R&S MKS9680 Modular Encryption Device - Rohde & Schwarz
R&S MKS9680 Modular Encryption Device - Rohde & Schwarz
R&S MKS9680 Modular Encryption Device - Rohde & Schwarz
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<br />
R&S®<strong>MKS9680</strong><br />
<strong>Modular</strong> <strong>Encryption</strong><br />
<strong>Device</strong><br />
Secure voice, fax and<br />
data transmission<br />
Secure Communications<br />
Product Brochure | 01.01
R&S®<strong>MKS9680</strong><br />
<strong>Modular</strong> <strong>Encryption</strong><br />
<strong>Device</strong><br />
At a glance<br />
The R&S®<strong>MKS9680</strong> is a highly secure device for<br />
encrypting voice, fax and data for transmission<br />
over analog and digital landline networks and<br />
satellite links. It meets even the most demanding<br />
requirements in terms of cryptographic security,<br />
emanation security and resistance to mechanical<br />
attacks, and is capable of operating in poor-quality<br />
networks.<br />
The R&S®<strong>MKS9680</strong> is a modular device, available in different<br />
configurations, and designed to support various use<br />
scenarios. The device is equipped with interfaces for operation<br />
in heterogeneous networks.<br />
The R&S®<strong>MKS9680</strong> enables users to communicate<br />
securely over the following types of networks:<br />
❙❙Analog networks<br />
❙❙Digital, circuit-switched networks<br />
❙❙IP networks (in combination with the R&S®IP-GATE)<br />
❙❙BGAN and Thuraya satellite links<br />
The R&S®<strong>MKS9680</strong> has been optimized to deliver secure<br />
voice, fax and data communications, even in difficult signal<br />
environments. For this purpose, it automatically selects<br />
the optimum data rate to provide the best possible transmission<br />
quality.<br />
Key facts<br />
❙❙<strong>Modular</strong> design enables flexible adaptation to available<br />
interfaces<br />
❙❙Convincing transmission quality in poor-quality networks<br />
❙❙Chip-card-based authentication for enhanced security<br />
❙❙Highly secure communications worldwide using landline<br />
networks and satellite links<br />
❙❙Tamper-protected casing to guard against mechanical<br />
attacks<br />
Version with analog interfaces and<br />
digital Euro-ISDN interfaces.<br />
2
R&S®<strong>MKS9680</strong><br />
<strong>Modular</strong> <strong>Encryption</strong><br />
<strong>Device</strong><br />
Benefits and<br />
key features<br />
Highly secure communications for diverse<br />
operating scenarios<br />
❙❙Fulfills the highest confidentiality requirements<br />
❙❙Supports a wide range of applications and transmission<br />
protocols<br />
❙❙Usable anywhere – from cities to remote regions<br />
▷▷<br />
page 4<br />
Sophisticated security concept allows<br />
straightforward key management<br />
❙❙Cryptographic control is in the hands of the customer<br />
❙❙Secure authentication of users based on smart cards<br />
❙❙Consistently high level of security within networks due to<br />
individually secured communications relationships<br />
▷▷<br />
page 5<br />
Tamper-proof, versatile hardware<br />
❙❙<strong>Modular</strong> design supports multiple network scenarios<br />
with a single device<br />
❙❙Physical protection<br />
❙❙A range of interfaces<br />
▷▷<br />
page 6<br />
<strong>Rohde</strong> & <strong>Schwarz</strong> R&S®<strong>MKS9680</strong> <strong>Modular</strong> <strong>Encryption</strong> <strong>Device</strong> 3
Highly secure<br />
communications for<br />
diverse operating<br />
scenarios<br />
Fulfills the highest confidentiality requirements<br />
The R&S®<strong>MKS9680</strong> sets new standards internationally for<br />
the secure transmission of sensitive information. Its security<br />
features encompass cryptographic and mechanical<br />
protection as well as the ability to support organizations'<br />
own security policies.<br />
The R&S®<strong>MKS9680</strong> employs strong cryptographic algorithms<br />
with key lengths as required today in many countries<br />
to effectively secure government communications.<br />
The device creates the necessary key material using a<br />
hardware-based noise generator. To protect the cryptographic<br />
functionality as well as confidentiality and integrity,<br />
the R&S®<strong>MKS9680</strong> has been ruggedized. Besides guarding<br />
the device against physical manipulation, the ruggedization<br />
also protects it against emanation attacks.<br />
Supports a wide range of applications and<br />
transmission protocols<br />
The device can be used to protect various types of realtime<br />
transmissions, including voice, data and video. The<br />
R&S®<strong>MKS9680</strong> additionally includes store-and-forward<br />
capabilities for the secure transmission of faxes and short<br />
messages. It can also be used in heterogeneous network<br />
infrastructures.<br />
The device is modular and, depending on the version, has<br />
both analog and digital interfaces. The R&S®<strong>MKS9680</strong><br />
can also operate in IP networks when combined with the<br />
R&S®IP-GATE. Together, these capabilities give users a<br />
maximum degree of independence from the diverse transmission<br />
protocols employed in today's landline and satellite<br />
communications, and allow cross-network communications<br />
that are secured from end to end.<br />
Usable anywhere – from cities to remote regions<br />
Network quality can vary enormously from region to region.<br />
In cities, high-bandwidth, high-quality connections<br />
with low error rates are usually available, but in remote<br />
regions the opposite is often the case. To enable consistently<br />
stable communications within a system, the<br />
R&S®<strong>MKS9680</strong> implements robust procedures and protocols<br />
(including V.32) that identify the effective bandwidth<br />
available and adjust the throughput automatically. The device<br />
uses forward error correction (FEC) on data links and<br />
error correction mode (ECM) with fax transmissions.<br />
Store-and-forward functionality enables time-shifted operations<br />
Network<br />
¸<strong>MKS9680</strong> transfer software<br />
(short messages and file transfer)<br />
Encrypted storage:<br />
¸<strong>MKS9680</strong> transfer software<br />
Message/file is decrypted and<br />
(short messages and file transfer)<br />
forwarded to target system.<br />
At target site, PC with R&S®<strong>MKS9680</strong><br />
transfer software running must be connected<br />
to R&S®<strong>MKS9680</strong>, and authentication card<br />
must be inserted in R&S®<strong>MKS9680</strong><br />
Network<br />
Fax machine<br />
Fax machine<br />
Encrypted storage:<br />
Fax is decrypted and forwarded to target system.<br />
At target site, fax machine must be connected<br />
to R&S®<strong>MKS9680</strong>, and authentication card<br />
must be inserted in R&S®<strong>MKS9680</strong><br />
4
Sophisticated<br />
security concept<br />
allows straightforward<br />
key<br />
management<br />
Cryptographic control is in the hands of the<br />
customer<br />
Production of the R&S®<strong>MKS9680</strong> (carried out in dedicated<br />
<strong>Rohde</strong> & <strong>Schwarz</strong> facilities in Germany) and first-time cryptographic<br />
initialization of the device are two separate and<br />
independent processes. A device's unique cryptographic<br />
identity is set by the customer using a special smart card<br />
in a one-time operation performed in a secure environment.<br />
In subsequent operation, the user authentication<br />
process and the keys provisioned by the system are based<br />
on this cryptographic identity.<br />
Secure authentication of users based on<br />
smart cards<br />
Users authenticate themselves to the R&S®<strong>MKS9680</strong> using<br />
a special smart card that they insert into the device's builtin<br />
card reader. This smart card is assigned cryptographically<br />
