SOFTWARE SECURITY REQUIREMENTS

FCC ID: RKXMYKONOS3

Cover Letter(s)

Download: PDF
FCCID_2447639

Federal Communications Commission Office of Engineering and Technology Laboratory Division July 10, 2014 SOFTWARE SECURITY REQUIREMENTS FOR U-NII DEVICES I. INTRODUCTION On March 31, 2014, the Commission revised the rules in Part 15 that permits U-NII devices in the 5 GHz Band. 1 As part of that revision, the Commission required that all U-NII device software be secured to prevent its modification to ensure that the device operates as authorized thus reducing the potential for harmful interference to authorized users. 2 Although, the Commission refused to set specific security protocols, the methods used by manufacturers to implement the security requirements must be well documented in the application for equipment authorization. In this document, we provide general guidance on the type of information that should be submitted in the equipment authorization application. The security description provided in the application must cover software security, configuration, and authentication protocols descriptions, as appropriate. This guidance applies to master and client devices. Special circumstances that apply only to client devices are also addressed. II. SOFTWARE SECURITY DESCRIPTION GUIDE An applicant must describe the overall security measures and systems that ensure that only: 1. Authenticated software is loaded and operating the device; and 2. The device is not easily modified to operate with RF parameters outside of the authorization. The description of the software must address the following questions in the operational description for the device and clearly demonstrate how the device meets the security requirements. 3 While the Commission did not adopt any specific standards, it is suggested that the manufacturers may consider applying existing industry standards. 4 Also, this guide is not intended to be exhaustive and may be modified in the future. There may be follow-up questions based on the responses provide by the applicant for authorization. SOFTWARE SECURITY DESCRIPTION General Description 1. Describe how any software/firmware update will be obtained, downloaded, and installed. 1 See Revision of Part 15 of the Commission’s Rules to Permit Unlicensed National Information Infrastructure (U- NII) Devices in the 5 GHz Band, First Report and Order, ET Docket No. 13-49 (2014) (1st R&O). 2 For U-NII devices certified as SDR, see KDB Publication 442812 D01. 3 An exhibit that is part of the Operational Description can be subject to confidentiality. Applicants may request that the software description, as part of the operational description exhibit type, be held confidential. If the software description is submitted as the software information exhibit, it is automatically held confidential. 4 It is suggested that manufacturers follow existing security standards and definitions: X.800, RFC 2828, and IEEE 802.11i. 594280 D02 U-NII Device Security v01r01 Page 1

2. Describe all the radio frequency parameters that are modified by any software/firmware without any hardware changes. Are these parameters in some way limited, such that, it will not exceed the authorized parameters? 3. Are there any authentication protocols in place to ensure that the source of the software/firmware is legitimate? If so, describe in details; if not, explain how the software is secured from modification. 4. Are there any verification protocols in place to ensure that the software/firmware is legitimate? If so, describe in details. 5. Describe, if any, encryption methods used. 6. For a device that can be configured as a master and client (with active or passive scanning), explain how the device ensures compliance for each mode? In particular if the device acts as master in some band of operation and client in another; how is compliance ensured in each band of operation? Third-Party Access Control 1. How are unauthorized software/firmware changes prevented? 2. Is it possible for third parties to load device drivers that could modify the RF parameters, country of operation or other parameters which impact device compliance? If so, describe procedures to ensure that only approved drivers are loaded. 3. Explain if any third parties have the capability to operate a US sold device on any other regulatory domain, frequencies, or in any manner that is in violation of the certification. 4. What prevents third parties from loading non-US versions of the software/firmware on the device? 5. For modular devices, describe how authentication is achieved when used with different hosts. 594280 D02 U-NII Device Security v01r01 Page 2

III. SOFTWARE CONFIGURATION DESCRIPTION GUIDE In addition to the general security consideration, for devices which have “User Interfaces” (UI) to configure the device in a manner that may impact the operational parameter, the following questions shall be answered by the applicant and the information included in the operational description. The description must address if the device supports any of the country code configurations or peer-peer mode communications discussed in KDB 594280 Publication D01. 5 SOFTWARE CONFIGURATION DESCRIPTION USER CONFIGURATION 1. To whom is the UI accessible? (Professional installer, end user, other.) GUIDE a) What parameters are viewable to the professional installer/end-user? 6 b) What parameters are accessible or modifiable to the professional installer? i) Are the parameters in some way limited, so that the installers will not enter parameters that exceed those authorized? ii) What controls exist that the user cannot operate the device outside its authorization in the U.S.? c) What configuration options are available to the end-user? i) Are the parameters in some way limited, so that the installers will not enter parameters that exceed those authorized? ii) What controls exist that the user cannot operate the device outside its authorization in the U.S.? d) Is the country code factory set? Can it be changed in the UI? i) If so, what controls exist to ensure that the device can only operate within its authorization in the U.S.? e) What are the default parameters when the device is restarted? 2. Can the radio be configured in bridge or mesh mode? If yes, an attestation may be required. Further information is available in KDB Publication 905462 D02. 3. For a device that can be configured as a master and client (with active or passive scanning),if this is user configurable, describe what controls exist, within the UI, to ensure compliance for each mode. If the device acts as a master in some bands and client in others, how is this configured to ensure compliance? 4. For a device that can be configured as different types of access points, such as point-to-point or point-to-multipoint, and use different types of antennas, describe what controls exist to ensure compliance with applicable limits and the proper antenna is used for each mode of operation. (See Section 15.407(a)) 5 See KDB Publication 594280 D01Software Configuration Control for Devices. The document provides guidance for devices permitting device configurations and limitations on configuration parameters accessible to the third parties. 6 The specific parameters of interest for this purpose are those that may impact the compliance of the device. These typically include frequency of operation, power settings, antenna types, DFS settings, receiver thresholds, or country code settings which indirectly programs the operational parameters. 594280 D02 U-NII Device Security v01r01 Page 3

Change Notice 07/10/2014: 594280 D02 UNII Device Security v01 has been changed to 594280 D02 UNII Device Security v01r01. Changes to items 3 and 4 in the Software Configuration Description table. 594280 D02 U-NII Device Security v01r01 Page 4


Document Created: 2014-07-10 16:31:04
Document Modified: 2014-07-10 16:31:04
© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC