Manualshelf

User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3031
81828384858687888990
Table Of Contents
SEL-3031 Instruction Manual Date Code 20091009
SEL-3044 Encryption Card
Theory of Operation—SEL Protocol
B.4
Application Consideration
Two messaging structures exist to establish and maintain a secure, coherent
communications link between two SEL-3044 devices: In-Band (IB) frames and Out-of-
Band (OOB) frames. IB frames transmit encrypted user data (i.e., data received on the
trusted data interface) between the two protected devices (computer, IED, RTU, etc.).
OOB frames transmit connection control data between the two SEL-3044 devices in
the communications link. Control frames are required to implement key exchanges,
status checks, and other functions necessary to maintain the communications link.
In-Band Message Format
IB messages consist of the encrypted data plus the frame overhead necessary to
maintain synchronization and channel security. Figure B.2 shows the format of an IB
frame. The shaded area is the encrypted data portion of the message.
Figure B.2 In-Band Data Packet Format
Out-of-Band Message
Out-of-Band (OOB) messages are used to exchange control information between
SEL-3044 cards. These exchanges include loss of synchronization, request for rekey,
and rekey information.
IMPORTANT: During OOB message communication, data
exchange between the devices connected to the
SEL-3044 cannot occur. Communication will be
temporarily halted during a rekey.
System Settings
The system key provides encryption and secure transmission of unique session keys
between SEL-3044 devices. It also provides a cryptographic authentication mechanism
for rejecting session requests by unauthorized devices. Session keys provide encryption
of all protected user data prior to transmission. An SEL-3044 produces session keys at
system startup, and periodically during sessions, using the process outlined by FIPS
186-2. An integrated physical RNG and statistical data-whitening algorithm generate
purely random session keys. Through the use of these unique session keys, the
SEL-3044 limits the amount of data encrypted by any single key value, thus
strengthening the system against attack.
IB Header
Maximum of 7 Bytes User-Defined Frame Length
Protected Data