AN-80i User Manual
70-00072-01-10 Proprietary Redline Communications © 2011 Page 118 of 152 March 2, 2011
8 Security
8.1 Overview
The Redline AN-80i provides a high level of security and reliability. Security sensitive
institutions including banks, military, government groups, and large corporations have
tested and approved the AN-80i as meeting their strict requirements for network
operations.
There are two primary modes of operation for the AN-80i:
Standard Security: Wireless authentication using X.509 certificates, AES 128-bit
wireless encryption, and Redline proprietary wireless encryption are standard features
on the AN-80i system. AES 256 bit encryption is optional and must be purchased
separately and enabled by loading an AES-enabled options key.
FIPS Mode: FIPS mode is optional and must be purchased separately and enabled by
loading a FIPS-enabled options key.The FIPS option meets the requirements of
FIPS140-2 Level 2 and those of federal government and military customers. The AN-80i
FIPS implementation has passed full function validation tests by an NIST accredited
lab
1
. Security features include extensive built-in self-tests for hardware, onboard
firmware, and downloaded software, and a t amper-proof enclosure to ensure system
integrity. AES 256-bit wireless encryption is included with the FIPS option.
8.1.1 Authentication
The AN-80i supports the use of X.509 certificates for authentication.
Challenge-response mechanism during the link establishment
FIPS mode requires X.509 certificates and keys
8.1.2 Data Security
The AN-80i includes security mechanisms that provide sender authentication and
security and integrity for data sent over the wireless interface. These features include:
Wireless speed encryption/decryption for data traffic
Messages encrypted and validated using AES in CCM (Counter with Cipher Block
Chaining-Message Authentication Code)
FIPS approved key derivation with separate keys for data traffic and key transport
Diffie-Hellman for key establishment
AES Wrap algorithm for key transport
Keys changed at random intervals
FIPS mode allows only FIPS approved algorithms to be selected
AES (Advanced Encryption Standard) option is an encryption standard employed
worldwide. The AES cryptographic cipher uses a block length of 128 bits and key
lengths of 128, 192 or 256 bits. As used in the United States, AES is a Federal
Information Processing Standard (FIPS), specifically, FIPS Publication 197, that
1
FIPS 140-2 certification is expected n June 2010. Currently in „Finalization‟ stage of Module in Process for
official documentation review by CMVP/NIST.
Chapter 8
4Gon www.4Gon.co.uk
[email protected] Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299
(53 pages)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals