Hs series security overview – Linx Technologies LICAL-DEC-HS001 User Manual

Page 8

background image

– –

– –

10

11

HS Series Security Overview

Encryption algorithms are complex mathematical equations that use a
number, called a key, to encrypt data before transmission. This is done
so that unauthorized persons who may intercept the transmission cannot
access the data. In order to decrypt the transmission, the decoder must
use the same key that was used to encrypt it. The decoder performs the
same calculations as the encoder and, if the key is the same, the data is
recovered.

The HS Series uses the CipherLinx™ algorithm, which is based on
Skipjack, a cipher designed by the U.S. National Security Agency (NSA).
At the time of this writing, there are no known cryptographic attacks on the
full Skipjack algorithm. Skipjack uses 80-bit keys to encipher 64-bit data
blocks. The CipherLinx™ algorithm uses Skipjack in a provably secure
authenticated encryption mode both to protect the secrecy of the data and
ensure that it is not modified by an adversary. 8 bits of data are combined
with a 40-bit counter and 80 bits of integrity protection before being
encrypted to produce each 128-bit packet.

There are several methods an attacker may use to try to gain access to the
data or the secured area. Because a key is used to interpret an encrypted
message, trying to find the key is one way to attack the protected
message. The attacker would either try using random numbers or go
through all possible numbers sequentially to try to get the key and access
the data. Because of this, it is sometimes believed that a larger key size
determines the strength of the encryption. This is not entirely true. Although
it is a factor in the equation, there are many other factors that need to be
included to maintain secure encryption.

One factor is the way that the underlying cipher (in the case of the
CipherLinx™ algorithm, Skipjack) is used to encrypt the data. This is
referred to as the cipher’s “mode of operation.” If a highly secure cipher
is used in an insecure mode, the resulting encryption is insecure. For
example, some encryption modes allow an adversary to combine parts
of legitimate encrypted messages together to create a new (and possibly
malicious) encrypted message. This is known as a “cut-and-paste” attack.
The mode of operation used by the CipherLinx™ algorithm is proven to
prevent this type of attack.

RX

Balancing

Integrity Check

80 bits

Counter

40 bits

Data

8 bits

128-Bit Encrypted Data

Noise

Filter

Logic

Filter

Preamble

Figure 9: HS Series Data Structure

Another critical factor is how often the message changes. To prevent
code grabbing, most high-security systems send different data with each
transmission. Some remote control systems encrypt the message once
per activation and repeat the same message until it is deactivated. This
gives an attacker the opportunity to copy the message and retransmit it
to maintain the state of the protected device and “hold the door open”,
or worse yet, be able to come back later and gain access. The HS Series
goes a step further and sends different data with EACH PACKET, so the
data changes continuously during each transmission. This means that at
28,800bps, there is a completely new 128-bit message sent every 25.5ms.

Another factor is how often the message is repeated and the intervals
between repeats. Some applications use a counter to change the
appearance of the message. This is good, but at some point, the counter
rolls over and the message is repeated. For example, if attackers were
to copy an encrypted message and save it, they could potentially gain
access to the protected device at a later time. Depending on the size of
the counter, this vulnerability could occur frequently. The HS Series uses a
40-bit decrementing counter to keep this from ever happening. If the SEND
line is held high continuously at the high baud rate (28,800bps), it would
take 889 years before the counter would reach zero, at which point the key
would be erased and the encoder would have to get a new key. The math
used is: [(240 * 25.5ms) / (1000ms*60s*60m*24h*365d)] = 889 years. This
large counter prevents a packet from ever being sent twice and prevents
the encoder from ever losing sync with the decoder.

The key is generated with the decoder by the user through multiple button
presses. This is ensures that the key is random and chosen from all 2

80

possible keys. Since all of the keys are created by the user and are internal
to the part, there is no list of numbers anywhere that could be accessed to
compromise the system.

Encryption of the transmitted data is only one factor in the security of a
system. With most systems, once an encoder is authorized to access a
decoder, it can activate all of the decoder data lines. With the HS Series,
each encoder can be set to only activate certain lines. This means that the
same hardware can be set up with multiple levels of control, all at the press
of a button.

Another factor in system security is the control of the encoder. If attackers
gain control of the encoder, typically they can access the system. The HS
offers the option of adding a Personal Identification Number (PIN) to the

See also other documents in the category Linx Technologies Hardware: