Significant cost savings can be achieved by switching from private, leased lines to public Internet Protocol (IP) networks. This is seen as an attractive option for many mission-critical applications such as those of financial institutions, corporations, and governments. These cost savings can come with a high risk of data compromise that occur at exposure points within unprotected public networks. This risk has increased the demand for highly secure, reliable end-to-end IP packet data encryption.
TCC's Cipher X 7200 IP data encryptor has been engineered to protect mission critical communications; to enable organizations to take advantage of the lower operational costs and circuit redundancies of publicly operated and managed IP networks. The Cipher X 7200 IP data encryptor provides strategic level protection from these external threats, and from internal threats that can occur on private, dedicated networks.
Defending against malicious threats to sensitive information from cyber attacks as well as the ever increasing sophistication of traffic intercept, requires the latest advancements in communication security and encryption. The Cipher X 7200 IP data encryptor has served TCC customers' security needs for over a decade. During that time, new advances in encryption algorithms have led to the development of the FIPS-197 Advanced Encryption Standard (AES) algorithm, now offered by TCC on the Cipher X 7200.
TCC’s Cipher X 7200 IP data encryptor offers a 256-bit Advanced Encryption Standard (AES-256) encryption algorithm, incorporated within a hardware-based crypto processor module, ensuring low latency and maximum performance.
The Cipher X 7200 IP data encryptor requires little user training to install, configure and operate, minimizing operational cost to end-users. Security policies are intuitively easy to enforce; each secure IP connection is configured as a transparently established, secure association (SA) session. Once configured, insertion of Cipher X 7200 IP data encryptors into the IP network is operationally transparent; no changes to the IP network are required. Secure key and device management of each Cipher X 7200 IP data encryptor can be performed remotely via TCC’s Keynet™ remote management system using secured (AES-256 protected) client-server connections.
Incorporating a Keynet™ centralized management function into the network makes the security policy configuration and periodic key management operations fully automatic.
The Cipher X 7200 is also available in a ‘Multicast’ version that supports encrypted broadcasting capabilities such as secure video teleconferencing.
Features
- Protocol sensitive IP security
- Encryption, authentication and firewall
- Advanced key management
- Support for 1,024 simultaneous virtual circuits
- Allows up to 12 "discretionary access" groups
- Selective filtering of transport layer protocols
- Centralized management with KEYNET system
- Low packet latency and overhead
- Triple-DES and NIST approved and exportable DES
- Simple to operate, install and maintain
Processing Power
The Cipher X 7200 is designed to support high traffic IP users. Complex security operations are done efficiently and at high speeds to achieve a maximum data rate of 10 Mbps. Each Cipher X system can secure up to 1,024 simultaneous virtual IP circuits. Each virtual circuit, identified by the source and destination IP address, is protected independently with its own key. A Cipher X under full load is equivalent to 1,024 separate encryption units.Key Management
The Cipher X 7200 incorporates TCC's automated and highly secure key management system. Optimum protection is achieved by frequent and automated key changes. No couriers or user interaction is required. The high security of this system has resulted in the U.S. Government adopting it for their use as detailed in FIPS 171.At the start of a secure session between two IP nodes, a cryptographically authenticated process verifies the identity and rights of both parties. The initializing Cipher X 7200 generates a random session key to encrypt the user data. This key is encrypted and authenticated using a Key Encryption Key (KEK), and then transported over the IP network to a receiving Cipher X. These very long and secure KEKs ensure that the critical user data keys remain safeguarded during transport. The session key is used until a lack of activity between the nodes causes the session to shut down, or the automatic key change interval expires.
Cipher Site Manager
Cipher Site Manager (CSM) is a software application that enables Cipher X 7200 units to be easily configured through the terminal interface. CSM will run on any PC compatible computer, 386 or higher, under the Windows™ operating system. The graphical user interface makes it easy to program IP addresses, run diagnostics, load keys and perform other basic configuration and troubleshooting operations. On-line help and context sensitive tips allow anyone familiar with Windows to immediately use the CSM program.KEYNET Centralized Management
TCC offers the most comprehensive centralized security management available. The KEYNET system can simultaneously manage all of TCC's Cipher X products including those on mixed networks such as: X.25, Frame Relay, and IP. Virtually anything an authorized user can do at the front panel of a Cipher X can be done remotely at the KEYNET system. This eliminates the need to train operators at each site, periodically send key couriers to all units, and downtime while waiting for a technician to clear errors or alarms. KEYNET saves money and keeps the network up and running.For optimum protection, KEYNET also establishes a unique secure link to each unit. All communication between the KEYNET and the CipherX 7200, such as key transporting, diagnostic commands and security configuration settings, are encrypted and authenticated. Network maintenance is also efficiently and simply managed with the KEYNET system's unattended auto poll mode.
All CipherX units in the network may be polled automatically saving the crypto officer's time and enhancing network uptime. All unit statistics as well as errors and alarms are collected, stored in logs, and displayed. A hot standby KEYNET is available to take over in case of a problem or during regular maintenance of the primary KEYNET.
Quality
TCC is dedicated to quality products and services. TCC is ISO 9001 certified. ISO 9001, granted to TCC by TUV, is the most stringent
standard available for total quality systems in design/development, production, installation and servicing.
The CipherX® 7200 in Use
The CipherX® 7200 may be installed either on the Ethernet™ LAN side of the router (as shown on the left) or the WAN side (as shown on the right).
Technical Specifications
APPLICATION (Cipher X 7200)
Bi-Directional TCP/IP Data Security
Sustained Data Rates up to 7Mbps
Ethernet Physical Layer
Up to 1,024 Simultaneous Secure Associations
PACKET SIZE
Up to 1,518 Bytes per packet
ENCRYPTION
Advanced Encryption Standard (AES)
256-bit Session Key Traffic Variable
16-Byte (I/O width) Block Cipher
FIPS 197 Compliant
KEY MANAGEMENT - ANSI X9.17 derivative
Local Management via Cipher Site Manager
Remote Centralized Management via Keynet
Secured SNMP Key Service Messages
AES-256 Encrypted Key Service Msgs
DEVICE MANAGEMENT1
Local Monitoring / Setup - Cipher Site Manager
Custom Microsoft WindowsTM Application
Role-Based Functionality (User Passwords)
Remote Centralized Management via Keynet (SNMP)
AES-256 Protected Device Status & Control Msgs
Time & Date Stamped Audit Logs
Alarms, Errors, & Security Events
SECURITY STANDARDS
FIPS-197; FIPS 1402;
ISO 8732
ELECTRICAL INTERFACES
IP Over Ethernet (AUI or 10BaseT)
TCP (Traffic) and UDP (Management)
Copyright© Technical Communications Corporation 1999
Cipher X and KEYNET are trademarks of Technical Communications Corporation
Windows is a trademark of Microsoft Corporation
Ethernet is a trademark of Compaq Computers (formerly Digital Equipment Corporation).
All specifications are subject to change without notice