background image

7

.

In comparison, DES keys are 56 bits long, which means there are approximately 7.2 x
10

16

 possible DES keys. Thus, there are on the order of 10

21

 times more AES 128-bit

keys than DES 56-bit keys.

In the late 1990s, specialized "DES Cracker" machines were built that could recover a
DES key after a few hours.  In other words, by trying possible key values, the hardware
could determine which key was used to encrypt a message.  Assuming that one could
build a machine that could recover a DES key in a second (i.e., try 2

55

 keys per second),

then it would take that machine approximately 149 thousand-billion (149 trillion) years to
crack a 128-bit AES key.  To put that into perspective, the universe is believed to be less
than 20 billion years old.

3

  Table 3 details the different methods of encryption and their

associated keys.

Table 3.  Methods of Encryption and Their Associated Keys

4

Encryption

Bits in
Key

Number of Possible Keys

DES

56

2

56 

= 72,057,594,037,927,900

AES

128

2

128 

= 340,282,366,920,938,000,000,000,000,000,000,000,000

According to NIST, the Rijndael algorithm was chosen for the following reasons:

“When considered together, Rijndael's combination of security, performance,
efficiency, ease of implementation and flexibility make it an appropriate selection
for the AES.

Specifically, Rijndael appears to be consistently a very good performer in both
hardware and software across a wide range of computing environments regardless
of its use in feedback or non-feedback modes. Its key setup time is excellent, and
its key agility is good. Rijndael's very low memory requirements make it very
well suited for restricted-space environments, in which it also demonstrates
excellent performance. Rijndael's operations are among the easiest to defend
against power and timing attacks.

Additionally, it appears that some defense can be provided against such attacks
without significantly impacting Rijndael's performance. Rijndael is designed with
some flexibility in terms of block and key sizes, and the algorithm can
accommodate alterations in the number of rounds, although these features would
require further study and are not being considered at this time. Finally, Rijndael's

                                                

3

 

Advanced Encryption Standard Fact Sheet

, Computer Security Division, National Institute of Standards &

Technology, January 19, 2001.

4

 Security Complete, Adapted from 

Active Defense, 

by Chris Brenton with Cameron Hunt.

Содержание Wireless Broadband Platform

Страница 1: ...i Security and the Motorola Canopy Wireless Broadband Platform Advanced Security Techniques ...

Страница 2: ...y 2 Security Features of the Canopy System 2 Canopy s Proprietary Protocol 3 Authentication 3 Key Management 4 Encryption 5 Data Encryption Standard DES 5 Advanced Encryption Standard AES 6 Summary 8 List of Tables Table 1 The Authentication Process 4 Table 2 Canopy Key Management 4 Table 3 Methods of Encryption and Their Associated Keys 7 ...

Страница 3: ...odule DES Data Encryption Standard DHCP Dynamic Host Configuration Protocol FIPS Federal Information Processing Standards IP Internet Protocol LAN Local Area Network NAT Network Address Translation QoS Quality of Service SM Subscriber Module SNMP Simple Network Management Protocol SQL Structured Queary Language TIA Telecommunications Industry Association ...

Страница 4: ... available solution This test is not a determination of product quality or correctness nor does it ensure compliance with any federal state or local requirements Motorola does not warrant products other than its own strictly as stated in Motorola s product warranties MOTOROLA and the Stylized M Logo are registered in the US Patent Trademark Office Canopy is a trademark of Motorola Inc All other pr...

Страница 5: ...ty and the Motorola Canopy Broadband Wireless Platform offers a snapshot of some of the security issues being faced by the wireless broadband industry as well as the safeguards that Motorola is employing in the Canopy platform to ensure the security and integrity of this advanced system for our customers WHY ARE SECURITY MEASURES NECESSARY When the Internet was first introduced there was little co...

Страница 6: ...e network These include Access Point AP Subscriber Module SM Backhaul BH Module Cluster Management Module CMM Bandwidth and Authentication Manager BAM The Canopy system security does not include elements outside of the wireless transport such as Client Computer Wireless Modems Local Area Networks Routers Printers Servers Various Network Peripheral Equipment Protecting equipment outside of the Cano...

Страница 7: ...r the air is scrambled into 64 byte data packages thus providing an additional obstacle to unauthorized decoding Finally the directionality of the Canopy system transmissions impedes eavesdropping In other words the proprietary air interface presents a major hurdle for unauthorized parties Of course the Canopy system s security is not based merely on secrecy of its air interface AUTHENTICATION Cle...

Страница 8: ...ion 8 If the results do not agree or the SM is not in the database the BAM sends the AP a message denying authentication and the AP sends the SM a message to lock itself out from that AP for 15 minutes before retrying KEY MANAGEMENT The Canopy system uses an ESN two keys and a random number for authentication Table 2 details the functionality of each of these along with the random number Table 2 C...

Страница 9: ...tem provides for AES for customers who require the most secure networks available These encryption techniques are transparent to network firewalls Dynamic Host Configuration Protocol DHCP servers and Network Address Translation NAT devices Data Encryption Standard DES DES is an encryption standard that uses an encryption technique developed in the mid 1970s by IBM and then adopted by the Federal g...

Страница 10: ...algorithm based on a secure key thus provides a basis for exchanging encrypted computer data by issuing the key used to encipher it to those authorized to have the data Data that is considered sensitive by the responsible authority data that has a high value or data that represents a high value should be cryptographically protected if it is vulnerable to unauthorized disclosure or undetected modif...

Страница 11: ...g reasons When considered together Rijndael s combination of security performance efficiency ease of implementation and flexibility make it an appropriate selection for the AES Specifically Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or non feedback modes Its key setup time i...

Страница 12: ...ues of security and offers a wide range of alternatives to its customers ranging from a fully open system to an authenticated encrypted air link with dynamic session key assignment Together authentication a proprietary protocol and DES or AES techniques form a powerful bond for protecting the Canopy system and the information that is transmitted over the platform Already it is making way for power...

Страница 13: ...0173 www motorola com canopy MOTOROLA and the Stylized M Logo are registered in the US Patent Trademark Office Canopy is a trademark of Motorola Inc All other product or service names are the property of their respective owners Motorola Inc 2003 1 290503 ...

Отзывы: