RDL-3000 FAMILY
6 Security
6.1 Overview
The Redline RDL-3000 provides a high level of security and reliability. Security features
include wireless authentication using X.509 certificates, and wireless encryption using
AES encryption. AES encryption is optional and may be purchased separately and
enabled by loading an AES-enabled options key.
Authentication
The RDL-3000 supports the following authentication features:
X.509 certificates for authentication
Challenge-response mechanism during the link setup
Management Security
The RDL-3000 includes security mechanisms for device management.
TLS 1.0 for HTTPS for secure Web access
SSH v2 for secure command line operation
SNMP v3 with AES support
Data Security
The RDL-3000 includes security mechanisms that provide sender authentication and
security and integrity for data sent over the wireless interface. These features include:
Wireless speed encryption for data traffic
Messages encrypted and validated using AES in CCM (Counter with Cipher Block
Chaining-Message Authentication Code)
Separate keys for data traffic and key transport:
Diffie-Hellman for key setup
AES Wrap algorithm for key transport
Keys are changed at random intervals
AES (Advanced Encryption Standard) option is an encryption standard used worldwide
to protect sensitive information. The AES cryptographic cipher uses a block length of
128 bits and key lengths of 128, 192 or 256 bits. As used in the United States, AES is a
Federal Information Processing Standard (FIPS) -- FIPS Publication 197 describing
cryptographic algorithms for use by U.S. Government organizations to protect sensitive,
information. The AES block cipher has been ratified as a standard by National Institute
of Standards and Technology of the United States (NIST).
Physical Security
The Redline RDL-3000 is enclosed in a weatherproof aluminum alloy case. The
module's enclosure is sealed using tamper-proof labels. The security of the RDL-3000
system is further increased by the following factors:
Stream cipher cannot be reverse-engineered -- even by destroying the equipment
Key generation algorithm cannot be reverse-engineered -- even by destroying the
equipment
MAC address of a system cannot be changed without damaging the equipment
Two communicating RDL-3000 systems detecting they have the same MAC address
will immediately shut down
70-00158-01-08
USER MANUAL
Proprietary Redline Communications © 2011
Page
135
of 150
December 7, 2011