PTP650 OTA ENCRYPTION

Gerry_De_la_Cruz · December 18, 2017, 9:33am

Hi,

In the absence of the optional AES OTA encryption for PTP650, what is the default OTA encryption available for PTP650/670. Is there any whitepaper related to how it works, details, etc.

Best regards,

Gerry

sagargdeshpande · December 18, 2017, 5:27pm

Hi Gerry,

The PTP 650/670 supports AES 128/256 encryption which are optional license keys, by default the PTP 650/670 can be configured as RSA. Only when in Access method is Link Access Name TLS PSK will be default configuration

Thanks

Sagar

Gerry_De_la_Cruz · December 18, 2017, 11:04pm

Is there any available write up for this case. As default OTA is not being mentioned in the user guide which we can use as reference for clients.

Thanks again!

Mark_Thomas · December 18, 2017, 11:36pm

Hi Gerry,

The wireless encryption options in PTP 650 are: None, 128-bit AES, 256-bit AES. The license for 128-bit or 256-bit AES encryption must be purchased as an upgrade. This means that the default is an unencrypted link.

In PTP 670 we updated the design for wireless encryption to provide additional options. The new design is introduced in 670-02-00. One option is for authentication and authorization using RSA device certificates, in ODUs without the AES license. We have a description of the new features here:

https://www.cambiumnetworks.com/resource/ptp-670-hcmp-security/

If this doesn't answer your question, please keep asking.

Mark

Gerry_De_la_Cruz · December 21, 2017, 8:54am

So all PTP650 links do not employ basic link protection or encryption. how disappointing. PTP300, 500 employ DES security as its basic OTA encryption (proprietary scrambling mechanism), so how come an upgrade version of this technology comes with no encryption at all.

Mark_Thomas · December 21, 2017, 10:07pm

I'm sorry to have to contradict your earlier statement. The default for PTP 300/500/600/650/670/700/800 is no encryption. We haven't implemented DES as over-air-encryption in these products. We stated before that the air interface is proprietary and, by our estimation, it would be a very significant task for an attacker to recover data from intercepted signals. We think a successful interception is very much more difficult in PTP than for a WiFi-based product. However, while the standard air interface is undoubtedly complex, this "security through obscurity" should not be compared with cryptographically secure encryption using an algorithm such as AES. With AES, you can have confidence that the basic algorithm is secure, and that the implementation in the PTP products has been tested against FIPS 197. If operators have well-funded and technically-sophisticated adversaries they need AES.