Network Working Group R. Housley
Request for Comments: 4705 Vigil Security
Category: Informational A. Corry
GigaBeam
October 2006
GigaBeam High-Speed Radio Link Encryption
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document describes the encryption and key management used by
GigaBeam as part of the WiFiber(tm) family of radio link products.
The security solution is documented in the hope that other wireless
product development efforts will include comparable capabilities.
Housley & Corry Informational [Page 1]RFC 4705 GigaBeam Radio Link Encryption October 20061. Introduction
The GigaBeam WiFiber(tm) product family provides a high-speed point-
to-point radio link. Data rates exceed 1 gigabit/second at a
distance of about a mile. The transmission beam width is less than
one degree, which means that attempts to intercept the signal are
most successful when the attacker is either between the transmitter
and receiver or the attacker is directly behind the receiver. Since
interception is possible, some customers require confidentiality and
integrity protection for the data on the radio link. This document
describes the security solution designed and deployed by GigaBeam to
provide these security services.
The GigaBeam security solution employs:
o AES-GCM [GCM] with a custom security protocol specified in this
document to provide confidentiality and integrity protection of
subscriber traffic on the radio link;
o AES-CBC [CBC] and HMAC-SHA-1 [HMAC] with IPsec ESP [ESP] to
provide confidentiality and integrity protection of management
traffic between the radio control modules;
o AES-CBC [CBC] and HMAC-SHA-1 [HMAC] with the IKE protocol [IKE]
to provide confidentiality and integrity protection of key
management traffic between the radio control modules; and
o OAKLEY key agreement [OAKLEY] and RSA digital signatures
[PKCS1] are used with IKE to establish keying material and to
provide authentication.
AES-GCM is used with the custom security protocol in a manner that is
very similar to its use in ESP [ESP-GCM].
Housley & Corry Informational [Page 2]RFC 4705 GigaBeam Radio Link Encryption October 20062. GigaBeam High-Speed Radio Link Overview
The GigaBeam high-speed radio link appears to be a fiber interface
between two network devices. Figure 1 illustrates the connection of
two devices that normally communicate using Gigabit Ethernet over a
fiber optic cable.
+---------+ +----------+ +----------+ +---------+
| | | +----/ | | | |
| Network | | GigaBeam | / | GigaBeam | | Network |
| Device +=====+ Radio | /---- + Radio +=====+ Device |
| | | | | | | |
+---------+ ^ +----------+ ^ +----------+ ^ +---------+
| | |
| | |
Gigabit Ethernet | Gigabit Ethernet
GigaBeam Radio Link
Figure 1. GigaBeam Radio Link Example.
Gigabit Ethernet traffic is encoded in 8B/10B format. The GigaBeam
Radio Control Module (RCM) removes this coding to recover the 8-bit
characters plus an indication of whether the character is a control
code. The radio link frame is constructed from 224 10-bit input
words, and a 4-way interleaved (56,50,10) Reed-Solomon Forward Error
Correction (FEC) block is employed. Conversion of the Gigabit
Ethernet data from 8B/10B format creates 224 bits of additional
capacity in each frame, and another 196 bits is gained by recoding
the 9-bit data using 64B/65B block codes. This additional 420 bits
of capacity is used for the framing overhead required for FEC and
link control.
Housley & Corry Informational [Page 3]RFC 4705 GigaBeam Radio Link Encryption October 2006
datatracker.ietf.org