User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3022

100

Table Of Contents

SEL-3022 Transceiver Instruction Manual Date Code 20050615

Wireless Operator Interface Security

The SEL Security Application

C.14

Cryptographic Manual—Do Not Copy

Even with a strong, six-character password, an attacker could expect to spend more

than 60,000 years trying to launch a successful brute-force password-guessing attack

on the SEL-3022. Such a brute-force password guessing attack is statistically

impossible because of the potential strength of the SEL-3022 connection passwords

(very long password length with the password consisting of a very large number of

possible characters), and password-guessing rate limit that the five-second wireless

port timeout imposes on all connection authentication failures.

Connection Authentication

and Session Replay Protection

SEL-3022 Wireless Port Status

Prior to Security Parameter Initialization

The SEL-3022 uses two access levels for monitoring and configuration. Each access

level has the following security parameters: 128-bit encryption key, 128-bit

authentication key, and a password containing as many as 80 characters. Also included

in the security parameters are the 104-bit WEP keys. From the factory, cryptographic

security parameters are zeroized. At power up, the SEL-3022 determines if the

cryptographic security parameters are set to trivial (zero) values. If these parameters

are set to trivial values, the 802.11b wireless port is disabled. If the SEL-3022 is

initialized with zeroized values, or if any of these initial security parameters are left at

a zeroized value, the device will not leave the initialization mode, and the wireless port

will remain disabled. Following entry of non-zeroized security parameters, the

SEL-3022 enables the wireless module and enables both WEP and the SEL Security

Application. This ensures that data are never transmitted via the 802.11b interface with

default/trivial encryption keys.

SEL-3022 Security Parameters and Passwords

The SEL-5809 Settings Software is necessary to initiate a wireless session. The

SEL-5809 Settings Software must be programmed with identical encryption and

authentication security parameters as the SEL-3022 to which it will be connected.

Furthermore, you must enter into the SEL-5809, when prompted, the same password

stored in the SEL-3022. Note that neither a PC nor a PDA stores this password; the

user must enter this password from memory. Because the PC does not store password

values, no one can use just a PC or PDA to connect successfully with the SEL-3022

... ... ...

80 3.86 • 10

158

3.06 • 10

151

Table C.1 Number of Years Required to Guess an SEL-3022 Password

Password

Length

Number of Possible

Password Values

Average Number of Years Required to

Guess the Password (Assuming Strong

Password Choice)

Preliminary Copy