Schweitzer Engineering Laboratories SEL-3022 Instruction Manual
  1. Manuals
  2. Brands
  3. Schweitzer Engineering Laboratories Manuals
  4. Transceiver
  5. SEL-3022
  6. Instruction manual
Schweitzer Engineering Laboratories SEL-3022 Instruction Manual

Schweitzer Engineering Laboratories SEL-3022 Instruction Manual

Wireless encrypting transceiver
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Preliminary Copy
SEL-3022
Wireless Encrypting Transceiver
Instruction Manual
20050615
Attention
The SEL-3022 is a cryptographic device. Limit access to the
SEL-3022, SEL-5809 Settings Software, SEL-5810 Virtual
Serial Software, and SEL-3022 Instruction Manual to authorized
personnel only. Do not copy these items. Securely store these
items when not in use. Destroy these items when no longer
needed.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SEL-3022 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Schweitzer Engineering Laboratories SEL-3022

Summary of Contents for Schweitzer Engineering Laboratories SEL-3022

  • Page 1 Wireless Encrypting Transceiver Instruction Manual 20050615 Attention The SEL-3022 is a cryptographic device. Limit access to the SEL-3022, SEL-5809 Settings Software, SEL-5810 Virtual Serial Software, and SEL-3022 Instruction Manual to authorized personnel only. Do not copy these items. Securely store these items when not in use.
  • Page 2 Laboratories, Inc. The English language manual is the only approved SEL manual. © 2005 Schweitzer Engineering Laboratories. All rights reserved. This product is covered by U.S. Patent(s) Pending, and Foreign Patent(s) Issued and Pending. This product is covered by the standard SEL 10-year warranty. For warranty details, visit www.selinc.com or contact your customer service representative.

  • Page 3: Table Of Contents

    Section 2: Installation Introduction ......................2.1 Dimension Drawing ....................2.2 Setting Up Your PC or PDA With the SEL-5809 and SEL-5810 Software ...2.3 Initializing the SEL-3022 ..................2.7 Section 3: Job Done Example Introduction ......................3.1 Job Done Example 1 ....................3.2 Section 4: Settings and Commands Introduction ......................4.1...
  • Page 4 Appendix B: Firmware Upgrade Instructions Introduction ......................B.1 Factory Assistance ....................B.8 Appendix C: Wireless Operator Interface Security Introduction ......................C.1 Wireless Interface Security Overview ..............C.2 IEEE 802.11 WEP Security...................C.5 The SEL Security Application................C.9 Appendix D: Certificates Glossary ........................ GL.1 SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 5: List Of Tables

    Table 5.3 SEL-3022 Self-Test Capabilities ............5.6 Table 5.4 Troubleshooting ................5.7 Table A.1 Firmware Revision History..............A.1 Table A.2 Instruction Manual Revision History..........A.2 Table C.1 Number of Years Required to Guess an SEL-3022 Password ..C.13 Instruction Manual SEL-3022 Transceiver Date Code 20050615...
  • Page 6 Preliminary Copy This page intentionally left blank...

  • Page 7: List Of Figures

    Status: Virtual Serial Port With Connection Status Green....3.6 Figure 3.8 Reading Settings Via the SEL-3022 ..........3.7 Figure 3.9 Monitoring SEL-651R Meter Data Via the SEL-3022 .....3.8 Figure 3.10 Status: Virtual Serial Port Connection Status Red......3.9 Figure 3.11 Specify Device to Export to SEL-5810 Virtual Serial Software..........3.10 Figure 3.12 Export Encrypted User Configuration File ........3.10...
  • Page 8 Figure B.11 Terminal Invalid Firmware Error Message ........B.7 Figure B.12 Terminal Valid Firmware Message ..........B.7 Figure C.1 Two Independent Layers of Cryptographic Security Protect the SEL-3022 Wireless Operator Interface ..C.2 Figure C.2 Operation of the HMAC SHA-1 Keyed Hash Authentication Function .........C.9 Figure C.3...

