Example: marketing

Security and the Motorola Canopy™ Wireless Broadband ...

ISecurity and the MotorolaCanopy Wireless BroadbandPlatform(Advanced Security Techniques)iiTABLE OF Are Security Measures Necessary?..1 Clear Text Features of the canopy s Proprietary Encryption Standard (DES)..5 Advanced Encryption Standard (AES).. of TablesTable 1. The Authentication 2. canopy Key 3. Methods of Encryption and Their Associated of Encryption and Authentication Management Encryption Host Configuration Information Processing Area Address of Network Management Queary Industry AssociationivNOTICEThe information in this publication is subject to change without notice. Motorola shall not beliable for technical or editorial errors or omissions nor for any damages resulting from the use ofthis configuration tested or described may or may not be the only available solution. This test isnot a determination of product quality or correctness, nor does it ensure compliance with anyfederal, state or local requirements.

The Canopy system uses an ESN, two keys and a random number for authentication. Table 2 details the functionality of each of these along with the random number. Table 2.

Fullscreen Download

Tags:

  Canopy, The canopy

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Security and the Motorola Canopy™ Wireless Broadband ...

1 ISecurity and the MotorolaCanopy Wireless BroadbandPlatform(Advanced Security Techniques)iiTABLE OF Are Security Measures Necessary?..1 Clear Text Features of the canopy s Proprietary Encryption Standard (DES)..5 Advanced Encryption Standard (AES).. of TablesTable 1. The Authentication 2. canopy Key 3. Methods of Encryption and Their Associated of Encryption and Authentication Management Encryption Host Configuration Information Processing Area Address of Network Management Queary Industry AssociationivNOTICEThe information in this publication is subject to change without notice. Motorola shall not beliable for technical or editorial errors or omissions nor for any damages resulting from the use ofthis configuration tested or described may or may not be the only available solution. This test isnot a determination of product quality or correctness, nor does it ensure compliance with anyfederal, state or local requirements.

2 Motorola does not warrant products other than its ownstrictly as stated in Motorola s product and the Stylized M Logo are registered in the US Patent & Trademark is a trademark of Motorola , Inc. All other product or service names are the property oftheir respective owners. Motorola , Inc. just recently, it would have been unimaginable for medical institutions to exchangehigh resolution digital imagery over Wireless networks. Why, you may ask? Not onlywere the early Wireless systems incapable of transmitting detailed medical images overtheir seemingly small pipes originally designed to carry voice conversations butsecuring this sensitive data from vulnerabilities such eavesdropping, session hijacking,data alteration and manipulation (among others) and ultimately protecting the privacy ofthe patient seemed an insurmountable the last 10 years, Motorola has been investigating the use of fixed wirelessbroadband systems and has brought to the marketplace a product that is capable of notonly handling these incredibly large digital medical images with lightning fast speeds buthas integrated advanced Security measures into the product that transparently, efficientlyand effectively safeguard the precious information that is transmitted over Motorola sCanopy Wireless Broadband system.

3 Today, medical institutions have moved farbeyond simply imagining the use of Wireless Broadband systems to actually applying thetechnology to collaborate and often times performing life saving paper Security and the Motorola canopy Broadband Wireless Platform offers asnapshot of some of the Security issues being faced by the Wireless Broadband industry aswell as the safeguards that Motorola is employing in the canopy platform to ensure thesecurity and integrity of this advanced system for our ARE Security MEASURES NECESSARY?When the Internet was first introduced, there was little concern about Security specifications for the Internet Protocol (IP) did not take into account the fact thatoperators may actually need to protect the data that they were transmitting. Obviously agreat deal has changed since that time. Seemingly harmless attacks have wreaked havocon computer networks with Wireless adding a new dimension of vulnerability.

4 The firststep in understanding how these attacks can be prevented is in analyzing the basicweaknesses in a typical IP TEXT TRANSMISSIONSWhen data is transmitted over an IP network, all information is relayed as clear is to say, the data is not scrambled or rearranged and is transmitted purely in its rawform. This information includes both the data and authentication streams of informationand is referred to as transmitting in the clear. When transmitting clear text transmissions,login name, user identifications, passwords, electronic mail (from a POP3 mail client),websites visited, downloaded information everything is open to the prying eyes ofanyone with a network MONITORINGAs mentioned previously, it is relatively easy to monitor clear text transmissions over anIP network. Unfortunately, most of the time invaders are not easily detected. This isbecause monitoring of the traffic is performed using passive devices that do not transmitany data of their own.

5 Therefore, they can t be easily detected. In addition, attackers donot require physical access to any particular facility to conduct these passive SECURITYW hile hackers don t require physical access to monitor (hack) a network, they can beeasily connected by placing a probe or analyzer anywhere along the transmission path from system initialization to destination. Since vulnerabilities can exist anywhere alongthe IP transmission path, complete system Security can only be achieved by applying end-to-end Security measures. The Security measures built into the canopy systemarchitecture are designed to cover only the Wireless portions of the network. Theseinclude: Access Point (AP) Subscriber Module (SM) Backhaul (BH) Module Cluster Management Module (CMM) Bandwidth and Authentication Manager (BAM)The canopy system Security does not include elements outside of the Wireless transport,such as: Client (Computer) Wireless Modems Local Area Networks Routers Printers Servers Various Network Peripheral EquipmentProtecting equipment outside of the canopy system from Security invasions can beaccomplished using software, devices and Security techniques from variousmanufacturers and should be included as part of an end-to-end system FEATURES WITHIN canopy SYSTEMP rivacy and integrity of data are key considerations for both Broadband networksubscribers and operators.

6 Security and authentication to prevent unwanted access tocritical data or services are necessary for the effective operation of any broadbandnetwork. Applications such as medical, remote surveillance, safety, Security andhomeland defense would not be possible without incorporating advanced securityfeatures into the fixed Wireless network. Gone are the days when it wasn t necessary tobe concerned with Security as a fundamental building , the canopy system incorporates a flexible Security model that supports a widevariety of system configurations ranging from a fully open system to anauthenticated/encrypted air link with dynamic session key assignment. The Canopysystem uses industry proven authentication and encryption technologies to ensure that theservice provider maintains control of the network. The system comes with DataEncryption Standard (DES) to protect against eavesdropping and Advanced EncryptionStandard (AES) is available as an option for customers requiring the most secure networkavailable.

7 The following paragraphs highlight each of these advanced features in S PROPRIETARY PROTOCOLC anopy s proprietary air interface provides a strong foundation against attacks byinvaders. First of all, because the canopy system is based on a proprietary protocol, thereare no published specifications for the product by which sniffer radios could be built. Inaddition, a sniffer would require the proprietary canopy chip set that is not readilyavailable. Second, the MAC protocol for packet assembly, disassembly andretransmission is not published. Third, data transmitted over the air is scrambled into 64-byte data packages thus providing an additional obstacle to unauthorized , the directionality of the canopy system transmissions impedes other words, the proprietary air interface presents a major hurdle for unauthorizedparties. Of course, the canopy system s Security is not based merely on secrecy of its it is inadvisable to transmit information that one assumes is secure using cleartext as it can be easily monitored.

8 Unlike many fixed Wireless Broadband products, theCanopy system does not use clear text transmissions but rather a proprietary protocol fortransmissions. When this protocol is combined with the canopy Bandwidth andAuthentication Manager (BAM), an added level of Security is achieved for the operatorand the BAM controls access to a canopy system, and each AP module can be configured torequire secure SM authentication prior to providing network access. Each SM must beauthenticated by the BAM before entering the network. SMs are authenticated and keysare managed individually. The authentication process also takes into account theelectronic serial number unique to each transceiver along with a 128-bit secret key that isunique to each SM and is known only to the network operator. The eight stepauthentication process is shown in Table 1. The Authentication ProcessStepDescription of Task1 When an SM attempts to enter the canopy networkit sends a registration request to the AP then sends an authentication request to BAM generates a 128 bit random number that issent to the SM as a SM calculates a response using either its factoryset key or the Authorization key it has been assignedby the network challenge response is sent to the BAM throughthe BAM compares the challenge response to whatit calculated using the same random number and theAuthentication key from the BAM SQL the results agree.

9 The BAM sends the AP amessage authenticating the SM and sends the SMand AP QoS the results do not agree or the SM is not in thedatabase the BAM sends the AP a message denyingauthentication and the AP sends the SM a messageto lock itself out from that AP for 15 minutes MANAGEMENTThe canopy system uses an ESN, two keys and a random number for 2 details the functionality of each of these along with the random 2. canopy Key ManagementKey/NumberDescriptionElectroni c Serial NumberEach canopy SM has a factory set ESN thatcannot be changed. The ESN is the identifierwhich is being authenticated and is 48 bits Key(Authorization key or Skey)This key is set by the network operator in theBAM SQL database and by either the networkoperator or by the subscriber in the SM. Thiskey can be seen in the BAM SQL database bythe network operator; it can t be displayed inthe SM Configuration web page bysubscriber.

