Bomara Associates Logo
Data Track PBX Call Record Monitoring and Process Control Instrumentation - Presented by Bomara Associates
Loading
PBX Call Record Monitoring and Process Control Instrumentation

Tracker Lock & Key

 Overview

Introduction

Data Track Technology (DTT) is introducing lock and key protection as an option on the Tracker range to provide a very high level of security for logon access to Trackers. This enables authenticated access to be granted to only those users who hold an appropriate key.

How it Works

The Tracker 2720 key acts as a modem obeying AT type commands input via a serial interface. It can be used to call remote equipment using a PSTN line. It will be programmed with a 64 character secret code and a unique 10 digit identification. If it is used to call a standard modem then it will operate as a normal modem would. If it is used to contact a remote Tracker 2730 or Tracker 2700 (with the equivalent security mechanism enabled) then it will need to use its secret and ID to respond to a challenge generated by the remote Tracker.

 

The Tracker 2720 and 2730 or 2700 can each be programmed with a 64 character secret code that must be identical if they are to authenticate with each other. This secret is used to encrypt the authentication process between the two Trackers.

Each Tracker device is identified by a unique 10 digit identifier. The identifier is programmed at the factory and can be read but not changed. The 10 digits are split as follows

First 4 digits identify a group

The last 6 digits identify the serial number in that group

Standard Access and Deny Lists

When a Tracker 2720 with standard access is used to contact a Tracker 2730 it will authenticate and provide access out on the serial port only. The Tracker 2730 will hold two lists as follows

Standard Key Access List – this will contain a list of all those 2720 units that are allowed access to the serial port only. The use of the * character as a wild card will enable whole groups to be enabled e.g. 1234****** will allow any Tracker 2720 with an identifier beginning with 1234 to have access.

Standard Key Deny List – will contain a list of those Tracker 2720 units that are barred access, e.g. lost Trackers.

Example

The requirement is to allow all engineers access to all sites and to allow some customers access to their own sites only.

The engineer's Tracker 2720 units all have 1234 as their first 4 digits.

The Tracker 2720 identified as 1234567890 has been lost.

All customer Tracker 2720 units have 5678 as their first four digits. The customer in this example has two Tracker 2720 units whose identifiers are 5678123456 and 5678123457

The Tracker 2730 list at this customer’s site will be programmed as follows

Master Access and Deny Lists

When a Master Tracker 2720 is used to contact a Tracker 2730 it will authenticate as normal but instead of providing access to the serial port it will enable access to the Tracker 2730 itself. The Access and Deny lists can only be changed by the use of a Tracker 2720 with a Master Key Group Identifier. There will be Master Key Access and Deny lists that will be similar in operation to the corresponding Standard Key lists.

Master
Key Access
Master
Key Deny
1235******
123567890

Allow Master Key access to all Tracker 2720s having an identifier beginning with 1235

Except this one


Operational Sequence

The operational sequence is as follows

  1. The Tracker 2720 is used to call a Tracker 2730. The modems answer and ‘train’ as any normal modem would.
  2. The Tracker 2730 issues a ‘challenge’ to the Tracker 2720. This challenge consists of a 10 digit random number (256 10) combined with its unique 10 digit ID. This is then encrypted with a 64 character secret code (256 64) using an AES algorithm and sent to the Tracker 2720.
  3. The challenge is received by the Tracker 2720 which decrypts it.
  4. The Tracker 2720 puts its own unique 10 digit ID into the decrypt, then re-encrypts it using the same AES algorithm and sends it back to the Tracker 2730 as a ‘response’.
  5. The Tracker 2730 decrypts the response.
  6. If the response is correct, the Tracker 2730 extracts the Tracker 2720 ID and compares it to its Access and Deny lists to see if it is an authorized unit. If so it authorizes the connection.

.

Combinations of Groups and Secrets

The 10 digit identifier allows 9,999 different customer groups to be produced having the same 64 character secret with 999,999 different serial numbers in each group.

The number of different secret combinations is 256 to the power of 64 which looks like this : - 13,407,807,929,942,600, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000, 000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000

If you were to try and guess the secret at the rate of 1,000,000 times per second it would take you 435,907,197,056,498, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years to check all combinations.

To put that into perspective the Universe has been in existence approximately 13,700,000,000 years.

Marketing of Keys

DTT offers three types of keys to its customers.

  • A standard Tracker with the same 64 character secret for each.
  • A customer specific secret that DTT generates and programs into all Trackers provided to that customer only.
  • A customer generated secret that the customer can manage themselves.

In all cases the Tracker 2720 must have a unique 10 digit identifier, programmed at the factory; this can be read subsequently but not changed.

A Standard Secret

There will be a 64 character secret that is used on all Trackers. The secret will be electronically generated and will not be known either by DTT staff or any customer. It cannot be read out of any device. It will only be possible to read this 64 character secret by monitoring the processor and analysing the embedded code. DTT must ensure that all Trackers have a unique 10 digit identifier.

B Customer Specific Secret

DTT will provide a customer with all their Trackers programmed with a 64 character secret that is unique to them. Neither DTT staff nor the customer will be aware of what the 64 character secret actually is; it will be electronically generated. DTT will ensure that all Trackers 2720s provided to individual customers have the correct key programmed and that they all have a unique identifier.

C Customer Managed Secret

DTT will deliver Tracker 2720s to the customer with no secret information programmed. All Trackers will have a unique 10 digit identifier. The customer will need to be provided with a means of programming Tracker 2720s with their own secret. In the event of a disaster and all secret information is lost by the customer, DTT will offer a recovery service. This will entail reading a customer secret by monitoring the processor and scanning the embedded source code. The programming software will need to be ‘doctored’ to input the key back into the database. DTT will charge for this service.



Data Track Home
Bomara Homepage
 Request Information

Bomara Associates Phone: 800.5BOMARA (800.526.6272) Phone: 978.452.2299 Fax: 978.452.1169 3 Courthouse Lane, Chelmsford, MA 01824 USA
email: bobr@bomara.com      web: www.bomara.com
Serving the marketplace for over 35 years