  • Page 9: Preface

    This section lists all the SEL-3022 settings including those for serial port, wireless port, encryption parameters, and SCADA protocol. Includes information on the communication status command for analyzing and monitoring the status of the SEL-3022 serial port communication channel. Section 5: Testing and Troubleshooting.
  • Page 10 The page number appears at the outside edge of each page; a vertical bar separates the page number from the page title block. The page numbers of the SEL-3022 Serial Encrypting Transceiver Instruction Manual are represented by the following building blocks: ➤...
  • Page 11 Examples This instruction manual uses several example illustrations and instructions to explain how to effectively operate the SEL-3022. These examples are for demonstration purposes only; the firmware identification information or settings values included in these examples may not necessarily match those in the current version of your SEL-3022.
  • Page 12 Preliminary Copy This page intentionally left blank...

  • Page 13: Section 1: Introduction & Specifications

    Cryptographic Manual—Do Not Copy Preliminary Copy Section 1 Introduction & Specifications Introduction This section includes the following overviews of the SEL-3022 Wireless Encrypting Transceiver: ➤ Product Overview ➤ Application Overview ➤ Connections, Reset Button, and LED Indications ➤ Software System Requirements ➤...

  • Page 14: Product Overview

    The SEL-3022, with the SEL-5809 Settings Software and SEL-5810 Virtual Serial Software securely transmits and receives data between Intelligent Electronic Devices (IEDs) and PCs (or PDAs) via an IEEE 802.11b wireless connection. The SEL-3022 and SEL-5810 Virtual Serial Software provide a retrofit solution that allows you to continue to use standard PC programs while providing encrypted and authenticated wireless connectivity with IEDs.
  • Page 15 Both the security officer and operator modes are used to configure the SEL-3022. The user role generates a virtual serial port that allows applications to encrypt and decrypt data between the PC and the IED that the SEL-3022 is connected to.

  • Page 16: Figure 1.2 Encrypted Packet Stream

    SEL-5809 or SEL-5810 Serial PC 802.11b Wireless Module Security Application Application HMAC Authentication Encryption Encryption Hyperterml.ht Secured Data HMAC SHA-1 802.11b Authentication AcSELerator ® Software (2) Encryptor Radio AES Encryption Figure 1.2 Encrypted Packet Stream SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 17: Application Overview

    IED. This includes opening the recloser control cabinet, which will expose the inside of the control to the weather. Through use of the SEL-3022, the lineman simply drives within distance of the recloser control, establishes a wireless communication link using the SEL-5810 Virtual Serial Software, and then retrieves the fault location data or modifies settings—all from...

  • Page 18: Connections, Reset Button, And Led Indications

    Figure 1.3 Typical Connections for the SEL-3022 Power Supply Connections You can apply 5 to 24 Vdc directly to the SEL-3022 power terminals, which are available either as compression terminals or a 2.5 mm jack. If the power source voltage is not within the 5 to 24 Vdc range, use an auxiliary power supply to provide 5 to 24 Vdc to the SEL-3022.
  • Page 19 Use the solid-state alarm contact to alert you to problems either with the communications channel or the SEL-3022. See Section 5: Testing and Troubleshooting for more details. To maintain the UL rating of the SEL-3022, connect the alarm output contact as follows: Use an external load to limit current to less than 100 mA through the alarm contact.

  • Page 20: Table 1.1 Dce (Female Db9)

    Figure 1.4 Typical Alarm Output Installation Serial Port Pin-Out Connection The SEL-3022 has a fully compliant DCE serial port. SEL offers many cable configurations for use between the SEL-3022 and other devices. The serial port pin-out descriptions for the DCE port are as follows.
  • Page 21 SEL-3022 on page 2.7 in Section 2: Installation. Status LED Use the status LED to determine the state of the SEL-3022. If the status LED is solidly illuminated, the SEL-3022 is operating correctly. If the LED is blinking, the SEL-3022 is in a failed or reset mode.

  • Page 22: Software System Requirements

    SEL-5809 Settings Software and the SEL-5810 Virtual Serial Software. The SEL-5809 Settings Software is the only means to set and monitor the SEL-3022. The software comes in two versions: one version is for a PC and one is for a PDA operating system.

  • Page 23: General Safety And Care Information

    General Safety Notes The SEL-3022 is designed for restricted access locations. Access shall be limited to qualified service personnel. The SEL-3022 should not be installed or operated in a condition not specified in this manual. CAUTION: The SEL-3022 is an intentional radiator. Changes or modifications not expressly approved by SEL for compliance could void the user’s authority to operate the equipment.

