Strategic Level Data Encryption – Protecting Classified Government Data Communications
The DSD 72A-SP (STM) is the latest in TCC's long line of ruggedized data security devices, all designed to operate reliably in the harshest operational environments.
Like all the TCC encryption products in the DSD line, the DSD 72A-SP(STM) provides strategic level data protection with trusted, user-friendly, key and device management. The product provides unrestricted network routing of each virtual container (VC) with no plaintext network exposure of the path-encrypted payload.
Data bandwidth demands continue to increase for both military and governmental communications. Mission-critical information often includes voice, streaming video, data telemetry, and general purpose data like email and file transfers, all of which must be protected from interception and exploitation. Wide area networks (WANs) now transport broadband high-speed data at rates exceeding 622Mbps. Conventional broadband radio solutions cannot easily handle these data bandwidths, driving the demand for fiber optic networks (FONs). These higher bandwidth networks rely on data routing within the WAN. Many commercial fiber optic data encryptors take the easy, concatenated data approach and encrypt the entire optical payload. However, the DSD 72A-SP (STM) encrypts individual Virtual Container payloads, leaving each container's Path Overhead (POH) unencrypted. This permits Add / Drop Multiplexers (ADMs) and Digital Cross Connects (DXCs) within the FON to dynamically route individual virtual containers without needing to decrypt their payload to obtain the POH data.
Security Threats
Even non-networked FON lines are vulnerable to eavesdropping. Many users lease commercial FON circuits as part of their network infrastructure, exposing data at network repeaters, ADMs, and switches. Even if these network elements are under the control of the user, FON lines themselves can be tapped anywhere along the path. The risk is magnified by the high volume of data passing over these links, making the FON infrastructure an attractive point in the network for an adversary to attack. It is critical that these data links be protected in an end-to-end manner.
The Solution
The DSD 72A-SP (STM) SDH/SONET data security device is designed to fully counter the threat to fiber optic data communications. The exploitation vulnerability is effectively eliminated by either standards based or customized national encryption algorithms. Encryption is accomplished end-to-end; user data is never exposed within the WAN.
In addition to operating at either 622.08Mbps or 155.52Mbps, the DSD 72A-SP (STM) is a "layer 2" encryption device, fully supporting the SDH/SONET standards while preserving all framing structures. Each virtual container (VC) is separately encrypted. Encrypted VCs are totally unaffected by network topology.
The DSD 72A-SP (STM) is a ruggedized, rack-mountable device meeting MIL-SPEC standards, and is designed to operate in challenging environmental conditions. Whether depolyed in a remote location or in a controlled office environment, the DSD 72A-SP (STM) is designed with durability, reliability, and ease-of-use in mind, making it perfectly suited for government and military security applications.
Technical Specifications
| Network |
Supports both SDH and SONET protocols
Transparent handling of SDH/SONET section & path headers Adaptable payload configurations - 1 x VC-4-4c (concatenated payload) - 1 x VC-4 and 9 VC-3s - 2 x VC-4 and 6 x VC-3s - 3 x VC-4 and 3 x VC-3s - 4 x VC-4s Accomodates Add/Drop Multiplexer elements occuring anywhere |
|
| Interface Standards Compliant |
Conforms to both ITU-T and ANSI standards
|
|
| Interfaces |
Optical Transceivers for each Line I/O Interface
STM-4 (OC-12) @ 622.08Mbps -or- STM-1 (OC-3) @ 155.52Mbps -or- Electrical Transceivers for each Line I/O Interface EC-3 @ 155Mbps |
|
| Device Management |
At the Local Device, or Remotely Controlled (via Keynet Optical Manager™)
Encrypted and Authenticated Device Management Messages Key Changes handled without Traffic Interruption |
|
| End-To-End Encryption Options |
1) National Algorithm (co-developed)
2) AES-256 |
|
| Key Management Options |
1) Symmetric Key with Secure Key Management Infrastructure
2) Symmetric Key using Manually Distributed Key Approach * All options offer SHA-256 Integrity and Authentication * |
|
| Functional Design |
Ruggedized enclosure with MIL-SPEC components
Operational Temperature: -20°C to +55°C Power: 85V-264VAC Universal AC -or- +24VDC / -48VDC Standard 19" Rack Mountable High Reliability under Adverse Environmental Conditions Extensive Built-In-Test Capability Access Control and Anti-Tamper Design |
Quality
TCC is dedicated to quality products and services. TCC is ISO 9001
certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality
systems in design/development, production, installation and servicing.
SmartModule, SNARK, and Command Link are trademarks of Technical Communications Corporation.
All Specifications are subject to change without notice.
