Frame Relay Encryption for Mission-Critical Networks
Government and private organizations are exchanging ever-increasing amounts of data, while their network managers are generally faced with providing more bandwidth within ever-tightening budgets. Significant cost savings can be achieved by using publically available broadband data network backbones to augment and in some cases replace private data networks. The tradeoff to these potential cost savings comes with the increased risk of data compromise at exposure points within frame relay networks.
The Cipher X 7100 Frame Relay data encryptor has been engineered to protect these mission critical communications backbones; thus enabling organizations to take advantage of the lower operational costs and trunk redundancies offered by using publically managed frame relay networks. The Cipher X 7100 Frame Relay data encryptor provides strategic level protection from internal threats occurring on private, dedicated networks.
Defending one's sensitive information from cyber attacks and malicious threats, as well as the ever increasing sophistication of traffic intercepts, requires the latest advancements in communications security. The Cipher X 7100 Frame Relay data encryptor has served TCC customers for over a decade. During that time, new advances in encryption algorithms have led to the development of the FIPS 197 Advanced Encryption Standard (AES) algorithm, now offered by TCC.
TCC's frame relay data encryption system protects the privacy of data sent over public frame relay networks by securing selected permanent virtual circuits (PVCs).
TCC’s Cipher X 7100 Frame Relay data encryptor offers full duplex 256-bit Advanced Encryption Standard (AES-256) encryption algorithms, incorporated within a hardware-based crypto processor module, ensuring low latency and maximum performance.
The Cipher X 7100 requires little user training to install, configure and operate, minimizing operational cost to end-users. Security policies are intuitively easy to establish and enforce; each bi-directional data link connection identifier (DLCI) based link is configured as a transparently established secure connection. Once configured, insertion of Cipher X 7100 data encryptors into the frame relay network is operationally transparent; no changes to the network are required.
Secure, AES-256 protected key and device management of each Cipher X 7100 data encryptor can be performed remotely over a client-server connection using TCC’s Keynet™ Management System.
Incorporating a Keynet™ centralized management function into the network makes the security policy configuration and periodic key management operations fully automatic.
A security policy is also easily enforced by the Cipher X system. Each frame relay virtual circuit is designated as cipher (secure), clear, or blocked. This is transparent to the user thereby eliminating training, user acceptance, and enforcement issues. A single Cipher X system can control access for all 1,024 virtual circuits in a frame relay connection making it a very cost effective solution.
Key Benefits
- Proven AES encryption optimally protects the privacy of sensitive information
- Provides significant cost savings by enabling the use of public frame relay networks, while maintaining data security
- Clear and secure support saves money since only one frame relay circuit is required
- Compliance to ANSI X9 security standards enables banks to certify that they are following 'Prudent Business Practice' in the protection of transmitted data
- KEYNET secure management application lowers installation and maintenance costs, monitors security compromises, and automates key management.
- Allows Secure Remote software download to do product upgrades or to add new features.
APPLICATION (Cipher X 7100)
Full Duplex Frame Relay Data Security
Synchronous Data Rates up to 2.048Mbps
Frame Size up to 4,096-Bytes
ENCRYPTION
Advanced Encryption Standard (AES)
256-bit Session Key Variable
16-Byte (I/O width) Block Cipher
FIPS 197 Compliant Implementation
KEY MANAGEMENT1
Local Management via Cipher Site Manager
Remote Centralized Management via Keynet™
Secured SNMP Key Service Messages
AES-256 Encrypted Key Service Msgs
DEVICE MANAGEMENT1
Local Monitoring / Setup - Cipher Site Manager
Custom Microsoft Windows™ Application
Role-Based Functionality (User Passwords)
Remote Centralized Management via Keynet (SNMP)
AES-256 Protected Device Status & Control Msgs
Time & Date Stamped Audit Logs
Alarms, Errors, & Security Events
NETWORK PROTOCOL SUPPORT
ITU-T: Q.922; Q.933
ANSI: T1.606; T1.617; T1.618
FRF.1
SECURITY STANDARDS
FIPS-197; FIPS 140-12;
ISO 8732
ELECTRICAL INTERFACES
V.35; X.21; RS-422 / RS-449;
RS-485; RS530; RS-232
PRIMARY POWER INPUT
85-264VAC, 45-65Hz; 20 Watts (typical)
ENVIRONMENTAL
Operational temp. 0° C to +50° C
Humidity 5% to 90% non-condensing
PHYSICAL PARAMETERS
Dims: 41.0cm(w) x 4.4cm(h) x 26.7cm(d)
19-Inch Rack Mountable: Flanges Included
Weight: 3.7kg (8.2lbs) less cables & flanges
AGENCY APPROVALS
FCC 47 CFR Part 15, Class A
ICES-003 Issue 4 Class A
EN55022:1998/A1:2000/A2:2003 Class A ITE
EN55024:1998/A1:2001/A2:2003 ITE
VCCI Class A ITE
IEC 60950-1:2005
EN 60950-1:2006
NOTES:
1. Remote Centralized Key & Device Management requires new AES-256 based Keynet
2. Based on FIPS 140-1 level 3 certified platform
LEGEND
AES = Advanced Encryption Standard
DEK = Data Encrypting Key (Session Key)
DLCI = Data Link Connection Identifier
KEK = Key Encrypting Key
MKEK = Master Key Encrypting Key
PVC = Permanent Virtual Circuit
Quality
TCC is dedicated to quality products and services. TCC is ISO 9001 certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality systems in design/development, production, installation and servicing.
Copyright© Technical Communications Corporation 1999
Cipher X and KEYNET are registered trademarks of Technical Communications Corporation
Other brand and product names may be trademarks or registered trademarks of their respective owners.
All specifications are subject to change without notice.