  • Page 24: Specifications

    WiFi/802.11b Configuration Port 35 V/m Protocol: IEEE 802.11b Type Test Compliance Criteria: Modulation: DSSS 1) The SEL-3022 does not damage or impede Frequency Band: 2.4 GHz IED operation. Encryption: 128-bit WEP and 2) The SEL-3022 is allowed to lose data 128-bit AES during testing events.
  • Page 25 Introduction & Specifications 1.13 Specifications Preliminary Copy Certifications ISO: Device is designed and manufactured using ISO 9001 certified quality program. Listings: IEC 60950-1: 1st Ed./ CSA C22.2 No.60950-1/ EN 60950-1 FCC: 15.247 ICES-001 Instruction Manual SEL-3022 Transceiver Date Code 20050615...
  • Page 26 Preliminary Copy This page intentionally left blank...

  • Page 27: Section 2: Installation

    Setting Up Your PC or PDA With the SEL-5809 Settings Software and SEL-5810 Virtual Serial Software. ➤ Initializing the SEL-3022: Discusses the settings required to initialize the SEL-3022 when the SEL-3022 is in a reset condition. Instruction Manual SEL-3022 Transceiver Date Code 20050615...

  • Page 28: Dimension Drawing

    Dimension Drawing Preliminary Copy Dimension Drawing 4.80 5.24 (121.9) (133.0) 2.40 (61.0) 3.68 Ø0.19 (Ø4.8) (93.3) MOUNTING HOLES FOR #8 SCREW 4.06 (103.0) 1.00 FRONT (25.4) LEGEND (mm) Figure 2.1 SEL-3022 Dimension Drawing SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 29: Setting Up Your Pc Or Pda With The Sel-5809 And Sel-5810 Software

    SEL-5809 and SEL-5810 Software Software Installation The SEL-5809 Settings Software is required to set, operate, and test the SEL-3022. The SEL-5810 Virtual Serial Software is used by operators to connect PC programs to remote IEDs using the SEL-3022. You can install the SEL-5809 and SEL-5810 Software on an IBM-compatible computer or a Pocket PC-compatible PDA.

  • Page 30: Figure 2.3 Product Unregistered Prompt

    Figure 2.3 Product Unregistered Prompt To register the SEL-5809 Settings Software, perform the following steps. Step 1. At the prompt’s text box enter the SEL-3022 Serial Number, SEL Purchase Order Number, or Customer Purchase Order Number. Step 2. Click OK. This generates the registration file (reginfo.xml).
  • Page 31 To register the SEL-5809 Settings Software, perform the following steps. Step 1. At the prompt’s text box enter the SEL-3022 Serial Number, SEL Purchase Order Number, or Customer Purchase Order Number. Step 2.
  • Page 32 NOTE: The registration form is also available using the Help > Register menu. The SEL-5810 Virtual Serial Software does not have a registration key and does not need to be registered. SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 33: Initializing The Sel-3022

    Preliminary Copy Initializing the SEL-3022 When the SEL-3022 is sent from the factory, or if the {RESET} button in the SEL-3022 is pressed, the transceiver is in a Reset state. The Reset state indicates that all of the encryption keys and related security parameters are erased. You can quickly determine whether the SEL-3022 is in a Reset state by applying power and viewing the status LED.

  • Page 34: Figure 2.5 Specify New Device Location

    New_Group. Select the plus arrow beside your new device location to expand the view. Step 8. To open a serial connection to the SEL-3022, double-click on the device name. In our example, this name is Device 1. Figure 2.6 Opening Device...

  • Page 35: Figure 2.7 Identification Screen

    Refer to Device Information on page 4.7 in Section 4: Settings and Commands for a description of these test parameters. While the SEL-3022 is in the Reset state, the Status: Device tab allows the user to constantly transmit data on a selected 802.11b channel. This feature may be used to test the SEL-3022 wireless propagation characteristic at an installation site.

  • Page 36: Figure 2.8 Status: Device

    2.10 Installation Cryptographic Manual—Do Not Copy Initializing the SEL-3022 Preliminary Copy Figure 2.8 Status: Device Step 11. Select the Settings: Wireless tab and consult your System Administrator for the Wireless Connections Settings. The settings shown are for example only. Figure 2.9 Settings: Wireless...

