CANBERRA RMSA7070822 User Manual

107 Union Valley Road

Oak Ridge, TN 37830

6300

Fax: ( 865)483-0406

Phone: (865)220-

Remotely Monitored Seal Array (RMSA)

User’s Manual

SFG-MAN-001

Revision: 1.7

2016 CANBERRA

Table of Contents

PREFACE ....................................................................................................................................................... 1

INTRODUCTION ........................................................................................................................................... 1

1.1 RMSA SYSTEM OVERVIEW ........................................................................................................................... 1

1.2 THEORY OF OPERATION ................................................................................................................................. 3

1.3 SEAL ................................................................................................................................................................ 5

1.4 TRANSLATOR .................................................................................................................................................. 9

1.5 RMSA REVIEW GUI .................................................................................................................................... 13

RMSA SET-UP ............................................................................................................................................ 15

2.1 RMSA SEAL PROGRAMMING AND CONFIGURING....................................................................................... 15

2.2 RMSA TRANSLATOR SET-UP AND LINUX BOOTSTRAP .............................................................................. 27

2.3 WINDOWS XP REMOTE REVIEW APPLICATION HOST ........................ ERROR! BOOKMARK NOT DEFINED.

RMSA KEY GENERATION ....................................................................................................................... 35

3.1 RMSA KEY GENERATION............................................................................................................................ 35

RMSA SECURITY ...................................................................................................................................... 37

4.1 COLLECT / STORE SEAL MESSAGES WI TH NO CONSOLE ACCESS ............................................................... 37

4.2 AUTHENTICA TI ON AND ENCRYPTION OF MESSAGES................................................................................... 37

4.3 FIBER LENGTHS ............................................................................................................................................ 38

REMOTE REVIEW OF SEAL DATA ......................................................................................................... 40

5.1 RMSA REVIEW GUI INSTALL ATI ON A ND CONFIGURATION ....................................................................... 40

5.2 LOADING COLLECTED RMSA DATA ........................................................................................................... 41

5.3 SORTING A ND ANALYZING RMSA DATA .................................................................................................... 45

5.4 REQUESTING RMSA SEAL DATA ................................................................................................................ 53

Table of Figures

Figure 1 Capability and Implementation Relational Diagram ....... 2

Figure 2 RMSA System Configuration .......................................... 4

Figure 3 Seal in Case .................................................................... 5

Figure 4 Block Diagram of the Seal .............................................. 7

Figure 5 Translator Block Diagram ............................................. 10

Figure 6 Type Length Value (TLV) Format ................................. 12

Figure 7 Example RMSA System Installation ............................. 14

Figure 8 Battery Holders (Seal Not in Case) .............................. 16

Figure 9 Out of Case Seal and Programmer Set -up ................. 17

Figure 10 Seal Programmer Inside Case ................................... 17

Figure 11 Installing Plastic Optical Fiber (POF)………………..38

Preface

Inside This Manual

This document desc ribes all of the procedures neces sary to operate the Remotely Monitored
Seal Array system including the Seals, their supporting Translators, and communications
subsystems. The User is expected to be familiar with the basic PC and MS/DOS procedures.

This document is divided into the following five chapters:
Chapter 1 RMSA System Description - T his section includes an RMSA system overview

and theory of operation and describes the Seal, Translator and Rem ote Review
Application software.

Chapter 2 RMSA System Set-Up - This section provides step-by-step instructions for

setting up each of the RMSA System components.

Chapter 3 RMSA Key Generation - This section contains the procedures for generating

cryptographic keys that will be loaded into the Seal.

Chapter 4 RMSA Security - This section discusses RMSA Security via encryption,

authentication, and default keys for a specific Seal.

Chapter 5 Remote Review of Seal Data - This section demonstrates the Remote Review of

Seal Data.

Safety Guidelines

Caution – Do not operate this unit in a manner not specified in this document.
Caution – Only use this unit with the manufacturer provided input power cable.

FCC Compliance

Compliance Statement (Part 15.19)

The enclosed hardware device complies with Part 15 of the FCC R ules. Operation is subject to the follow ing tw o
conditions: (1) This device may not cause harmful interference, and (2) This device must accept any interfer ence
received including interference that may cause undesired operation.

Warning (Part 15.21)

Changes or modifications not expressly approved by Canberra Industries could void the user’s authority to operate
the equipment. Manufacturer is not responsible for any radio or TV inter ference caused by unauthorized
modifications to this equipment.

Compliance Statement (Part 15.105(b))

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part
15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a
residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed
and used in accordance with the instructions, may cause harmful interference to radio communications. However,

REMOTELY MONITORED SEAL ARRAY(RMSA)

I

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

there is no guarantee that interference will not occur in a particular installation. If this equipment does cause
harmful interference to radio or television reception, which can be determined by turning the equipment off and on,
the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna

• Increase the separation between the equipment and receiver

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected

• Consult the dealer or an experienced radio/TV technician for help

Industry Canada (IC) r egulatory information

This device complies with Industry Canada license-ex empt RSS standar d(s). Operation is subject to the follow ing
two conditions: (1) this device may not cause interference, and (2) this device must accept any interference,
including interference that may cause undesired operation of the device.

Le présent appareil est conforme aux CNR d'Industrie
Canada applicables aux appareils radio exempts de licence. L'exploitation est autor isée aux deux conditions
suivantes : (1) l'appareil ne doit pas produire de brouillage, et (2) l'utilisateur de l'appareil doit accepter tout
brouillage radioélectrique subi, même si le brouillage est susceptible d'en compromettre le fonctionnement.

Class B digital device notice

This Class B digital apparatus complies with Canadian
ICES-003, RSS-Gen and RS S-210.
Cet appareil numérique de la classe B est conforme à
la norme NMB-003, CNR -Gen et CNR-210 du Canada.

• The system antenna(s) used for this transmitter must be installed to provide a separation distance of at least
20cm from all the persons and must not be co-located or operating in conjunction with any other antenna or
transmitter, except in accordance with FCC and Industry Canada multi-transmitter product procedures.

• The system antenna(s) used for this module must not exceed 10dBi (CDM A BC 0) and 9.31dBi (CD M A BC1)
for mobile and fixed operating configurations. Users and installers must be provided w ith antenna installation
instructions and transmitter operating conditions for satisfying RF exposure compliance.

Translator Input P ow er

Voltage: 100-240 VAC, 50-60Hz
Power Consumption: .75A

Prepared by:

Author(s): Michael Fontanarosa, Tammy Wenderlich

II

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

Chapter

Introduction

Welcom e to the Remotely Monitored Seal Array (RMSA) system provided by Canberra and
Sandia National Labs. RMSA was designed to meet the needs of a large bas e of Users who
require more data storage features, better RF performance, longer battery life, enhanced
security and other more powerful functions. Figure 1 provides a pictorial representation of how
the RMSA System f its within the Secure Sensor Platf orm (SSP) product family constellation in
terms of its complexity and shared capabilities.

The RMSA Seal monitors a fiber optic loop, records tamper events, provides autonomous and
requested State of Health via encrypted and authenticated messages. This information is
stored in the Seal, remotely via the RMSA Translator and reviewed through the Remote
Review Application. T he Authenticated Switch vers ion of the Seal includes m agnetic sensors
and activating magnets such that a pair of Authentic ate Switch Seals can be used to create a
balanced magnetic switch suitable for monitoring doors, containers and other ar ticles where
one surface moves away from another under authorized conditions.

1.1 RMSA System Overview

The RMSA system consists of Seals, a Translator, a Program ming Card interfac e as well as
the Remote Review Application. The RMSA system provides the following features:

• Offers a low cost solution for monitoring Sealed components

• Incorporates high reliability

• It is inexpensive compared to earlier RF Seals

• Ensures surveillance capabilities available for a long duration

• Provides requested or periodic state of health updates

• Monitors and records date and time of any Seal tamper or other events

• Secures Seal data wi th encryption and authentication techniques

• Allows remote review of Seals

• Can receive messages from multiple Seals while polling for data via Remote Review

• Requires no license for its low power 900 MHz ISM band RF communication

Each of these features will be discussed in this RMSA User Guide.

1

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

Figure 1 Capability and Implementation Relational Diagram

2

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

1.2 Theory of Operation

The RMSA allows for monitoring of a fiber optic or authenticated switch sensor as a Seal. See
Figure 2 for an overview of the RMSA system configur ation. Seal data is collected with an
RMSA Translator with Translator/Seal communications via a no-license, low power RF
communications c hannel. Seal data is encrypted, authenticated, and stored before transfer to
the Translator as the Translator is an unsecure device. A Microsoft Windows (XP-based)
Remote Review Application host can decrypt and authenticate the data stored on the
Translator for inspec tor analysis. A TCP/IP (Ethernet) connection between the T ranslator and
the Remote Review Application host facilitates the transfer of data from the T ranslator to the
Remote Review Application. In addition to remote review, this network connection is used to
allow the inspector to interrogate specific Seals for state-of-health or to request re-send of a
specific Seal message.

The RMSA system is capable of supporting thr ee configuration modes of operation. These
three modes are designated standalone mode, local host supported mode and remote
monitoring mode. In the standalone configuration the system hardware may consist of m any
active Seals and one Translator, which sits unmonitored f or long periods of time. The local
host supported configuration is via an Ethernet interface connected directly to a local host
computer. The remote monitoring mode is similar to the local host mode but is via the internet
to allow monitoring by a host computer of the RMSA system over the internet.

The Programming Card has several functions. It is used to provide power via an external
power supply, a USB interface or from a Microchip compatible programm ing device. It also
converts the Microchip RJ12 connector 6-wire programming cable to the RMSA 8-wire
interface cable. The RMSA interf ace cable is used to program the mic rocontroller code and
Seal personality information that is unique to each Seal. It also provides the interface between
an external USB device, such as a PC, and the UART on the Seal, for personality
programming and debugging.

3

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

Figure 2 RMSA System Configuration

4

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

1.3 Seal

The Seal's design is rugged and resistant to tampering. Its electronics are in a tamper
indicating plastic housing. See Figure 3 f or a picture of the prototype version of Seal in its
case. A pair of tamper switches is used to detect any opening of the Seal housing. The Seal
housing may be opened to replace the internal batteries. Openings are recorded as tamper
events. The Seal is contained in either a white PVC or a blue and white swirl polycarbonate
plastic overlapping two piece case that contains an O-ring Sealing system for environmental
protection. The Plastic Optical Fiber (POF) cable connectors have special Delrin® plastic
ferules along with O-ring Sealing gaskets.

Figure 3 Seal in Case

Advantages of using the RMSA Seal include the following:

• Can be reused indefinitely

• Can be read in situ without removal from the Sealed item

• No external power required, battery operated

• Provides intrinsic tamper indication

• Easily installed

• One or multiple Seals can be read remotely

The Seal stores data and then forwards this data securely to a local Translator via low
power RF communication. As many as 2000 normal State of Health messages are stored
locally in the Seal in a non-volati le circular memory buffer. This locally stored Seal data
can be retrieved manually by the User by using the Send Message Protocol should RF
transmission be interrupted during normal operation.

5

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

The Seal is comprised of the following major components: the Fiber Optic Cable, a Fiber Optic
Emitter and a Fiber Optic Receiver, a Microcontroller, Memory, an RF Transceiver and Real
Time Cloc k. Other inherent components include the Battery Pack, Personality and Security
Key programming, and the Programming Interface. See Figure 4 for a block diagram of the
Seal.

Authenticated Switch Seals contain all of the components in the Seal, and additionally have a
complementary set of magnetic switches, one operating as normally closed and the other
operating as normally open. There is also a strong m agnet installed in the housing such that
when two Authenticated Switch modules are installed face to face, the magnet from one
activates the magnetic switches on the other module.

6

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

PIC

18

FL

6722

Microcontroller

Real Time Clock

CC

1100

RF Transceiver

Memory

Fiber Optic

Emitter

Fiber Optic

Receiver

Tamper

Battery

Pack

I 2 C

SPI

Programming

Interface

TX/ RX

To USB

Programming

Cable

VDD

(

unregulated

)

30

Meters

1

mm Plastic Fiber

SPI

Figure 4 Block Diagram of the Seal

7

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

A parametric measure of the light intensity through the Fiber Cable Monitor is monitored
electronically by the Seal. The fiber optic loop may be as short as 1 meter and as long as 30
meters in length.

Dates and times of opening or clos ing the loop, tampering, out of boundary conditions and
interrogation are stored in the Seal. Each Seal has a unique ID number that is programm ed
before deployment in non-volatile memory internally. A new Seal received from the
manufacturer does not contain any personality information such as encryption or authentication
keys. For the Seal initialization and configuration process, refer to Section 2.1.

For tamper resistanc e, a pair of tamper switches along with a special pin attached to the case
top are used together to detect opening of the Seal case. Once the case is opened, the time of
this tamper is recorded f or later review. Additionally, the encr yption and authentication keys
are automatically destroyed and a default key is used from that point forward to do both the
encryption and authentication for any further messages.

The Seal contains the following components:

• Quartz crystal based timer (real-time clock) to ensure high precision in time/date
generation

• Microchip low power microcontroller with 128 Kbyte Flash memory to c ontrol the Seal
functions, encryption, and transmit information

• Non-volatile Flash memory to store up to 2000 normal SOH messages

• Case switches for tamper detection

• Fiber optic circuits to emit and r eceive light pulses traveling through the optical fiber

loop

• Serial interface for data exchange between the Seal and the Personality Programming
device

• Two AA 3.6V, 2100 mA-H Lithium Batteries

• Temperature monitor circuit

• Programmable RF transceiver for the 900 MHz ISM band

• Magnasphere magnetic switches (Authenticated Switch only)

• Cylindrical magnet (Authenticated Switch only)

The microprocessor is activated by any of the following events:

• Tampering attempt on the case switch

• Fiber optic (FO) loop event

• Valid request for communication (interrogation, initialization, etc.)

8

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

• Magnetic switch activation (Authenticated Switch only)

The plastic optical fiber (POF) cable is a 200-micron single fiber in a 1000 micron (1mm)
plastic jacket. At each end is a r em ovable plastic ferrule for connecting the POF into the Seal
body. There is a 1 mm hole in the f err ule to allow the POF to pass through and ins ert into the
Seal case opening to allow light from the POF to either enter or exit.

To communicate with the Seal, the Seal is connected to a PC USB port through the
Programming Card. The Seal’s two replaceable AA 3.6V lithium batteries may provide a
source of power for over four years, although it is recommended that they be replaced sooner if
there is more RF transmitting activity than normal.

1.4 Translator

The Translator is the device used to read the Seal data in situ. The Translator collects, stores,
and then for wards data fr om Seals upon request, local or remote. All data is encrypted by the
Seals before transmiss ion, though som e portions of the data fr am e s uch as Seal ID is sent in
the clear (no encryption). An authentication signature is part of the overall Seal message. The
Translator can then trans fer this pre-encrypted Seal data via its Ethernet link as it does not
decrypt the data nor authenticate nor does not contain such functionality. The Translator
sends on the encrypted Seal mes sages as well as non-encrypted information regarding the
Seal address, the number of bytes in the enc rypted m essages, received signal strength as
seen by the Translator, and other information. Dat a can then be verified and analyzed on-site
or remotely worldwide.

When a message is transmitted the source device expects an acknowledge response from the
destination device. If an acknowledge m essage is not received the source device retransm its
the message after a random stand-off period of time. This RF “hand-shak e” is an aff irmative
action and has been shown to cut down the amount of RF tr af f ic used by other types of Seals.
The Seal will only try to wait for this acknowledgem ent of successful data reception by the
Translator up to three times before s topping any further attempts for that particular mes sage.
The Translator stores the messages chronologically in non-volatile memory.

For physical security, the Translator is hous ed in a tamper-indicating enclosure with openings
for RF antenna and an Ethernet cable. The Translator consists of an ARM9 based single
board computer (SBC) with a specially designed PC/104 daughter card called the T ranslator
Communication Card (T CC), a universal 115/230V, 50/60Hz AC to 5VDC power supply, two
external vertical swivel antennas and a tamper switch. See Figure 5 for a block diagram of the
Translator. The SBC runs Debian Linux and contains the Operating System and RMSA
application on a removable 4 GB SD card. There are 128 MB of DDR RAM, 512MB of NAND
Flash, USB ports, Gigabit Ethernet, a serial port and several other items which are not used on
the SBC. The T ranslator may be powered by Power Over Ethernet (POE) if desired. Total
power consumption is around 5 watts.

