Manualshelf

User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3022
919293949596979899100
Table Of Contents
Date Code 20050615 Instruction Manual SEL-3022 Transceiver
Wireless Operator Interface Security
The SEL Security Application
C.9
Cryptographic Manual—Do Not Copy
The SEL Security Application
The SEL Security Application consists of an authentication and encryption scheme that
provides very strong data security. Authentication verifies message integrity (i.e., the
message has not been altered). Encryption conceals the contents of the message. The
combination of the two security techniques provides a state-of-the-art encryption and
authentication system with a key strength greater than 128 bits. Proof of the security
strength is detailed in the following sections.
HMAC SHA-1 Authentication Overview
The HMAC SHA-1 function provides protection against frame alteration and ensures
(with extremely high probability) that the digital integrity of every frame remains
intact. With a 128-bit-long authentication key, the HMAC SHA-1 function also
provides strong frame authentication capability that allows confirmation that an
authorized device transmitted the frame.
The National Institute of Standards and Technology (NIST) developed the SHA-1 one-
way hash algorithm in 1993. NIST developed the Keyed-Hash Message Authentication
Code (HMAC) algorithm in 2002. The SEL-3022 uses the proven SHA-1 one-way
hash algorithm to form the NIST-approved HMAC SHA-1 keyed hash function.
The HMAC SHA-1 function takes a variable-length message and an authentication key
as input and generates a 160-bit-long, fixed-length hash output value. The hash output
is a condensed fingerprint or signature of the message input (see Figure C.2).
Figure C.2 Operation of the HMAC SHA-1 Keyed
Hash Authentication Function
The 128-bit-long secret key gives the HMAC SHA-1 algorithm a strong built-in
authentication capability. If an attacker changes the contents of the message, then the
hash value appended to the message would not match the value that results from a
newly calculated hash value over the new, altered message. Because the HMAC SHA-1
function is keyed (i.e., uses a secret authentication key to form the hash output), an
attacker without knowledge of the authentication key value would be unable to
recalculate a new, valid hash value over the altered message appended to the new
message to hide the fact that the message has been altered.
Authentication Key
Digital Message
"Fingerprint"
Message
HMAC
Function
Preliminary Copy