  • Page 37: Figure 2.10 Settings: Wep Keys

    Cryptographic Manual—Do Not Copy Installation 2.11 Initializing the SEL-3022 Preliminary Copy Step 12. Select the Settings: WEP Keys tab and consult your System Administrator for the WEP Key Settings. The settings shown in Figure 2.10 are for example only. WEP Keys must be set to a unique 26-character hexadecimal ASCII value other than the default.

  • Page 38: Figure 2.12 Settings: Operator

    2.12 Installation Cryptographic Manual—Do Not Copy Initializing the SEL-3022 Preliminary Copy Step 14. Select the Settings: Operator tab and enter random 32-character hexadecimal ASCII encryption and authentication keys. Select a password or phrase that is 6–60 characters in length. Only the security officer should set the encryption and authentication keys.

  • Page 39: Figure 2.14 Confirm Send Prompt

    Select OK to acknowledge the message. Figure 2.15 Send Operation Message Step 19. Verify that the Status LED on the SEL-3022 is illuminated. If all settings were configured to valid values, the SEL-3022 is now initialized. The Status LED will be illuminated, and you can use the 802.11b wireless interface to configure the SEL-3022 for your...

  • Page 40: Figure 2.16 Select Items To Print

    Step 22. Close the Device by clicking File > Close Device. Select Yes when prompted to save current session. Step 23. To open a wireless connection to the SEL-3022, double click on the device name. Select User, Operator, or Security Officer. Enter pass phrase, then click OK.
  • Page 41 Wireless Configuration A wireless card is required to perform in-system settings modifications, monitoring, and to establish a virtual serial port connection. The SEL-3022 complies with the IEEE 802.11b Wireless Standard. Suitable wireless cards and associated software drivers can be found at your local computer or office supply store.
  • Page 42 Preliminary Copy This page intentionally left blank...

  • Page 43: Section 3: Job Done Example

    Cryptographic Manual—Do Not Copy Preliminary Copy Section 3 Job Done Example Introduction ® This section contains a Job Done example for applying the SEL-3022 to an SEL-651R Recloser Control mounted twenty feet above the street. Instruction Manual SEL-3022 Transceiver Date Code 20050615...

  • Page 44: Job Done Example 1

    Identifying the Problem Your objective is to provide a simple and secure means of communications to an SEL-651R Recloser Control mounted twenty feet above the street. You decide on the SEL-3022 Wireless Encrypting Transceiver for the following reasons: ➤ The SEL-3022 eliminates the requirement to have physical access to the recloser control, i.e.

  • Page 45: Figure 3.2 Job Done Example Sel-5809 Top Level View

    Job Done Example 1 Preliminary Copy SEL-3022 Initialization An SEL-3022 direct from the factory is in a Reset condition. You must initialize various settings before installing the SEL-3022 in the recloser control. You can initialize the SEL-3022 at your desk before you deploy the transceiver.

  • Page 46: Figure 3.3 Select A Wireless Session For Dnp3 Job Done Example

    SEL-3022 is going to be connected to. Figure 3.4 Settings: DCE Port Step 7. Select Device > Send All to save the settings to the SEL-3022. Step 8. Select File > Close Device to close the connection to the SEL-3022.

  • Page 47: Figure 3.5 Status: Virtual Serial Port With Connection Status Red

    (or other serial terminal program). ERATOR Step 14. Select Communication > Parameters and set Device to the virtual serial port that the SEL-5809 Settings Software created. Step 15. Select OK. See Figure 3.6. Instruction Manual SEL-3022 Transceiver Date Code 20050615...

  • Page 48: Figure 3.7 Status: Virtual Serial Port With Connection Status Green

    SEL-651R exists. Look at the SEL-5809 Settings Software Status: Virtual Serial Port page, the Connection Status is GREEN indicating the virtual serial port is in service. Figure 3.7 Status: Virtual Serial Port With Connection Status Green SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 49: Figure 3.8 Reading Settings Via The Sel-3022

    , you can perform such tasks ERATOR as reading the settings out of the SEL-651R (see Figure 3.8) or viewing the metering data (see Figure 3.9). Figure 3.8 Reading Settings Via the SEL-3022 Instruction Manual SEL-3022 Transceiver Date Code 20050615...

