INTRODUCTION
_________________________________________________________________________________________________________
2-6
COM-00-21-03 OCTOBER 2021
Version No.: A
customer, who may configure the AAA server authentication process. The Base Station and
Remote device use role-based authentication when based locally.
There are different levels of authentication within the NMS:
●
Viewer
– can view information about the radio equipment.
●
Technician
– can view, configure, upgrade, and run diagnostics of radio
equipment; can acknowledge and clear radio equipment-related events; has no
access to radio equipment secured memory or security-related configuration.
●
Technical Manager
– can view, configure, upgrade, and run diagnostics of
radio equipment; can acknowledge and clear radio equipment-related events;
has local access to radio equipment secured memory or security-related
configuration.
●
Administrator
– can edit users and roles.
NMS users can be restricted by geographic regions.
All Airlink network elements (base stations, remote stations, management software) are initially
configured with a default administrator user and password. Upon initial detection of the
administrator, a new password is enforced. No action is available until the password has been
changed. A strong password is enforced, meaning the password is a minimum of eight
characters and has one or more of the following types:
●
Lower case alphabetic
●
Upper case alphabetic
●
Numeric
●
Special characters (e.g. #, $, @, &)
The Airlink base stations and remote stations support remote digital certification revocation,
renewal, and change using the Apollo toolkit as an operation that is enabled to the administrator
only. Airlink currently uses a single default username and password for all base stations and
remote stations.
2.5.1 Encryption
The Airlink system uses traffic key encryption AES-128 or AES-256 and Counter with Cipher
Block Chaining-Message Authentication Code (CBC-MAC). Airlink uses the IEEE-802.16 key
derivation function Dot16KDF.
Cryptographic keys and security data are stored in secured storage within the system memory
in locations that are impervious to unwanted access. Secure storage includes an encrypted blob
of keys, anti-tamper protection that can only be unlocked by a master key, a private key bus
between non-volatile memory and cryptographic engines.