CE-Infosys provides two product lines specialized for Government Network Encryption applications. These are ANIS Products and Premium Products. Both product lines are rapidly growing with new models and new functions. Both product lines have a set of common characteristics and also some fundamental differences. These are shown in the following sections:
|ANIS MicroCryptor||ANIS GigaCryptor|
Advanced Network Infrastructure (ANIS) products provide the most advanced security features available in the market today. They are designed to withstand expert attacks including physical modification of the product. This allows ANIS products to be used in non-trusted environments. This level of protection is adequate for products using government’s proprietary algorithms. A multi layer security approach protects the secrets kept in the product. The protection is not only a passive mechanical protection, but also features a rich set of electronic defense circuits that monitor the environment of the product continuously. It runs independent of the external power provided. This active defense protects the product as soon as it is initialized.
Products delivered from CE-Infosys are without software and will be initialized under customer’s control. The authorized government agency loads all Software including the proprietary algorithm into the product. This guarantees that only previously inspected code is used in the product – which is Government Network Encryption application’s finial goal.
A sophisticated deployment concept guarantees that the product contains no valuable secret while it is shipped to its final destination. If the product is stolen during transportation it cannot provide any useful information to the thief. Any attempt to modify the product during transportation brings the product to an unusable state.
At the final destination the product is activated. Activation cannot be performed without the knowledge and approval of the central administrator. Among other activities a special smart card token is required for activation. Thus, it is impossible to activate additional Cryptors or a wrong Cryptor. Activation brings the loaded code modules into a useful form.
When in operation the product can sense additional environmental conditions. This includes detection of lost network links and physical movement of the product. All ANIS products provide a configurable alarm reaction. The products may be totally erased or brought to a state for an onsite re-activation are examples of possible configurable reaction in an alarm. Like airplanes, all ANIS products have a “Black-Box” to record important and abnormal events. Government Network Encryption is in more demand every day.
All ANIS products are equipped with a special security CPU and provide a strict separation between networking and security functions. Cryptographic processing of IP packets, including the fast session key generation is performed entirely in hardware using modern FPGA chips.
All ANIS Cryptors are designed for highest reliability. The products do not have any mechanically moving parts and do not require airflow. For reliability reason the power supplies are externally connected. ANIS Cryptors provide 2 power connectors for redundant power supplies. The products are “green”. They have low power consumption.
Premium Cryptors are designed for trusted environment and do not provide the extended self defense mechanisms known from the ANIS products. The premium products for governments provide the same algorithm flexibility as the ANIS products. Because self-defense is limited, it is recommended to use the products with proprietary algorithms only in a trusted and controlled environment.
All CE-Infosys networking products including the Premium product line support the Enhanced IPSec protocol, an invention that makes Cryptors immune against known networking and cryptographic attacks. Most important is the function to change the key used for the encryption of an IP packet with every packet. This reduces the amount of data for a cryptographic analysis to 1500 byte. This is by far too little to be useful for an known attack.
All Cryptor products are fully encapsulated and can be used in unfriendly environmental conditions such as in the desert where small sand particles are in the air.
The external power supply contributes to the reliability of the products. Experience tells us, that some electric components in power supplies are stressed and have a higher tendency to fail. This is not an issue if the power supply can be changed without reinstalling the Cryptor. The external 12 Volt input allows the Cryptors to be used in mobile installations like cars, vessels, airplanes or helicopters. The absence of mechanically moving parts in Cryptors contributes to their high reliability.
With the Encryption Verification Utility customers can analyze captured network traffic and verify the correctness of the encryption. To decrypt a captured packet the algorithm and the key are required. These information are sensitive and must be kept secret. Therefore, they are never put in a file. Instead a smart card based token is used to transport the secrets from the GlobalAdmin station and from the Algorithm Generator to the Encryption Verification Utility. Our customers receive this utility in source code together with a detailed training. The utility can be used for ANIS and Premium products.