9

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

UNIVERSAL

AC
POWER
SUPPLY

ARM9 PC/104 SBC

TRANSLATOR

COMMUNICATION

CARD

(TCC)

PC/104

(ISA Bus)

TAMPER

DETECT
SWITCH

+ 5 VDC

AC INPUT

ETHERNET

(POE)

ETHERNET

UNIVERSAL

AC
POWER
SUPPLY

ARM9 PC/104 SBC

TRANSLATOR

COMMUNICATION

CARD

(TCC)

PC/104

(ISA Bus)

TAMPER

DETECT
SWITCH

+ 5 VDC

AC INPUT

ETHERNET

(POE)

ETHERNET

Figure 5 Translator Block Diagram

The Translator base system stores the encrypted Type Length Value (TLVs) messages in day
files. The log file name consists of a date stam p and 4 digit counter. At m idnight, the curr ent
day file is closed and a new file is opened with the new date stamp. To minimize Linux
resource issues while stress testing, a maxim um number of rec ords per log file is imposed.
When this max imum record c ount is reached, the c urrent day file is closed and a new one is
open with the same date stamp but incremented counter. Multi-part messages are
reassembled and stored as a s ingle day file entry for ease of retrieval. Remote comm and
pass-through sends the State of Health of the Seals, the Message ID and includes an initiation
of Wake on Radio sequence to the Seal. In addition, the day files also contain basic Translator
State of Health data such as the following:

• Translator up-time and RMSA application start / stop time.

• Date and time that messages are received by the Translator timebase (though not

necessarily the date and time the message was created by the Seal timebase).

• Num ber of suc cess ful and unsuc ces sful T LVs r eceived f rom this Seal (based only on
properly formatted TLV Header infor mation). See Figure 6 f or a breakdown of the
TLV information and its proper formatting.

• Receive Signal Strength Indication (RSSI) / Link Quality Indication (LQI) based on
messages.

The Translator is cons idered a non-secure device as any stored seal data is encrypted at the
seal source befor e being collected by the Translator. However, Translator security features
are available including:

10

REMOTELY MONITORED SEAL ARRAY(RMSA)

2016 CANBERRA

SFG-MAN-001

REVISION: 1.7

• Password protection for upload of Translator log files to a review host via Samba.

• T ranslator log files are placed on a s eparate disk partition so problems with the root

partition will have no effect on the logs.

• An “rmsadeploy” script on the Translator that disables user access including
console/serial port access, f tp, ssh, etc. In deployed mode, the Tr anslator’s SD card
(firmware) would have to be replaced to regain access.

• Im properly encrypted and authenticated data will be flagged by the Remote Review
GUI as “corrupt”.

Refer to Chapter 4 of this User’s Guide for more details on Translator operational deployment.
During RF transmissions , badly formatted T LV packets will be noted during the Translator’s

data review of the packets sent. All transmitted m essage data is stored on the Seal as well.
Interruption of network operations will not affect the Translator’s RF data store operations.
Network operations are only necessary during inspector download and review events.

Figure 6 shows the TLV mess age construction from the Physical Layer all the way up to the
Application Layer. The TLV message format is very flexible as it allows for new message types
to be created at some future point in time while allowing all previous message types previously
created to be fully backwards compatible.

The TLV f ormat is set up with a Message T ype Field (this it the “T”), followed by the Length
Field (this is the “L”) and then followed by the Value Field (this is the “V”). The Type and
Length fields are fixed in the number of bytes, but can be modified for future growth. The
Value field can be as long as feasible, depending on the Message Type.

11

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

Figure 6 Type Length Value (TLV) Format

12

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

1.5 RMSA Rev iew GUI

The RMSA Review GUI application runs under Microsoft WindowsXP. The Review application
includes the ability to decrypt and authenticate Seal data and facilitates remote review of data
both in a batch processing mode and in a live update mode. Decryption and authentication of
the Seal data messages is pr ovided as is handling of incorrectly formatted TLVs and batch
processing of multiple input files.

The RMSA Review GUI includes an Inspector Mode that provides a Main Batch Review
Screen and a Demand Data Screen. W ithin the Main Batch processing, a sim plified view of
the data, a full view of the data, or a custom view may be set up by the inspector. The batch
processing of an RMSA day file(s) is only allowed w ith a password-protected Samba file share.
Figure 7 provides a diagram of how the Review Application Software may be used.

Should live data updates or Seal data quer ies be needed, a TCP/IP port connection to the
Translator is required. Query functions include either a request to acquire a specific Seal
message via a send message demand or a request for status via a State-of Health demand.

13

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA

Figure 7 Example RMSA System Installation

14

REMOTELY MONITORED SEAL ARRAY(RMSA)

SFG-MAN-001

REVISION: 1.7

2016 CANBERRA