MobileCare™ Monitor Operator’s Manual
Copyright 2008 © AFrame Digital, Inc.
31
4.0 Security
The AFrame System incorporates best-practice security controls designed to protect
against both anticipated and unanticipated security threats. This section provides a
brief overview of the important controls.
4.1 Mesh Security
The primary threats to security on the ZigBee mesh are unauthorized access and
modification of transmitted data, unauthorized devices accessing the network, and
denial of service attacks against the network. The AFrame System protects against
these threats using the standard ZigBee security mechanisms.
The AFrame System implements the ZigBee Standard Security Model. Unauthorized
access and modification of transmitted data is prevented by encrypting all traffic
between network devices including myPHD, Pandas, and ZigBee wall routers.
Traffic is encrypted with the Advanced Encryption System (AES) encryption
algorithm using 128-bit keys. AES is the standard symmetric encryption algorithm of
the U.S. Government. AES has been analyzed extensively and is used worldwide to
protect sensitive data.
To keep unauthorized devices from joining the ZigBee network, each device is
authenticated using a special link key that is preconfigured on every device. When a
device attempts to join the network, the PANDA uses this link key to distribute a
network key which in turn is used to encrypt and decrypt traffic. If the device does
not have the correct link key, it will not be allowed to join the network.
The AFrame System protects against denial of service attacks by continuous
monitoring of the health and connectivity to connected devices. If an attack degrades
the health of a device or of the network, it will be quickly detected and reported.
Once detected, the source of an attack can be identified and neutralized.
4.2 Internet Security
The primary threats to security on the Internet are unauthorized access and
modification of transmitted data, spoofing of Internet-connected components, and
denial of service attacks. The design of the AFrame System uses standard Internet
security mechanisms and practices to protect against these threats.
To protect against unauthorized access and modification of transmitted data, all
Internet traffic is encrypted using strong Secure Socket Layer (SSL) encryption. This
includes traffic that flows between the PANDA and the AFrame Server, and traffic
that flows between the Web browser used by the caregiver and the server. The
Содержание MobileCare
Страница 2: ......