R&S MKS9680 Modular Encryption Device - Rohde & Schwarz


R&S®MKS9680
­Modular Encryption
Device
Secure voice, fax and
data transmission
Secure Communications
Product Brochure | 01.01

R&S®MKS9680
Modular Encryption
Device
At a glance
The R&S®MKS9680 is a highly secure device for
encrypting voice, fax and data for transmission
over analog and digital landline networks and
satellite links. It meets even the most demanding
requirements in terms of cryptographic security,
emanation security and resistance to mechanical
attacks, and is capable of operating in poor-quality
networks.
The R&S®MKS9680 is a modular device, available in different
configurations, and designed to support various use
scenarios. The device is equipped with interfaces for operation
in heterogeneous networks.
The R&S®MKS9680 enables users to communicate
securely over the following types of networks:
❙❙Analog networks
❙❙Digital, circuit-switched networks
❙❙IP networks (in combination with the R&S®IP-GATE)
❙❙BGAN and Thuraya satellite links
The R&S®MKS9680 has been optimized to deliver secure
voice, fax and data communications, even in difficult signal
environments. For this purpose, it automatically selects
the optimum data rate to provide the best possible transmission
quality.
Key facts
❙❙Modular design enables flexible adaptation to available
interfaces
❙❙Convincing transmission quality in poor-quality networks
❙❙Chip-card-based authentication for enhanced security
❙❙Highly secure communications worldwide using landline
networks and satellite links
❙❙Tamper-protected casing to guard against mechanical
attacks
Version with analog interfaces and
digital Euro-ISDN interfaces.
2

R&S®MKS9680
Modular Encryption
Device
Benefits and
key features
Highly secure communications for diverse
operating scenarios
❙❙Fulfills the highest confidentiality requirements
❙❙Supports a wide range of applications and transmission
protocols
❙❙Usable anywhere – from cities to remote regions
▷▷
page 4
Sophisticated security concept allows
straightforward key management
❙❙Cryptographic control is in the hands of the customer
❙❙Secure authentication of users based on smart cards
❙❙Consistently high level of security within networks due to
individually secured communications relationships
▷▷
page 5
Tamper-proof, versatile hardware
❙❙Modular design supports multiple network scenarios
with a single device
❙❙Physical protection
❙❙A range of interfaces
▷▷
page 6
Rohde & Schwarz R&S®MKS9680 Modular Encryption Device 3

Highly secure
communications for
diverse operating
scenarios
Fulfills the highest confidentiality requirements
The R&S®MKS9680 sets new standards internationally for
the secure transmission of sensitive information. Its security
features encompass cryptographic and mechanical
protection as well as the ability to support organizations'
own security policies.
The R&S®MKS9680 employs strong cryptographic algorithms
with key lengths as required today in many countries
to effectively secure government communications.
The device creates the necessary key material using a
hardware-based noise generator. To protect the cryptographic
functionality as well as confidentiality and integrity,
the R&S®MKS9680 has been ruggedized. Besides guarding
the device against physical manipulation, the ruggedization
also protects it against emanation attacks.
Supports a wide range of applications and
transmission protocols
The device can be used to protect various types of realtime
transmissions, including voice, data and video. The
R&S®MKS9680 additionally includes store-and-forward
capabilities for the secure transmission of faxes and short
messages. It can also be used in heterogeneous network
infrastructures.
The device is modular and, depending on the version, has
both analog and digital interfaces. The R&S®MKS9680
can also operate in IP networks when combined with the
R&S®IP-GATE. Together, these capabilities give users a
maximum degree of independence from the diverse transmission
protocols employed in today's landline and satellite
communications, and allow cross-network communications
that are secured from end to end.
Usable anywhere – from cities to remote regions
Network quality can vary enormously from region to region.
In cities, high-bandwidth, high-quality connections
with low error rates are usually available, but in remote
regions the opposite is often the case. To enable consistently
stable communications within a system, the
R&S®MKS9680 implements robust procedures and protocols
(including V.32) that identify the effective bandwidth
available and adjust the throughput automatically. The device
uses forward error correction (FEC) on data links and
error correction mode (ECM) with fax transmissions.
Store-and-forward functionality enables time-shifted operations
Network
¸MKS9680 transfer software
(short messages and file transfer)
Encrypted storage:
¸MKS9680 transfer software
Message/file is decrypted and
(short messages and file transfer)
forwarded to target system.
At target site, PC with R&S®MKS9680
transfer software running must be connected
to R&S®MKS9680, and authentication card
must be inserted in R&S®MKS9680
Network
Fax machine
Fax machine
Encrypted storage:
Fax is decrypted and forwarded to target system.
At target site, fax machine must be connected
to R&S®MKS9680, and authentication card
must be inserted in R&S®MKS9680
4

­Sophisticated
­security ­concept
allows straightforward
key
management
Cryptographic control is in the hands of the
customer
Production of the R&S®MKS9680 (carried out in dedicated
Rohde & Schwarz facilities in Germany) and first-time cryptographic
initialization of the device are two separate and
independent processes. A device's unique cryptographic
identity is set by the customer using a special smart card
in a one-time operation performed in a secure environment.
In subsequent operation, the user authentication
process and the keys provisioned by the system are based
on this cryptographic identity.
Secure authentication of users based on
smart cards
Users authenticate themselves to the R&S®MKS9680 using
a special smart card that they insert into the device's builtin
card reader. This smart card is assigned cryptographically
to both the user and the device. If need be, a user's card
can also be assigned to additional R&S®MKS9680 devices.
Consistently high level of security within
networks due to individually secured
communications relationships
A central crypto management system allows separate key
material to be generated for any predefined communications
relationship. The central crypto management also
sets the period of validity for the key material for each individual
communications relationship. R&S®MKS9680 devices
change the key material automatically, depending on
the material's defined validity.
Based on the key material generated for each communications
relationship, a new session key is generated for each
connection. The session key is generated using the challenge-response
method and is deleted when the connection
is cleared. With this approach, individual connections
running over the same network are also secured against
one another.
The consistent use of smart cards based on the devices’
unique cryptographic identity simplifies key management
and effectively prevents unintentional misconfiguration of
the overall system.
Security architecture based on individually secured communications relationships
CR key
AC
Headquarters (A)
CR key
AB
Encrypted with
session key AB nx
Encrypted with
session key AC ny
Site (B)
CR key
AC
Site (C)
CR key
AB
Rohde & Schwarz R&S®MKS9680 Modular Encryption Device 5

