Systems Security (INFOSEC) Product
PROG/PROJ ELEMENT: 33401N
Embeddable Information Systems Security (INFOSEC) Product (EIP) users include communications systems that use MIL-STD-1533 VERSA module Eurocard (VME) bus technology. EIP provides link-level, time-of-day encryption/decryption for time-division multiple access (TDMA) networks and subscriber-level, packet-based message indicator (MI) encryption/decryption. At the link level, EIP can be used as an in-line network encryptor(INE) and has the advantage of being embedded in the host system versus a separate end cryptographic unit (ECU) (e.g., TACLANE/FASTLANE). EIP supports network multilevel security segregation of users on a common transmission control protocol/internet protocol (TCP/IP) network.
There are two primary communications scenarios for the use of EIP: communications between subscribers/users of a network, and communications between network nodes across communications links. The encryption function in these two scenarios is referred to as subscriber encryption and link encryption, respectively. EIP supports both intra-platform and inter-platform communications. As a subscriber device, it is used to encrypt data before it enters the network domain and to attach a bypassed clear text TCP/IP header used to route the data to another node, either on the same platform (ship, ground station, aircraft) or to another platform. As a link encryption device, it is used for inter-platform communications only, providing encryption of data just before transmission over the communications link, as well as limited bypass of control information (for modem/radio setup, or timing). The graphic below shows, in a general setting, the wide scope of the communications architecture of EIP. The subscriber encryption applications are shown in the upper left portion of the graphic below, and the link encryption uses are depicted in the lower right portion. The key operational concept is that of embedding EIP into an existing (or developing) communication system/subsystem/network. For subscriber/user encryption, EIP can be embedded directly into a workstation computer system (enlarged view, upper left), provided the necessary interfaces are already available. It can be embedded directly into a subscriber interface system (enlarged view, upper middle). EIP is intended to directly support IP traffic as well as traffic from tactical data subscribers to bring in legacy users not currently using IP traffic. EIP supports multicast traffic in both subscriber operational configurations and can also serve as a network encryption system located between a local area network and wide area network. To support this, EIP can be embedded in a stand-alone closed box (enlarged view, upper right) which can provide a variety of protocols and interfaces, as needed. This open system approach to encryption supports a wide range of existing applications, as well as unknown future applications. A new interface or protocol could be supported by bringing in a commercial off-the-shelf adapter for the RED and/or BLACK portion of the closed system.
EIP is a controlled cryptographic item (CCI). When an EIP has all keys zeroized (i.e., "Zeroize All" command sent to EIP from a DS-101 compatible fill device such as an AN/CYZ-10 Data Transfer Device [DTD]) and is removed from the host system, it is handled as an UNCLASSIFIED CCI. When an EIP has keys loaded, it is handled at the classification of the highest loaded key. Cryptographic key insertion of an EIP is limited to key load via the DS-101 key fill port. Distribution of cryptographic key types is accomplished manually (or automatically) through the use of a DTD. EIP is not directly involved in the distribution of key.
Type: The EIP is a single 6U form factor VME board, mounted in a host chassis containing other VME boards performing host system functions.
|Equipment||Height (in)||Width (in)||Depth (in)||Weight (lbs)||Data Rate (Mbps)|
Key Storage: 8 wrapped keys in nonvolatile memory and 64 unwrapped keys in volatile memory
LIFE CYCLE SUPPORT
LIFE CYCLE DOCUMENTATION
POINTS OF CONTACT