ADVANCED FEATURES
These features may be used in the Canopy System but are not required for basic operation.
Security - DES Encryption
Standard Canopy modules provide Data Encryption Standard (DES) encryption. DES is a secret key encryption scheme using a 56 bit key. The basics of DES are that it performs a series of bit permutations, substitutions, and recombination operations on blocks of data using a secret key.
On the Canopy system, encryption of the over the air link is enabled or disabled per Access Point module or per Backhaul timing master module. The Canopy modules contain unique factory programmed secret keys to establish the encrypted link. If an authentication key (must be the same key on each end of the backhaul link) has been entered using the Backhaul Configuration page, then that key is also used to establish the DES encryption key. Encryption does not affect the performance or throughput of the system.
Security - AES Encryption
Motorola also offers Canopy products that provide Advanced Encryption Standard (AES) encryption. Like DES, AES is a secret key encryption scheme, but AES uses the Rijndael algorithm and 128 bit keys to establish a higher level of security than DES.
Due to the level of security provided by AES, the US government has established export controls on communications products that use AES. These export controls may mean that outside of the US AES products are only available in certain regions – check with your Canopy distributor or reseller for availability in your area.
Canopy AES products run the same software as DES products, so the features available are the same and work the same, The only exception is that the AES products provide AES instead of DES encryption when enabled for encryption on the Configuration screen. All the interface screens, Status pages, Configuration pages, etc. are identical. As new software features become available on DES products, the same software and the same features will be available for AES products.
DES backhauls are available in both 10 Mbps and 20 Mbps signaling rates. AES backhauls are only available with a 10 Mbps signaling rate.
Canopy DES products are not upgradeable to AES. To have the option of AES encryption, you must purchase AES products.
Canopy AES products use a different FPGA load than DES products do. The AES FPGA will be upgraded as needed to provide new features or services similar to the DES products.
The same as with DES, encryption of the over the air link is enabled or disabled per Access Point module or per Backhaul timing master module. The Canopy modules contain unique factory programmed secret keys to establish the encrypted link. If an authentication key (must be the same key on each end of the backhaul link) has been entered using the Backhaul Configuration page, then that key is also used to establish the AES encryption key.
Canopy AES products and DES products do not interoperate when enabled for encryption, as DES and AES are different encryption schemes. An AES AP with encryption enabled can only communicate with AES SMs, and similarly an AES Backhaul timing master module with encryption enabled can only communicate with an AES Backhaul timing slave module. However, if encryption
Backhaul User Manual Issue 3 | Page 20 of 53 |