in features and functionality to the corresponding Aruba Networks product models. Accordingly, the Dell AOS FIPS firmware is the validated ArubaOS FIPS firmware version, with the exception of branding. When using the FIPS Security Policy document, the screenshots, configurations, TEL placement locations, and images can be applied to Dell Networking W- Series products without any need for changes. Product Name Mapping: Aruba Networks Model name Dell Networking Model name Description W-IAP3WN-F1 Wireless Instant AP, 11n, with Aruba RAP-3WN-F1 LAN ports, Non-US W-IAP3WN-USF1 Wireless Instant AP, 11n, with Aruba RAP-3WN-USF1 LAN ports, USA W-IAP3WNP-F1 Wireless Instant AP, 11n, with Aruba RAP-3WNP-F1 POE ports, Non-US W-IAP3WNP-USF1 Wireless Instant AP, 11n, with Aruba RAP-3WNP-USF1 POE ports, USA W-IAP108-F1 Wireless Instant AP, 11n, Aruba RAP-108-F1 external Antennas, Non-US W-IAP108-USF1 Wireless Instant AP, 11n, Aruba RAP-108-USF1 external Antennas, USA W-IAP109-F1 Wireless Instant AP, 11n, Aruba RAP-109-F1 internal Antennas, Non-US W-IAP109-USF1 Wireless Instant AP, 11n, Aruba RAP-109-USF1 internal Antennas, USA W-AP114-F1 Wireless AP, 11n, external Aruba AP-114-F1 Antennas W-AP115-F1 Wireless AP, 11n, internal Aruba AP-115-F1 Antennas  These models include Aruba FIPS kit 4010061-01 (contains tamper evident labels)  The exact firmware version validated was ArubaOS 6.3.1.7-FIPS 1 Dell W-IAP3WN/P, W-IAP108/9, and W-AP114/5 Wireless Access Points with AOS FIPS 140-2 Security Policy The Dell Networking W-Series products are rebranded for Dell customers, as shown in the product images below. Dell Networking W-IAP3WN and W-IAP3WNP Product Image: Aruba Networks RAP-3WN and RAP-3WNP Product Image: 2 Dell W-IAP3WN/P, W-IAP108/9, and W-AP114/5 Wireless Access Points with AOS FIPS 140-2 Security Policy Dell Networking W-IAP108 and W-IAP109 Product Image: Aruba Networks RAP-109 and RAP-108 Product Image: 3 Dell W-IAP3WN/P, W-IAP108/9, and W-AP114/5 Wireless Access Points with AOS FIPS 140-2 Security Policy Dell Networking W-AP114 and W-AP115 Product Image: Aruba Networks AP-114 and AP-115 Product Image: If you have questions or concerns, please contact Dell Technical Support at www.dell.com/support, additional product documentation is also available by device under user manuals. Attachment: FIPS 140-2 Non-Proprietary Security Policy for Aruba RAP-3WN, RAP-3WNP, RAP-108, RAP- 109, AP-114 and AP-115 Wireless Access Points 4 Dell W-IAP3WN/P, W-IAP108/9, and W-AP114/5 Wireless Access Points with AOS FIPS 140-2 Security Policy FIPS 140-2 Non-Proprietary Security Policy for Aruba RAP-3WN, RAP-3WNP, RAP-108, RAP-109, AP-114 and AP-115 Wireless Access Points Version 1.3 June 2014 Aruba Networks™ 1322 Crossman Ave. Sunnyvale, CA 94089-1113 1 Copyright © 2013 Aruba Networks, Inc. Aruba Networks trademarks include ,Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: http://www.arubanetworks.com/open_source Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting it) voids the warranty. Copyright © 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®,the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. 2 1  INTRODUCTION .................................................................................................................................5  1.1  ACRONYMS AND ABBREVIATIONS ................................................................................................... 5  2  PRODUCT OVERVIEW ......................................................................................................................6  2.1  RAP-3WN AND RAP-3WNP .......................................................................................................... 6  2.1.1  Physical Description............................................................................................................... 6  2.1.1.1  Dimensions/Weight ............................................................................................................ 6  2.1.1.2  Interfaces ............................................................................................................................ 7  2.1.1.3  Indicator LEDs ................................................................................................................... 7  2.2  RAP-108 ......................................................................................................................................... 8  2.2.1  Physical Description............................................................................................................... 8  2.2.1.1  Dimensions/Weight ............................................................................................................ 8  2.2.1.2  Interfaces ............................................................................................................................ 8  2.2.1.3  Indicator LEDs ................................................................................................................... 9  2.3  RAP-109 ....................................................................................................................................... 10  2.3.1  Physical Description............................................................................................................. 10  2.3.1.1  Dimensions/Weight .......................................................................................................... 10  2.3.1.2  Interfaces .......................................................................................................................... 10  2.3.1.3  Indicator LEDs ................................................................................................................. 11  2.4  AP-114.......................................................................................................................................... 12  2.4.1  Physical Description............................................................................................................. 12  2.4.1.1  Dimensions/Weight .......................................................................................................... 12  2.4.1.2  Interfaces .......................................................................................................................... 12  2.4.1.3  Indicator LEDs ................................................................................................................. 13  2.5  AP-115.......................................................................................................................................... 13  2.5.1  Physical Description............................................................................................................. 14  2.5.1.1  Dimensions/Weight .......................................................................................................... 14  2.5.1.2  Interfaces .......................................................................................................................... 14  2.5.1.3  Indicator LEDs ................................................................................................................. 14  3  MODULE OBJECTIVES ...................................................................................................................16  3.1  SECURITY LEVELS ......................................................................................................................... 16  3.2  PHYSICAL SECURITY ..................................................................................................................... 16  3.2.1  Applying TELs ...................................................................................................................... 16  3.2.2  RAP-3WN/RAP-3WNP TEL Placement ................................................................................ 17  3.2.2.1  To detect opening of the chassis cover: ............................................................................ 17  3.2.2.2  To detect opening of the chassis cover and access to restricted ports............................... 17  3.2.3  RAP-108/109 TEL Placement ............................................................................................... 19  3.2.3.1  To detect opening of the chassis cover: ............................................................................ 19  3 3.2.3.2  To detect opening of the chassis cover and access to restricted ports............................... 19  3.2.4  AP-114/115 TEL Placement ................................................................................................. 20  3.2.4.1  To detect opening of the chassis cover: ............................................................................ 20  3.2.4.2  To detect access to restricted ports ................................................................................... 