Schweitzer Engineering Laboratories SEL-3022, Instruction Manual

Page 1: ... cryptographic device Limit access to the SEL 3022 SEL 5809 Settings Software SEL 5810 Virtual Serial Software and SEL 3022 Instruction Manual to authorized personnel only Do not copy these items Securely store these items when not in use Destroy these items when no longer needed Preliminary Copy ...

Page 2: ...ILE and CONSELTANT are registered trademarks of Schweitzer Engineering Laboratories Inc The English language manual is the only approved SEL manual 2005 Schweitzer Engineering Laboratories All rights reserved This product is covered by U S Patent s Pending and Foreign Patent s Issued and Pending This product is covered by the standard SEL 10 year warranty For warranty details visit www selinc com ...

Page 3: ...ications 1 12 Section 2 Installation Introduction 2 1 Dimension Drawing 2 2 Setting Up Your PC or PDA With the SEL 5809 and SEL 5810 Software 2 3 Initializing the SEL 3022 2 7 Section 3 Job Done Example Introduction 3 1 Job Done Example 1 3 2 Section 4 Settings and Commands Introduction 4 1 Serial Port Settings 4 2 Wireless Port Settings 4 3 Communication Status Command 4 6 Device Information 4 7 ...

Page 4: ...ersions Firmware A 1 Instruction Manual A 2 Appendix B Firmware Upgrade Instructions Introduction B 1 Factory Assistance B 8 Appendix C Wireless Operator Interface Security Introduction C 1 Wireless Interface Security Overview C 2 IEEE 802 11 WEP Security C 5 The SEL Security Application C 9 Appendix D Certificates Glossary GL 1 Preliminary Copy ...

Page 5: ...Settings Operator 4 5 Table 4 6 Settings Security Officer 4 5 Table 4 7 Status Command Names and Descriptions 4 6 Table 4 8 Identification 4 7 Table 4 9 Status Device 4 7 Table 4 10 Status Output Alarm 4 8 Table 4 11 Status Virtual Serial Port 4 8 Table 5 1 Status Comm 5 4 Table 5 2 Device Status Device Status 5 4 Table 5 3 SEL 3022 Self Test Capabilities 5 6 Table 5 4 Troubleshooting 5 7 Table A ...

Page 6: ...This page intentionally left blank Preliminary Copy ...

Page 7: ... Items to Print 2 14 Figure 2 17 Print Window 2 14 Figure 3 1 Remotely Located Recloser Control 3 2 Figure 3 2 Job Done Example SEL 5809 Top Level View 3 3 Figure 3 3 Select a Wireless Session for DNP3 Job Done Example 3 4 Figure 3 4 Settings DCE Port 3 4 Figure 3 5 Status Virtual Serial Port With Connection Status Red 3 5 Figure 3 6 Communication Parameters Window in ACSELERATOR 3 6 Figure 3 7 St...

Page 8: ...al Software B 5 Figure B 9 Send File Prompt B 6 Figure B 10 Sending Confirmation Window B 6 Figure B 11 Terminal Invalid Firmware Error Message B 7 Figure B 12 Terminal Valid Firmware Message B 7 Figure C 1 Two Independent Layers of Cryptographic Security Protect the SEL 3022 Wireless Operator Interface C 2 Figure C 2 Operation of the HMAC SHA 1 Keyed Hash Authentication Function C 9 Figure C 3 Op...

Page 9: ...ing the SEL 3022 to an SEL 651R Recloser Control mounted twenty feet above the street Section 4 Settings and Commands This section lists all the SEL 3022 settings including those for serial port wireless port encryption parameters and SCADA protocol Includes information on the communication status command for analyzing and monitoring the status of the SEL 3022 serial port communication channel Sec...

Page 10: ... section title is at the top of the page title block with the main subsection reference in bold type underneath the section title Cross References Cross references are formatted as described below in both the hard copy and electronic documentation for the SEL 3022 In the electronic documentation clicking with the mouse on cross references takes you to the referenced location References to figures ...

Page 11: ...alues included in these examples may not necessarily match those in the current version of your SEL 3022 Safety Information This manual uses hazard statements formatted and defined as follows Indicates a potentially hazardous situation that if not avoided may result in minor or moderate injury or equipment damage CAUTION Indicates a potentially hazardous situation that if not avoided could result ...

Page 12: ...This page intentionally left blank Preliminary Copy ...

Page 13: ...duction Specifications Introduction This section includes the following overviews of the SEL 3022 Wireless Encrypting Transceiver Product Overview Application Overview Connections Reset Button and LED Indications Software System Requirements General Safety and Care Information Specifications Preliminary Copy ...

Page 14: ...e with the SEL 3022 via PC or Personal Digital Assistant PDA wireless IEEE 802 11b ports See Figure 1 1 The SEL 3022 with the SEL 5809 Settings Software and SEL 5810 Virtual Serial Software securely transmits and receives data between Intelligent Electronic Devices IEDs and PCs or PDAs via an IEEE 802 11b wireless connection The SEL 3022 and SEL 5810 Virtual Serial Software provide a retrofit solu...

Page 15: ...to configure the SEL 3022 The user role generates a virtual serial port that allows applications to encrypt and decrypt data between the PC and the IED that the SEL 3022 is connected to In the user role you cannot modify SEL 3022 configuration parameters To change roles you must exit the current role and reestablish a connection to the new access level The SEL 5810 Virtual Serial Software is a sub...

Page 16: ... and passes it to the virtual serial port which in turn passes it to your PC program See Figure 1 2 Figure 1 2 Encrypted Packet Stream PC With SEL 5809 Settings Software or SEL 5810 Virtual Serial Software SEL 5809 or SEL 5810 Security Application Serial PC Application AES Encryption Key AcSELerator Software 2 Hyperterml ht WEP Encryption Key 802 11b Wireless Module Secured Data HMAC SHA 1 Authent...

Page 17: ...an engineer or lineman to communicate with the recloser control he must traverse these obstacles to gain physical access to the IED This includes opening the recloser control cabinet which will expose the inside of the control to the weather Through use of the SEL 3022 the lineman simply drives within distance of the recloser control establishes a wireless communication link using the SEL 5810 Vir...

Page 18: ...ns for the SEL 3022 Power Supply Connections You can apply 5 to 24 Vdc directly to the SEL 3022 power terminals which are available either as compression terminals or a 2 5 mm jack If the power source voltage is not within the 5 to 24 Vdc range use an auxiliary power supply to provide 5 to 24 Vdc to the SEL 3022 See Specifications on page 1 12 for power requirements PC Computer or PDA with 802 11b...

Page 19: ... source 125 Vdc the SEL 3022 solid state output an SEL 2030 contact input and an optional load resistor In this case because the contact input impedance limits the current to less than 100 mA the load resistor is not necessary If the sensing input does not have a means of limiting the current to less than 100 mA then you must use a high wattage resistor Select a load resistor with the proper watta...

Page 20: ...port pin out descriptions for the DCE port are as follows Table 1 1 DCE Female DB9 Pin Description 1 Data Carrier Detect Output 2 Transmitted Data Output 3 Received Data Input 4 Data Terminal Ready Input 5 Ground 6 Data Set Ready Output 7 Request to Send Input 8 Clear to Send Output 9 Ring Indicator Output SEL 3022 Alarm Output Contact Do not apply 125 Vdc directly to the SEL 3022 power supply con...

Page 21: ... 2 seconds which resets the SEL 3022 into a default state Power must be applied to the SEL 3022 for the reset operation to occur IMPORTANT Pressing the RESET button erases all security parameters and interrupts transmission of encrypted data until you initialize the SEL 3022 See Initializing the SEL 3022 on page 2 7 in Section 2 Installation Status LED Use the status LED to determine the state of ...

Page 22: ...L 3022 The software comes in two versions one version is for a PC and one is for a PDA operating system The following operating systems have been tested with the software Table 1 2 Operating Systems and Wireless Modules Tested With the SEL 5809 Settings Software Devices Qualified Systems PCs Windows XP Professional Edition Service Pack 1 Windows 2000 Service Pack 4 with NET framework Version 1 1 i...

Page 23: ...ntentional radiator Changes or modifications not expressly approved by SEL for compliance could void the user s authority to operate the equipment CAUTION The SEL 3022 is an intentional radiator The radio has been authorized by the FCC for mobile use only Users and nearby persons must maintain a separation distance of at least 20 cm 8 inches from the radio during operation Cleaning Instructions Th...

Page 24: ... 4 8 deep 1 high without DIN mount Type Tests Electromagnetic Compatibility Radiated Emissions IEC 60255 25 2000 Class A FCC part 15 Class A Electromagnetic Compatibility Immunity Conducted RF Immunity ENV 50141 1993 10 V rms IEC 61000 4 6 1996 10 V rms Digital Radio Telephone RF ENV 50204 1995 10 V m at 900 MHz and 1 89 GHz Electrostatic Discharge IEC 60255 22 2 1996 IEC 61000 4 2 1999 EN 61000 4...

Page 25: ...tion Specifications Specifications 1 13 Cryptographic Manual Do Not Copy Certifications ISO Device is designed and manufactured using ISO 9001 certified quality program Listings IEC 60950 1 1st Ed CSA C22 2 No 60950 1 EN 60950 1 FCC 15 247 IC ICES 001 Preliminary Copy ...

Page 26: ...This page intentionally left blank Preliminary Copy ...

Page 27: ...ion Introduction This section includes the following Dimension Drawing Setting Up Your PC or PDA With the SEL 5809 Settings Software and SEL 5810 Virtual Serial Software Initializing the SEL 3022 Discusses the settings required to initialize the SEL 3022 when the SEL 3022 is in a reset condition Preliminary Copy ...

Page 28: ...stallation Dimension Drawing 2 2 Cryptographic Manual Do Not Copy Dimension Drawing Figure 2 1 SEL 3022 Dimension Drawing in mm LEGEND 1 00 25 4 4 06 103 0 5 24 133 0 3 68 93 3 4 80 121 9 TOP FRONT Ø0 19 Ø4 8 MOUNTING HOLES FOR 8 SCREW 2 40 61 0 Preliminary Copy ...

Page 29: ...sistance The software will load automatically if the autorun feature is enabled on your computer this is Method A If autorun is not enabled on your computer use the Windows Run command to load the software this is Method B Perform the following steps to install the software Step 1 Load the software through use of one of the following methods Method A Load the software automatically To load the sof...

Page 30: ...reating a shortcut Double click the shortcut icon to start the software from the shortcut Before using the SEL 5809 Settings Software it must be registered The product unregistered prompt message displays when you start the software See Figure 2 3 NOTE To modify settings in the SEL 3022 an 802 11b WiFi interface is required on the PC or PDA Install the SEL 5809 Settings Software on a PC or PDA wit...

Page 31: ...PDA to the ActiveSync cradle This should activate the ActiveSync software Step 2 Install Compact Framework to the PDA Step 3 Launch the Pocket PC installation package from the SEL 5809 Settings Software or SEL 5810 Virtual Serial Software Step 4 To access the SEL 5809 Settings Software or SEL 5810 Virtual Serial Software click on the icon in the programs menu of the PDA You must register the SEL 5...

Page 32: ...l Do Not Copy Step 7 Restart the SEL 5809 Settings Software Load the key file using the Load Key button of the registration form The key automatically removes the lock NOTE The registration form is also available using the Help Register menu The SEL 5810 Virtual Serial Software does not have a registration key and does not need to be registered Preliminary Copy ...

Page 33: ... disabled and the DCE serial port is set to configuration mode To initialize the SEL 3022 use the SEL 5809 Settings Software and configure the settings as defined in the following steps NOTE Only the PC version of the SEL 5809 Settings Software can initialize the SEL 3022 the PDA version cannot initialize the SEL 3022 Perform the following steps to initialize the SEL 3022 Step 1 Connect a straight...

Page 34: ... 2 5 is an example Figure 2 5 Specify New Device Location Step 6 Click OK Step 7 Your device location is now listed For our example this location is New_Group Select the plus arrow beside your new device location to expand the view Step 8 To open a serial connection to the SEL 3022 double click on the device name In our example this name is Device 1 Figure 2 6 Opening Device Preliminary Copy ...

Page 35: ...ture Figure 2 8 is an example Refer to Device Information on page 4 7 in Section 4 Settings and Commands for a description of these test parameters While the SEL 3022 is in the Reset state the Status Device tab allows the user to constantly transmit data on a selected 802 11b channel This feature may be used to test the SEL 3022 wireless propagation characteristic at an installation site NOTE The ...

Page 36: ...ing the SEL 3022 2 10 Cryptographic Manual Do Not Copy Figure 2 8 Status Device Step 11 Select the Settings Wireless tab and consult your System Administrator for the Wireless Connections Settings The settings shown are for example only Figure 2 9 Settings Wireless Preliminary Copy ...

Page 37: ... be set to a unique 26 character hexadecimal ASCII value other than the default Figure 2 10 Settings WEP Keys Step 13 Select the Settings User tab and enter random 32 character hexadecimal ASCII encryption and authentication keys Select a password or phrase that is 6 60 characters in length Only the security officer should set the encryption and authentication keys All values must be set to nondef...

Page 38: ...ust be set to nondefault values The settings shown in Figure 2 12 are for example only Figure 2 12 Settings Operator Step 15 Select the Settings Security Officer tab and enter random 32 character hexadecimal ASCII encryption and authentication keys Select a password or phrase that is 6 60 characters in length Only the security officer should set the encryption and authentication keys All values mu...

