datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

GigaBeam High-Speed Radio Link Encryption
RFC 4705

Document type: RFC - Informational (October 2006; Errata)
Was draft-housley-gigabeam-radio-link-encrypt (individual in sec area)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4705 (Informational)
Responsible AD: Bill Fenner
Send notices to: housley@vigilsec.com, acorry@gigabeam.com

Network Working Group                                         R. Housley
Request for Comments: 4705                                Vigil Security
Category: Informational                                         A. Corry
                                                                GigaBeam
                                                            October 2006

               GigaBeam High-Speed Radio Link Encryption

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document describes the encryption and key management used by
   GigaBeam as part of the WiFiber(tm) family of radio link products.
   The security solution is documented in the hope that other wireless
   product development efforts will include comparable capabilities.

Housley & Corry              Informational                      [Page 1]
RFC 4705             GigaBeam Radio Link Encryption         October 2006

1.  Introduction

   The GigaBeam WiFiber(tm) product family provides a high-speed point-
   to-point radio link.  Data rates exceed 1 gigabit/second at a
   distance of about a mile.  The transmission beam width is less than
   one degree, which means that attempts to intercept the signal are
   most successful when the attacker is either between the transmitter
   and receiver or the attacker is directly behind the receiver.  Since
   interception is possible, some customers require confidentiality and
   integrity protection for the data on the radio link.  This document
   describes the security solution designed and deployed by GigaBeam to
   provide these security services.

   The GigaBeam security solution employs:

      o  AES-GCM [GCM] with a custom security protocol specified in this
         document to provide confidentiality and integrity protection of
         subscriber traffic on the radio link;

      o  AES-CBC [CBC] and HMAC-SHA-1 [HMAC] with IPsec ESP [ESP] to
         provide confidentiality and integrity protection of management
         traffic between the radio control modules;

      o  AES-CBC [CBC] and HMAC-SHA-1 [HMAC] with the IKE protocol [IKE]
         to provide confidentiality and integrity protection of key
         management traffic between the radio control modules; and

      o  OAKLEY key agreement [OAKLEY] and RSA digital signatures
         [PKCS1] are used with IKE to establish keying material and to
         provide authentication.

   AES-GCM is used with the custom security protocol in a manner that is
   very similar to its use in ESP [ESP-GCM].

Housley & Corry              Informational                      [Page 2]
RFC 4705             GigaBeam Radio Link Encryption         October 2006

2.  GigaBeam High-Speed Radio Link Overview

   The GigaBeam high-speed radio link appears to be a fiber interface
   between two network devices.  Figure 1 illustrates the connection of
   two devices that normally communicate using Gigabit Ethernet over a
   fiber optic cable.

     +---------+     +----------+        +----------+     +---------+
     |         |     |          +----/   |          |     |         |
     | Network |     | GigaBeam |   /    | GigaBeam |     | Network |
     | Device  +=====+  Radio   |  /---- +  Radio   +=====+ Device  |
     |         |     |          |        |          |     |         |
     +---------+  ^  +----------+   ^    +----------+  ^  +---------+
                  |                 |                  |
                  |                 |                  |
          Gigabit Ethernet          |          Gigabit Ethernet
                           GigaBeam Radio Link

                     Figure 1.  GigaBeam Radio Link Example.

   Gigabit Ethernet traffic is encoded in 8B/10B format.  The GigaBeam
   Radio Control Module (RCM) removes this coding to recover the 8-bit
   characters plus an indication of whether the character is a control
   code.  The radio link frame is constructed from 224 10-bit input
   words, and a 4-way interleaved (56,50,10) Reed-Solomon Forward Error
   Correction (FEC) block is employed.  Conversion of the Gigabit
   Ethernet data from 8B/10B format creates 224 bits of additional
   capacity in each frame, and another 196 bits is gained by recoding
   the 9-bit data using 64B/65B block codes.  This additional 420 bits
   of capacity is used for the framing overhead required for FEC and
   link control.

Housley & Corry              Informational                      [Page 3]
RFC 4705             GigaBeam Radio Link Encryption         October 2006

[include full document text]