Embeddable Information
Systems Security (INFOSEC) Product
(EIP) E-HHX


PROG/PROJ ELEMENT: 33401N




Description | Characteristics | Life Cycle Support | Life Cycle Documentation |
Repair | POC | Acquisition Authority | Contract Information | Unit Price

DESCRIPTION/FUNCTION


Embeddable Information Systems Security (INFOSEC) Product (EIP) users include communications systems that use MIL-STD-1533 VERSA module Eurocard (VME) bus technology. EIP provides link-level, time-of-day encryption/decryption for time-division multiple access (TDMA) networks and subscriber-level, packet-based message indicator (MI) encryption/decryption. At the link level, EIP can be used as an in-line network encryptor(INE) and has the advantage of being embedded in the host system versus a separate end cryptographic unit (ECU) (e.g., TACLANE/FASTLANE). EIP supports network multilevel security segregation of users on a common transmission control protocol/internet protocol (TCP/IP) network.

There are two primary communications scenarios for the use of EIP: communications between subscribers/users of a network, and communications between network nodes across communications links. The encryption function in these two scenarios is referred to as subscriber encryption and link encryption, respectively. EIP supports both intra-platform and inter-platform communications. As a subscriber device, it is used to encrypt data before it enters the network domain and to attach a bypassed clear text TCP/IP header used to route the data to another node, either on the same platform (ship, ground station, aircraft) or to another platform. As a link encryption device, it is used for inter-platform communications only, providing encryption of data just before transmission over the communications link, as well as limited bypass of control information (for modem/radio setup, or timing). The graphic below shows, in a general setting, the wide scope of the communications architecture of EIP. The subscriber encryption applications are shown in the upper left portion of the graphic below, and the link encryption uses are depicted in the lower right portion. The key operational concept is that of embedding EIP into an existing (or developing) communication system/subsystem/network. For subscriber/user encryption, EIP can be embedded directly into a workstation computer system (enlarged view, upper left), provided the necessary interfaces are already available. It can be embedded directly into a subscriber interface system (enlarged view, upper middle). EIP is intended to directly support IP traffic as well as traffic from tactical data subscribers to bring in legacy users not currently using IP traffic. EIP supports multicast traffic in both subscriber operational configurations and can also serve as a network encryption system located between a local area network and wide area network. To support this, EIP can be embedded in a stand-alone closed box (enlarged view, upper right) which can provide a variety of protocols and interfaces, as needed. This open system approach to encryption supports a wide range of existing applications, as well as unknown future applications. A new interface or protocol could be supported by bringing in a commercial off-the-shelf adapter for the RED and/or BLACK portion of the closed system.

EIP is a controlled cryptographic item (CCI). When an EIP has all keys zeroized (i.e., "Zeroize All" command sent to EIP from a DS-101 compatible fill device such as an AN/CYZ-10 Data Transfer Device [DTD]) and is removed from the host system, it is handled as an UNCLASSIFIED CCI. When an EIP has keys loaded, it is handled at the classification of the highest loaded key. Cryptographic key insertion of an EIP is limited to key load via the DS-101 key fill port. Distribution of cryptographic key types is accomplished manually (or automatically) through the use of a DTD. EIP is not directly involved in the distribution of key.


CHARACTERISTICS


Type: The EIP is a single 6U form factor VME board, mounted in a host chassis containing other VME boards performing host system functions.

Physical Characteristics
Equipment Height (in) Width (in) Depth (in) Weight (lbs) Data Rate (Mbps)
EIP 10.31 0.79 6.79 1.1 1.544

Key Storage:   8 wrapped keys in nonvolatile memory and 64 unwrapped keys in volatile memory


LIFE CYCLE SUPPORT



LIFE CYCLE DOCUMENTATION



REPAIR



Crypto Repair Facility (CRF)

East Coast:  Contact CRF - Norfolk Naval Shipyard
         Commercial (757) 396-5395/6
         DSN 961-5395/6

West Coast: Contact CRF - Naval Station San Diego
         Commercial (619) 556-6175/8, 1886
         DSN 526-6175/8, 1886

POINTS OF CONTACT


SPAWARSYSCEN Charleston Acquisition: Code 752KS
Commercial Telephone (843) 218-4471
Defense Switched Network (DSN) 588-4471

Navy Information Systems Security (INFOSEC)
Technical Assistance Center   1 (800) 304-4636

SPAWARSYSCOM Cryptographic Data Systems Manager: PMW 161-3C
Commercial Telephone (619) 524-7886
Defense Switched Network (DSN) 524-7886

ACQUISITION CATEGORY/AUTHORITY


ACAT IVM

CONTRACT INFORMATION


Acquisition Agent: SPAWARSYSCEN Charleston Code 752
Manufacturer: ViaSat, Inc.

UNIT PRICE


EIP - $5800 (last contract price)


Administration provided by the
SPAWAR Systems Center
in Charleston, South Carolina, USA.
itac@infosec.navy.mil