GigaBeam High-Speed Radio Link Encryption
RFC 4705
Document | Type |
RFC - Informational
(October 2006; Errata)
Was draft-housley-gigabeam-radio-link-encrypt (individual in sec area)
|
|
---|---|---|---|
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4705 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Bill Fenner | ||
Send notices to | (None) |
Network Working Group R. Housley Request for Comments: 4705 Vigil Security Category: Informational A. Corry GigaBeam October 2006 GigaBeam High-Speed Radio Link Encryption Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document describes the encryption and key management used by GigaBeam as part of the WiFiber(tm) family of radio link products. The security solution is documented in the hope that other wireless product development efforts will include comparable capabilities. Housley & Corry Informational [Page 1] RFC 4705 GigaBeam Radio Link Encryption October 2006 1. Introduction The GigaBeam WiFiber(tm) product family provides a high-speed point- to-point radio link. Data rates exceed 1 gigabit/second at a distance of about a mile. The transmission beam width is less than one degree, which means that attempts to intercept the signal are most successful when the attacker is either between the transmitter and receiver or the attacker is directly behind the receiver. Since interception is possible, some customers require confidentiality and integrity protection for the data on the radio link. This document describes the security solution designed and deployed by GigaBeam to provide these security services. The GigaBeam security solution employs: o AES-GCM [GCM] with a custom security protocol specified in this document to provide confidentiality and integrity protection of subscriber traffic on the radio link; o AES-CBC [CBC] and HMAC-SHA-1 [HMAC] with IPsec ESP [ESP] to provide confidentiality and integrity protection of management traffic between the radio control modules; o AES-CBC [CBC] and HMAC-SHA-1 [HMAC] with the IKE protocol [IKE] to provide confidentiality and integrity protection of key management traffic between the radio control modules; and o OAKLEY key agreement [OAKLEY] and RSA digital signatures [PKCS1] are used with IKE to establish keying material and to provide authentication. AES-GCM is used with the custom security protocol in a manner that is very similar to its use in ESP [ESP-GCM]. Housley & Corry Informational [Page 2] RFC 4705 GigaBeam Radio Link Encryption October 2006 2. GigaBeam High-Speed Radio Link Overview The GigaBeam high-speed radio link appears to be a fiber interface between two network devices. Figure 1 illustrates the connection of two devices that normally communicate using Gigabit Ethernet over a fiber optic cable. +---------+ +----------+ +----------+ +---------+ | | | +----/ | | | | | Network | | GigaBeam | / | GigaBeam | | Network | | Device +=====+ Radio | /---- + Radio +=====+ Device | | | | | | | | | +---------+ ^ +----------+ ^ +----------+ ^ +---------+ | | | | | | Gigabit Ethernet | Gigabit Ethernet GigaBeam Radio Link Figure 1. GigaBeam Radio Link Example. Gigabit Ethernet traffic is encoded in 8B/10B format. The GigaBeam Radio Control Module (RCM) removes this coding to recover the 8-bit characters plus an indication of whether the character is a control code. The radio link frame is constructed from 224 10-bit input words, and a 4-way interleaved (56,50,10) Reed-Solomon Forward Error Correction (FEC) block is employed. Conversion of the Gigabit Ethernet data from 8B/10B format creates 224 bits of additional capacity in each frame, and another 196 bits is gained by recoding the 9-bit data using 64B/65B block codes. This additional 420 bits of capacity is used for the framing overhead required for FEC and link control. Housley & Corry Informational [Page 3] RFC 4705 GigaBeam Radio Link Encryption October 2006 2.1. GigaBeam Radio Link Frame Format The GigaBeam radio link frame fields are summarized in Figure 2, which also provides the length of each field in bits. Field Length DescriptionShow full document text