What is Suva? Suva is a service running on your ClarkConnect device.  The software was built for the sole purpose of making secure connections to Internet devices.  How secure?  Well... we use it to manage all of our Gateway Services servers. There are two requirements for making a secure a connection: Authentication - Suva uses an RSA public/private key pair, along with a host key Encryption - Suva uses the Rijndael algorithm, the US government Advanced Encryption Standard (AES)

Troubleshooting In order for the Gateway Services systems to make contact, your ClarkConnect system must have Suva Web Services running port 1875 on the firewall open Use the ClarkConnect web-based administration tool to make sure two requirements are met: Go to the Running Services page Make sure Suva is running (requirement #1) Go to the Firewall Incoming page Make sure port 1875 is open (requirement #2)

How it Works - The Details...

Have you ever wondered why the device status page (https://secure.clarkconnect.com/webapp/status.jsp if you are logged into your account) takes a bit of time to load?  There is quite a bit of action going on in the background.  The Suva connection sequence happens as follows:

Make a Request -- The pointclark.net Central Office (CO) requests to perform a security audit on a remote device owned by "Mr. Jim".

Send Authentication Packet -- The CO contacts Jim's gateway by sending an Authentication Initiation Packet containing version information and the organization that the CO claims to be representing - in this case pointclark.net.

Public Key Infrastructure -- The device has a list of key servers for each organization in its database. The gateway contacts several of pointclark.net's key servers, collecting as many keys as it needs until a certain (high) percentage all agree with each other. This infrastructure has two advantages:

• All of the key servers must be compromised to gain access to the gateway device
• For added protection, the keys are rotated on a regular basis

Generate Random String -- Jim's gateway then generates a random string and encrypts it with pointclark.net's public key.  At this point, using the pointclark.net private key is the only way to decrypt the message... and only the CO has access to this key.

Send Encrypted String -- Jim's gateway then sends this encrypted string back to the pointclark.net Central Office.

Decrypt and Return String -- The Central Office decrypts the string using the pointclark.net private key and sends this decrypted string back to Jim's gateway.

Check Authentication -- The gateway receives the CO's response and then compares it to the original random string that it encrypted.  If the two match, Jim's gateway can be completely certain that it is communicating with pointclark.net!

Host Key Check -- One last security check... the CO must present the device's host key or the connection is closed.

At this point the communication link between pointclark.net and Jim's gateway is established. Jim can also use the Suva software on his gateway to disable and control the services offered by the Central Office.