Manualshelf

User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3031
81828384858687888990
Table Of Contents
Date Code 20091009 SEL-3031 Instruction Manual
SEL-3044 Encryption Card
Theory of Operation—SEL Protocol
B.3
Key Management
System key (256 bits): The system key is set by a passphrase of 8 to 80 characters. The
passphrase is used to generate a system key. The system key is used to encrypt and
securely transmit unique session keys (see below). It also provides a cryptographic
authentication mechanism for rejecting session requests by unauthorized SEL-3044
devices.
Session key (256 bits): Session keys are used to encrypt all protected user data prior to
transmission. They are produced at system startup and periodically during sessions.
Session keys are generated using the process outlined by FIPS 186-2. They are
produced using an integrated physical random number generator (RNG) and a
statistical data whitening algorithm. Session keys are purely random and are not linked
to the system key. The use of unique session keys limits the amount of data that is
encrypted with a single key value, thus strengthening the system against
cryptanalytical attack. The session keys are encrypted using the system key prior to
being exchanged between SEL-3044.
Device Security
The SEL-3044 incorporates a hardware RNG and FIPS-approved data whitener to
guarantee that all session keys contain 256 bits of entropy (i.e., completely random).
This guarantees that encoded messages are protected by a true cryptographic strength
of 256 bits.
Multilevel password authentication defines user security roles.
Changing the system key can only be performed by authorized users that have Access
Level 2 passwords.
If required, the user can reset the entire device. This allows the user to reinitialize the
system key should the security parameters need to change due to IT security
procedures or if the programmed system key value is lost.
NOTE: This process requires physical access to the
SEL-3031 and cannot be done remotely.
Security of the Transferred Data
The SEL-3044 provides data encryption with a cryptographic key strength of 256 bits.
The SEL-3044 RNG is designed so that all possible key values are equally likely. It is
widely accepted throughout the cryptographic community that it is not realistically
possible to mount a successful brute force (key guessing) attack on a 256-bit key space
with technology available today.