Juniper Networks SSG 520M and SSG 550M Security Policy
Critical Security Parameter (CSP) Definitions
Below is a list of Critical Security Parameter (CSP) definitions:
IPSEC HMAC SHA-1 Key: Used by IPsec for data integrity.
IPSEC ESP Key: Triple-DES, and AES for user traffic encryption.
IKE Pre-Shared Key: Used during the IKE protocol to establish cryptographic keys to be
used by IKE.
IKE Encryption Key: Triple-DES, and AES for peer-to-peer IKE message encryption.
IKE HMAC SHA-1 Key: Used by IKE for data integrity.
Password: Crypto-Officer and User passwords.
SSH Server/Host DSA Private Key: Used to create digital signatures.
SSH Encryption Key: Triple-DES encryption key to encrypt telnet commands.
SSH HMAC SHA-1 Key: Used by SSH for data integrity.
HA Key: AES Encryption key for HA data.
IKE RSA/DSA/ECDSA Private Key: RSA/DSA/ECDSA key used in IKE identity
authentication.
Diffie Hellman Private Key Components: Used during the DH key agreement protocol.
PRNG Seed and Seed Key: Used during the ANSI X9.31 generation of pseudo random
numbers.
RADIUS Secret Key: Used to authenticate exchanges with the RADIUS server
Public Key Definitions
Below is a list of the public keys utilized by the module:
Firmware Authentication Key: Used by the device to verify DSA signatures over
firmware images.
CA DSA/RSA Public Key: Used by IKE to authenticate a peer’s certificate.
Local DSA/RSA/ECDSA Public Key: Used by the IKE peer to verify digital signatures.
SSH Server/Host DSA Public Key: Used by the SSH client to verify digital signatures.
SSH Client DSA Public Key: Used by the device to verify digital signatures.
Diffie Hellman Public Key Components: Used by the DH Key Agreement protocol.
Matrix Creation of Critical Security Parameter (CSP) versus the
Services (Roles & Identity)
The following matrices define the set of services to the CSP of the module, providing information on
generation, destruction and usage. They also correlate the User roles and the Crypto-Officer roles to
the set of services to which they have privileges.
The matrices use the following convention:
G: Generate
D: Delete
To Next Page
Loading...
Need help?
General
