CTA-TR-4:2014

ANSI/CEA-709.1 is a machine to machine protocol. As such, considerations concerning user management, user access control, user password management, management console logging, physical security of network access points, and physical security of devices and tamper detection of devices are outside the scope of the communication protocol. Nevertheless, these issues must be considered when building any secure system and these and more are discussed in [4] and [9]. System developers are encouraged to review these references and decide what level of security is appropriate to their application. It is envisioned that some applications will require minimal security analogous to a computer network sitting behind a firewall where the messages between the machines are sent in the clear. Other applications will require very strong security for example a network that controls valuable infrastructure that is deployed across a geographic area where each node sits unattended and can be subjected to a variety of attacks. It is intended that an ANSI/CEA-709.1 network deployed with the enhancements described within this document could be deployed in an environment requiring very strong security provided that the security concerns outside the scope of a communications protocol, e.g. physical security, tamper detection; user management, etc. are also addressed by the system implementer. Purpose The existing authentication algorithm described in ANSI/CEA-709.1 is now 25 years old. It uses a short, shared secret (only 48-bits) and a custom algorithm to perform authentication. Compared against today's cryptographic standards it cannot be considered a viable authentication algorithm for new designs. While it may be appropriate to implement it for backward compatibility reasons, it must not be considered as a part of an overall security system for ANSI/CEA-709.1 based systems. This document explains how to add state of the art security to the ANSI/CEA-709.1 application protocol. This document serves as an accompanying technical document to aid developers in creating secure systems using ANSI/CEA-709.1 by adding encryption and authentication at the application layer. Since ANSI/CEA-852 is a standard for tunneling ANSI/CEA-709.1 messages through an IP network, the changes in this forthcoming technical document, when applied to the tunneled ANSI/CEA-709.1 messages will render the messages secure even when no authentication is used in the ANSI/CEA-852 or ANSI/CEA-852.1 standards. Architectural details of the proposed solution are provided below. Standardization of these APDU formats will permit interoperability of secure nodes so that a secure system may be created from components sourced from multiple vendors using either or both ANSI/CEA-852 based networks and ANSI/CEA-709.1 based networks.