Hardware Encryption Devices. Are they available?
George Livsey
I am aware that there are several hardware DES devices available.
I also noted that they are _not_ to be used for Gov't. data of CLASSIFIED
designation or higher. Just what does the U.S. Gov't. use? Are these
devices available to financial institutions and if so, with what
restrictions?
I am also curious if there are encrypting modems available that
wouldn't require the use of a STU-III ?
It would be nice if someone could post the addresses of manufacturers
of such devices.
George Livsey
--
geo...@NeoSoft.com |
George Livsey | Visualize Whirrled Peas!
Net's Worth |
(713) 994-0447
Marcus J Ranum
>I also noted that they are _not_ to be used for Gov't. data of CLASSIFIED
>designation or higher. Just what does the U.S. Gov't. use? Are these
>devices available to financial institutions and if so, with what
>restrictions?
Some of the fancier crypto devices require clearances to use.
Depending on what you want the crypto for, there are many reasons to
avoid military crypto. For one thing, you have to get the keys from
NSA. Depending on who you're trying to protect against, DES or
double DES might be a better form of security right from the start.
Military crypto is also going to be a lot harder to use outside of
the USA, obviously.
> I am also curious if there are encrypting modems available that
>wouldn't require the use of a STU-III ?
There are a variety of encrypting modems available that use DES.
Cylink and Mobius technologies both make 9600 baud DES-encrypting modems.
Cylink makes a few pretty neat general purpose datacomm encryption devices,
including DES-encrypting CSU/DSUs and routers. This stuff is not cheap.
Figure $1200-$3000 for a DES-encrypting 9600 baud modem, and figure it
will be a heavy metal box larger than a Telebit Worldblazer.
A really good place to look for these kinds of toys is in
publications like InfoSecurity Product News. They're one of those
trade journals that is really little more than a vehicle for ads.
mjr.
Carl Ellison
> I am also curious if there are encrypting modems available that
>wouldn't require the use of a STU-III ?
You can also get encryption devices (in the data stream enroute to a modem)
from Racal-Guardata and Racal-Datacom (sp?).
There are a number of other manufacturers in Europe and Asia, but I don't have
names -- just heard about them from the Racal salesman who had been to the
big computer show in Germany.
- Carl
--
- <<Disclaimer: All opinions expressed are my own, of course.>>
- Carl Ellison c...@sw.stratus.com
- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488
Miron Cuperman
>You can also get encryption devices (in the data stream enroute to a modem)
>from Racal-Guardata and Racal-Datacom (sp?).
Does anyone know about such devices for under $1000?
--
Miron Cuperman <mi...@extropia.wimsey.com> | NeXTmail/Mime ok
Unix/C++/DSP, consulting/contracting | Public key avail
AMIX: MCuperman |
Laissez faire, laissez passer. Le monde va de lui meme.
Marcus J Ranum
Yes, loads.
But what thruput do you want? A 386 can do maybe 100kb/sec with a
well-tuned DES library, and you can get them for around $500 stripped
down. That assumes your time is worthless, because building a router
or whatnot from it is going to take a bit of hackery.
Seriously, though, folks, low-end encryption is where software
solutions win bigtime. You pre-load the cost of the fancy hardware into
your code development, but once it's done, you have a crypto device on
a floppy. ;)
mjr.
Bryan Koch
>
>>You can also get encryption devices (in the data stream enroute to a modem)
>>from Racal-Guardata and Racal-Datacom (sp?).
>
>Does anyone know about such devices for under $1000?
Jones Futurex markets a DES encryption device that auto-bauds to 19.2Kbps
and has a list price of $595 each. The unit is relatively new, and is
called the JFX Encryptor 400.
--
Bryan Koch
Data Security Leader VOICE: +1-612-683-3129
Cray Research, Inc. FAX: +1-612-683-3099
Eagan, Minnesota, USA EMAIL: b...@cray.com
Miron Cuperman
>>Does anyone know about such devices for under $1000?
...
> But what thruput do you want? A 386 can do maybe 100kb/sec with a
>well-tuned DES library, and you can get them for around $500 stripped
>down. That assumes your time is worthless, because building a router
>or whatnot from it is going to take a bit of hackery.
...
Ok.
What about voice encryption devices? Most of what I heard about is
in the $2000-$5000 range. Any of them below that? Any idea what
is the market for a $250 voice encryption device?
How much will Clipper be?
Marcus J Ranum
>in the $2000-$5000 range. Any of them below that? Any idea what
>is the market for a $250 voice encryption device?
I know of no $250 voice encryption devices. I agree that most
of the voice encryption stuff is over $2000. It's not exactly "mass
market" and I suspect that the added cost of dealing with the government
gets passed along to the customer in the purchase price.
>How much will Clipper be?
"Clipper" is not a device, it's a chip. Telephone encryption
units built around clipper (such as AT&T's unit) will most likely be
in the $900-$1200 range initially.
mjr.
Bartjan Wattel
This company has developped two encryption chips: the VM007 and VM009.
This VM009 chip is just a more or less 'simple' implementation of the DES.
In the Netherlands, this chips costs USD 34,- a piece, when buying 1000
devices.
The other chip, the VM007 is a lot more complex. It achieves a ciphering
rate of 192 Mbits per second in all modes. It contains a RISC-based
programsequencer, i think. It's price is (1000 devices) USD 186,- a piece,
in the Netherlands.
Hope this helps,
Bartjan Wattel at Eindhoven University of Technology, the Netherlands
---------------------------------------------------------------------
Email: bar...@stack.urc.tue.nl
wat...@eb.ele.tue.nl
---------------------------------------------------------------------
Carl Ellison
>What about voice encryption devices? Most of what I heard about is
>in the $2000-$5000 range. Any of them below that? Any idea what
>is the market for a $250 voice encryption device?
>
>How much will Clipper be?
AT&T's phone using Clipper was announced to have a price of $1000+ (the number
1165 comes to mind, but I could have transposed digits).
Rob Shirey
use?
He had noted that DES is not to be used for U.S. Government classified
data.
Mr. Livsey, I suggest you obtain a copy of the Information Systems
Security
Products and Services Catalogue, prepared by the U.S. National Security
Agency.
"This publication may be ordered from the Government Printing Office (GPO)
in the form of a yearly subscription. Princes are not quoted here because
rates and frequency of publication are subject to change. The GPO will
accept
Mastercard or Visa orders with a valid credit card number and expiration
date.
Requests for subscriptions should be addressed to:
Superintendent of Documents
U.S. Government Printing Office
Washington, D.C. 20402
Telephone orders may be placed by calling (202) 783-3238.
For further assistance or information write to:
ATTN: X621
National Security Agency
9800 Savage Road
Ft. George G. Meade, MD 20755-6000
The [catalogue] is published four times annually as follows: January,
April
(Supplement), July, October (Supplement)."
In the January 1993 issue, the information you seek is in Chapter 1:
Endorsed
Cryptographic Products List, and in Chapter Two: NSA Endorsed Data
Encryption
Standard (DES) Products List. (There are seven more chapters.)
Products in Chapter 1 are divided into "Type 1" and "Type 2." Type 1
products
are used to secure classified information and are handled as Controlled
Items. Type 2 products are used to protct only certain unclassified
Government
information and are handled as Endorsed-for-Unclassified Cryptographic
Items
(EUCI).
NSA-endorsed cryptographic products are available for purchase and use
only by
the U.S. Government and its sponsored contractors or entities. The latter
includes portions of the financial community, which is what you asked
about in
the first place.
The January 1993 Catalogue lists 63 corporate points of contact (names,
addresses, and phone numbers) for 47 different
Type 1 products, ranging from the KIV-7, the Embeddable KG-84 COMSEC
Module,
to the XEU, the Xerox Encryption Unit. It also lists 9 POCs for 6 Type 2
products, and 19 POCs for "potential" products.
Regards, -Rob-
Robert W. Shirey, The MITRE Corporation, Mail Stop Z202
7525 Colshire Dr., McLean, Virginia 22102-3481 USA
shi...@mitre.org * tel 703-883-7210 * fax 703-883-1397
Rob Shirey
use?
George Livsey
Perhaps I should have explained my original posting better.
I did not wish to obtain hardware that implements Gov't
grade encryption. I was curious as to which algorithms/
implementations the Gov't considered secure enough to protect
their own data. Since DES is not a standard for software
implementations, I assumed that the same would apply for the
Gov't cryptoproducts. Of course I realize that the details
of such products will probably be classified and as such,
would require a clearance to obtain. I only wanted information
as to the major differences between their implementations and
non-regulated crypto products currently available.
Peter Honeyman
|> But what thruput do you want? A 386 can do maybe 100kb/sec with a
|> well-tuned DES library, and you can get them for around $500 stripped
|> down. That assumes your time is worthless, because building a router
|> or whatnot from it is going to take a bit of hackery.
i just measured over 300 kbits/sec on my crummy little rt. a few
weeks ago, i measured 1.2 mbits/sec. on a no-name 50mhz 486 dx (under
$1k, and falling).
peter