  • Page 50: Figure 3.9 Monitoring Sel-651R Meter Data Via The Sel-3022

    Job Done Example Cryptographic Manual—Do Not Copy Job Done Example 1 Preliminary Copy Figure 3.9 Monitoring SEL-651R Meter Data Via the SEL-3022 Step 18. When you are done setting and configuring the SEL-651R, click Communication > Disconnect (to close the ERATOR serial port connection) or click File >...

  • Page 51: Figure 3.10 Status: Virtual Serial Port Connection Status Red

    Step 19. Select File > Close Device, to close the SEL-5809 Settings Software virtual serial port. Linemen or engineers who do not need to configure the SEL-3022 transceivers, will use the SEL-5810 Virtual Serial Software, which is strictly a virtual serial port program. Use the SEL-5809 Settings Software to generate the...

  • Page 52: Figure 3.11 Specify Device To Export To Sel-5810 Virtual Serial Software

    Step 26. Choose a folder to store the encrypted file and enter a file name in the File name box. Step 27. Select OK. This saves the file to the location specified by Step 26. SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 53: Figure 3.13 Store Encrypted File

    Step 28. Send or load this file onto the lineman’s PC. Step 29. Start the SEL-5810 Virtual Serial Software. Step 30. Click File > Import and select the file saved in Step 26 to import the SEL-3022 device image into the SEL-5810 Software. Step 31. Enter password.

  • Page 54: Figure 3.14 Password Prompt In Sel-5810 Virtual Serial Software

    Step 37. Select Communication < Parameters. Step 38. Specify Device by selecting, from the drop-down menu, the Communication port generated by the SEL-5810 Virtual Serial Software (reference the SEL-5810 Terminal Connection Status: COM Port). Step 39. Select OK. SEL-3022 Transceiver Instruction Manual Date Code 20050615...
  • Page 55 Step 40.Verify on the SEL-5810 the Terminal Connection Status: Terminal Status shows Connected. Step 41. You can now perform setting and monitoring functions via program such as reading SER reports by ERATOR selecting HMI < Meter & Control < SER. Instruction Manual SEL-3022 Transceiver Date Code 20050615...
  • Page 56 The SEL-5810 Virtual Serial Software requires that the user’s communications program, i.e., ERATOR HyperTerminal, close or disconnect the virtual serial port before it is possible to close the SEL-5810 Virtual Serial Software itself. SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 57: Section 4: Settings And Commands

    Cryptographic Manual—Do Not Copy Preliminary Copy Section 4 Settings and Commands Introduction This section explains the settings and commands of the SEL-3022. ➤ Serial Port Settings: Settings that configure the EIA-232 serial port. ➤ Wireless Port Settings: Settings that configure the 802.11b wireless port.

  • Page 58: Serial Port Settings

    If the SEL-3022 asserts Hardware (HW) flow control, one additional character can be sent to the SEL-3022 without loss of data. If HW flow control is asserted and characters are still being sent to the SEL-3022 (e.g., from the serial port of a device connected to the SEL-3022) then characters will be lost.

  • Page 59: Wireless Port Settings

    Contact your network administrator for a valid IP address. WEP Key settings configure WEP keys used by the SEL-3022 wireless mode. The WEP key used in the SEL-3022 wireless module must match those used in your PC or PDA. Instruction Manual...

  • Page 60: Table 4.3 Settings: Wep Keys

    Twenty-six character hexadecimal (104-bit) 0–9 and A–F key used in the wireless encryption algorithm. The SEL-3022 provides three login roles on the wireless interface. The User role allows EIA-232 to 802.11b wireless communication. SEL-3022 parameters cannot be changed in the User role.

  • Page 61: Table 4.5 Settings: Operator

    Access Level 2. IMPORTANT: The user, operator, and security officer passwords cannot be read out of the SEL-3022 with the SEL-5809 Settings Software or SEL-5810 Virtual Serial Software. Record the keys and passwords in a safe place.

  • Page 62: Communication Status Command

    Communication Status command. Use the Communication Status command to analyze the health of your serial channel. All error counters reset to zero when you press the Clear Comm Statistics {Clear} button or if power is cycled to the SEL-3022. The Communication Status includes the following information: Table 4.7 Status Command Names and Descriptions...

  • Page 63: Device Information

    The 802.11b wireless interface Media Access Control (See Specifications) address. This is a unique address. Device Status You can use the SEL-5809 Settings Software to determine the SEL-3022 self-test status and wireless module signal strength. Table 4.9 Status: Device Test/Comm Quality...

  • Page 64: Table 4.10 Status: Output Alarm

    Settings and Commands Cryptographic Manual—Do Not Copy Device Information Preliminary Copy Output Alarm Use the SEL-5809 Settings Software to test the alarm output of the SEL-3022. Table 4.10 Status: Output Alarm Name Display Description Alarm Red = alarm contact is open...

  • Page 65: Section 5: Testing And Troubleshooting

    Section 5 Testing and Troubleshooting Introduction This section provides guidelines for testing and troubleshooting the SEL-3022. Included are discussions on testing philosophies, methods, and tools. At the end of the section are descriptions of communication, channel diagnostics, self-tests, and troubleshooting procedures.

  • Page 66: Testing Philosophy

    SEL-3022 we ship meets published specifications. It is important for you to perform acceptance testing on an SEL-3022 if you are unfamiliar with SEL-3022 operating theory or settings. Such testing helps you ensure that SEL-3022 settings are correct for your application.
  • Page 67 Maintenance Testing You generally do not need to perform maintenance testing on the SEL-3022. If you use the alarm output, you can use the SEL-5809 Settings Software Pulse command to verify functionality between the SEL-3022 and a connected device.

  • Page 68: Communications Channel Diagnostics

    The SEL-3022 provides a serial communication diagnostic function to aid in troubleshooting. The SEL-3022 monitors the DCE serial port for various errors. You can use the number and type of errors to troubleshoot communications channel problems. Use the SEL-5809 Settings Software Communications Channel Report page to retrieve communications channel diagnostics.
  • Page 69 Table 5.2 Device Status: Device Status (Sheet 2 of 2) Status Name Description Avg Signal Level Report RF Signal Level from 802.11b module Avg Noise Level Report RF Noise Level from 802.11b module Instruction Manual SEL-3022 Transceiver Date Code 20050615...

  • Page 70: Self-Tests

    Cryptographic Manual—Do Not Copy Self-Tests Preliminary Copy Self-Tests The SEL-3022 has extensive self-test capabilities. You can determine the diagnostic status of your SEL-3022 via the SEL-5809 Settings Software or the Status LED located on the SEL-3022. Table 5.3 SEL-3022 Self-Test Capabilities SEL-5809 Contact...

  • Page 71: Troubleshooting

    Measure and record the power supply voltage at the power input terminals. Step 2. Check to see that the power is on. Do not turn the SEL-3022 off. Step 3. Measure and record the voltage at the alarm output. Step 4.

  • Page 72: Factory Assistance

    Preliminary Copy Factory Assistance We appreciate your interest in SEL products and services. If you have questions or comments, please contact us at: Schweitzer Engineering Laboratories, Inc. 2350 NE Hopkins Court Pullman, WA USA 99163-5603 Telephone: (509) 332-1890 Fax: (509) 332-7990 Internet: www.selinc.com...

  • Page 73: Appendix A: Firmware And Manual Versions

    Firmware and Manual Versions Firmware This manual covers SEL-3022 Wireless Encrypting Transceivers containing firmware bearing the firmware version numbers listed in Table A.1. This table also lists a description of modifications and the instruction manual date code that corresponds to firmware versions.

  • Page 74: Instruction Manual

    Table A.2 lists the instruction manual release dates and a description of modifications. The table lists the most recent instruction manual revisions at the top. Table A.2 Instruction Manual Revision History Revision Summary of Revisions Date 20050615 Initial Release. SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 75: Appendix B: Firmware Upgrade Instructions

    The SEL-3022 stores firmware in Flash memory; therefore, changing physical components is not necessary. These instructions give a step-by-step procedure to upgrade the SEL-3022 firmware by uploading a file from a personal computer to the transceiver via the DCE serial port.

  • Page 76: Figure B.1 Pc To Sel-3022 Connection

    Press the {Reset} button for at least 2 seconds. The Status LED will Step 3. blink at a 2-second rate while in the reset mode. Step 4. Start the SEL-5809 Settings Software and connect to the SEL-3022 via the serial port. C388 Figure B.1 PC to SEL-3022 Connection...

  • Page 77: Figure B.3 Sel-5809 Settings Software Connection Method

    Software and SEL-3022 are establishing a connection you will see the following status box. Figure B.4 SEL-5809 Opening Connection Step 9. When the PC and SEL-3022 have established a connection, select the Status: Device tab. Instruction Manual SEL-3022 Transceiver Date Code 20050615...

