User guide
March 2005 Managing Your Canopy Network
Through Software Release 6.1
Page 296 of 425 Issue 1
Canopy System User Guide
22.2 ENCRYPTING CANOPY RADIO TRANSMISSIONS
Canopy systems employ the following forms of encryption for security of the wireless link:
◦ BRAID–a security scheme that the cellular industry uses to authenticate wireless
devices.
◦ DES–Data Encryption Standard, an over-the-air link option that uses secret 56-
bit keys and 8 parity bits.
◦ AES–Advanced Encryption Standard, an extra-cost over-the-air link option that
provides extremely secure wireless connections. AES uses 128-bit secret keys
as directed by the government of the U.S.A. AES is not exportable and requires a
special AP to process the large keys.
BRAID
BRAID is a stream cipher that the TIA (Telecommunications Industry Association) has
standardized. Standard Canopy APs and SMs use BRAID encryption to
◦ calculate the per-session encryption key (independently) on each end of a link.
◦ provide the digital signature for authentication challenges.
DES Encryption
Standard Canopy modules provide DES encryption. DES performs a series of bit
permutations, substitutions, and recombination operations on blocks of data. DES
Encryption does not affect the performance or throughput of the system.
AES Encryption
Motorola also offers Canopy products that provide AES encryption. AES uses the
Rijndael algorithm and 128-bit keys to establish a higher level of security than DES.
Because of this higher level of security, the government of the U.S.A. controls the export
of communications products that use AES (among which the Canopy AES feature
activation key is one) to ensure that these products are available in only certain regions
and by special permit.
The Canopy distributor or reseller can advise service providers about current regional
availability. Canopy AES products are certified as compliant with the Federal Information
Processing Standards (FIPS) in the U.S.A. The National Institute of Standards and
Technology (NIST) in the U.S.A. has specified AES for significantly greater security than
that which DES provides. NIST selected the AES algorithm for providing the best
combination of security, performance, efficiency, implementation, and flexibility. NIST
collaborates with industry to develop and apply technology, measurements, and
standards.
AES-DES Operability Comparisons
This section describes the similarities and differences between DES and AES products,
and the extent to which they may interoperate.
Key Consistency
The DES AP and the DES BHM modules are factory-programmed to enable or disable
DES encryption. Similarly, the AES AP and the AES BHM modules are factory-
programmed to enable or disable AES encryption.