How secure is SmartLink?

  • 1
  • Question
  • Updated 11 months ago
  • Answered
  • (Edited)
Is SmartLink secure? Yes. Connection to your radio is facilitated using a secure authentication process through a secure server using industry standard token passing. Communication and control messages between your radio and its client system (SmartSDR for Windows or Maestro, for example) occurs over a secured Internet communications channel using SSL/TLS encryption.

Can you disclose more specifics? It is a very generic response. What do you mean by "industry standards"? What level of encryption is used in SmartLink? AES? What is the key size 128 or 256? Is the transport layer TLS 1, 1.1 or 1.2?

Thank you
Mario
KC8P
Photo of KC8P

KC8P

  • 30 Posts
  • 4 Reply Likes

Posted 11 months ago

  • 1
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9013 Posts
  • 3413 Reply Likes
Official Response
From the FAQ:

"Connection to your radio is facilitated using a secure authentication process through a secure server using industry standard token passing.  Communication and control messages between your radio and its client system (SmartSDR for Windows or Maestro, for example) occurs over a secured Internet communications channel using SSL/TLS encryption. The transmit data that would go out on the air and received audio that was received off the air is not encrypted"
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9013 Posts
  • 3413 Reply Likes
Official Response
Mario - SmartLink supports TLS.  The default version is 1.2 but will negotiate down to 1.0 if necessary.  The encryption is using SHA-256
(Edited)
Photo of Steve - N5AC

Steve - N5AC, VP Engineering

  • 1007 Posts
  • 969 Reply Likes
Official Response
We're working on a security white paper which will detail how SmartLink works and the protocols in use.  We've been busy preparing the release and just haven't had time to finish the paper, but hope to do so soon.

Security is a rather complicated topic and there are lots of ways to do it well and do it poorly.  Having information about a particular protocol we used really doesn't tell you a lot.  For example, someone could use a highly secure connection between you and a site used to purchase something with a credit card.  The owner of the website could brag all day about using the latest security, but then store your credit card in a database and then leave the database open to the world (this is a regular occurrence on the Internet).  You really need to understand the whole picture and be able to ask questions in order to perform an accurate security audit.

In general, no system is ever completely secure and work needs to be conducted over time to ensure a high level of security.  For example, take a look at the issues fixed in the latest version of iOS from Apple: https://support.apple.com/en-us/HT207923.  What I can tell you is that security was a major goal of SmartLink and we've implemented what we believe are good protocols in a manner that is secure (we  did look at how competitive remote radio access products are built and were stunned at the lack of good security in most).  We'll be setting up a security email alias that allows anyone that has read our white paper and has concerns to voice those and help us with any issues that arise and we invite anyone that is well versed in Internet security to give our white paper a read and let us know if we've missed anything.