The GigaCryptor is a high-end network encryption product
designed for gigabit IP packet encryption while maintaining a small form factor.
The GigaCryptor has line speed throughput in full duplex mode. A GigaCryptor can
support up to 40,000 clients or subnets concurrently, and come with copper
Ethernet interfaces. An option to use optical interfaces is also available. The
product size and performance are the perfect solution for applications requiring
high bandwidth, such as site-to-site encryption, video streaming and multi
casting, or large-scale VoIP telephony.
Applications
The GigaCryptor is a compact high-speed IP
network encryption device designed for excellent performance and reliability.
The throughput and size of the GigaCryptor makes it ideal for use in an array of
network security applications, especially in networks requiring high bandwidth,
such as:
 |
Encrypting High Speed IP Networks |
|
High Speed Encryption of IP Video Streaming |
|
Encryption of IP Traffic in Data Centers |
|
Encryption of Large Company Locations or HQs |
|
Encryption in Mobile Command Vehicles |
|
Encryption of High Speed Local Area Networks |
|
Cryptographic Network Access Control |
|
Cryptography
The GigaCryptor uses standard AES algorithms with a key length
of 256 bit. Shorter key length are not supported. The encryption of the IP
packets as well as the session key calculation and the key management functions
are performed in Hardware. A FPGA chip is used for the cryptographic functions.
This contributes to the very high security level of this product.
Modes of Operation
GigaCryptors are available in either Bridge mode or Gateway
mode. In gateway mode the Cryptor encapsulate the original IP packet and adds a
new IP header to the packet. The original IP header information is hidden. This
is the preferred mode for the connection of remote users providing
Secure Remote Access.
In Bridge mode the Cryptor works as a bump-in-the-wire concept
and can be easily deployed into existing networks without much change to the
defined subnets. Only the payload is encrypted and the original IP header
remains unchanged (not recommended for government operations).
Performance Overview
| 970 Mbit/s Throughput in Half Duplex |
| 970 Mbit/s Throughput in Full Duplex |
| 5,000 Client/Subnet Connections Supported |
| Optimized for Small Packets for Real-time Traffic (VoIP) |
The measurement of the traffic speed is
performed end to end in Gateway mode. Gateway mode enlarges the packet because
of the additional IP header, security header and eventual some required padding
bytes. The encrypted connection between the MicroCryptors can process full line
speed. Because of the additional data transferred on the encrypted port the
plaintext port has little gaps between packets. The result is a performance
slightly below the speed on the encrypted port. This effect increases when the
traffic mix contains many short packets.
Compatibility
CE-Infosys network encryption products work seamlessly with
each other. This requires that the products are using the same algorithm and
share the same keys. Both are 100% under customer control. The following lists
the encryption products that can cooperate in a commercial network:
- ANIS MicroCryptor *
- ANIS GigaCryptor *
- PocketCryptor
- MicroCryptor
- PowerCryptor
- GigaCryptor
- IPCrypt Client using
e-Identity token or smart card
- CompuSec using
e-Identity token or smart card
* Need to be using standard AES
S-Boxes and no additional encryption rounds
Enhanced IPSec
The GigaCryptor provides an advanced key management protocol called
Enhanced IPSec developed by CE-Infosys for government customers.
Using Enhanced IPSec, encrypted traffic is immediately available. There is no
need for lengthy session key negotiations using IKE to establish a tunnel. In
addition, IP packets are automatically authenticated; modified or unencrypted
packets are automatically discarded. Session keys used for encryption are
changed as rapidly as every 1, 5, 10, or 20 packets to defeat any attempts of
statistical analysis of the encrypted packets. Classical attacks based on linear
or differential cryptanalysis need lots of data encrypted using the same key.
Central Management
The policies use by the GigaCryptor are defined and managed at
the GlobalAdmin. Key material used by the Cryptors is generated by the Hardware
Security Module of the GlobalAdmin. The health status of the product as well as
abnormal conditions can be monitored by the GlobalAdmin. In case of an alarm the
GlobalAdmin manages the alarm notification and the alarm response.
Highest Reliability
The GigaCryptor is designed for reliability. The product
contains no mechanical moving parts and only one internal connector. The low
power consumption of the product does not require air flow cooling. Therefore
the product is encapsulated in a closed metal casing providing excellent low
radiation characteristics. The product is powered by external 12V power
supplies. A power supply fault does not require the product to be replaced.
Designed to withstand demanding conditions and suitable to be
utilized in cars, trucks, and other vehicles, the ANIS MicroCryptor has an
outstanding MTBF rate and is resistant against dust, sand and humidity.
Physical Dimensions & Power
| Size |
230 mm X 150 mm X 45 mm
A bracket is available as option for mounting in a standard 19-inch rack |
| Power Specification |
12V/1,5A
DC input
Max. 18 Watt power consumption
One power adapter for 110/230V 50-60 Hz AC is provided with each product |
Interfaces & Connectors
| Plain Text |
2 x 10/100/1000 BaseT Ethernet auto sensing |
| Cipher Text |
2 x 110/100/1000 BaseT Ethernet auto sensing |
| Configuration & Service |
USB Client port for Cryptor Utility |
| Authentication |
USB Host port full speed (for e-identity token) |
| Power |
2 x 12V Connector for redundant supply |
> top <
