14: Security in Detail

Public Key Infrastructure

Public Key Infrastructure (PKI) is based on an encryption technique that uses two keys: a public key and private key. Public keys can be used to encrypt messages which can only be decrypted using the private key. This technique is referred to as asymmetric encryption, as opposed to symmetric encryption, in which a single secret key is used by both parties.

TLS (SSL)

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), use asymmetric encryption for authentication. In some scenarios, only a server needs to be authenticated, in others both client and server authenticate each other. Once authentication is established, clients and servers use asymmetric encryption to exchange a secret key. Communication then proceeds with symmetric encryption, using this key.

SSH and some wireless authentication methods on the PremierWave XC make use of SSL. The PremierWave XC supports SSLv2, SSlv3, and TLS1.0.

TLS/SSL application hosts use separate digital certificates as a basis for authentication in both directions: to prove their own identity to the other party, and to verify the identity of the other party. In proving its own authenticity, the PremierWave XC will use its own "personal" certificate. In verifying the authenticity of the other party, the PremierWave XC will use a "trusted authority" certificate.

In short:

When using EAP-TLS, the PremierWave XC needs a personal certificate with matching private key to identify itself and sign its messages.

When using EAP-TLS, EAP-TTLS or PEAP, the PremierWave XC needs the authority certificate(s) that can authenticate those it wishes to communicate with.

Digital Certificates

The goal of a certificate is to authenticate its sender. It is analogous to a paper document that contains personal identification information and is signed by an authority, for example a notary or government agency. With digital certificates, a cryptographic key is used to create a unique digital signature.

Trusted Authorities

A private key is used by a trusted certificate authority (CA) to create a unique digital signature. Along with this private key is a certificate of authority, containing a matching public key that can be used to verify the authority's signature but not re-create it.

A chain of signed certificates, anchored by a root CA, can be used to establish a sender's authenticity. Each link in the chain is certified by a signed certificate from the previous link, with

PremierWave XC User Guide

95

Page 95
Image 95
Lantronix 900-598 manual Security in Detail, Public Key Infrastructure, Digital Certificates, Trusted Authorities

900-598 specifications

The Lantronix 900-598 is a powerful and versatile device designed to facilitate robust data communication and management for industrial and commercial applications. At the heart of the 900-598 lies its advanced networking capabilities, making it an essential tool for IoT implementations, operational efficiency, and remote device management.

One of the main features of the Lantronix 900-598 is its ability to provide secure and reliable connectivity. The device supports various communication protocols, including serial and Ethernet, enabling seamless integration with a wide array of devices across diverse environments. This flexibility allows users to connect legacy equipment to modern networks, thereby extending the life of existing technologies while enhancing operational capabilities.

The Lantronix 900-598 is equipped with robust security measures to protect sensitive data during transmission. It supports encryption protocols, such as SSL and SSH, ensuring that data remains confidential and secure from unauthorized access. This security is crucial for industries dealing with sensitive information, such as healthcare, finance, and manufacturing, where data breaches can have severe repercussions.

Another notable characteristic of the 900-598 is its ease of use. The device features a user-friendly interface that simplifies setup and configuration. Additionally, it supports remote access and management, allowing users to monitor and control devices from virtually anywhere. This remote management capability is particularly advantageous for organizations with distributed operations, enabling them to maintain oversight without needing to be physically present at each location.

In terms of performance, the Lantronix 900-598 offers high-speed data transfer rates, which are essential for real-time applications. It is designed to handle large volumes of data efficiently, making it suitable for applications that require quick responses and minimal latency. The device ensures reliable operation through features like error correction and data integrity monitoring.

Lastly, the Lantronix 900-598 is built to withstand challenging environmental conditions, thanks to its rugged design. This durability makes it suitable for deployment in harsh industrial settings, where exposure to dust, moisture, and extreme temperatures is common.

In conclusion, the Lantronix 900-598 stands out as an advanced solution for data communication and device management. Its combination of secure connectivity, ease of use, high performance, and durability makes it an excellent choice for businesses looking to modernize their operations and embrace the future of IoT and remote management. With its extensive features and robust technologies, the 900-598 is poised to enhance productivity and streamline processes across various industries.