– –
– –
4
5
Security Overview
The HS Long-Range Handheld transmitter uses the HS Series encoder,
which is based on Cipherlinx™ technology. CipherLinx™ is a high-security
encryption algorithm and wireless protocol designed for remote control
and remote keyless entry applications. It provides a much greater level
of security and many more features than older technologies on the
market, such as fixed address or “rolling code” systems. Additionally, the
CipherLinx™ protocol is much more advanced than the simple PWM
method employed by many systems. By utilizing an advanced serial
protocol, CipherLinx™ is able to offer superior noise immunity, greater
range, and greater link reliability, all of which are key factors in a wireless
system.
CipherLinx™ never sends or accepts the same data twice, never loses
sync, and changes codes with every packet, not just every button press.
The encryption that is used in CipherLinx™ is based on the Skipjack cipher
developed by the U.S. National Security Agency (NSA), and is widely
considered one of the most secure ciphers available. The CipherLinx™
algorithm has been evaluated by Independent Security Evaluators (ISE),
a company that has testified before Congress as experts on electronic
security. They concluded that “In short, the CipherLinx™ protocol in the HS
Series is well-designed and is an excellent choice for applications requiring
a secure unidirectional link.”
In addition to this high level of security, CipherLinx™ also offers a number
of features that are unique among remote control products. These include
a large number of data lines, internal key generation, “button level” control
permissions, an optional encoder PIN, as well as the ability for the decoder
to identify the originating encoder.
CipherLinx™ is based on the NSA-designed cipher Skipjack. Skipjack is
a block cipher that has 80-bit keys and 64-bit data blocks. Since each
packet is longer than 64 bits, Skipjack must be employed in an encryption
mode. The particular encryption mode chosen for CipherLinx™ is based
on the CMC encryption mode, so that the resulting cipher is a special kind
of function known as a “strong PRP” (sPRP). The encryption mode uses
several invocations of Skipjack to encrypt the 128 bits in each message.
The definition of these terms is quite involved, but more details can be
found in ISE’s evaluation report at www.cipherlinx.com.
The HS Series uses a 40-bit counter to change the appearance of each
message. This large counter value and the timing associated with the
protocol ensure that the same message is never sent twice and prevents
the encoder from ever losing sync with the decoder.
The user generates the key with the decoder through multiple button
presses. This ensures that the key is random and chosen from among all
280 possible keys. Since all of the keys are created by the user and are
internal to the part, there is no list of numbers anywhere that could be
accessed to compromise the system.
The user or manufacturer may also set “button level” Control Permissions.
Control Permissions determine how the decoder will respond to the
reception of a valid command, either allowing the activation of an individual
data line or not. The decoder is programmed with the permission settings
during set-up, and those permissions are retained in the decoder’s
non-volatile memory.
