HP A-Series Especificações descarregar pdf (Página 44)

Security Target Version 1.02, 08/16/2013

The TOE uses a software-based random bit generator that complies with FIPS 140-2 ANSI x9.31 Random Number

Generation (RNG) when operating in the FIPS mode. The entropy source is a 128-bit value extracted from Comware

entropy pool. The design architecture of the Comware entropy source is the same as the architecture of the Linux

kernel entropy pool. The noise sources for the Comware entropy pool include interrupt, process scheduling and

memory allocation.

Additionally, the TOE is designed to zeroize secret and private keys when they are no longer required by the TOE.

The following table identifies the applicable secret and private keys and summarizes how and when they are deleted.

Where identified zeroization occurs as follows: 1) when deleted from FLASH, the previous value is overwritten

once with zeroes; 2) when added to changed in FLASH, any old value is overwritten completely with the new value;

and, 3) the zeroization of values in RAM is achieved by overwriting once with zeroes.

Identifier

Name

Generation/

Algorithm

Purpose

Storage Location

Zeroization Summary

CSP1

RSA

public/private

keys

ANSI X9.31/RSA

Identity certificates for the

security appliance itself and

also used in IPsec and

SSH negotiations. The

security appliance supports

1024 ~ 2048 bit key sizes.

Private Key - FLASH

(cipher text/3DES) and

RAM (plain text)

Public Key – FLASH

(cipher text/3DES) and

RAM (plain text)

Private Key - A CLI

command is used to zeroize

keys in FLASH and reboot

results in the zeroization of

keys in RAM.

Public Key - A CLI

command is used to zeroize

keys in FLASH and reboot

results in the zeroization of

keys in RAM.

CSP2

DSA

public/private

keys (DSA is

not included in

the evaluated

configuration)

ANSI X9.31/DSA

Identity certificates for the

security appliance itself and

also used in SSH

negotiations.

Private Key - FLASH

(cipher text/3DES) and

RAM (plain text)

Public Key – FLASH

cipher text/3DES) and

RAM (plain text)

Private Key - A CLI

command is used to zeroize

keys in FLASH and reboot

results in the zeroization of

keys in RAM.

Public Key - A CLI

command is used to zeroize

keys in FLASH and reboot

results in the zeroization of

keys in RAM.

CSP3

Diffie-Hellman

Key Pairs

ANSI X9.31 / DH

Key agreement for IKE and

SSH sessions.

RAM (plain text)

Keys in RAM will be

zeroized upon resetting (i.e.,

terminating all sessions) or

rebooting the security

appliance.

CSP4

Public keys

DSA / RSA

Public keys of peers

FLASH(plain text)/RAM

(plain text)

Peer public keys exist in a

FLASH start-up

configuration file and are

added, deleted, or changed

when that file is edited by an

authorized administrator and

the security appliance is

rebooted.

CSP5

TLS Traffic

Keys (TLS is

not included in

the evaluated

configuration)

Generated using

the TLS protocol

(X9.31PRNG +

HMAC-SHA1 +

either DH or

RSA)

Algorithm: Also

3DES & AES

Used in HTTPS

connections

RAM (plain text)

Keys in RAM will be

zeroized upon resetting or

rebooting the security

appliance.

1 2 ... 39 40 41 42 43 44 45 46 47 48 49 ... 65 66

Comentários a estes Manuais

Sem comentários

HP A-Series Especificações Página 44

Comentários a estes Manuais

Manuais e produtos relacionados com Barebones PC/estação de trabalho HP A-Series