10 It is 128 bits in KeyThe session key is calculated separately by theSM and the BAM, using the AuthenticationKey, the ESN, and the random number. Thiskey is sent to the AP by the BAM like theother keys, it never goes over the air. Thenetwork operator or the subscriber never seesthis key. This key is either 56 bits (DES) or128 bits (AES) in NumberA random number is generated by the BAMand used during each attempt by an SM toregister and authenticate. The subscriber ornetwork operator never sees this number. Thisis a 128 bit the three numbers presented in Table 2, only the Authentication Key is settable by thenetwork operator and it must be set both in the BAM and in the SM. Further informationabout canopy s authentication process is detailed in Bandwidth and Authentication(BAM) User canopy system also has provisions for the industry-accepted DES with keymanagement via the Telecommunications Industry Association (TIA) standard BRAID cryptosystem.

Show more

Related documents

POP-UP CANOPY - Lowe's

POP-UP CANOPY - Lowe's

pdf.lowes.com

applicable to the canopy is limited to the duration of this limited warranty. The manufacturer does not warrant against and in no event shall the manufacturer or its authorized agents be liable for any

  Canopy, Pop up canopy, The canopy

Canopy™ Access Point Cluster and Gen II Cluster Management ...

Canopy™ Access Point Cluster and Gen II Cluster Management ...

viterbimexico.com

A Canopy module must be installed to provide a separation distance of at least 20 cm (7.9 in) from all persons. When adding the Canopy reflector dish, the reflector dish must be installed to provide a separation distance of at least 1.5m (59.1 in) from all persons.

  Canopy, The canopy

DUPONT CANOPY EX - Agrian

DUPONT CANOPY EX - Agrian

fs1.agrian.com

CANOPY® EX herbicide is a water-dispersible granule formulation used at a rate of 1.1 - 3.3 ounces per acre for burndown and residual weed control prior to soybean planting

  Dupont, Canopy, Dupont canopy ex

DuPont Canopy - CDMS

DuPont Canopy - CDMS

www.cdms.net

CANOPY® herbicide is a dispersible granule formulation to be mixed with water and sprayed for selective burndown and residual weed control in soybeans. When applied according to the instructions on this label, it will control many broadleaf

  Cdms, Canopy

DuPont Canopy Herbicide - Keystone Pest Solutions

DuPont Canopy Herbicide - Keystone Pest Solutions

www.keystonepestsolutions.com

Safety Data Sheet DuPont™ Canopy® Herbicide Version 2.0 Revision Date 07/10/2015 Ref. 130000028928 1 / 13 This SDS adheres to the standards and regulatory requirements of the United States and may not meet the regulatory

  Herbicides, Canopy, Canopy herbicide

Scottsdale Vertex™ - SCV Petroleum Canopy LED Luminaire

Scottsdale Vertex™ - SCV Petroleum Canopy LED Luminaire

www.lsi-industries.com

canopy substrates only when classified as suitable for use by installing professional otherwise suitable fasteners should be provided by others. • Unit is designed to …

  Canopy

CANOPY XL SL-888 - Fluoride Action Network

CANOPY XL SL-888 - Fluoride Action Network

www.fluoridealert.org

CANOPY XL® + DuPont™ ASSURE II® ... label, it will control many broadleaf weeds and provide partial control of annual grasses. Preemergence and preplant incorporated applications of CANOPY XL® require rainfall or sprinkler irrigation to activate the herbicide. Degree of control and duration of effect

  Canopy, Canopy xl

Canopy Management of Citrus Trees - EDIS

Canopy Management of Citrus Trees - EDIS

edis.ifas.ufl.edu

HS1303 Canopy Management of Citrus Trees1 Tripti Vashisth, Mongi Zekri, and Fernando Alferez2 1. This document is HS1303, one of a series of the Horticultural Sciences Department, UF/IFAS Extension.

  Management, Canopy, Citrus, Canopy management of citrus

Canopy Structural Details - Ceco Building S

Canopy Structural Details - Ceco Building S

www.cecobuildings.com

DL I UD Roof-Structural Canopy -Contoured Northern Large Gutter No Soffit-Fixed Low or High or Hi-Thermal Eave Plate Page DL2001 0 Date Rev. Nov '14 07

  Structural, Canopy, Canopy structural

CANOPY HOOD ACCESSORIES - kasonind.com

CANOPY HOOD ACCESSORIES - kasonind.com

www.kasonind.com

canopy hood accessories | 800.35.7 ..cm page k3 0718 lit 001 018 k i, ic. trapper™ grease filters stock sizes and areas nominal h x w in . effective area sq . ft . (sq . m) 10 x 16 0 .78 (0 .07)

  Canopy

Related search queries

POP-UP CANOPY, The Canopy, Canopy, DUPONT CANOPY EX, CDMS, Canopy Herbicide, Herbicide, CANOPY XL, Canopy Management of Citrus, Canopy Structural