Page 39: ...sage appears Select OK to acknowledge the message Figure 2 15 Send Operation Message Step 19 Verify that the Status LED on the SEL 3022 is illuminated If all settings were configured to valid values the SEL 3022 is now initialized The Status LED will be illuminated and you can use the 802 11b wireless interface to configure the SEL 3022 for your application Step 20 You should record the settings a...

Page 40: ... Figure 2 17 Print Window Step 22 Close the Device by clicking File Close Device Select Yes when prompted to save current session Step 23 To open a wireless connection to the SEL 3022 double click on the device name Select User Operator or Security Officer Enter pass phrase then click OK The pass phrase that you enter must match the user operator or security officer password programmed during devi...

Page 41: ...are drivers can be found at your local computer or office supply store Follow the 802 11b manufacturer s installation procedure for either the PC Wireless Card or a PDA to install the wireless card After the wireless card is installed you must enable Wired Equivalence Protocol WEP see Appendix C Wireless Operator Interface Security for details Open the 802 11b wireless driver and locate the securi...

Page 42: ...This page intentionally left blank Preliminary Copy ...

Page 43: ... 3022 Transceiver Cryptographic Manual Do Not Copy Section 3 Job Done Example Introduction This section contains a Job Done example for applying the SEL 3022 to an SEL 651R Recloser Control mounted twenty feet above the street Preliminary Copy ...

Page 44: ...get close enough to communicate with the SEL 651R The SEL 3022 protects wireless data with IEEE 802 11b WEP encryption in addition to the 128 bit AES and HMAC SHA 1 cryptographic security it provides This is perfect for protecting passwords and other sensitive information The SEL 5809 Settings Software and SEL 5810 Virtual Serial Software allow you to continue to use all of your standard PC softwa...

Page 45: ... SEL C387 cable or equivalent installed between the SEL 3022 and SEL 651R SEL 651R or equivalent ACSELERATOR or other serial port program e g HyperTerminal Follow the instructions for Initializing the SEL 3022 on page 2 7 in Section 2 Installation to set up and initialize the SEL 3022 Set the Device Location and Device Name to Pole 43 and SEL 651R respectively Figure 3 2 shows the SEL 5809 Setting...

Page 46: ...erial port which the SEL 3022 is going to be connected to Figure 3 4 Settings DCE Port Step 7 Select Device Send All to save the settings to the SEL 3022 Step 8 Select File Close Device to close the connection to the SEL 3022 Step 9 Connect a C387 or equivalent cable between the SEL 3022 and SEL 651R Step 10 Through use of the SEL 5809 Settings Software select Pole 43 Step 11 Double click SEL 651R...

Page 47: ...al port number created by the SEL 5809 Settings Software In this case the SEL 5809 Settings Software has created COM5 Also note the Connection Status is RED indicating that there is not a PC program using the virtual port Step 13 Open ACSELERATOR or other serial terminal program Step 14 Select Communication Parameters and set Device to the virtual serial port that the SEL 5809 Settings Software cr...

Page 48: ...tion Parameters Window in ACSELERATOR 16 At this point a virtual connection between ACSELERATOR and the SEL 651R exists Look at the SEL 5809 Settings Software Status Virtual Serial Port page the Connection Status is GREEN indicating the virtual serial port is in service Figure 3 7 Status Virtual Serial Port With Connection Status Green Preliminary Copy ...

Page 49: ...b Done Example 1 3 7 Cryptographic Manual Do Not Copy Step 17 Through use of ACSELERATOR you can perform such tasks as reading the settings out of the SEL 651R see Figure 3 8 or viewing the metering data see Figure 3 9 Figure 3 8 Reading Settings Via the SEL 3022 Preliminary Copy ...

Page 50: ...one setting and configuring the SEL 651R click Communication Disconnect to close the ACSELERATOR serial port connection or click File Exit to shut down ACSELERATOR NOTE After you perform this operation the Status Virtual Serial Port Connection Status LED in the SEL 5809 Settings Software will return to RED indicating the virtual serial port is no longer being used by a PC program See Figure 3 10 P...

Page 51: ...e which is strictly a virtual serial port program Use the SEL 5809 Settings Software to generate the configuration files for the SEL 5810 Virtual Serial Software that contain all of the configuration parameters necessary to establish a connection between a PC and SEL 3022 To generate a user file for a lineman s PC complete the following steps Step 20 Select File Export in the SEL 5809 Settings Sof...

