| |||
| Application
and Main Features The GRETACODER 555 provides top level protection for Frame Relay transmission by encrypting data end-to-end at data rates up to 2 Mbit/s. The encryptor can handle a mix of clear and encryptedlogical connections simultaneously. The GRETACODER 555 is intended for use with PVC connections. The individual logical channels are automatically encrypted and decrypted with theirrespective keys. No overhead bytes are added to user packets and all control information is left unencrypted, assuring full transparency. Easy installation and configuration and low administrative overhead were of primary concern in the overall design. Key Generation Secret keys shared between two communicating units may be exchanged in several ways. The AUTOKEY option automatically and securely generates new secret Master Keys directly via the Frame Relay connection. A special authentication procedure protects against potential spoofing attacks. The KEYGUN option allows secret keys to be generated by the built-in true random generator and loaded into a Security Module for distribution to the partner station. Keys can also be enetered MANUALLY at each station. Secure Session Keys Based on the secret Master Key a new data encryption key is automatically and securely loaded after a configurable, predefined time or on user request. The virtual key memory contains more than one million Session Keys, all guaranteed to be different, which are associated with each Master Key. Even if Session Keys were changed every five minutes, the supply tied to a single Master Key would last for a full ten years. In addition, a new supply may be generated anytime by simply exchanging a new Master Key. The rejection of already used Session Keys positively protects against all attacks based on previously recorded messages, e.g. the so called midnight attack, where actual equipment is illegally accessed to decrypt such messages, or replay attacks where previous messages are injected a second time into the communication channel. This also eliminates the need for round the clock equipment protection. All of which means more security and less risk to the user. Algorithm Either of the following options are available:
All secret elements and set-up parameters are stored in encrypted form in a small, plug-in Security Module (SM). Since the equipment itself stores no secret elements, the critical logistics connected with maintenance, service or exchange are noticeably simplified. Should a unit ever fail, just move the SM into the replacement unit and go. The SM can be electronically locked via a PIN. In addition, a high security mechanical lock safeguards the SM and at the same time protects against unauthorized opening of the all-metal housing. Set-Up and Testing A display with a menu driven user interface assures easy set-up and configuration on first use; afterwards operation is competely automatic. Diagnostics, such as remote status inquiry, alarm reporting and an integrated self-test, are available for testing and maintenance. Encryptor Access Control Access control to specific system functions is handled by defining groups with different privileges (e.g. PIN or token). This guards against unauthorized tampering and unintended set-up changes via button pushing. Several standard classes are offered, but customer specific requirements are easily implemented. Central Management As the responsibilities in a network are usually split into configuration/monitoring and security functions, the central management of the GRETACODER 555 is also clearly separated: To manage and supervise larger networks, a Network Management System (NMS) can configure or query the GRETACODER encryption units using SNMP. The Network Security Center (NSC) allows to centralize key management and configuration of security parameters. | |||
| |||
| Vasira,
Inc., P.O. Box 1197, Denville, NJ 07834 Phone 973-663 2515 Fax 973-663-5604 E-mail: info@vasira.com  This web site was created by E-mark online |