Tamper-proof,
versatile hardware
Modular design supports multiple network
scenarios with a single device
The R&S®MKS9680 comes with diverse network interfaces
(analog and digital). This allows the R&S®MKS9680
to adapt easily to users' specific needs and requirements
as well as changes in communications environments, and
thus affords high safety of investment.
Physical protection
The R&S®MKS9680 incorporates intelligent engineering
to detect and ward off mechanical attacks. The modules
are separated from one another, and the casing is tamperproof
to prevent mechanical attacks on the device and its
built-in security functions. Separating the modules also
serves to shield individual circuits and the entire device
electrically and electromagnetically to provide effective
protection against side-channel attacks.
A range of interfaces
Irrespective of the type of network available at the point
of use – analog or digital – users can always connect the
same terminal equipment and need not worry what kind
of network their counterpart is using: The R&S®MKS9680
automatically chooses the right transmission technology.
The graphic depicts a typical use scenario for the
R&S®MKS9680. The device provides the right interface
for each type of terminal equipment. Even if the
R&S®MKS9680 is connected to an analog network, an
ISDN handset can still be plugged into the digital terminal
interface and used to make a call. A Group 3 fax machine
can be connected to the analog interface, a PC to one of
the USB ports. If two devices are communicating over
a digital network, a 64 kbps channel is set up automatically.
If a call is connected to another R&S®MKS9680 in an
analog network, the device sets up a modem connection.
The R&S®MKS9680 uses optimized procedures for satellite
communications. The R&S®IP-GATE expands the communications
capabilities of the R&S®MKS9680 for operation in
IP networks.
Security architecture based on individually secured communications relationships
IP networks,
SatCom, ISDN,
analog networks
¸MKS9680
¸MKS9680
¸MKS9680
6

Specifications
Specifications of the R&S®MKS9680
Interfaces
Analog 1
Digital
1 × Euro-ISDN
(two B channels)
SatCom
❙❙
BGAN over ISDN
❙❙
BGAN/IP over R&S®IP-GATE
❙❙
Thuraya/IP over R&S®IP-GATE
Landline IP
over R&S®IP-GATE
Encryption
Symmetric algorithm
AES256
General data
Dimensions (W x H x D)
190 mm × 220 mm × 170 mm
(7.5 in × 8.7 in × 6.7 in)
Weight
7.6 kg (16.8 lb)
Operating temperature range +10 °C to +40 °C
Transportation temperature range –10 °C to +60 °C
Power supply
AC supply voltage
115 V/230 V AC
Power consumption
approx. 15 W
Ordering information
Designation Type Order No.
R&S®MKS9680
Encryption device with analog interface and digital Euro-ISDN basic rate interface R&S®MKS9680 5415.0671.04
Transfer software for the R&S®MKS9680 R&S®MKS9680Transfer-SW 5415.1910.02
Management system
Key management software R&S®MKS0810 5415.2168.03
Hardware-based true random number generator R&S®MKS0606 5415.0365.02
Smart card read/write device R&S®MKS0707 5415.0007.02
Smart card
(installation, authentication and key card)
R&S®MKS0503 5415.1778.02
Rohde & Schwarz R&S®MKS9680 Modular Encryption Device 7

Service you can rely on
J Worldwide
J Local and personalized
J Customized and flexible
J Uncompromising quality
J Long-term dependability
About Rohde & Schwarz
Rohde & Schwarz is an independent group of companies
specializing in electronics. It is a leading supplier of solutions
in the fields of test and measurement, broadcasting,
radiomonitoring and radiolocation, as well as secure
communications. Established more than 75 years ago,
Rohde & Schwarz has a global presence and a dedicated
service network in over 70 countries. Company headquarters
are in Munich, Germany.
Environmental commitment
❙❙Energy-efficient products
❙❙Continuous improvement in environmental sustainability
❙❙ISO 14001-certified environmental management system
Certified Quality System
ISO 9001
Rohde & Schwarz SIT GmbH
Am Studio 3 | D-12489 Berlin
Phone +49 30 65884-223 | Fax +49 30 65884-184
E-mail: info.sit@rohde-schwarz.com
www.sit.rohde-schwarz.com
www.rohde-schwarz.com
Regional contact
❙❙Europe, Africa, Middle East
+49 89 4129 123 45
customersupport@rohde-schwarz.com
❙❙North America
1 888 TEST RSA (1 888 837 87 72)
❙❙customer.support@rsa.rohde-schwarz.com
Latin America
+1 410 910 79 88
customersupport.la@rohde-schwarz.com
❙❙Asia/Pacific
+65 65 13 04 88
customersupport.asia@rohde-schwarz.com
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG
Trade names are trademarks of the owners | Printed in Germany (ch)
PD 5214.4042.12 | Version 01.01 | May 2011 | R&S®MKS9680
Data without tolerance limits is not binding | Subject to change
© 2011 Rohde & Schwarz GmbH & Co. KG | 81671 München, Germany
5214404212