Advanced features, Security - des encryption, Security - aes encryption – Motorola Canopy Backhaul Module User Manual
Page 20
Backhaul User Manual Issue 3
Page 20 of 53
ADVANCED FEATURES
These features may be used in the Canopy System but are not required for basic operation.
Security - DES Encryption
Standard Canopy modules provide Data Encryption Standard (DES) encryption. DES is a secret
key encryption scheme using a 56 bit key. The basics of DES are that it performs a series of bit
permutations, substitutions, and recombination operations on blocks of data using a secret key.
On the Canopy system, encryption of the over the air link is enabled or disabled per Access Point
module or per Backhaul timing master module. The Canopy modules contain unique factory
programmed secret keys to establish the encrypted link. If an authentication key (must be the same
key on each end of the backhaul link) has been entered using the Backhaul Configuration page,
then that key is also used to establish the DES encryption key. Encryption does not affect the
performance or throughput of the system.
Security - AES Encryption
Motorola also offers Canopy products that provide Advanced Encryption Standard (AES)
encryption. Like DES, AES is a secret key encryption scheme, but AES uses the Rijndael algorithm
and 128 bit keys to establish a higher level of security than DES.
Due to the level of security provided by AES, the US government has established export controls
on communications products that use AES. These export controls may mean that outside of the US
AES products are only available in certain regions – check with your Canopy distributor or reseller
for availability in your area.
Canopy AES products run the same software as DES products, so the features available are the
same and work the same, The only exception is that the AES products provide AES instead of DES
encryption when enabled for encryption on the Configuration screen. All the interface screens,
Status pages, Configuration pages, etc. are identical. As new software features become available
on DES products, the same software and the same features will be available for AES products.
DES backhauls are available in both 10 Mbps and 20 Mbps signaling rates. AES backhauls are
only available with a 10 Mbps signaling rate.
Canopy DES products are not upgradeable to AES. To have the option of AES encryption, you
must purchase AES products.
Canopy AES products use a different FPGA load than DES products do. The AES FPGA will be
upgraded as needed to provide new features or services similar to the DES products.
The same as with DES, encryption of the over the air link is enabled or disabled per Access Point
module or per Backhaul timing master module. The Canopy modules contain unique factory
programmed secret keys to establish the encrypted link. If an authentication key (must be the same
key on each end of the backhaul link) has been entered using the Backhaul Configuration page,
then that key is also used to establish the AES encryption key.
Canopy AES products and DES products do not interoperate when enabled for encryption, as DES
and AES are different encryption schemes. An AES AP with encryption enabled can only
communicate with AES SMs, and similarly an AES Backhaul timing master module with encryption
enabled can only communicate with an AES Backhaul timing slave module. However, if encryption