20  3.2.5  Inspection/Testing of Physical Security Mechanisms ........................................................... 21  3.3  OPERATIONAL ENVIRONMENT....................................................................................................... 22  3.4  LOGICAL INTERFACES ................................................................................................................... 22  4  ROLES, AUTHENTICATION AND SERVICES ............................................................................24  4.1  ROLES ........................................................................................................................................... 24  4.1.1  Crypto Officer Authentication .............................................................................................. 25  4.1.2  User Authentication .............................................................................................................. 25  4.1.3  Wireless Client Authentication ............................................................................................. 25  4.1.4  Strength of Authentication Mechanisms ............................................................................... 25  4.2  SERVICES ...................................................................................................................................... 26  4.2.1  Crypto Officer Services......................................................................................................... 26  4.2.2  User Services ........................................................................................................................ 27  4.2.3  Wireless Client Services ....................................................................................................... 27  4.2.4  Unauthenticated Services ..................................................................................................... 28  5  CRYPTOGRAPHIC ALGORITHMS ..............................................................................................29  6  CRITICAL SECURITY PARAMETERS .........................................................................................31  7  SELF TESTS........................................................................................................................................36  8  SECURE OPERATION ......................................................................................................................38  4 1 Introduction This document constitutes the non-proprietary Cryptographic Module Security Policy for the Aruba RAP- 3WN, RAP-3WNP, RAP-108, RAP-109, AP-114, and AP-115 Wireless Access Points with FIPS 140-2 Level 2 validation from Aruba Networks. This security policy describes how the AP meets the security requirements of FIPS 140-2 Level 2, and how to place and maintain the AP in a secure FIPS 140-2 mode. This policy was prepared as part of the FIPS 140-2 Level 2 validation of the product. FIPS 140-2 (Federal Information Processing Standards Publication 140-2, Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) Web-site at: http://csrc.nist.gov/groups/STM/cmvp/index.html This document can be freely distributed. 1.1 Acronyms and Abbreviations Advanced Encryption Standard AES Access Point AP Cipher Block Chaining CBC Command Line Interface CLI Crypto Officer CO Control Plane Security protected CPSec Communications Security Establishment Canada CSEC Critical Security Parameter CSP External Crypto Officer ECO Electromagnetic Compatibility EMC Electromagnetic Interference EMI Fast Ethernet FE Gigabit Ethernet GE Gigahertz GHz Hashed Message Authentication Code HMAC Hertz Hz Internet Key Exchange IKE Internet Protocol security IPsec Known Answer Test KAT Key Encryption Key KEK Layer-2 Tunneling Protocol L2TP Local Area Network LAN Light Emitting Diode LED Secure Hash Algorithm SHA Simple Network Management Protocol SNMP Serial & Power Over Ethernet SPOE Tamper-Evident Label TEL Trivial File Transfer Protocol TFTP Wireless Local Area Network WLAN 5 2 Product Overview This section introduces the various Aruba Wireless Access Points, providing a brief overview and summary of the physical features of each model covered by this FIPS 140-2 security policy. 2.1 RAP-3WN and RAP-3WNP This section introduces the Aruba RAP-3WN and RAP-3WNP Wireless Access Points (AP) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. The Aruba RAP-3WN/3WNP is a high-performance 802.11n MIMO, single-radio (802.11b/g/n) indoor wireless access point capable of delivering wireless data rates of up to 300Mbps. Designed for branch office deployments with remote connectivity to an Aruba mobility controller, these multi-function access points provide wired and wireless LAN access, air monitoring, and wireless intrusion detection and prevention over the 2.4-2.5GHz RF spectrum. The access point works in conjunction with Aruba Mobility Controllers to deliver high-speed, secure user-centric network services in education, enterprise, finance, government, healthcare, and retail applications. 2.1.1 Physical Description The Aruba RAP-3WN/3WNP series Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard plastic case. The module contains 802.11b/g/n transceivers with internal antennas. The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: RAP-3WN-F1  RAP-3WN-USF1  RAP-3WNP-F1  RAP-3WNP-USF1  FIPS Kit  4010061-01 (Part number for Tamper Evident Labels) o Note: For radio regulatory reasons, part numbers ending with -USF1 are to be sold in the US only. Part numbers ending with -F1 are considered ‘rest of the world’ and must not be used for deployment in the United States. From a FIPS perspective, both -USF1 and -F1 models are identical and fully FIPS compliant. The exact firmware version validated was: ArubaOS 6.3.1.7-FIPS  2.1.1.1 Dimensions/Weight The AP has the following physical dimensions: 129 mm (H) x 109 mm (W) x 64 mm.  180 g  6 2.1.1.2 Interfaces The module provides the following network interfaces: 3 x 10/100 Base-T Ethernet (RJ45) ports  1 x console interface (proprietary connector - disabled in FIPS mode by TEL)  802.11a/b/g/n Antenna Interfaces (Internal)  The module provides the following power interfaces: 12V DC using supplied AC adapter (RAP-3WN)  48V DC using supplied AC adapter (RAP-3WNP)  2.1.1.3 Indicator LEDs There are 5 bicolor (power, ENET and WLAN) LEDs which operate as follows: Table 1- RAP-3WN/WNP Indicator LEDs Label Function Action Status PWR AP power / ready status Off No power to AP Red Initial power-up condition Flashing – Green Device booting, not ready On – Green Device ready E0/E1/E2 Ethernet Network Link Off Ethernet link unavailable Status / Activity On – Amber 10/100Mbs Ethernet link negotiated On – Green 1000Mbps Ethernet link negotiated Flashing Ethernet link activity WLAN 2.4GHz Radio Status Off 2.4GHz radio disabled On – Amber 2.4GHz radio enabled in non-HT WLAN mode On – Green 2.4GHz radio enabled in HT WLAN mode Flashing – Green 2.4GHz Air monitor PSE (RAP- Power over Ethernet Off No sourcing PoE power 3WNP only) indicator On – Green Sourcing PoE power to an 802.3af powered device Flashing PoE power sourcing error 7 2.2 RAP-108 This section introduces the Aruba RAP-108 Wireless Access Point (AP) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. The Aruba AP-108 is a high-performance 802.11n 2x2 MIMO, dual-radio (concurrent 802.11a/n + b/g/n) indoor wireless access point capable of delivering combined wireless data rates of up to 600Mbps. Designed for branch office deployments with remote connectivity to an Aruba mobility controller, this multi-function access point provides wired and wireless LAN access, air monitoring, and wireless intrusion detection and prevention over the 2.4-2.5GHz and 5GHz RF spectrum. The access point works in conjunction with Aruba Mobility Controllers to deliver high-speed, secure user-centric network services in education, enterprise, finance, government, healthcare, and retail applications. 