High-Level Data Encryption – Protecting Enterprise & Governmental Data Communications
The DSD 72B-SP(I) SONET/SDH optical data encryptor is TCC's latest offering in a long line of data security devices, designed to reliably operate in 'industrial' operational environments.
Like all the TCC encryption products in the 'DSD' line, the DSD 72B-SP(I) provides strategic level data protection with trusted, user-friendly, key and device management. The product provides unrestricted network routing of each virtual container (VC) with no plaintext network exposure of the path-encrypted payload.
Data bandwidth demands continue to increase for commercial and governmental communications. Mission-critical information, including voice; streaming video; data telemetry; and general purpose data like email and file transfers, must be protected from interception and exploitation. Wide area networks (WANs) now transport high-speed data at rates exceeding 622Mbps. Conventional broadband radio solutions cannot easily handle these data bandwidths, driving the demand for fiber optic networks (FONs). These higher bandwidth networks rely on data routing within the WAN.
Many commercial fiber optic data encryptors take the easy, concatenated data approach and encrypt the entire optical payload. However, the DSD 72B-SP(I) autonomously encrypts individual Virtual Container payloads, leaving each container's Path Overhead (POH) unencrypted. Add / Drop Multiplexers (ADMs) and Digital Cross Connects (DXCs) within the FON can then dynamically route individual virtual containers without ever needing to decrypt the concatenated payload to obtain the POH information.
Security Threats
Even non-networked FON lines are vulnerable to eavesdropping. Many users lease commercial FON circuits as part of their network infrastructure, potentially exposing data at repeaters, ADMs, and switches. Even where these network elements are under the control of the user, FON lines themselves can be tapped anywhere along the path. The risk is magnified by the high volume of data on these links, making the FON infrastructure an attractive point in the network for an adversary to attack. It is critical that these data links be protected in an end-to-end manner.
The Solution
The DSD 72B-SP(I) SONET/SDH data security device is designed to fully counter the threat to fiber optic data communications. The exploitation vulnerability is effectively eliminated by either of the two powerful encryption algorithms. Encryption is accomplished end-to-end; user data is never exposed within the WAN.
In addition to operating at either 622.08Mbps or 155.52Mbps when so configured, the DSD 72B-SP(I) is a "layer 2" encryption device, fully supporting the SONET/SDH standards and preserving all framing structures. Each virtual container (VC) is separately encrypted. Encrypted VCs are totally unaffected by network topology.
The DSD 72B-SP(I) is a rack-mountable device designed to operate in indoor environmental conditions. The DSD 72B-SP(I) is designed with durability, reliability, and ease-of-use in mind, making it perfectly suited for government and commercial security applications. It is 100% interoperable with the 'ruggedized' DSD 72B-SP(RI), supporting networks with a mix of harsh and benign operational environments.
Technical Specifications
| Network |
Supports both SONET and SDH protocols
Transparent handling of SONET/SDH section & path headers Adaptable payload configurations - 1 x VC-4-4c (concatenated payload) - 1 x VC-4 and 9 VC-3s - 2 x VC-4 and 6 x VC-3s - 3 x VC-4 and 3 x VC-3s - 4 x VC-4s Accomodates Add/Drop Multiplexer elements occuring anywhere |
|
| Interface Standards Compliant |
Conforms to both ITU-T and ANSI standards
|
|
| Interfaces |
Optical Transceivers for each Line I/O Interface
STM-4 (OC-12) @ 622.08Mbps Optical STM-1 (OC-3) @ 155.52Mbps Optical Radio Transceiver (Electrical) Interface ITU-T G.703 STM-1/ES1 (§15) @ 155.52Mbps Electrical |
|
| Device Management |
At the Local Device, or Remotely Controlled (via Keynet Optical Manager™)
Encrypted and Authenticated Device Management Messages Key Changes handled without Traffic Interruption |
|
| End-To-End Encryption Options |
1) AES-256 – standard
2) National Algorithm(s) via co-development – optional |
|
| Key Management Options |
1) Symmetric Key with Secure Key Management Infrastructure
2) Symmetric Key using Manually Distributed Key Approach * All options offer SHA-256 Integrity and Authentication * |
|
| Functional Design |
Commercial grade enclosure with 'high-rel' grade components
Operational Temperature: 0°C to +50°C Hot-Swappable, Dual Redundant Power Supplies Dual Redundant Cooling Fans Power Options: 100V to 240VAC / 50Hz & 60Hz -48VDC (-18VDC to -60VDC) Standard 19" Rack Mountable Extensive Built-In-Test Capability Access Control and Anti-Tamper Design |
Quality
TCC is dedicated to quality products and services. TCC is ISO 9001
certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality
systems in design/development, production, installation and servicing.
SmartModule, SNARK, and Command Link are trademarks of Technical Communications Corporation.
All Specifications are subject to change without notice.
