CE-Infosys provides two product lines specialized for Government applications. These are ANIS
Products and Premium Products. Both product lines are rapidly growing with new models and new
functions. Both product lines have a set of common characteristics and also some fundamental differences. These are shown
in the following sections:
Advanced Network Infrastructure (ANIS) products provide the most advanced security
features available in the market today. They are designed to withstand expert attacks including physical modification
of the product. This allows ANIS products to be used in non-trusted environments. This level of protection is adequate
for products using government’s proprietary algorithms. A multi layer security approach protects the secrets kept in
the product. The protection is not only a passive mechanical protection, but also features a rich set of electronic
defense circuits that monitor the environment of the product continuously. It runs independent of the external power
provided. This active defense protects the product as soon as it is initialized.
Products delivered from CE-Infosys are without software and will be initialized under customer’s control. The
authorized government agency loads all Software including the proprietary algorithm into the product. This guarantees
that only previously inspected code is used in the product.
A sophisticated deployment concept guarantees that the product contains no valuable secret while it is shipped to
its final destination. If the product is stolen during transportation it cannot provide any useful information to
the thief. Any attempt to modify the product during transportation brings the product to an unusable state.
At the final destination the product is activated. Activation cannot be performed without the knowledge and
approval of the central administrator. Among other activities a special smart card token is required for
activation. Thus, it is impossible to activate additional Cryptors or a wrong Cryptor. Activation brings the
loaded code modules into a useful form.
When in operation the product can sense additional environmental conditions. This
includes detection of lost network links and physical movement of the product. All ANIS products provide a
configurable alarm reaction. The products may be totally erased or brought to a state for an onsite
re-activation are examples of possible configurable reaction in an alarm. Like airplanes, all ANIS products
have a “Black-Box” to record important and abnormal events.
All ANIS products are equipped with a special security CPU and provide a strict separation between networking
and security functions. Cryptographic processing of IP packets, including the fast session key generation is
performed entirely in hardware using modern FPGA chips.
All ANIS Cryptors are designed for highest reliability. The products do not have any mechanically moving parts
and do not require airflow. For reliability reason the power supplies are externally connected. ANIS Cryptors
provide 2 power connectors for redundant power supplies. The products are “green”. They have low power consumption.
Premium Cryptors are designed for trusted environment and do not provide the extended self defense mechanisms known
from the ANIS products. The premium products for governments provide the same algorithm flexibility as the ANIS products.
Because self-defense is limited, it is recommended to use the products with proprietary algorithms only in a trusted
and controlled environment.
All CE-Infosys networking products including the Premium product line support the Enhanced IPSec protocol, an invention
that makes Cryptors immune against known networking and cryptographic attacks. Most important is the function to change
the key used for the encryption of an IP packet with every packet. This reduces the amount of data for a cryptographic
analysis to 1500 byte. This is by far too little to be useful for an known attack.
All Cryptor products are fully encapsulated and can be used in unfriendly environmental conditions such as in the desert
where small sand particles are in the air.
The external power supply contributes to the reliability of the products. Experience tells us, that some electric
components in power supplies are stressed and have a higher tendency to fail. This is not an issue if the power supply
can be changed without reinstalling the Cryptor. The external 12 Volt input allows the Cryptors to be used in mobile
installations like cars, vessels, airplanes or helicopters. The absence of mechanically moving parts in Cryptors
contributes to their high reliability.
With the Encryption Verification Utility customers can analyze captured network traffic and verify
the correctness of the encryption. To decrypt a captured packet the algorithm and the key are required. These
information are sensitive and must be kept secret. Therefore, they are never put in a file. Instead a smart card
based token is used to transport the secrets from the GlobalAdmin station and from the Algorithm Generator to the
Encryption Verification Utility. Our customers receive this utility in source code together with a detailed training.
The utility can be used for ANIS and Premium products.
See the Encryption Verification Utility..
> top <