to both the user and the device. If need be, a user's card<br />
can also be assigned to additional R&S®<strong>MKS9680</strong> devices.<br />
Consistently high level of security within<br />
networks due to individually secured<br />
communications relationships<br />
A central crypto management system allows separate key<br />
material to be generated for any predefined communications<br />
relationship. The central crypto management also<br />
sets the period of validity for the key material for each individual<br />
communications relationship. R&S®<strong>MKS9680</strong> devices<br />
change the key material automatically, depending on<br />
the material's defined validity.<br />
Based on the key material generated for each communications<br />
relationship, a new session key is generated for each<br />
connection. The session key is generated using the challenge-response<br />
method and is deleted when the connection<br />
is cleared. With this approach, individual connections<br />
running over the same network are also secured against<br />
one another.<br />
The consistent use of smart cards based on the devices’<br />
unique cryptographic identity simplifies key management<br />
and effectively prevents unintentional misconfiguration of<br />
the overall system.<br />
Security architecture based on individually secured communications relationships<br />
CR key<br />
AC<br />
Headquarters (A)<br />
CR key<br />
AB<br />
Encrypted with<br />
session key AB nx<br />
Encrypted with<br />
session key AC ny<br />
Site (B)<br />
CR key<br />
AC<br />
Site (C)<br />
CR key<br />
AB<br />
<strong>Rohde</strong> & <strong>Schwarz</strong> R&S®<strong>MKS9680</strong> <strong>Modular</strong> <strong>Encryption</strong> <strong>Device</strong> 5
Tamper-proof,<br />
versatile hardware<br />
<strong>Modular</strong> design supports multiple network<br />
scenarios with a single device<br />
The R&S®<strong>MKS9680</strong> comes with diverse network interfaces<br />
(analog and digital). This allows the R&S®<strong>MKS9680</strong><br />
to adapt easily to users' specific needs and requirements<br />
as well as changes in communications environments, and<br />
thus affords high safety of investment.<br />
Physical protection<br />
The R&S®<strong>MKS9680</strong> incorporates intelligent engineering<br />
to detect and ward off mechanical attacks. The modules<br />
are separated from one another, and the casing is tamperproof<br />
to prevent mechanical attacks on the device and its<br />
built-in security functions. Separating the modules also<br />
serves to shield individual circuits and the entire device<br />
electrically and electromagnetically to provide effective<br />
protection against side-channel attacks.<br />
A range of interfaces<br />
Irrespective of the type of network available at the point<br />
of use – analog or digital – users can always connect the<br />
same terminal equipment and need not worry what kind<br />
of network their counterpart is using: The R&S®<strong>MKS9680</strong><br />
automatically chooses the right transmission technology.<br />
The graphic depicts a typical use scenario for the<br />
R&S®<strong>MKS9680</strong>. The device provides the right interface<br />
for each type of terminal equipment. Even if the<br />
R&S®<strong>MKS9680</strong> is connected to an analog network, an<br />
ISDN handset can still be plugged into the digital terminal<br />
interface and used to make a call. A Group 3 fax machine<br />
can be connected to the analog interface, a PC to one of<br />
the USB ports. If two devices are communicating over<br />
a digital network, a 64 kbps channel is set up automatically.<br />
If a call is connected to another R&S®<strong>MKS9680</strong> in an<br />
analog network, the device sets up a modem connection.<br />
The R&S®<strong>MKS9680</strong> uses optimized procedures for satellite<br />
communications. The R&S®IP-GATE expands the communications<br />