2.2.1 Physical Description The Aruba RAP-108 Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard plastic case. The module contains 802.11 a/b/g/n transceivers and supports external antennas through 2 x dual-band (RP-SMA) antenna interfaces. The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: RAP-108-F1  RAP-108-USF1  FIPS Kit  4010061-01 (Part number for Tamper Evident Labels) o Note: For radio regulatory reasons, part numbers ending with -USF1 are to be sold in the US only. Part numbers ending with -F1 are considered ‘rest of the world’ and must not be used for deployment in the United States. From a FIPS perspective, both -USF1 and -F1 models are identical and fully FIPS compliant. The exact firmware version validated was: ArubaOS 6.3.1.7-FIPS  2.2.1.1 Dimensions/Weight The AP has the following physical dimensions: 160 mm (H) x 160 mm (W) x 43 mm.  385 g  2.2.1.2 Interfaces The module provides the following network interfaces: 1 x 10/100/1000 Base-T Ethernet (RJ45) port  1 x 10/100 Base-T Ethernet (RJ45) port  802.11a/b/g/n Antenna Interfaces (External)  2x RP-SMA antenna interfaces (supports up to 2x2 MIMO with spatial diversity) o 1 x RJ-45 console interface (Disabled in FIPS mode by TEL)  8 1 x USB 2.0 port  The module provides the following power interfaces: 48V DC via Power-over-Ethernet (POE)  12V DC power supply  2.2.1.3 Indicator LEDs There are 5 bicolor LEDs on the RAP-108, which operate as follows: Table 2 - RAP-108 Indicator LEDs Label/Function Function Mode Status Power On-Green Device Ready Flashing-Green Device booting - not ready Red Initial power-up condition Off No power PWR Ethernet Network Link Status / Activity On-Green 1000 Mbps link established Off No Ethernet link On-Yellow 10/100 Mbps link established Flashing Ethernet activity ENET0/ENET1 5GHz radio enabled in HT WLAN 5 GHz Radio Status On-Green mode Flashing 5GHz Air monitor 5GHz radio enabled in non-HT On-Yellow WLAN mode Off 5GHz radio disabled 5GHz 2.4GHz radio enabled in HT WLAN 2.4 GHz Radio Status On-Green mode Flashing 2.4GHz Air monitor 2.4GHz radio enabled in non-HT On-Yellow WLAN mode Off 2.4GHz radio disabled 2.4GHz 9 2.3 RAP-109 This section introduces the Aruba RAP-109 Wireless Access Point (AP) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. The Aruba AP-109 is a high-performance 802.11n 2x2 MIMO, dual-radio (concurrent 802.11a/n + b/g/n) indoor wireless access point capable of delivering combined wireless data rates of up to 600Mbps. Designed for branch office deployments with remote connectivity to an Aruba mobility controller, this multi-function access point provides wired and wireless LAN access, air monitoring, and wireless intrusion detection and prevention over the 2.4-2.5GHz and 5GHz RF spectrum. The RAP-109 provides two wired Ethernet ports. The access point works in conjunction with Aruba Mobility Controllers to deliver high- speed, secure user-centric network services in education, enterprise, finance, government, healthcare, and retail applications. 2.3.1 Physical Description The Aruba RAP-109 Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard plastic case. The module contains 802.11 a/b/g/n transceivers and contains 4 integrated omni-directional antennas. The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: RAP-109-F1  RAP-109-USF1  FIPS Kit  4010061-01 (Part number for Tamper Evident Labels) o Note: For radio regulatory reasons, part numbers ending with -USF1 are to be sold in the US only. Part numbers ending with -F1 are considered ‘rest of the world’ and must not be used for deployment in the United States. From a FIPS perspective, both -USF1 and -F1 models are identical and fully FIPS compliant. The exact firmware version validated was: ArubaOS 6.3.1.7-FIPS  2.3.1.1 Dimensions/Weight The AP has the following physical dimensions: 160 mm (H) x 160 mm (W) x 43 mm.  385 g  2.3.1.2 Interfaces The module provides the following network interfaces: 1 x 10/100/1000 Base-T Ethernet (RJ45) port  1 x 10/100 Base-T Ethernet (RJ45) port  1 x RJ-45 console interface (Disabled in FIPS mode by TEL)  802.11a/b/g/n Antenna Interfaces (Internal)  10 1 x USB 2.0 port  The module provides the following power interfaces: 48V DC via Power-over-Ethernet (POE)  12V DC power supply  2.3.1.3 Indicator LEDs There are 5 bicolor LEDs on the RAP-109, which operate as follows: Table 3 - RAP-109 Indicator LEDs Label/Function Function Mode Status Power On-Green Device Ready Flashing-Green Device booting - not ready Red Initial power-up condition Off No power PWR Ethernet Network Link Status / Activity On-Green 1000 Mbps link established Off No Ethernet link On-Yellow 10/100 Mbps link established Flashing Ethernet activity ENET0/ENET1 5GHz radio enabled in HT WLAN 5 GHz Radio Status On-Green mode Flashing 5GHz Air monitor 5GHz radio enabled in non-HT On-Yellow WLAN mode Off 5GHz radio disabled 5GHz 2.4GHz radio enabled in HT WLAN 2.4 GHz Radio Status On-Green mode Flashing 2.4GHz Air monitor 2.4GHz radio enabled in non-HT On-Yellow WLAN mode Off 2.4GHz radio disabled 2.4GHz 11 2.4 AP-114 This section introduces the Aruba AP-114 Wireless Access Point (AP) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. The Aruba AP-114 is high-performance 802.11n (3x3:3) MIMO, dual-radio (concurrent 802.11a/n + b/g/n) indoor wireless access points capable of delivering combined wireless data rates of up to 900Mbps. This multi-function access point provides wireless LAN access, air monitoring, and wireless intrusion detection and prevention over the 2.4-2.5GHz and 5GHz RF spectrum. The access points work in conjunction with Aruba Mobility Controllers to deliver high-speed, secure user-centric network services in education, enterprise, finance, government, healthcare, and retail applications 2.4.1 Physical Description The Aruba AP-114 series Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard plastic case. The module contains 802.11 a/b/g/n transceivers and supports external antennas through 3 x dual-band (RP-SMA) antenna interfaces for supporting external antennas. The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: AP-114-F1  FIPS Kit  4010061-01 (Part number for Tamper Evident Labels) o The exact firmware version validated was: ArubaOS 6.3.1.7-FIPS  2.4.1.1 Dimensions/Weight The AP has the following physical dimensions: 160 mm (H) x 160 mm (W) x 35 mm.  660 g  2.4.1.2 Interfaces The module provides the following network interfaces: 1 x 10/100/1000 Base-T Ethernet (RJ45) port  802.11a/b/g/n Antenna Interfaces (External)  3x RP-SMA antenna interfaces (supports up to 3x3 MIMO with spatial diversity) o 1 x RJ-45 console interface (Disabled in FIPS mode by TEL)  1 x USB 2.0  The module provides the following power interfaces: 48V DC via Power-over-Ethernet (POE)  12V DC power supply  12 2.4.1.3 Indicator LEDs There are 4 bicolor (power, ENET and WLAN) LEDs which operate as follows: Table 4 - AP-114 Indicator LEDs Label Function Action Status PWR AP power / ready status Off No power to AP Red Initial power-up condition Flashing – Green Device booting, not ready On – Green Device ready ENET Ethernet Network Link Off Ethernet link unavailable Status / Activity On – Amber 10/100Mbps Ethernet link negotiated On – Green 1000Mbps Ethernet link negotiated Flashing Ethernet link activity 2.4GHz 2.4GHz Radio Status Off 2.4GHz radio disabled On – Amber 2.4GHz radio enabled in non-HT WLAN mode On – Green 2.4GHz radio enabled in HT WLAN mode Flashing – Green 2.4GHz Air monitor 5GHz 5GHz Radio Status Off 5GHz radio disabled On – Amber 5GHz radio enabled in non-HT WLAN mode On – Green 5GHz radio enabled in HT WLAN mode Flashing – Green 5GHz Air monitor 2.5 AP-115 This section introduces the Aruba AP-115 Wireless Access Point (AP) with FIPS 140-2 Level 2 validation. It describes the purpose of the AP, its physical attributes, and its interfaces. The Aruba AP-115 is high-performance 802.11n (3x3:3) MIMO, dual-radio (concurrent 802.11a/n + b/g/n) indoor wireless access points capable of delivering combined wireless data rates of up to 900Mbps. This multi-function access point provides wireless LAN access, air monitoring, and wireless intrusion detection and prevention over the 2.4-2.5GHz and 5GHz RF spectrum. The access points work in conjunction with 13 Aruba Mobility Controllers to deliver high-speed, secure user-centric network services in education, enterprise, finance, government, healthcare, and retail applications 2.5.1 Physical Description The Aruba AP-115 series Access Point is a multi-chip standalone cryptographic module consisting of hardware and software, all contained in a hard plastic case. The module contains 802.11 a/b/g/n transceivers and contains internal omni-directional antennas. The plastic case physically encloses the complete set of hardware and software components and represents the cryptographic boundary of the module. The Access Point configuration validated during the cryptographic module testing included: AP-115-F1  FIPS Kit  4010061-01 (Part number for Tamper Evident Labels) o The exact firmware version validated was: ArubaOS 6.3.1.7-FIPS  2.5.1.1 Dimensions/Weight The AP has the following physical dimensions: 160 mm (H) x 160 mm (W) x 35 mm.  660 g  2.5.1.2 Interfaces The module provides the following network interfaces: 1 x 10/100/1000 Base-T Ethernet (RJ45) port  1 x RJ-45 console interface (Disabled in FIPS mode by TEL)  802.11a/b/g/n Antenna Interfaces (Internal)  1 x USB 2.0  The module provides the following power interfaces: 48V DC via Power-over-Ethernet (POE)  12V DC power supply  2.5.1.3 Indicator LEDs There are 4 bicolor (power, ENET and WLAN) LEDs which operate as follows: 14 Table 5 - AP-115 Indicator LEDs Label Function Action Status PWR AP power / ready status Off No power to AP Red Initial power-up condition Flashing – Green Device booting, not ready On – Green Device ready ENET Ethernet Network Link Off Ethernet link unavailable Status / Activity On – Amber 10/100Mbps Ethernet link negotiated On – Green 1000Mbps Ethernet link negotiated Flashing Ethernet link activity 2.4GHz 2.4GHz Radio Status Off 2.4GHz radio disabled On – Amber 2.4GHz radio enabled in non-HT WLAN mode On – Green 2.4GHz radio enabled in HT WLAN mode Flashing – Green 2.4GHz Air monitor 5GHz 5GHz Radio Status Off 5GHz radio disabled On – Amber 5GHz radio enabled in non-HT WLAN mode On – Green 5GHz radio enabled in HT WLAN mode Flashing – Green 5GHz Air monitor 15 3 Module Objectives This section describes the assurance levels for each of the areas described in the FIPS 140-2 Standard. . 3.1 Security Levels Table 6 - Security Levels Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 2 4 Finite State Model 2 5 Physical Security 2 6 Operational Environment N/A 7 Cryptographic Key Management 2 8 EMI/EMC 2 9 Self-tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A Overall Overall module validation level 2 3.2 Physical Security The Aruba Wireless AP is a scalable, multi-processor standalone network device and is enclosed in a robust plastic housing. The AP enclosure is resistant to probing (please note that this feature has not been validated as part of the FIPS 140-2 validation) and is opaque within the visible spectrum. The enclosure of the AP has been designed to satisfy FIPS 140-2 Level 2 physical security requirements. 3.2.1 Applying TELs The Crypto Officer must apply Tamper-Evident Labels (TELs) to the AP to allow detection of the opening of the device, and to block the serial console port (on the bottom of the device). The TELs shall be installed for the module to operate in a FIPS Approved mode of operation. Vendor provides FIPS 140 designated TELs which have met the physical security testing requirements for tamper evident labels under the FIPS 140-2 Standard. TELs are not endorsed by the Cryptographic Module Validation Program (CMVP). Aruba provides double the required amount of TELs with shipping and additional replacement TELs can be obtained by calling customer support and requesting part number 4010061-01. The Crypto Officer is responsible for securing and having control at all times of any unused tamper evident labels. The Crypto Officer should employ TELs as follows: Before applying a TEL, make sure the target surfaces are clean and dry.  Do not cut, trim, punch, or otherwise alter the TEL.  Apply the wholly intact TEL firmly and completely to the target surfaces.  16 Ensure that TEL placement is not defeated by simultaneous removal of multiple modules.  Allow 24 hours for the TEL adhesive seal to completely cure.  Record the position and serial number of each applied TEL in a security log.  Once applied, the TELs included with the AP cannot be surreptitiously broken, removed or reapplied without an obvious change in appearance: Each TEL has a unique serial number to prevent replacement with similar label. To protect the device from tampering, TELs should be applied by the Crypto Officer as pictured below: 3.2.2 RAP-3WN/RAP-3WNP TEL Placement This section displays all the TEL locations of the Aruba RAP-3WN. The RAP-3WN requires a minimum of 2 TELs to be applied as follows: 3.2.2.1 To detect opening of the chassis cover: 1. Spanning the left and right chassis covers across the top of the chassis 3.2.2.2 To detect opening of the chassis cover and access to restricted ports 2. Spanning the left and right chassis covers and covering the proprietary console connector. Note that the mount/stand should be attached first, and the TEL placed over the top of it. Following is the TEL placement for the RAP-3WN and RAP-3WNP: 17 Figure 1 - RAP-3WN/RAP-3WNP Top View Figure 2 - RAP-3WN/RAP-3WNP Bottom View 18 3.2.3 RAP-108/109 TEL Placement This section displays all the TEL locations of the Aruba RAP-108 and RAP-109. The RAP-108/109 requires a minimum of 3 TELs to be applied as follows: 3.2.3.1 To detect opening of the chassis cover: 1. Spanning the left and right chassis covers across the top of the chassis 2. Spanning the left and right chassis covers across the bottom of the chassis 3.2.3.2 To detect opening of the chassis cover and access to restricted ports 3. Spanning the left and right chassis covers and covering the RJ-45 console connector. Following is the TEL placement for the RAP-108 and RAP-109: Figure 3 - RAP-108/109 TEL Placement – Top View Figure 4 - RAP-108/109 TEL Placement - Side View 19 3.2.4 AP-114/115 TEL Placement This section displays all the TEL locations of the Aruba AP-114 and AP-115. The AP-114/115 requires a minimum of 3 TELs to be applied as follows: 3.2.4.1 To detect opening of the chassis cover: 1. Spanning the top and bottom chassis covers across the left side of the chassis 2. Spanning the top and bottom chassis covers across the right side of the chassis 3.2.4.2 To detect access to restricted ports 3. Covering the RJ-45 console connector. Following is the TEL placement for the AP-114 and AP-115: Figure 5 - AP-114/115 Top View 20 Figure 6 - AP-114/115 Bottom View 3.2.5 Inspection/Testing of Physical Security Mechanisms Table 7 - Inspection/Testing of Physical Security Mechanisms Physical Security Mechanism Recommended Test Frequency Guidance Tamper-evident labels (TELs) Once per month Examine for any sign of removal, replacement, tearing, etc. See images above for locations of TELs. If there is any sign of removal, replacement, tearing, etc, of any TEL, then immediately stop using the module and notify the system administrator. Opaque module enclosure Once per month Examine module enclosure for any evidence of new openings or other access to the module internals. If there is any sign of new openings or other access to the module internals, then immediately stop using the module and notify the system administrator. 21 3.3 Operational Environment This section does not apply as the operational environment is non-modifiable. 3.4 Logical Interfaces The physical interfaces are divided into logical interfaces defined by FIPS 140-2 as described in the following table. Table 8 - Logical Interfaces FIPS 140-2 Logical Interface Module Physical Interface Data Input Interface 10/100 Base-T Ethernet ports (RAP-3WN/RAP-  3WNP) 10/100/1000 Ethernet Ports  (RAP108/109/114/115) 802.11a/b/g/n Antenna Interfaces  USB 2.0 port  Data Output Interface 10/100 Base-T Ethernet ports (RAP-3WN/RAP-  3WNP) 10/100/1000 Ethernet Ports  (RAP108/109/114/115) 802.11a/b/g/n Antenna Interfaces  USB 2.0 port  Control Input Interface 10/100 Base-T Ethernet ports (RAP-3WN/RAP-  3WNP) 10/100/1000 Ethernet Ports  (RAP108/109/114/115) 802.11a/b/g/n Antenna Interfaces  Reset button  Status Output Interface 10/100 Base-T Ethernet ports (RAP-3WN/RAP-  3WNP) 10/100/1000 Ethernet Ports (RAP-108/109 and  AP-114/115) 802.11a/b/g/n Antenna Interfaces  LEDs  Power Interface Power Supply  Power-over-Ethernet (POE) (RAP-108/109 and  AP-114/115) 22 Data input and output, control input, status output, and power interfaces are defined as follows: Data input and output are the packets that use the networking functionality of the module.  Control input consists of manual control inputs for power and reset through the power interfaces  (DC power supply or POE). It also consists of all of the data that is entered into the access point while using the management interfaces. A reset button is present which is used to reset the AP to factory default settings. Status output consists of the status indicators displayed through the LEDs, the status data that is  output from the module while using the management interfaces, and the log file. LEDs indicate the physical state of the module, such as power-up (or rebooting), o utilization level, and activation state. The log file records the results of self-tests, configuration errors, and monitoring data. A power supply is used to connect the electric power cable. Operating power may also be  provided via Power Over Ethernet (POE) device when connected. The power is provided through the connected Ethernet cable. Console port is disabled when operating in FIPS mode by TEL.  The module distinguishes between different forms of data, control, and status traffic over the network ports by analyzing the packet headers and contents. 23 4 Roles, Authentication and Services 4.1 Roles The module supports the roles of Crypto Officer, User, and Wireless Client; no additional roles (e.g., Maintenance) are supported. Administrative operations carried out by the Aruba Mobility Controller map to the Crypto Officer role. The Crypto Officer has the ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. Defining characteristics of the roles depend on whether the module is configured as a Remote AP mode or as a Remote Mesh Portal mode.  Remote AP FIPS mode: Crypto Officer role: the Crypto Officer is the Aruba Mobility Controller that has the o ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. User role: in the configuration, the User operator shares the same services and o authentication techniques as the Mobility Controller in the Crypto Officer role. Wireless Client role: in Remote AP configuration, a wireless client can create a o connection to the module using WPA2 and access wireless network access/bridging services. In advanced Remote AP configuration, when Remote AP cannot communicate with the controller, the wireless client role authenticates to the module via WPA2-PSK only.  CPSec AP FIPS mode: Crypto Officer role: the Crypto Officer is the Aruba Mobility Controller that has the o ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. User role: in the configuration, the User operator shares the same services and o authentication techniques as the Mobility Controller in the Crypto Officer Wireless Client role: in CPSec AP configuration, a wireless client can create a connection o to the module using WPA2 and access wireless network access services.  Remote Mesh Portal FIPS mode: Crypto Officer role: the Crypto Officer is the Aruba Mobility Controller that has the o ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. User role: the adjacent Mesh Point APs in a given mesh cluster. Please notice that o Remote Mesh Portal AP must be physically wired to Mobility Controller. Wireless Client role: in Remote Mesh Portal FIPS AP configuration, a wireless client can o create a connection to the module using WPA2 and access wireless network access services.  Remote Mesh Point FIPS mode: Crypto Officer role: the Crypto Officer role is the Aruba Mobility Controller that has the o ability to configure, manage, and monitor the module, including the configuration, loading, and zeroization of CSPs. The first mesh AP configured is the only AP with the direct wired connection. User role: the adjacent Mesh APs in a given mesh cluster. Please notice that User role can o be a Mesh Point AP or a Mesh Portal AP in the given mesh network. 24 Wireless Client role: in Mesh Remote Mesh Point FIPS AP configuration, a wireless o client can create a connection to the module using WPA2 and access wireless network access services. 4.1.1 Crypto Officer Authentication In each of FIPS approved modes, the Aruba Mobility Controller implements the Crypto Officer role. Connections between the module and the mobility controller are protected using IPSec. Crypto Officer authentication is accomplished via either proof of possession of the IKEv1/IKEv2 pre-shared key or RSA/ECDSA certificate, which occurs during the IKEv1/IKEv2 key exchange. 4.1.2 User Authentication Authentication for the User role depends on the module configuration. When the module is configured as a Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode, the User role is authenticated via the WPA2 pre-shared key. When the module is configured as a Remote AP FIPS mode and CPSec protected AP FIPS mode, the User role is authenticated via the same IKEv1/IKEv2 pre-shared key or RSA/ECDSA certificate that is used by the Crypto Officer 4.1.3 Wireless Client Authentication The wireless client role defined in each of FIPS approved modes authenticates to the module via WPA2. Please notice that WEP and TKIP configurations are not permitted in FIPS mode. In advanced Remote AP configuration, when Remote AP cannot communicate with the controller, the wireless client role authenticates to the module via WPA2-PSK only. 4.1.4 Strength of Authentication Mechanisms The following table describes the relative strength of each supported authentication mechanism. Table 9 - Strength of Authentication Mechanisms Authentication Mechanism Strength Mechanism IKEv1/IKEv2 Passwords are required to be a minimum of eight characters and a maximum shared secret (CO of 32 with a minimum of one letter and one number. If six (6) integers, one role) (1) special character and one (1) alphabet are used without repetition for an eight (8) digit PIN, the probability of randomly guessing the correct sequence is one (1) in 251,596,800 (this calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total. The calculation should be 10 x 9 x 8 x 7 x 6 x 5 x 32 x 52 = 251, 596, 800). Therefore, the associated probability of a successful random attempt is approximately 1 in 251,596,800, which is less than 1 in 1,000,000 required by FIPS 140-2. Wireless Client Same mechanism strength as IKEv1/IKEv2 shared secret above. WPA2-PSK (Wireless Client role) Mesh AP WPA2 Same mechanism strength as IKEv1/IKEv2 shared secret above. PSK (User role) 25 Authentication Mechanism Strength Mechanism RSA Certificate The module supports 2048-bit RSA keys. RSA 2048 bit keys correspond to based authentication 112 bits of security. Assuming the low end of that range, the associated (CO role) probability of a successful random attempt is 1 in 2^112, which is less than 1 in 1,000,000 required by FIPS 140-2. ECDSA-based ECDSA signing and verification is used to authenticate to the module during authentication IKEv2. Both P-256 and P-384 curves are supported. ECDSA P-256 provides (IKEv2) 128 bits of equivalent security, and P-384 provides 192 bits of equivalent security. Assuming the low end of that range, the associated probability of a successful random attempt is 1 in 2^128, which is less than 1 in 1,000,000 required by FIPS 140-2. 4.2 Services The module provides various services depending on role. These are described below. 4.2.1 Crypto Officer Services The CO role in each of FIPS modes defined in section 3.3 has the same services. Table 10 - Crypto Officer Services CSPs Accessed (see section 6 Service Description below for complete description of CSPs) FIPS mode enable/disable The CO selects/de-selects FIPS None. mode as a configuration option. Key Management The CO can configure/modify the 1 (read) IKEv1/IKEv2 shared secret (The 14, 23, 24, 25 (read/write) RSA private key is protected by non-volatile memory and cannot be modified) and the WPA2 PSK (used in advanced Remote AP configuration). Also, the CO/User implicitly uses the KEK to read/write configuration to non- volatile memory. Remotely reboot module The CO can remotely trigger a 1 (read) reboot Self-test triggered by CO/User The CO can trigger a 1, 32 (read) reboot programmatic reset leading to self-test and initialization Update module firmware The CO can trigger a module 32 (read) firmware update Configure non-security related CO can configure various None. module parameters operational parameters that do not relate to security 26 CSPs Accessed (see section 6 Service Description below for complete description of CSPs) Creation/use of secure The module supports use of 14, 21, 22, 23, 24 (read) management session between IPSec for securing the 8, 9, 10, 11, 12, 13, 15, 16, 17, module and CO management channel. 18, 19, 20 (read/write) Creation/use of secure mesh The module requires secure 25 (read) channel connections between mesh points 26, 27, 28, 29, 30, 31 (read/write) using 802.11i System Status CO may view system status See creation/use of secure information through the secured management session above. management channel Zeroization Zeroizes all flash memory All CSPs will be destroyed. 4.2.2 User Services The User services defined in Remote AP FIPS mode and CPSec protected AP FIPS mode shares the same services with the Crypto Officer role, please refer to Section 4.2.1, “Crypto Officer Services”. The following services are provided for the User role defined in Remote Mesh Portal FIPS mode and Remote Mesh Point FIPS mode: Table 11 - User Services CSPs Accessed (see section 6 Service Description below for complete description of CSPs) Generation and use of 802.11i When the module is in mesh 26, 27, 28, 29, 30, 31 (read/write) cryptographic keys configuration, the inter-module mesh links are secured with 802.11i. Use of WPA pre-shared key for When the module is in mesh 25 (read) establishment of IEEE 802.11i configuration, the inter-module keys mesh links are secured with 802.11i. This is authenticated with a shared secret Zeroization Zeroizes all flash memory All CSPs will be destroyed. 4.2.3 Wireless Client Services The following module services are provided for the Wireless Client role in each of FIPS approved modes defined in section 3.3. Table 12 - Wireless Client Services CSPs Accessed (see section 6 Service Description below for complete description of CSPs) Generation and use of 802.11i In all modes, the links between 26, 27, 28, 29, 30, 31 (read/write) cryptographic keys the module and wireless client are secured with 802.11i. 27 Use of WPA pre-shared key for When the module is in advanced 25 (read) establishment of IEEE 802.11i Remote AP configuration, the keys links between the module and the wireless client are secured with 802.11i. This is authenticated with a shared secret only. Wireless bridging services The module bridges traffic between the wireless client and None the wired network. 4.2.4 Unauthenticated Services The module provides the following unauthenticated services, which are available regardless of role. System status – module LEDs  Reboot module by removing/replacing power  Self-test and initialization at power-on.  28 5 Cryptographic Algorithms FIPS-approved cryptographic algorithms have been implemented in hardware and firmware. The firmware supports the following cryptographic implementations in each FIPS approved mode. ArubaOS OpenSSL Module implements the following FIPS-approved algorithms:  AES (Cert. #2680) o CVL (Cert. #152) o DRBG (Cert. #433) o ECDSA (Cert. #469) o HMAC (Cert. #1666) o KBKDF (Cert. #16) o RSA (Cert. #1379) o SHS (Cert. #2249) o Triple-DES (Cert. #1607) o Note: RSA (Cert. #1379; non-compliant with the functions from the CAVP Historical RSA o List)  FIPS186-2: ALG[ANSIX9.31]: Key(gen)(MOD: 1024 PubKey Values: 65537) ALG[RSASSA-PKCS1_V1_5]: SIG(gen): 1024, SHS: SHA-1/SHA-256/SHA- 384/SHA-512, 2048, SHS: SHA-1 ECDSA (Cert. #469; non-compliant with the functions from the CAVP Historical o ECDSA List)  FIPS186-2: SIG(gen): CURVES(P-256 P-384), SHS: SHA-1   ArubaOS Crypto Module implements the following FIPS-approved algorithms:  AES (Cert. #2677) o CVL (Cert. #150) o ECDSA (Cert. #466) o HMAC (Cert. #1663) o RNG (Cert. #1250) o RSA (Cert. #1376) o SHS (Cert. #2246) o Triple-DES (Cert. #1605) o Note: RSA (Cert. #1376; non-compliant with the functions from the CAVP Historical RSA o List) 29  FIPS186-2: ALG[ANSIX9.31]: Key(gen)(MOD: 1024 PubKey Values: 65537) ALG[RSASSA-PKCS1_V1_5]: SIG(gen): 1024, SHS: SHA-1/SHA-256/SHA- 384/SHA-512, 2048, SHS: SHA-1 ECDSA (Cert. #466; non-compliant with the functions from the CAVP Historical o ECDSA List)  FIPS186-2: SIG(gen): CURVES(P-256 P-384), SHS: SHA-1 ArubaOS AP Kernel Crypto implements the following FIPS-approved algorithms in each FIPS  approved mode: AES (Cert. #2689) o ArubaOS UBOOT Bootloader implements the following FIPS-approved algorithms in each FIPS  approved mode: RSA (Cert. #1380) o SHS (Cert. #2250) o Aruba AP Hardware (Atheros WLAN) implements the following FIPS-approved algorithms in  each FIPS approved mode: AES (Cert. #2450) o Non-FIPS Approved Algorithms Allowed in FIPS Mode Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption  strength; non-compliant less than 112-bits of encryption strength) EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of  encryption strength) NDRNGs  Non-FIPS Approved Algorithms The cryptographic module implements the following non-approved algorithms that are not permitted for use in the FIPS 140-2 mode of operations: MD5  30 6 Critical Security Parameters The following Critical Security Parameters (CSPs) are used by the module: Table 10 - Critical Security Parameters # Storage and Name CSPs type Generation Use Zeroization 1 Key Encryption Key Triple-DES 168-bit key Hardcoded during Stored in Flash. Encrypts (KEK) manufacturing Zeroized by using IKEv1/IKEv2 Pre- command ‘ap wipe shared key, ECDSA out flash’ private key and configuration parameters. 2 SP800-90a DRBG (512 Derived using NON- Stored in plaintext in DRBG entropy input DRBG initialization bits) FIPS approved HW volatile memory. RNG Zeroized on reboot. 3 SP800-90a DRBG (384 Generated per SP800- Stored in plaintext in DRBG seed DRBG initialization bits) 90A using a derivation volatile memory. function Zeroized on reboot. 4 Generated per SP800- Stored in plaintext in DRBG Key SP800-90a (256 bits) DRBG 90A volatile memory. Zeroized on reboot. 5 Generated per SP800- Stored in plaintext in DRBG V SP800-90a (128 bits) DRBG 90A volatile memory. Zeroized on reboot. 6 FIPS 186-2 RNG Seed Derived using NON- Stored in plaintext in Seed 186-2 General RNG seed (512 bits) FIPS approved HW volatile memory. purpose (x-change RNG Zeroized on reboot. Notice); SHA-1 RNG 31 7 FIPS 186-2 RNG Seed Derived using NON- Stored in plaintext in Seed 186-2 General RNG seed key key (512 bits) FIPS approved HW volatile memory. purpose (x-change RNG Zeroized on reboot. Notice); SHA-1 RNG 8 Diffie-Hellman Diffie-Hellman private Generated internally Stored in the volatile Used in establishing private key key (224 bits) during Diffie-Hellman memory. Zeroized the session key for an Exchange after the session is IPSec session closed. 9 Diffie-Hellman public Diffie-Hellman public Generated internally Stored in the volatile Used in establishing key key (2048 bits) during Diffie-Hellman memory. Zeroized the session key for an Exchange after the session is IPSec session closed. Note: Key size of DH Group 1 (768 bits) and DH Group 2 (1024 bits) are not allowed in FIPS mode. 10 Diffie-Hellman shared Diffie-Hellman shared Established during Stored in plain text in Used in establishing secret secret (2048 bits) Diffie-Hellman volatile memory, the session key for an Exchange Zeroized when session IPSec session is closed. 11 EC Diffie-Hellman Elliptic Curve Diffie- Generated internally Stored in the volatile Used in establishing private key Hellman (P-256 and P- during EC Diffie- memory. Zeroized the session key for an 384). Hellman Exchange after the session is IPSec session closed. 12 EC Diffie-Hellman Elliptic Curve Diffie- Generated internally Stored in the volatile Used in establishing public key Hellman (P-256 and P- during EC Diffie- memory. Zeroized the session key for an 384). Hellman Exchange after the session is IPSec session closed. 13 EC Diffie-Hellman Elliptic Curve Diffie- Established during EC Stored in plaintext in Key agreement in shared secret Hellman ( P-256 and P- Diffie-Hellman volatile memory. IKEv1/IKEv2 384) Exchange Zeroized when session is closed. 32 14 IKEv1/IKEv2 Pre- 8-64 character pre- Stored encrypted in User and module CO configured shared key shared key Flash with the KEK. authentication during Zeroized by changing IKEv1/IKEv2 (updating) the pre- shared key through the User interface. 15 HMAC-SHA- Established during Stored in plaintext in Key agreement in skeyid 1/256/384 IKEv1 negotiation volatile memory. IKEv1 (160/256/384 bits) Zeroized when session is closed. 16 HMAC-SHA- Established during Stored in plaintext in Key agreement in skeyid_d 1/256/384 IKEv1 negotiation volatile memory. IKEv1 (160/256/384 bits) Zeroized when session is closed. 17 IKEv1/IKEv2 session HMAC-SHA- Established as a result Stored in plaintext in IKEv1/IKEv2 payload authentication key 1/256/384 (160 / 256 / of IKEv1/IKEv2 volatile memory. integrity verification 384 bits) service Zeroized when session implementation. is closed. 18 IKEv1/IKEv2 session Triple-DES (168 Established as a result Stored in plaintext in IKEv1/IKEv2 payload encryption key bits/AES (128/196/256 of IKEv1/IKEv2 volatile memory. encryption bits) service Zeroized when session implementation. is closed. 19 IPSec session Triple-DES (168 bits / Established during the Stored in plaintext in Secure IPSec traffic encryption keys AES (128/196/256 IPSec service volatile memory. bits) implementation Zeroized when the session is closed. 20 IPSec session HMAC-SHA-1 (160 Established during the Stored in plaintext in IPSec traffic authentication keys bits) IPSec service volatile memory. authentication implementation Zeroized when the session is closed. 33 21 RSA 2048 bits private Generated at time of Stored in non-volatile Used by RSA Private Key key manufacturing by the memory (Trusted IKEv1/IKEv2 for TPM. Platform Module). device authentication Zeroized by physical destruction of the module. 22 RSA 2048 bits public Generated at time of Stored in non-volatile Used by RSA public key key manufacturing by the memory. Zeroized by IKEv1/IKEv2 for TPM. physical destruction of device authentication the module. 23 ECDSA suite B P-256 Generated in the Stored in flash Used by ECDSA Private Key and P-384 curves module memory encrypted IKEv1/IKEv2 for with KEK. Zeroized device authentication. by the CO command ap wipe out flash. 24 ECDSA suite B P-256 Generated in the Stored in flash Used by ECDSA Public Key and P-384 curves module memory encrypted IKEv1/IKEv2 for with KEK. Zeroized device authentication. by the CO command ap wipe out flash. 25 802.11i Pre-Shared 8-63 character 802.11i Stored in flash Used to derive the CO configured Key (PSK) pre-shared secret for memory encrypted PMK for 802.11i use in 802.11i (SP with KEK. Zeroized mesh connections by the CO command between APs and in 800‐108) key advanced Remote AP derivation ap wipe out flash. connections; programmed into AP by the controller over the IPSec session. 26 802.11i Pair-Wise 802.11i secret key Derived during the Stored in the volatile Used to derive Master key (PMK) (256-bit) 802.1X handshake memory. Zeroized on 802.11i Pairwise reboot. Transient Key (PTK) 27 802.11i Pairwise 512-bit shared secret Derived during 802.11i In volatile memory Used to derive Transient Key (PTK) from which Temporal 4-way handshake only; zeroized on 802.11i session key Keys (TKs) are derived reboot 28 AES-CCM key (128 Derived from 802.11 Stored in plaintext in Used for 802.11i 802.11i session key bits) PMK volatile memory. encryption Zeroized on reboot. 