RDL-3000
FAMILY
USER MANUAL
70-00158-03-00
Proprietary Redline Communications © 2015
Page
159
of 254
April 17, 2015
6
Security
6.1
Overview
The Redline RDL-3000 family provides a high level of security and reliability. Security
options include wireless authentication using X.509 certificates and wireless security
using AES encryption, SSH, HTTPS (SSL), and SNMP v3. Security features are
available based on product model and the installed options key
(
).
Authentication
The RDL-3000 supports the following authentication features:
X.509 certificates for authentication
Challenge-response mechanism during the link setup
Management Security
The RDL-3000 includes security mechanisms for device management.
TLS 1.0 for HTTPS for secure Web access
SSH v2 for secure command line operation
SNMP v3
Data Security
The RDL-3000 includes security mechanisms that provide sender authentication and
security and integrity for data sent over the wireless interface. These features include:
Wireless speed encryption for data traffic
Messages encrypted and validated using AES in CCM (Counter with Cipher Block
Chaining-Message Authentication Code)
Separate keys for data traffic and key transport:
Diffie-Hellman for key setup
AES Wrap algorithm for key transport
Keys are changed at random intervals
Physical Security
The Redline RDL-3000 is enclosed in a weatherproof aluminum alloy case. The
module’s enclosure is sealed using tamper-proof labels. The security of the RDL-3000
system is further increased by the following factors:
Stream cipher cannot be reverse-engineered -- even by destroying the equipment
Key generation algorithm cannot be reverse-engineered, even by destroying the radio
MAC address of a system cannot be changed without damaging the equipment
Two communicating RDL-3000 systems detecting they have the same MAC address
will immediately shut down
Important Security Guidelines:
1. Store encryption keys and certificate information in a secure location.
2. Always use secure transfer (e.g., SSH/SSL) to load keys and certificates.
3. Use the RDL-3000 local Ethernet port to transfer encryption keys and certificates, or
SFTP when loading certificates or keys across an open network.
Chapter 6