User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3022

100

Table Of Contents

Date Code 20050615 Instruction Manual SEL-3022 Transceiver

Wireless Operator Interface Security

The SEL Security Application

C.13

Cryptographic Manual—Do Not Copy

1.83 • 10

years, on average, to guess both the authentication key and the encryption

key values. The analysis just described suggests that it is statistically impossible to

launch a key guessing attack against the SEL-3022 device that would result in

compromise of the system.

Even if someone were to steal a maintenance PC with the wireless interface encryption

and authentication keys programmed and saved on the PC hard drive, an attacker would

have to crack the SEL-3022 connection password to use the stolen computer to

successfully authenticate with the SEL-3022. To launch a password guessing attack, an

attacker would have to repeatedly send an initial session request frame and enter the

password guess into the SEL-5809 Settings Software dialog box.

If the entered password value is incorrect, the SEL-3022 terminates the session

authentication dialog after receiving Frame 3 of the authentication dialog (see

Figure C.5 on page C.15 and the discussion Connection Authentication and Session

Replay Protection on page C.14). If the authentication dialog fails at any point, the

SEL-3022 performs a timeout of the wireless operator interface and refuses any session

connection requests for five seconds. This limits the rate of a password guessing attack

to one guess per five seconds.

The SEL-3022 accepts password entries between 6 and 80 characters in length. These

passwords can contain all 96 printable ASCII characters (including the Space

character). If we assume that the security officer has programmed strong passwords

into the SEL-3022, an attacker would not be able to use a typical password guessing

attack dictionary to limit the number of required password guesses. In this case, all

possible password values would be equally likely and the attacker would have to

launch a brute-force password guessing attack by sending all possible password values

to the SEL-3022, one at a time. Tabl e C.1 shows the number of potential password

values (i.e., the maximum number of guesses that an attacker will have to make) and

the average number of years required to launch a successful brute-force password

guessing attack on the SEL-3022 as a function of the length of your programmed

password value. The value representing the average number of years required to

successfully guess the SEL-3022 connection password was derived under the

assumption that all potential password values are equally probable (i.e., you do not

program a password value that is likely to be in an attack dictionary). Such strong

passwords do not form a word, slang term, or other meaningful value. A strong

password also contains a mixture of alphanumeric characters (numbers and uppercase

and lowercase letters) and non-alphanumeric characters (punctuation characters,

backslash, space, etc.).

Table C.1 Number of Years Required to Guess an SEL-3022 Password

Password

Length

Number of Possible

Password Values

Average Number of Years Required to

Guess the Password (Assuming Strong

Password Choice)

67.91 • 10

6.27 • 10

77.59 • 10

6.02 • 10

87.29 • 10

5.78 • 10

Preliminary Copy