High-Level Data Encryption – Protecting Enterprise & Government Data Communications
The DSD 72B-SP(RI) SONET/SDH optical data encryptor is the newest option in the DSD family of secure communication solutions from TCC. It is the latest in a long line of ruggedized data security devices, all of which are designed to reliably operate in even the harshest of environments.
Like all the TCC encryption products in the 'DSD' line, the DSD 72B-SP(RI) provides strategic level data protection with trusted, user-friendly, key and device management. The product provides unrestricted network routing of each virtual container (VC) with no plaintext network exposure of the path-encrypted payload.
Data bandwidth demands continue to increase for both military and governmental communications. Mission-critical information, including voice; streaming video; data telemetry; and general purpose data like email and file transfers, must be protected from interception and exploitation. Wide area networks (WANs) now transport broadband high-speed data at rates exceeding 622Mbps. Conventional broadband radio solutions cannot easily handle these data bandwidths, driving the demand for fiber optic networks (FONs). These higher bandwidth networks rely on data routing within the WAN. Many commercial fiber optic data encryptors use a concatenated data approach that encrypts the entire optical payload. However, the DSD 72B-SP(RI) encrypts individual Virtual Container payloads, leaving each container's Path Overhead (POH) unencrypted. This permits Add / Drop Multiplexers (ADMs) and Digital Cross Connects (DXCs) within the FON to dynamically route individual virtual containers without needing to decrypt their payloads and headers to obtain the POH data.
Security Threats
Even non-networked FON lines are vulnerable to eavesdropping. Many users lease commercial FON circuits as part of their network infrastructure, exposing data at network repeaters, ADMs, and switches. Even if these network elements are under the control of the user, FON lines themselves can be tapped anywhere along the path. The risk is magnified by the high volume of data passing over these links, making the FON infrastructure an attractive point in the network for an adversary to attack. It is critical that these data links be protected in an end-to-end manner.
The Solution
The DSD 72B-SP(RI) SONET/SDH data security device is designed to fully counter the threat to fiber optic data communications. The exploitation vulnerability is effectively eliminated as encryption is accomplished end-to-end; unencrypted user data is never exposed within the WAN.
In addition to operating at either 622.08Mbps or 155.52Mbps when so configured, the DSD 72B-SP(RI) is a "layer 2" encryption device, fully supporting the SONET/SDH standards and preserving all framing structures. Each virtual container (VC) is separately encrypted. Encrypted VCs are totally unaffected by network topology as they are handled exactly the same as unencrypted VCs.
The DSD 72B-SP(RI) is a ruggedized, rack-mountable device meeting MIL-SPEC standards, and is designed to operate in challenging environmental conditions. Whether deployed in a remote location or in a controlled office environment, the DSD 72B-SP(RI) is designed with durability, reliability, and ease-of-use in mind, making it perfectly suited for government and military security applications.
Technical Specifications
| Network |
Supports both SONET and SDH protocols
Transparent handling of SONET/SDH section & path headers Adaptable payload configurations - 1 x VC-4-4c (concatenated payload) - 1 x VC-4 and 9 VC-3s - 2 x VC-4s and 6 x VC-3s - 3 x VC-4s and 3 x VC-3s - 4 x VC-4s Accomodates Add/Drop Multiplexer elements occuring anywhere |
|
| Interface Standards Compliant |
Conforms to both ITU-T and ANSI standards
|
|
| Interfaces |
Optical Transceivers for each Line I/O Interface
STM-4 (OC-12) @ 622.08Mbps Optical STM-1 (OC-3) @ 155.52Mbps Optical Radio Transceiver (Electrical) Interface ITU-T G.703 STM-1/ES1 (§15) @ 155.52Mbps Electrical |
|
| Device Management |
At the Local Device, or Remotely Controlled (via Keynet Optical Manager™)
Encrypted and Authenticated Device Management Messages Key Changes handled without Traffic Interruption |
|
| End-To-End Encryption Options |
1) AES-256 – standard
2) National Algorithm(s) via co-development – optional |
|
| Key Management Options |
1) Symmetric Key with Secure Key Management Infrastructure
2) Symmetric Key using Manually Distributed Key Approach * All options offer SHA-256 Integrity and Authentication * |
|
| Functional Design |
Ruggedized enclosure with MIL-SPEC components
Operational Temperature: -20°C to +55°C Prime Power Options: 100VAC to 240VAC / 50Hz, 60Hz, & 400Hz -48VDC (-18VDC to -60VDC) Standard 19" Rack Mountable High Reliability under Adverse Environmental Conditions Extensive Built-In-Test Capability Access Control and Anti-Tamper Design |
Quality
TCC is dedicated to quality products and services. TCC is ISO 9001
certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality
systems in design/development, production, installation and servicing.
All Specifications are subject to change without notice.
