User's Manual
Table Of Contents
- PremierWave XC HSPA+ User Guide
- 1: Using This Guide
- 2: Introduction
- 3: Installation of PremierWave XC HSPA+
- 4: Using DeviceInstaller
- 5: Configuration Using Web Manager
- 6: Network Settings
- Network 1 (eth0) Interface Settings
- Network 1 (Link) Settings
- Network 1 (Failover)
- Network 2 (Cellular) Settings
- Network 2 (Link) Settings
- Gateway
- 7: Cellular
- 8: Action Settings
- 9: Line and Tunnel Settings
- Line Settings
- Tunnel Settings
- Serial Settings
- To Configure Tunnel Serial Settings
- Packing Mode
- To Configure Tunnel Packing Mode Settings
- Accept Mode
- To Configure Tunnel Accept Mode Settings
- Connect Mode
- To Configure Tunnel Connect Mode Settings
- Disconnect Mode
- To Configure Tunnel Disconnect Mode Settings
- Modem Emulation
- To Configure Tunnel Modem Emulation Settings
- Relay Output
- 10: Terminal and Host Settings
- 11: Services Settings
- 12: Security Settings
- 13: Maintenance and Diagnostics Settings
- Filesystem Settings
- Protocol Stack Settings
- SMTP Settings
- Diagnostics
- Threads
- Clock
- System Settings
- Discovery and Query Port
- 14: Advanced Settings
- 15: Security in Detail
- 16: Updating Firmware
- 17: Branding the PremierWave XC HSPA+
- Appendix A: Technical Specifications
- Appendix B: Compliance
- Appendix C: Technical Support
- Appendix D: Binary to Hexadecimal Conversions
- Appendix E: USB-CDC-ACM Device Driver File for Windows Hosts
PremierWave XC HSPA+ User Guide 91
15: Security in Detail
Public Key Infrastructure
Public key infrastructure (PKI) is based on an encryption technique that uses two keys: a public
key and private key. Public keys can be used to encrypt messages which can only be decrypted
using the private key. This technique is referred to as asymmetric encryption, as opposed to
symmetric encryption, in which a single secret key is used by both parties.
TLS (SSL)
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), use asymmetric
encryption for authentication. In some scenarios, only a server needs to be authenticated, in
others both client and server authenticate each other. Once authentication is established, clients
and servers use asymmetric encryption to exchange a secret key. Communication then proceeds
with symmetric encryption, using this key.
SSH and some wireless authentication methods on the PremierWave make use of SSL. The
PremierWave supports SSLv2, SSlv3, and TLS1.0.
TLS/SSL application hosts use separate digital certificates as a basis for authentication in both
directions: to prove their own identity to the other party, and to verify the identity of the other party.
In proving its own authenticity, the PremierWave will use its own "personal" certificate. In verifying
the authenticity of the other party, the PremierWave will use a "trusted authority" certificate.
In short:
When using EAP-TLS, the PremierWave needs a personal certificate with matching private
key to identify itself and sign its messages.
When using EAP-TLS, EAP-TTLS or PEAP, the PremierWave needs the authority
certificate(s) that can authenticate those it wishes to communicate with.
Digital Certificates
The goal of a certificate is to authenticate its sender. It is analogous to a paper document that
contains personal identification information and is signed by an authority, for example a notary or
government agency. With digital certificates, a cryptographic key is used to create a unique digital
signature.
Trusted Authorities
A private key is used by a trusted certificate authority (CA) to create a unique digital signature.
Along with this private key is a certificate of authority, containing a matching public key that can be
used to verify the authority's signature but not re-create it.
A chain of signed certificates, anchored by a root CA, can be used to establish a sender's
authenticity. Each link in the chain is certified by a signed certificate from the previous link, with
the exception of the root CA. This way, trust is transferred along the chain, from the root CA
PRELIMINARY DRAFT
PRELIMINARY DRAFT