Page 52: ...ware Step 24 Enter an encryption password to protect the file Step 25 Select OK This will keep the file encrypted while it is being transferred to the lineman s PC Figure 3 12 Export Encrypted User Configuration File Step 26 Choose a folder to store the encrypted file and enter a file name in the File name box Step 27 Select OK This saves the file to the location specified by Step 26 Preliminary C...

Page 53: ...ted File Step 28 Send or load this file onto the lineman s PC Step 29 Start the SEL 5810 Virtual Serial Software Step 30 Click File Import and select the file saved in Step 26 to import the SEL 3022 device image into the SEL 5810 Software Step 31 Enter password Step 32 Select OK Step 33 Select the Connect button Step 34 Enter User password Preliminary Copy ...

Page 54: ...al Serial Software Step 35 Verify the Connect button changes from Connect to Disconnect Step 36 Open ACSELERATOR Step 37 Select Communication Parameters Step 38 Specify Device by selecting from the drop down menu the Communication port generated by the SEL 5810 Virtual Serial Software reference the SEL 5810 Terminal Connection Status COM Port Step 39 Select OK Preliminary Copy ...

Page 55: ...t Copy Figure 3 15 Communication Parameters Window in ACSELERATOR Step 40 Verify on the SEL 5810 the Terminal Connection Status Terminal Status shows Connected Step 41 You can now perform setting and monitoring functions via the ACSELERATOR program such as reading SER reports by selecting HMI Meter Control SER Preliminary Copy ...

Page 56: ...the SEL 5810 Terminal Connection Status Terminal Status shows Disconnected Step 44 Select the SEL 5810 Wireless Connection Disconnect button to close the wireless session Note the Disconnect button will change to Connect NOTE The SEL 5810 Virtual Serial Software requires that the user s communications program i e ACSELERATOR or HyperTerminal close or disconnect the virtual serial port before it is...

Page 57: ...tings and commands of the SEL 3022 Serial Port Settings Settings that configure the EIA 232 serial port Wireless Port Settings Settings that configure the 802 11b wireless port Communication Status Command Diagnostic status report on the health of the SEL 3022 serial port communications channel Device Information Displays device related information Preliminary Copy ...

Page 58: ...2 without loss of data If HW flow control is asserted and characters are still being sent to the SEL 3022 e g from the serial port of a device connected to the SEL 3022 then characters will be lost Table 4 1 Settings DCE Port Setting Name Setting Description Value or Range Bits Per Second Serial Port Baud Rate in Bits per Second 300 1200 2400 4800 9600 19200 or 38400 Data Bits Number of data bits ...

Page 59: ...tting Description Value or Range Active WEP Key Selects which key will be used for the WEP encryption WEP Key 1 WEP Key 2 WEP Key 3 or WEP Key 4 IP Address Internet Protocol address of wireless device Consult your system administrator for an appropriate IP address 1 0 0 0 to 255 255 255 255 SSID Service Set ID of the wireless device Consult your system administrator for an appropriate SSID value 1...

Page 60: ...e wireless operator interface using a completely separate set of login authentication parameters There is an Encryption Key Authentication Key and Password associated with each login role The values of each of these three settings must be different for each of the three roles Table 4 3 Settings WEP Keys Setting Name Setting Description Value or Range WEP Key 1 Twenty six character hexadecimal 104 ...

Page 61: ...tor and security officer settings the SEL 5809 Settings Software will generate an error Table 4 5 Settings Operator Setting Name Setting Description Value or Range Encryption Key Thirty two character hexadecimal ASCII 128 bit key 0 9 and A F Authentication Key Thirty two character hexadecimal ASCII 128 bit key 0 9 and A F Password Password or Pass Phrase for operator con trolled access referred to...

Page 62: ...tion Status includes the following information Table 4 7 Status Command Names and Descriptions Status Status Name Description DCE Serial Port Errors DCE Framing Errors Number of times a Stop Bit failure has occurred DCE Overrun Errors Number of times a receive charac ter was not removed from the serial port before a new character has arrived DCE Parity Errors Number of times a parity error has occ...

Page 63: ...deter mines the SEL 3022 configuration Firmware Download Datecode indicating the date and numbered programming of the device MAC Address See Specifications The 802 11b wireless interface Media Access Control address This is a unique address Table 4 9 Status Device Test Comm Quality Status Description RAM PASS or FAIL Indicates status of RAM tests FLASH PASS or FAIL Indicates status of FLASH tests ...

Page 64: ...ds to pulse the alarm output Pulse Alarm Contact NA Selecting Pulse will pulse open the alarm output for the Pulse Duration Table 4 11 Status Virtual Serial Port Name Display Description Connection Information Virtual connection is active on COMXX Disconnect serial application and then use the Close Device command of this application or close this appli cation to terminate connection Indicates whe...

Page 65: ...d Troubleshooting Introduction This section provides guidelines for testing and troubleshooting the SEL 3022 Included are discussions on testing philosophies methods and tools At the end of the section are descriptions of communication channel diagnostics self tests and troubleshooting procedures Preliminary Copy ...

Page 66: ...es data encryption Goals of Acceptance Testing Ensure that the SEL 3022 meets published critical performance specifications Ensure that the SEL 3022 meets the requirements of the intended application Improve your familiarity with SEL 3022 capabilities What to Test Acceptance test all setting parameters critical to your intended application SEL performs detailed acceptance testing on all SEL 3022 m...

Page 67: ...mplete functional check of each SEL 3022 before shipment SEL 3022 commissioning tests should verify that the power supply serial cable antenna and alarm output if used are connected properly Commissioning testing should also ensure proper configuration of the wireless interface Maintenance Testing You generally do not need to perform maintenance testing on the SEL 3022 If you use the alarm output ...

Page 68: ...rage Signal level in dBm and Average Noise level in dBm You can use these measurements to determine the wireless signal strength of the SEL 3022 as you apply the transceiver in your application Table 5 1 Status Comm Status Status Name Description DCE Serial Port Errors DCE Framing Errors Number of times a Stop Bit failure has occurred DCE Overrun Errors Number of times a receive charac ter was not...

Page 69: ...ing Communications Channel Diagnostics 5 5 Cryptographic Manual Do Not Copy Avg Signal Level Report RF Signal Level from 802 11b module Avg Noise Level Report RF Noise Level from 802 11b module Table 5 2 Device Status Device Status Sheet 2 of 2 Status Name Description Preliminary Copy ...

Page 70: ...cription RAM Pass Yes Toggle 5 second Open Performs a read and write verification Flash Pass Yes Toggle 5 second if possible Open Performs a checksum calculation Crypto graphic Algorithm Tests NA Yes Toggle 1 second Open Checks known answer tests for all cryptographic func tions 802 11b Self Tests NA Yes Toggle 5 second Open Indicates 802 11b wireless device health 802 11b SNR dB NA NA NA Reports ...

Page 71: ...g Condition of Status LED Possible Cause Response Status LED is dark Input power is not present or firmware has failed power on verification Status LED is blinking at a flash rate of 0 5 seconds The SEL 3022 has detected a hardware failure Status LED is blinking at a flash rate of 1 second There is a problem with Cryptographic functions Status LED is blinking at a flash rate of 2 seconds The SEL 3...

Page 72: ...hic Manual Do Not Copy Factory Assistance We appreciate your interest in SEL products and services If you have questions or comments please contact us at Schweitzer Engineering Laboratories Inc 2350 NE Hopkins Court Pullman WA USA 99163 5603 Telephone 509 332 1890 Fax 509 332 7990 Internet www selinc com Preliminary Copy ...

Page 73: ... the firmware version numbers listed in Table A 1 This table also lists a description of modifications and the instruction manual date code that corresponds to firmware versions The table lists the most recent firmware version first Table A 1 Firmware Revision History Firmware Identification FID Number Description of Changes Manual Date Code SEL 3022 R100 V0 Z001001 D20050615 Original Firmware Rel...

Page 74: ...te code at the bottom of each page of this manual reflects the creation or revision date Table A 2 lists the instruction manual release dates and a description of modifications The table lists the most recent instruction manual revisions at the top Table A 2 Instruction Manual Revision History Revision Date Summary of Revisions 20050615 Initial Release Preliminary Copy ...

Page 75: ... 5809 Settings Software Terminal emulation software that supports the Xmodem 1K protocol these instructions use HyperTerminal from a Microsoft Windows operating system SEL C388 Serial Cable or equivalent DCE to DTE straight through cable capable of supporting hardware flow control The firmware upgrade file received from your SEL customer service representative Upgrade Procedure Perform the followi...

Page 76: ...t 2 seconds The Status LED will blink at a 2 second rate while in the reset mode Step 4 Start the SEL 5809 Settings Software and connect to the SEL 3022 via the serial port Figure B 1 PC to SEL 3022 Connection NOTE If you are upgrading a previously installed SEL 3022 right click on the device name and select Edit Connection Parameters Step 5 At the Serial tab select the serial port the PC will use...

Page 77: ...ngs Software Connection Method Step 7 Click OK Step 8 Double click the device from the SEL 5809 Settings Software main menu to establish communications While the SEL 5809 Settings Software and SEL 3022 are establishing a connection you will see the following status box Figure B 4 SEL 5809 Opening Connection Step 9 When the PC and SEL 3022 have established a connection select the Status Device tab ...

Page 78: ... Not Copy Figure B 5 Status Device Window Step 10 Click the Begin button to put the SEL 3022 into Firmware Download Mode Step 11 Click Yes to enter firmware download mode Figure B 6 Confirmation Prompt Step 12 Click OK to acknowledge the SEL 3022 is entering firmware upgrade mode Figure B 7 Send Operation Prompt Preliminary Copy ...

Page 79: ... the Terminal Software Step 14 Establish a connection to the SEL 3022 using the Terminal application Step 15 The SEL 3022 will send your Terminal a C indicating it is ready to commence an Xmodem 1K file transfer NOTE The SEL 3022 will remain in the firmware download mode until either a succcessful firmware upgrade is completed or the power is cycled Step 16 Click Transfer Send File See Figure B 9 ...

Page 80: ...Send File Prompt Step 19 Click Send Figure B 10 Sending Confirmation Window Step 20 If Xmodem transfer was successful you will receive the validating firmware message See first line of message in Figure B 11 Step 21 If the firmware is invalid you will receive an invalid firmware error message See second line of message in Figure B 11 Preliminary Copy ...

Page 81: ... the message that the firmware is being written to nonvolatile program memory Flash IMPORTANT Do not disconnect power during this stage Figure B 12 Terminal Valid Firmware Message Step 23 When successfully written to Flash you will need to cycle power for the new firmware to take effect Step 24 After cycling power you will need to reinitialize the SEL 3022 using the settings saved at the start of ...

Page 82: ...phic Manual Do Not Copy Factory Assistance We appreciate your interest in SEL products and services If you have questions or comments please contact us at Schweitzer Engineering Laboratories Inc 2350 NE Hopkins Court Pullman WA USA 99163 5603 Telephone 509 332 1890 Fax 509 332 7990 Internet www selinc com Preliminary Copy ...

Page 83: ...rm engineer access to IED and diagnostic and maintenance functions The wireless aspect of the device makes connection of the SEL 3022 to a Personal Computer PC simple and efficient Make such a connection through use of the SEL 5809 Settings Software or SEL 5810 Virtual Serial Software and 802 11b also known as Wi Fi compliant devices standard with many new notebook PCs or available at most compute...

Page 84: ...iscuss the relative security of the WEP function The SEL Security Application employs 128 bit AES encryption and 128 bit HMAC SHA 1 authentication This application provides cryptographic security at greater than 128 bits of cryptographic key strength using only FIPS 140 2 compliant cryptographic algorithms The following pages discuss the SEL Security Application Figure C 1 shows the relationship b...

Page 85: ...8 Bit HMAC SHA 1 Frame Authentication Every frame transmitted on the wireless operator interface is cryptographically authenticated to prevent malicious tampering and to guarantee acceptance of only those frames that authorized users transmit Message Replay Protection The SEL 3022 uses frame sequence numbers with HMAC SHA 1 authentication to ensure that individual frames cannot be retransmitted to...

Page 86: ...ation Because of this lack of response to unauthenticated network traffic the SEL 3022 is not susceptible to ping sweeps and other network mapping techniques Single Active Session The SEL 3022 allows only a single active session and rejects attempts to establish a second wireless connection This feature ensures that only one user can change settings at any given time No Default Settings The SEL 30...

Page 87: ...n WEP encryption offers There are a few common methods for determining a key value The would be attacker can simply steal the key value in some manner If that option is not available the attacker can attempt to guess the key value The difficulty of such a guessing or brute force attack grows exponentially with the length of the key The encryption process can be strengthened against key guessing at...

Page 88: ...roduces a string of pseudo random encryption bits with a length equal to the length of the original data packet To perform the encryption operation the encryption bit string is added modulo 2 XOR to the original contents of the packet The IV used during the encryption process is then concatenated with the resulting ciphertext to form the final message A major contributor to the relative weaknesses...

Page 89: ...alues that result in the leak of information about the value of a particular secret key byte into the first byte of the PRGA output An attacker could repeat this process until all bytes of the secret key are determined with sufficiently high probability The 802 11b wireless LAN protocol provides a very effective wireless networking solution which has resulted in steadily growing popularity of 802 ...

Page 90: ...he WEP encryption key the contents of all network packets transmitted between a maintenance PC and an SEL 3022 device would still be protected by the cryptographically strong encryption and authentication the SEL 3022 AES and HMAC SHA 1 functions provide see The SEL Security Application section below for further explanation The cryptographic community has scrutinized the AES encryption and HMAC SH...

Page 91: ... and Technology NIST developed the SHA 1 one way hash algorithm in 1993 NIST developed the Keyed Hash Message Authentication Code HMAC algorithm in 2002 The SEL 3022 uses the proven SHA 1 one way hash algorithm to form the NIST approved HMAC SHA 1 keyed hash function The HMAC SHA 1 function takes a variable length message and an authentication key as input and generates a 160 bit long fixed length...

Page 92: ...et authentication key and the protected message into the SHA 1 hash function input to produce a key dependent message fingerprint AES Overview The AES encryption function uses a 128 bit long secret key and scrambles the contents of each frame prior to transmission to provide cryptographically strong data confidentiality Encryption is the process of transforming a digital message from its original ...

Page 93: ...urity Every frame transmitted over the SEL 3022 wireless operator interface is authenticated with an HMAC SHA 1 keyed hash digest and encrypted with the AES encryption algorithm both algorithms are described in detail in the HMAC SHA 1 Authentication Overview and AES Overview sections above As shown in Figure C 4 the SEL 3022 first forms the HMAC SHA 1 hash output from the original frame data payl...

Page 94: ...Finally the HMAC function has also withstood all cryptographic analysis in the sense that it has proven to be an effective and secure method of mixing a secret authentication key into the SHA 1 hash output We will analyze the implications of these statements in the following text As stated previously the AES encryption function has thus far provided data confidentiality at a cryptographic strength...

Page 95: ...d 80 characters in length These passwords can contain all 96 printable ASCII characters including the Space character If we assume that the security officer has programmed strong passwords into the SEL 3022 an attacker would not be able to use a typical password guessing attack dictionary to limit the number of required password guesses In this case all possible password values would be equally li...

Page 96: ...c security parameters are set to trivial zero values If these parameters are set to trivial values the 802 11b wireless port is disabled If the SEL 3022 is initialized with zeroized values or if any of these initial security parameters are left at a zeroized value the device will not leave the initialization mode and the wireless port will remain disabled Following entry of non zeroized security p...

Page 97: ...rect password Figure C 5 provides an overview of the session authentication dialog between a maintenance PC with the SEL 5809 Settings Software installed and an SEL 3022 device Each frame of this five frame dialog is protected by the encryption and authentication methods described previously Because of these protection methods the data in each frame are secured by strong AES encryption and the SEL...

Page 98: ...ame contains the password information you entered in the SEL 5809 Settings Software session connection dialog box When the SEL 3022 receives this frame it decrypts and authenticates it If the authentication fails again indicating that the session request came from an unauthorized user the SEL 3022 terminates the session and resets the session connection dialog If the frame passes authentication th...

Page 99: ...This requirement for matching values forms a second independent layer of protection against session replay attacks If the final frame authenticates correctly and the second challenge values match the SEL 3022 opens a wireless operator interface connection with the PC All configuration frames transmitted between the two devices after successful completion of the session authentication dialog previo...

Page 100: ...1 authentication functions in the SEL Security Application For an attacker to compromise the SEL 3022 operator interface both the WEP encryption and the SEL Security Application have to be defeated As shown in the discussion above the probability of an attacker accomplishing this is statistically impossible Additional Protection for Windows XP Users IMPORTANT Windows XP users can further protect t...

Page 101: ...ver Cryptographic Manual Do Not Copy Appendix D Certificates ISO The device is designed and manufactured through use of an ISO 9001 certified quality program Listings IEC 60950 1 1st Ed CSA C22 2 No 60950 1 EN 60950 1 FCC 15 247 IC ICES 001 Preliminary Copy ...

Page 102: ...This page intentionally left blank Preliminary Copy ...

Page 103: ... four increasing qualitative levels of security The security requirements cover areas related to the secure design and implementation of a cryptographic module IED Intelligent Electronic Device An IED as defined in this document is a device capable of receiving information and sending appropriate responses Examples of IEDs are remote terminal units programmable logic controllers communication proc...

Page 104: ...This page intentionally left blank Preliminary Copy ...

Page 105: ...Preliminary Copy ...

Page 106: ... Systems Worldwide Attention The SEL 3022 is a cryptographic device Limit access to the SEL 3022 SEL 5809 Settings Software SEL 5810 Virtual Serial Software and SEL 3022 Instruction Manual to authorized personnel only Do not copy these items Securely store these items when not in use Destroy these items when no longer needed Preliminary Copy ...