34 29 802.11i Group Master 256-bit secret used to Generated from Stored in plaintext in Used to derive Group Key (GMK) derive GTK approved RNG volatile memory; Transient Key (GTK) zeroized on reboot 30 802.11i Group 256-bit shared secret Internally derived by Stored in plaintext in Used to derive Transient Key (GTK) used to derive group AP which assumes volatile memory; multicast (multicast) encryption “authenticator” role in zeroized on reboot cryptographic keys and integrity keys handshake 31 802.11i Group AES- 128-bit AES-CCM key Derived from 802.11 Stored in plaintext in Used to protect CCM Data derived from GTK group key handshake volatile memory; multicast message Encryption/MIC Key zeroized on reboot confidentiality and integrity (AES-CCM) 32 Factory CA Public RSA 2048 bits public Generated outside the Stored in non-volatile Firmware verification Key key module. memory. Zeroized by physical destruction of the module. 35 7 Self-Tests The module performs the following Power-Up Self-Tests (regardless the mode of operation) and Conditional Tests (in each FIPS approved mode of operation). In the event of a test fails, the module enters an error state, logs the error, and reboots automatically. The module performs the following power-up self-tests: Aruba AP Hardware (Atheros WLAN) Known Answer Test:  AES-CCM KAT o ArubaOS OpenSSL Module Known Answer Tests:  AES (encrypt/decrypt) KATs o Triple-DES (encrypt/decrypt) KATs o DRBG KAT o RSA (sign/verify) KAT o ECDSA Sign/Verify o SHS (SHA-1, SHA-256, SHA-384 and SHA-512) KATs o HMAC (HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512) o KATs ArubaOS Crypto Module Known Answer Tests:  AES (encrypt/decrypt) KATs o Triple-DES (encrypt/decrypt) KATs o SHS (SHA-1, SHA-256, SHA-384 and SHA-512) KATs o HMAC (HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512) o KATs RSA (sign/verify) KAT o ECDSA Sign/Verify o FIPS 186-2 RNG KAT o ArubaOS Uboot Bootloader Module Known Answer Tests:  Firmware Integrity Test: RSA PKCS#1 v1.5 (2048 bits) signature verification with SHA- o 1 ArubaOS AP Kernel Crypto Known Answer Tests:  AES (encrypt/decrypt) KATs o AES-GCM KAT o The following Conditional Tests are performed in the module: ArubaOS OpenSSL Module  CRNG Test to Approved RNG (DRBG) o ECDSA Pairwise Consistency Test o 36 RSA Pairwise Consistency Test o ArubaOS Crypto Module  CRNG Test to Approved RNG (FIPS 186-2 RNG) o ECDSA Pairwise Consistency Test o RSA Pairwise Consistency Test o ArubaOS Uboot BootLoader Module  o Firmware Load Test - RSA PKCS#1 v1.5 (2048 bits) signature verification CRNG tests to non-Approved RNGs  These self-tests are run for the Atheros hardware cryptographic implementation as well as for the Aruba OpenSSL and ArubaOS cryptographic module implementations. Self-test results are written to the serial console. In the event of a KATs failure, the AP logs different messages, depending on the error. For an ArubaOS OpenSSL AP module and ArubaOS cryptographic module KAT failure: AP rebooted [DATE][TIME] : Restarting System, SW FIPS KAT failed For an AES Atheros hardware POST failure: Starting HW SHA1 KAT ...Completed HW SHA1 AT Starting HW HMAC-SHA1 KAT ...Completed HW HMAC-SHA1 KAT Starting HW DES KAT ...Completed HW DES KAT Starting HW AES KAT ...Restarting system. 37 8 Secure Operation The module can be configured to be in the following FIPS approved modes of operations via corresponding Aruba Mobility Controllers that have been certificated to FIPS level 2: • Remote AP FIPS mode – When the module is configured as a Remote AP, it is intended to be deployed in a remote location (relative to the Mobility Controller). The module provides cryptographic processing in the form of IPSec for all traffic to and from the Mobility Controller. • Control Plane Security (CPSec) protected AP FIPS mode – When the module is configured as a Control Plane Security protected AP it is intended to be deployed in a local/private location (LAN, WAN, MPLS) relative to the Mobility Controller. The module provides cryptographic processing in the form of IPSec for all Control traffic to and from the Mobility Controller. • Remote Mesh Portal FIPS mode – When the module is configured in Mesh Portal mode, it is intended to be connected over a physical wire to the mobility controller. These modules serve as the connection point between the Mesh Point and the Mobility Controller. Mesh Portals communicate with the Mobility Controller through IPSec and with Mesh Points via 802.11i session. The Crypto Officer role is the Mobility Controller that authenticates via IKEv1/IKEv2 pre-shared key or RSA/ECDSA certificate authentication method, and Users are the "n" Mesh Points that authenticate via 802.11i preshared key. • Remote Mesh Point FIPS mode – an AP that establishes all wireless path to the Remote Mesh portal in FIPS mode over 802.11 and an IPSec tunnel via the Remote Mesh Portal to the controller. In addition, the module also supports a non-FIPS mode – an un-provisioned AP, which by default does not serve any wireless clients. The Crypto Officer must first enable and then provision the AP into a FIPS AP mode of operation. This section explains how to place the module in each FIPS mode and how to verify that it is in FIPS mode. An important point in the Aruba APs is that to change configurations from any one mode to any other mode requires the module to be re-provisioned and rebooted before any new configured mode can be enabled. The access point is managed by an Aruba Mobility Controller in FIPS mode, and access to the Mobility Controller’s administrative interface via a non-networked general purpose computer is required to assist in placing the module in FIPS mode. The controller used to provision the AP is referred to below as the “staging controller”. The staging controller must be provisioned with the appropriate firmware image for the module, which has been validated to FIPS 140-2, prior to initiating AP provisioning. The Crypto Officer shall perform the following steps: 8.1 Pre-Configuration for RAP-3WN, RAP-3WNP, RAP-108, and RAP-109 The RAP-3WN, RAP-3WNP, RAP-108, and RAP-109 ship from the factory in standalone “Instant AP” mode, which is a non-approved mode. The Crypto Officer shall follow the steps below to appropriately pre- configure the modules. 1. Power up the RAP. 2. Connect wirelessly to Instant SSID. 3. Login to the RAP by navigating to http://instant.arubanetworks.com and login to the Instant UI. The default username is admin and the default password is admin. 4. Navigate to the Maintenance tab in the top right. 5. Click on the Convert tab. 38 6. Select Remote APs managed by a Mobility Controller from the drop down menu. 7. Enter the IP address of the mobility controller. 8. Click Convert Now to complete the conversion 9. The RAP will reboot and begin operating in unprovisioned RAP mode. Note: the pre-configuration steps convert each RAP into an unprovisioned RAP mode (non- approved mode). After that, the CO shall follow the steps in the next section to enable FIPS mode. 8.2 Configuring Remote AP FIPS Mode 1. Apply TELs according to the directions in section 3.2 2. Log into the administrative console of the staging controller 3. Deploying the AP in Remote FIPS mode configure the controller for supporting Remote APs, For detailed instructions and steps, see Section “Configuring the Secure Remote Access Point Service” in Chapter “Remote Access Points” of the Aruba OS User Manual. 4. Enable FIPS mode on the controller. This is accomplished by going to the Configuration > Network > Controller > System Settings page (this is the default page when you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, you click the Edit button for the appropriate AP group, and then select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save the configuration. 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence of a DC power supply appropriate to the particular model of the module. 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select that AP, click the “Provision” button, which will open the provisioning window. Now provision the AP as Remote AP by filling in the form appropriately. Detailed steps are listed in section entitled “Provisioning an Individual AP” in the ArubaOS User Guide. Click “Apply and Reboot” to complete the provisioning process. a. During the provisioning process as Remote AP if Pre-shared key is selected to be the Remote AP Authentication Method, the IKE pre-shared key (which is at least 8 characters in length) is input to the module during provisioning. Generation of this key is outside the scope of this policy. In the initial provisioning of an AP, this key will be entered in plaintext; subsequently, during provisioning, it will be entered encrypted over the secure IPSec session. If certificate based authentication is chosen, the AP’s RSA or ECDSA key pair is used to authenticate AP to controller during IPSec. 