  • Page 78: Figure B.5 Status: Device Window

    Cryptographic Manual—Do Not Copy Introduction Preliminary Copy Figure B.5 Status: Device Window Step 10. Click the {Begin} button to put the SEL-3022 into Firmware Download Mode. Step 11. Click Yes to enter firmware download mode. Figure B.6 Confirmation Prompt Step 12. Click OK to acknowledge the SEL-3022 is entering firmware upgrade mode.

  • Page 79: Figure B.8 Configuring Serial Port Settings In The Terminal Software

    Figure B.8 Configuring Serial Port Settings in the Terminal Software Step 14. Establish a connection to the SEL-3022 using the Terminal application. Step 15. The SEL-3022 will send your Terminal a “C” indicating it is ready to commence an Xmodem 1K file transfer. NOTE:...

  • Page 80: Figure B.9 Send File Prompt

    See first line of message in Figure B.11. Step 21. If the firmware is invalid, you will receive an invalid firmware error message. See second line of message in Figure B.11. SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 81: Figure B.11 Terminal Invalid Firmware Error Message

    Step 23. When successfully written to Flash, you will need to cycle power for the new firmware to take effect. Step 24. After cycling power, you will need to reinitialize the SEL-3022 using the settings saved at the start of the firmware upgrade procedure.

  • Page 82: Factory Assistance

    Preliminary Copy Factory Assistance We appreciate your interest in SEL products and services. If you have questions or comments, please contact us at: Schweitzer Engineering Laboratories, Inc. 2350 NE Hopkins Court Pullman, WA USA 99163-5603 Telephone: (509) 332-1890 Fax: (509) 332-7990 Internet: www.selinc.com...

  • Page 83: Appendix C: Wireless Operator Interface Security

    The SEL-3022 incorporates a wireless LAN (WLAN) with which you can perform engineer access to IED and diagnostic and maintenance functions. The wireless aspect of the device makes connection of the SEL-3022 to a Personal Computer (PC) simple and efficient. Make such a connection through use of the SEL-5809 Settings Software or SEL-5810 Virtual Serial Software and 802.11b (also known as Wi-Fi) compliant...

  • Page 84: Wireless Interface Security Overview

    WEP. Together, these two, independent security features provide a secure communications link between the SEL-3022 and the operator PC or Personal Data Assistant (PDA). Strengths of the WEP and SEL Security Application combination are as follows: ➤...
  • Page 85 Application. The data frames must then AES decrypt and HMAC SHA-1 authenticate. If the SEL Security decryption or authentication fails, the SEL Security Application discards these data frames and disconnects. In summary, before the SEL-3022 considers data to be valid, the data must AES decrypt, HMAC SHA-1 authenticate, and WEP decrypt correctly, or the data are discarded.
  • Page 86 During this initialization mode, the SEL-3022 will disable the wireless port and force the user to enter the initial encryption keys, authentication keys, and password values via a direct serial connection.

  • Page 87: Ieee 802.11 Wep Security

    All hosts must know the value of the secret encryption key prior to being granted network access. The network designer controls the dissemination of the key value and, therefore, controls who has access to the WEP-protected network. Instruction Manual SEL-3022 Transceiver Date Code 20050615...
  • Page 88 Because of this, the input to the KSA function is a concatenation of a secret key (104 bits in the case of the SEL-3022 wireless operator interface) with a 24-bit Initialization Vector (IV). By changing the IV...
  • Page 89 It does, however, provide a rather significant barrier to a potential attacker. It is difficult to determine the WEP key from a lightly loaded wireless network. A wireless connection between a maintenance PC and an SEL-3022 will only transmit network packets while the session is open and data are being actively exchanged between the PC and the SEL-3022.
  • Page 90 WEP key and defeat the WEP encryption function. If an attacker successfully determines the WEP encryption key, the contents of all network packets transmitted between a maintenance PC and an SEL-3022 device would still be protected by the cryptographically strong encryption and authentication the SEL-3022 AES and HMAC SHA-1 functions provide (see The SEL Security Application section below for further explanation).

