Manualshelf

User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3022
81828384858687888990
Table Of Contents
Date Code 20050615 Instruction Manual SEL-3022 Transceiver
Wireless Operator Interface Security
Wireless Interface Security Overview
C.3
Cryptographic Manual—Do Not Copy
Application. The data frames must then AES decrypt and HMAC SHA-1 authenticate.
If the SEL Security decryption or authentication fails, the SEL Security Application
discards these data frames and disconnects. In summary, before the SEL-3022
considers data to be valid, the data must AES decrypt, HMAC SHA-1 authenticate, and
WEP decrypt correctly, or the data are discarded. The process is reversed for the
transmission and encryption process.
The SEL-3022/SEL-5809 Settings Software includes the following wireless security
features:
104-Bit Wired Equivalent Privacy (WEP) Encryption: The WEP
encryption function, provided by the 802.11b wireless LAN module,
is always enabled and active on the SEL-3022.
128-Bit Advanced Encryption Standard (AES) Encryption:
Because of the relative weakness of the WEP encryption function, the
SEL-3022 also incorporates an independent layer of AES encryption.
128-Bit HMAC SHA-1 Frame Authentication: Every frame
transmitted on the wireless operator interface is cryptographically
authenticated to prevent malicious tampering and to guarantee
acceptance of only those frames that authorized users transmit.
Message Replay Protection: The SEL-3022 uses frame sequence
numbers with HMAC SHA-1 authentication to ensure that individual
frames cannot be retransmitted to cause malicious actions.
Session Replay Protection: The SEL-3022 uses a robust challenge-
response session authentication protocol to guarantee that wireless
operator sessions cannot be replayed to cause malicious actions.
AES and HMAC Session Key Exchange: The SEL-3022 exchanges
unique, randomly-generated encryption and authentication keys on
each wireless session connection. This limits the amount of data
protected by any single key value and strengthens the SEL-3022
against cryptanalytic attacks.
Wireless Session Password: A configurable password is required to
open a wireless connection with the SEL-3022. This password is
never stored in the configuration software device image, so it cannot
be compromised by theft of a configured maintenance PC containing
the wireless encryption and authentication keys. In the event of a lost
Preliminary Copy