Cisco 1841 User Manual page 13
Integrated services router with aim-vpn/bpii-plus integrated services router with aim-vpn/epii-plus fips 140-2 non proprietary security policy
Hide thumbs
Also See for 1841:
- Hardware installation manual (100 pages) ,
- Datasheet (11 pages) ,
- User manual (9 pages)
Table of Contents
Advertisement
–
–
–
–
–
Onboard FPGA implementations
•
–
–
–
–
–
AIM module implementations
•
–
–
–
–
–
The routers also support the following algorithms which are not FIPS 140-2 approved: MD5,
MD5-HMAC, and DH.
The router is in the approved mode of operation only when FIPS 140-2 approved algorithms are used
(except DH which is allowed in the approved mode for key establishment despite being non-approved).
Note: The module supports DH key sizes of 1024 and 1536 bits. Therefore, DH provides 80-bit and
96-bit of encryption strength per NIST 800-57.
The following are not FIPS 140-2 approved algorithms: RC4, MD5, HMAC-MD5, RSA and DH;
however again DH is allowed for use in key establishment.
The module contains a HiFn 7814-W cryptographic accelerator chip, integrated in the AIM card. Unless
the AIM card is disabled by the Crypto Officer with the "no crypto engine aim" command, the HiFn
7814-W provides AES (128-bit, 192-bit, and 256-bit), DES (56-bit) (for legacy use only - transitional
phase only – valid until May 19th, 2007), and 3DES (168-bit) encryption; MD5 and SHA-1 hashing; and
hardware support for DH, RSA encryption, and RSA public key signature/verification. However, all
RSA operations are prohibited by policy
The module supports two types of key management schemes:
Pre-shared key exchange via electronic key entry. DES/3DES/AES key and HMAC-SHA-1 key are
•
exchanged and entered electronically.
Internet Key Exchange method with support for pre-shared keys exchanged and entered
•
electronically.
–
–
The module supports the commercially available Diffie-Hellman method of key establishment. See
Document 7A, Cisco IOS Reference Guide.
Cisco 1841 Integrated Services Router with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Router with AIM-VPN/EPII-Plus
OL-8719-01
DES (for legacy use only - transitional phase only – valid until May 19th, 2007)
3DES
SHA-1 hashing
HMAC-SHA-1
X9.31 PRNG
AES
DES (for legacy use only - transitional phase only – valid until May 19th, 2007)
3DES
SHA-1 hashing
HMAC-SHA-1
AES
DES (for legacy use only - transitional phase only – valid until May 19th, 2007)
3DES
SHA-1 hashing
HMAC-SHA-1
The pre-shared keys are used with Diffie-Hellman key agreement technique to derive DES,
3DES or AES keys.
The pre-shared key is also used to derive HMAC-SHA-1 key.
Cisco 1841 and Cisco 2801 Routers
13
Hide quick links:
Advertisement
Table of Contents