  • Page 91: The Sel Security Application

    The National Institute of Standards and Technology (NIST) developed the SHA-1 one- way hash algorithm in 1993. NIST developed the Keyed-Hash Message Authentication Code (HMAC) algorithm in 2002. The SEL-3022 uses the proven SHA-1 one-way hash algorithm to form the NIST-approved HMAC SHA-1 keyed hash function.

  • Page 92: Figure C.3 Operation Of The Aes Encryption Function

    K, to perform both the encryption and decryption transformations. Asymmetric key encryption, on the other hand, uses a different key for encryption and decryption. For example, asymmetric encryption SEL-3022 Transceiver Instruction Manual Date Code 20050615...

  • Page 93: Figure C.4 Sel-3022 Security Application Overview

    Hash Figure C.4 SEL-3022 Security Application Overview Upon receipt of any frame on the wireless operator interface, the SEL-3022 uses the programmed 128-bit secret encryption/decryption key to AES decrypt the entire frame. The SEL-3022 then uses the programmed 128-bit authentication key to calculate the...
  • Page 94 SEL-3022 times out briefly when an authentication failure occurs. Because of the wireless interface timeout, the maximum rate of a key guessing attack against the SEL-3022 is much less than one million keys per second.

  • Page 95: Table C.1 Number Of Years Required To Guess An Sel-3022 Password

    If we assume that the security officer has programmed strong passwords into the SEL-3022, an attacker would not be able to use a typical password guessing attack dictionary to limit the number of required password guesses. In this case, all...
  • Page 96 Furthermore, you must enter into the SEL-5809, when prompted, the same password stored in the SEL-3022. Note that neither a PC nor a PDA stores this password; the user must enter this password from memory. Because the PC does not store password...

  • Page 97: Figure C.5 Wireless Interface Session Authentication Dialog

    To begin a wireless operator interface session, the PC or PDA must authenticate with the SEL-3022 to prove that it has been programmed with the exact values of the expected authentication key and encryption key, and that you entered the correct password.
  • Page 98 User Datagram Protocol (UDP) port on the wireless TCP/IP interface of the SEL-3022 transceiver. Because the UDP protocol does not require a connection handshake, as does TCP protocol, the SEL-3022 only transmits a TCP/IP frame in response to a fully authenticated connection request frame. This feature ensures that the SEL-3022 is immune to traditional port mapping and network reconnaissance techniques such as ping sweeps, TCP SYN scans, or TCP FIN scans.
  • Page 99 Upon receiving the Key Transport and Second Challenge frame, the PC must insert the transmitted second challenge value into the final frame of the session connection dialog (Frame 5 in Figure C.5) and transmit the frame to the SEL-3022. To complete the session authentication dialog successfully, the decrypted and authenticated challenge value the SEL-3022 received in Frame 5 must match the value the SEL-3022 transmits in Frame 4.
  • Page 100 Because of the protection these mechanisms provide, an attacker cannot capture a frame, previously transmitted in a given wireless operator interface session, and resend the frame to the SEL-3022 to cause harmful actions. Conclusions Two independent layers of cryptographic security protect the SEL-3022 wireless operator interface: the 802.11b wireless interface module WEP encryption function,...

  • Page 101: Appendix D: Certificates

    Cryptographic Manual—Do Not Copy Preliminary Copy Appendix D Certificates The device is designed and manufactured through use of an ISO 9001 certified quality program. Listings IEC 60950-1: 1st Ed./CSA C22.2 No. 60950-1/EN 60950-1 15.247 ICES-001 Instruction Manual SEL-3022 Transceiver Date Code 20050615...
  • Page 102 Preliminary Copy This page intentionally left blank...

  • Page 103: Glossary

    Wired Equivalent Privacy is a security protocol specified in the IEEE Wireless Fidelity (Wi-Fi) standard 802.11b. WEP is designed to provide a wireless local area network (LAN) with a level of security and privacy comparable to that associated with a wired LAN. Instruction Manual SEL-3022 Transceiver Date Code 20050615...
  • Page 104 Preliminary Copy This page intentionally left blank...
  • Page 105 Preliminary Copy...
  • Page 106 Industrial Electric Power Systems Worldwide. Attention The SEL-3022 is a cryptographic device. Limit access to the SEL-3022, SEL-5809 Settings Software, SEL-5810 Virtual Serial Software, and SEL-3022 Instruction Manual to authorized personnel only. Do not copy these items. Securely store these items when not in use.

Table of Contents