capabilities of the R&S®<strong>MKS9680</strong> for operation in<br />
IP networks.<br />
Security architecture based on individually secured communications relationships<br />
IP networks,<br />
SatCom, ISDN,<br />
analog networks<br />
¸<strong>MKS9680</strong><br />
¸<strong>MKS9680</strong><br />
¸<strong>MKS9680</strong><br />
6
Specifications<br />
Specifications of the R&S®<strong>MKS9680</strong><br />
Interfaces<br />
Analog 1<br />
Digital<br />
1 × Euro-ISDN<br />
(two B channels)<br />
SatCom<br />
❙❙<br />
BGAN over ISDN<br />
❙❙<br />
BGAN/IP over R&S®IP-GATE<br />
❙❙<br />
Thuraya/IP over R&S®IP-GATE<br />
Landline IP<br />
over R&S®IP-GATE<br />
<strong>Encryption</strong><br />
Symmetric algorithm<br />
AES256<br />
General data<br />
Dimensions (W x H x D)<br />
190 mm × 220 mm × 170 mm<br />
(7.5 in × 8.7 in × 6.7 in)<br />
Weight<br />
7.6 kg (16.8 lb)<br />
Operating temperature range +10 °C to +40 °C<br />
Transportation temperature range –10 °C to +60 °C<br />
Power supply<br />
AC supply voltage<br />
115 V/230 V AC<br />
Power consumption<br />
approx. 15 W<br />
Ordering information<br />
Designation Type Order No.<br />
R&S®<strong>MKS9680</strong><br />
<strong>Encryption</strong> device with analog interface and digital Euro-ISDN basic rate interface R&S®<strong>MKS9680</strong> 5415.0671.04<br />
Transfer software for the R&S®<strong>MKS9680</strong> R&S®<strong>MKS9680</strong>Transfer-SW 5415.1910.02<br />
Management system<br />
Key management software R&S®MKS0810 5415.2168.03<br />
Hardware-based true random number generator R&S®MKS0606 5415.0365.02<br />
Smart card read/write device R&S®MKS0707 5415.0007.02<br />
Smart card<br />
(installation, authentication and key card)<br />
R&S®MKS0503 5415.1778.02<br />
<strong>Rohde</strong> & <strong>Schwarz</strong> R&S®<strong>MKS9680</strong> <strong>Modular</strong> <strong>Encryption</strong> <strong>Device</strong> 7
Service you can rely on<br />
J Worldwide<br />
J Local and personalized<br />
J Customized and flexible<br />
J Uncompromising quality<br />
J Long-term dependability<br />
About <strong>Rohde</strong> & <strong>Schwarz</strong><br />
<strong>Rohde</strong> & <strong>Schwarz</strong> is an independent group of companies<br />
specializing in electronics. It is a leading supplier of solutions<br />
in the fields of test and measurement, broadcasting,<br />
radiomonitoring and radiolocation, as well as secure<br />
communications. Established more than 75 years ago,<br />
<strong>Rohde</strong> & <strong>Schwarz</strong> has a global presence and a dedicated<br />
service network in over 70 countries. Company headquarters<br />
are in Munich, Germany.<br />
Environmental commitment<br />
❙❙Energy-efficient products<br />
❙❙Continuous improvement in environmental sustainability<br />
❙❙ISO 14001-certified environmental management system<br />
Certified Quality System<br />
ISO 9001<br />
<strong>Rohde</strong> & <strong>Schwarz</strong> SIT GmbH<br />
Am Studio 3 | D-12489 Berlin<br />
Phone +49 30 65884-223 | Fax +49 30 65884-184<br />
E-mail: info.sit@rohde-schwarz.com<br />
www.sit.rohde-schwarz.com<br />
www.rohde-schwarz.com<br />
Regional contact<br />
❙❙Europe, Africa, Middle East<br />
+49 89 4129 123 45<br />
customersupport@rohde-schwarz.com<br />
❙❙North America<br />
1 888 TEST RSA (1 888 837 87 72)<br />
❙❙customer.support@rsa.rohde-schwarz.com<br />
Latin America<br />
+1 410 910 79 88<br />
customersupport.la@rohde-schwarz.com<br />
❙❙Asia/Pacific<br />
+65 65 13 04 88<br />
customersupport.asia@rohde-schwarz.com<br />
R&S® is a registered trademark of <strong>Rohde</strong> & <strong>Schwarz</strong> GmbH & Co. KG<br />
Trade names are trademarks of the owners | Printed in Germany (ch)<br />
PD 5214.4042.12 | Version 01.01 | May 2011 | R&S®<strong>MKS9680</strong><br />
Data without tolerance limits is not binding | Subject to change<br />
© 2011 <strong>Rohde</strong> & <strong>Schwarz</strong> GmbH & Co. KG | 81671 München, Germany<br />
5214404212