User's Manual

ManualsBrandsSchweitzer Engineering Laboratories ManualsElectronicsSEL-3022

100

Table Of Contents

Date Code 20050615 Instruction Manual SEL-3022 Transceiver

Wireless Operator Interface Security

The SEL Security Application

C.17

Cryptographic Manual—Do Not Copy

match the challenge value the SEL-3022 issued in the First Challenge

frame (Frame 2 in Figure C.5), and the SEL-3022 would terminate

the connection attempt.

If the connection dialog succeeds up to this point (i.e., passes all authentication

mechanisms and session replay protection mechanisms described previously), the

SEL-3022 generates another random challenge value, a random session encryption key,

and a random session authentication key and transmits these values in Frame 4 of the

session connection dialog. The SEL-3022 uses these session keys, protected from

interception by SEL Security Application cryptographic mechanisms, described in the

previous sections, to encrypt and authenticate all configuration frames transmitted

between the PC and the SEL-3022 after the five-frame session authentication dialog

succeeds.

Upon receiving the Key Transport and Second Challenge frame, the PC must insert the

transmitted second challenge value into the final frame of the session connection dialog

(Frame 5 in Figure C.5) and transmit the frame to the SEL-3022. To complete the

session authentication dialog successfully, the decrypted and authenticated challenge

value the SEL-3022 received in Frame 5 must match the value the SEL-3022 transmits

in Frame 4. This requirement for matching values forms a second, independent layer of

protection against session replay attacks.

If the final frame authenticates correctly and the second challenge values match, the

SEL-3022 opens a wireless operator interface connection with the PC. All

configuration frames transmitted between the two devices after successful completion

of the session authentication dialog previously described will be encrypted and

authenticated through use of the session encryption and authentication keys exchanged

in the dialog.

The SEL-3022 connection authentication provides strong security against a number of

potential threats. We summarize the security features of this connection authentication

dialog as follows:

➤ There are two, independent challenge/response exchanges to prevent

session replay attacks.

➤ There is strong protection against threats posed by maintenance PC

theft. The user must enter from memory, the correct connection

password to successfully authenticate to the SEL-3022 (the

connection password is never stored on the maintenance PC).

➤ Unique session encryption and session authentication key exchanges

limit the number of frames protected by the programmed operator

and security officer role encryption and authentication keys. This

makes the SEL-3022 more resilient to cryptanalytic attacks.

Frame Replay Protection

Every frame in a given wireless operator interface session contains a sequence number

field. The value in this field increments every time a frame is transmitted over the

interface. The SEL-3022 will not accept any frame that contains a sequence number

Preliminary Copy