9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration 10. Terminate the administrative session 11. Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network. 39 8.3 Configuring CPSec protected AP FIPS mode 1. Apply TELs according to the directions in section 3.2 2. Log into the administrative console of the staging controller 3. Configure the staging controller with CPSec under Configuration > Controller > Control Plane Security tab. AP will authenticate to the controller using certificate based authentication (IKEv2) to establish IPSec. The AP is configured with an RSA key pair at manufacturing. The AP’s certificate is signed by Aruba Certification Authority (trusted by all Aruba controllers) and the AP’s RSA private key is stored in non-volatile memory (TPM). Refer to the “Configuring Control Plane Security” section in the ArubaOS User Manual for details on the steps. 4. Enable FIPS mode on the controller. This is accomplished by going to the Configuration > Network > Controller > System Settings page (this is the default page when you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, you click the Edit button for the appropriate AP group, and then select AP > AP System Profile. Then, check the “FIPS Enable” box, check “Apply”, and save the configuration. 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence of a DC power supply appropriate to the particular model of the module 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select that AP, click the “Provision” button, which will open the provisioning window. Now provision the CPSec Mode by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process. a. For CPSec AP mode, the AP always uses certificate based authentication to establish IPSec connection with controller. AP uses the RSA key pair assigned to it at manufacturing to authenticate itself to controller during IPSec. Refer to “Configuring Control Plane Security” Section in Aruba OS User Manual for details on the steps to provision an AP with CPSec enabled on controller. 9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration 10. Terminate the administrative session 11. Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network. 8.4 Configuring Remote Mesh Portal FIPS Mode 1. Apply TELs according to the directions in section 3.2 2. Log into the administrative console of the staging controller 40 3. Deploying the AP in Remote Mesh Portal mode, create the corresponding Mesh Profiles on the controller as described in detail in Section “Mesh Profiles” of Chapter “Secure Enterprise Mesh” of the Aruba OS User Manual. a. For mesh configurations, configure a WPA2 PSK which is 16 ASCII characters or 64 hexadecimal digits in length; generation of such keys is outside the scope of this policy. 4. Enable FIPS mode on the controller. This is accomplished by going to the Configuration > Network > Controller > System Settings page (this is the default page when you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, you click the Edit button for the appropriate AP group, and then select AP > AP System Profile. Then, check the “FIPS Enable” box, check “Apply”, and save the configuration. 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence of a DC power supply appropriate to the particular model of the module. 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select that AP, click the “Provision” button, which will open the provisioning window. Now provision the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process. a. During the provisioning process as Remote Mesh Portal, if Pre-shared key is selected to be the Remote IP Authentication Method, the IKE pre-shared key (which is at least 8 characters in length) is input to the module during provisioning. Generation of this key is outside the scope of this policy. In the initial provisioning of an AP, this key will be entered in plaintext; subsequently, during provisioning, it will be entered encrypted over the secure IPSec session. If certificate based authentication is chosen, AP’s RSA key pair is used to authenticate AP to controller during IPSec. AP’s RSA private key is contained in the AP’s non volatile memory and is generated at manufacturing time in factory. b. During the provisioning process as Remote Mesh Portal, the WPA2 PSK is input to the module via the corresponding Mesh cluster profile. This key is stored on flash encrypted. 9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration 10. Terminate the administrative session 11. Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network. 8.5 Configuring Remote Mesh Point FIPS Mode 1. Apply TELs according to the directions in section 3.2 2. Log into the administrative console of the staging controller 41 3. Deploying the AP in Remote Mesh Point mode, create the corresponding Mesh Profiles on the controller as described in detail in Section “Mesh Points” of Chapter “Secure Enterprise Mesh” of the Aruba OS User Manual. a. For mesh configurations, configure a WPA2 PSK which is 16 ASCII characters or 64 hexadecimal digits in length; generation of such keys is outside the scope of this policy. 4. Enable FIPS mode on the controller. This is accomplished by going to the Configuration > Network > Controller > System Settings page (this is the default page when you click the Configuration tab), and clicking the FIPS Mode for Mobility Controller Enable checkbox. 5. Enable FIPS mode on the AP. This accomplished by going to the Configuration > Wireless > AP Configuration > AP Group page. There, you click the Edit button for the appropriate AP group, and then select AP > AP System Profile. Then, check the “Fips Enable” box, check “Apply”, and save the configuration. 6. If the staging controller does not provide PoE, either ensure the presence of a PoE injector for the LAN connection between the module and the controller, or ensure the presence of a DC power supply appropriate to the particular model of the module. 7. Connect the module via an Ethernet cable to the staging controller; note that this should be a direct connection, with no intervening network or devices; if PoE is being supplied by an injector, this represents the only exception. That is, nothing other than a PoE injector should be present between the module and the staging controller. 8. Once the module is connected to the controller by the Ethernet cable, navigate to the Configuration > Wireless > AP Installation page, where you should see an entry for the AP. Select that AP, click the “Provision” button, which will open the provisioning window. Now provision the AP as Remote Mesh Portal by filling in the form appropriately. Detailed steps are listed in Section “Provisioning an Individual AP” of Chapter “The Basic User-Centric Networks” of the Aruba OS User Guide. Click “Apply and Reboot” to complete the provisioning process. a. During the provisioning process as Remote Mesh Point, if Pre-shared key is selected to be the Remote IP Authentication Method, the IKE pre-shared key (which is at least 8 characters in length) is input to the module during provisioning. Generation of this key is outside the scope of this policy. In the initial provisioning of an AP, this key will be entered in plaintext; subsequently, during provisioning, it will be entered encrypted over the secure IPSec session. If certificate based authentication is chosen, AP’s RSA key pair is used to authenticate AP to controller during IPSec. AP’s RSA private key is contained in the AP’s non volatile memory and is generated at manufacturing time in factory. b. During the provisioning process as Mesh Point, the WPA2 PSK is input to the module via the corresponding Mesh cluster profile. This key is stored on flash encrypted. 9. Via the logging facility of the staging controller, ensure that the module (the AP) is successfully provisioned with firmware and configuration 10. Terminate the administrative session 11. Disconnect the module from the staging controller, and install it on the deployment network; when power is applied, the module will attempt to discover and connect to an Aruba Mobility Controller on the network. FIPS Mode Verification 8.6 For all the approved modes of operations in either Remote AP FIPS mode, Control Plane Security AP FIPS Mode, Remote Mesh Portal FIPS mode or Mesh Point FIPS Mode do the following to verify the module is in FIPS mode: 1. Log into the administrative console of the Aruba Mobility Controller 42 2. Verify that the module is connected to the Mobility Controller 3. Verify that the module has FIPS mode enabled by issuing command “show ap ap-name config” 4. Terminate the administrative session 43