User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3022

100

Table Of Contents

SEL-3022 Transceiver Instruction Manual Date Code 20050615

Wireless Operator Interface Security

The SEL Security Application

C.16

Cryptographic Manual—Do Not Copy

The connection dialog begins with a connection request frame (Frame 1 in Figure C.5)

that is encrypted and authenticated with encryption and authentication keys

programmed into the SEL-5809 Settings Software device image. Upon receiving the

connection request, the SEL-3022 decrypts and authenticates the frame. If the

authentication fails, indicating that the session request came from other than an

authorized user (i.e., a PC programmed with the appropriate AES encryption and

HMAC SHA-1 authentication keys), the SEL-3022 ignores the session request and

remains silent. Note that the initial connection frame must be directed at the correct

User Datagram Protocol (UDP) port on the wireless TCP/IP interface of the SEL-3022

transceiver. Because the UDP protocol does not require a connection handshake, as

does TCP protocol, the SEL-3022 only transmits a TCP/IP frame in response to a fully

authenticated connection request frame. This feature ensures that the SEL-3022 is

immune to traditional port mapping and network reconnaissance techniques such as

ping sweeps, TCP SYN scans, or TCP FIN scans.

If the initial connection request frame passes the authentication process, the SEL-3022

generates a large, random challenge value and transmits it to the PC (Frame 2 in

Figure C.5). Upon receipt of the First Challenge frame, the PC must insert the received

challenge value into a new encrypted and authenticated frame and transmit it to the

SEL-3022 (Frame 3 in Figure C.5). In addition, this First Challenge frame contains the

password information you entered in the SEL-5809 Settings Software session

connection dialog box. When the SEL-3022 receives this frame, it decrypts and

authenticates it. If the authentication fails, again indicating that the session request

came from an unauthorized user, the SEL-3022 terminates the session and resets the

session connection dialog. If the frame passes authentication, the SEL-3022 compares

the transmitted password information with the password value stored in the SEL-3022

settings. It is important to note that if the transmitted password information indicates

that the user entered the wrong password, or if the decrypted challenge value does not

match the challenge value transmitted in Frame 2 of the connection dialog, the

SEL-3022 again terminates the session and resets the connection dialog.

➤ The password you entered in the SEL-5809 Settings Software must

match the password value stored in the SEL-3022 device, or the

session connection will fail. This guarantees that a stolen

maintenance PC programmed with the correct encryption and

authentication keys cannot be used to connect to the SEL-3022

without the user having direct knowledge of the programmed

password value stored in the SEL-3022 (the SEL-5809 Settings

Software never stores the password value on the PC hard drive).

➤ The large, random challenge value that the SEL-3022 formed and

transmitted in Frame 2 of the connection dialog is, with very high

probability, different for every wireless session. Because of this large,

random value, a malicious individual cannot capture a previous

session dialog and use the captured packets to reconnect to the

SEL-3022 (known as a session replay attack). If someone attempted

such an attack, the challenge value transmitted in the First Challenge

Response With Password frame (Frame 3 in Figure C.5) would not

Preliminary Copy