User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3022

100

Table Of Contents

Date Code 20050615 Instruction Manual SEL-3022 Transceiver

Wireless Operator Interface Security

The SEL Security Application

C.11

Cryptographic Manual—Do Not Copy

might use K1 for encryption and K2 for decryption. The AES encryption algorithm the

SEL-3022 uses is a symmetric block cipher, with an encryption/decryption key size of

128 bits.

The Advanced Encryption Standard (AES) is the latest encryption standard adopted by

the National Institute of Standards and Technology (NIST). In 1997, NIST challenged

the cryptographic community to develop the next generation encryption algorithm to

replace the aging DES and 3DES encryption standards. In 2000, NIST chose the

Rijndael encryption algorithm as the AES encryption standard. During the evaluation

of candidates for the AES standard, some of the best cryptanalysts in the world

analyzed and approved Rijndael. Since NIST adopted the standard in 2001, AES has

proven to be very effective against known attacks.

Combined HMAC SHA-1

and AES Encryption Security

Every frame transmitted over the SEL-3022 wireless operator interface is authenticated

with an HMAC SHA-1 keyed hash digest and encrypted with the AES encryption

algorithm (both algorithms are described in detail in the HMAC SHA-1 Authentication

Overview and AES Overview sections above). As shown in Figure C.4, the SEL-3022

first forms the HMAC SHA-1 hash output from the original frame data payload and the

128-bit authentication key. This keyed message fingerprint is then appended to the end

of the frame data payload, and the resulting composite message is encrypted by the

AES encryption function through use of a separate, 128-bit encryption key (the

authentication key and encryption key are completely independent).

Figure C.4 SEL-3022 Security Application Overview

Upon receipt of any frame on the wireless operator interface, the SEL-3022 uses the

programmed 128-bit secret encryption/decryption key to AES decrypt the entire frame.

The SEL-3022 then uses the programmed 128-bit authentication key to calculate the

Authentication Key

Encryption Key

Final Encrypted and

Authenticated Frame

Message

Message Message

HMAC

Hash

HMAC

Hash

HMAC

Hash

HMAC

Function

AES

Encryption

Preliminary Copy