TopSec Product Family Voice encryption at the highest security level

Similar documents
TopSec Mobile Secure voice encryption for smartphones and laptops

TopSec Mobile Tap-proof phone calls

Replacing R&S CMU200 with R&S CMW500 in 2G and 3G Speech Test Applications Application Note

R&S FSL Spectrum Analyzer Resolving Security Issues When Working in Secure Areas

BitLocker White Paper Windows 10

LabVIEW driver history for the R&S HMC8012 Driver Documentation

R&S ELEKTRA EMC Test Software Swift and reliable measurement of electromagnetic disturbances

R&S GNSS Test Automation Release Notes Software Version 1.3.2

R&S AVG Pattern Import Release Notes Firmware Version 02.25

R&S RTC1002 Digital Oscilloscope Release Notes Firmware Version

R&S CLIPSTER Mastering excellence.

R&S QuickStep Test Executive Software Flexibility and excellent performance

R&S ESU EMI Test Receiver. Release Notes. Firmware Version V5.74 SP1. Only an ESU with Windows 7 Operating System is supported

Voice Quality Measurements with R&S ROMES. Application Note

R&S MSD Modular System Device Flexible antenna switching and rotator control

R&S RTA4000 Digital Oscilloscope Release Notes Firmware Version

R&S RECAL + Release Notes Software Version 4.01

R&S SGT100A RF Source Base Unit Release Notes FW Version

Sending s without the risk! The Rohde & Schwarz Secure Web Interface

R&S Spectrum Rider FPH Release Notes Firmware Version V1.40

Simple Sequencing Tool for SCPI Commands Application Note

R&S SITLine ETH Ethernet Encryptor Secure data transmission via landline, radio relay and satellite links up to 40 Gbit/s

R&S NRP-Z51/-Z52/-Z55/-Z56/- Z57/-Z58 Thermal Power Sensors Release Notes

How to Apply MS17-10 to prevent WannaCrypt Attacks

R&S Spectrum Rider FPH Release Notes Firmware Version V1.50

How to Apply MS17-10 to prevent WannaCrypt Attacks

.NET programming interface for R&S GTSL and R&S EGTSL

R&S ESR EMI Test Receiver Release Notes Firmware Version V3.36 SP2

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

R&S SMB100B Release Notes Firmware Version

R&S CMW Bluetooth Release Notes Software Version V3.2.70

NQDI Classic Transform data into insights to support business decisions

R&S VISA Release Notes Software Version 5.8.6

Complimentary Reference Material

(2½ hours) Total Marks: 75

R&S NGE100 Power Supply Series Reduced to the max

R&S ESW Test Receiver Release Notes Firmware Version V1.40 SP1

R&S ELEKTRA Release Notes Software Version V2.10

R&S Broadcast Drive Test Release Notes Software Version 03.13

R&S DSA DOCSIS Signal Analyzer Release Notes Firmware Version 2.2.1

Session key establishment protocols

CT30A8800 Secured communications

Session key establishment protocols

TSML-W Radio Network Analyzer

KEY AGREEMENT PROTOCOLS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 13 of Trappe and Washington

Key Management and Distribution

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Public-key Cryptography: Theory and Practice

R&S Pulse Sequencer DFS Software Release Notes Software Version 1.6

Brochure Version IP-based broadcast contribution and primary distribution revolution or evolution?

Cryptographic Concepts

Resolving Security Issues When Working with the R&S ESIB in Secure Areas

Authentication and Key Distribution

R&S SMA100B Release Notes Firmware Version

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Remote Key Loading Spread security. Unlock efficiency

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Technological foundation

R&S NRP-Z5 USB Sensor Hub Instrument Security Procedures

R&S TSMAx Release Notes Firmware Version

QualiPoc Android Probe Non-stop service quality monitoring and optimization

CS Computer Networks 1: Authentication

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

R&S CMW500 CDMA2000 1XRTT and 1xEV-DO Release Notes Software Version

Lecture 2 Applied Cryptography (Part 2)

R&S Pulse Sequencer DFS Software Release Notes Software Version 1.7

R&S TSMA Release Notes Firmware Version

Security Digital Certificate Manager

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

1. Diffie-Hellman Key Exchange

R&S NRP-Z27/-Z37 Power Sensor Module Release Notes Firmware Version 04.18a

T Cryptography and Data Security

Cryptography and Network Security

IBM. Security Digital Certificate Manager. IBM i 7.1

R&S SpycerBox Ultra TL Spec Sheet

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

IBM i Version 7.2. Security Digital Certificate Manager IBM

IT security for energy infrastructures

T Cryptography and Data Security

Watermark-Based Authentication and Key Exchange in Teleconferencing Systems

Grenzen der Kryptographie

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

R&S ZN-Z154 Calibration Unit Instrument Security Procedures

ROEVER ENGINEERING COLLEGE Elambalur,Perambalur DEPARTMENT OF CSE NP UNIT-I

Overview. SSL Cryptography Overview CHAPTER 1

CSC/ECE 774 Advanced Network Security

Firmware Version Build 170 SP1

R&S RTO and R&S RTE Oscilloscopes Release Notes Firmware Version

GSMK CryptoPhone PSTN/1i. User Manual

Key management. Pretty Good Privacy

PKCS #3: Diffie-Hellman Key-Agreement

R&S Power Meter NRP Release Notes Firmware Version

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

An IBE Scheme to Exchange Authenticated Secret Keys

R&S DigIConf Software Release Notes Firmware Version Build 170 SP1

CSC 774 Network Security

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

PKCS #3: Diffie-Hellman Key- Agreement Standard

CS 161 Computer Security

Transcription:

Secure Communications Product Brochure 01.01 TopSec Product Family Voice encryption at the highest security level

TopSec Product Family At a glance The TopSec product family provides end-to-end voice encryption at the highest security level, across networks. The devices of the TopSec product family for encrypted transmission are the ideal solution when confidential and tap-proof information is to be transmitted. The TopSec product family offers a suitable security solution for every application. It can be used to secure voice communications as well as video, data and fax transmissions. Mobile phone users can choose between the TopSec Mobile, a voice encryption device equipped with a Bluetooth interface, and the TopSec GSM, a mobile phone enhanced with a crypto module. Users with a digital Euro ISDN connection employ the TopSec 703+, those with an analog connection use the TopSec 711. The TopSec Mobile, TopSec GSM, TopSec 703+ and TopSec 711 voice encryption devices are interoperable. Secure end-to-end voice encryption is possible within mobile radio networks, digital networks or analog networks, and can even be established across networks. The TopSec product family is supplemented by the TopSec Administrator administration software. TopSec Administrator makes it possible to create cryptological user groups and generates certificates for the TopSec devices, which enable automatic authentication. TopSec Administrator allows secure administration and secure firmware updates. 2

TopSec Product Family Benefits and key features A suitable solution for every application JJ TopSec products: TopSec Mobile voice encryption device TopSec GSM encrypting mobile phone TopSec 703+ encryption device for digital connections TopSec 711 encryption device for analog connections TopSec Administrator administration software JJ Interoperability between the TopSec devices page 4 Reliable encryption concept JJ Hybrid approach for maximum security Asymmetric method using 1024 bit encryption key length for key agreement Symmetric encryption algorithm with a 128 bit encryption key: 10 38 possible keys page 6 Authentication for maximum security JJ Spoofed encrypted connections are prevented JJ Man-in-the-middle attacks are prevented JJ Ability to create closed user groups page 7 User-managed encryption JJ TopSec Administrator JJ Open user groups JJ Closed user groups page 8 TopSec Administrator the convenient administration software JJ Trust center functionality JJ Remote administration Distribution of certificates Black lists White lists JJ Settings for operational parameters page 10 The Bluetooth word mark and logos are registered trademarks owned by Bluetooth SIG, Inc. and any use of such marks by Rohde & Schwarz is under license. Rohde & Schwarz TopSec Product Family 3

A suitable solution for every application TopSec Mobile voice encryption device The TopSec Mobile is a highly versatile voice encryption device equipped with a Bluetooth interface. The TopSec Mobile does not connect directly to communications network; instead, it connects to a communications terminal equipment such as a mobile phone. A TopSec Mobile allows encrypted communications with an interoperable partner encryption device using almost any mobile phone with a Bluetooth interface. In order for this to work, it must be possible to activate the mobile phone's data service via Bluetooth, which is possible with most mobile phones. This solution offers two significant advantages: First, the TopSec Mobile is not confined to specific mobile radio frequencies. Second, users enjoy a great deal of freedom when choosing a mobile phone. Besides the encryption components, the audio components (microphone and speaker) are also incorporated into the TopSec Mobile. This means that, in addition to the option of using a mobile phone, it is also possible to use an analog or ISDN modem with Bluetooth for enabling the TopSec Mobile to gain network access. For encrypted communications, the TopSec Mobile uses a data rate of 9.6 kbps. It can use either the ITU-T V.32 or V.110 communications protocol. Voice information is digitized and compressed with a vocoder prior to encryption TopSec GSM encrypting mobile phone The TopSec GSM is a dual-band encrypting mobile phone for the GSM network. This mobile phone is equipped with an integrated TopSec crypto module. To transmit encrypted voice information, the TopSec GSM uses a data channel with a data rate of 9.6 kbps. Depending on the specific partner encryption device, either the ITU-T V.32 or V.110 communications protocol is used. The voice information is digitized and compressed with a vocoder prior to encryption. TopSec-secured communications between subscribers in an analog network, a digital network and a mobile radio network. Encryption in analog networks, digital networks and mobile radio networks GSM TopSec Mobile Mobile phone with Bluetooth interface ISDN POTS TopSec GSM TopSec 703+ TopSec 703+ Terminal adapter a/b TopSec 711 TopSec 711 4

TopSec 703+ encryption device for digital connections The TopSec 703+ is an encryption device for digital Euro ISDN networks. It allows the encrypted transmission of all ISDN services. This means that voice, video, data and fax signals can be encrypted. Encryption is accomplished at the full data rate up to 2 64 kbps. The TopSec 703+ also enables secure voice communications with a TopSec Mobile or a TopSec GSM as a partner encryption device. In this scenario, the device supports ITU T V.110 with a data rate of 9.6 kbps. The voice information is digitized and compressed with a vocoder prior to encryption. TopSec 711 encryption device for analog connections The TopSec 711 is an encryption device with analog interfaces. It can be used for voice or fax encryption. The TopSec 711 is connected between the analog communications network and a phone with an analog interface. As an alternative, the TopSec 711 can be connected to a terminal adapter for integration into a digital network. For encrypted communications, a data rate of 9.6 kbps is used. For communications with a partner encryption device, the ITU-T V.32 communications protocol is used. Prior to encryption, the voice information is digitized and compressed with a vocoder. TopSec Administrator administration software The TopSec Administrator administration software offers a wide range of additional capabilities for securing a communications system. TopSec Administrator is available for installation on a Windows-based computer. TopSec Administrator serves as the central, trusted authority for a closed user group. Interoperability between the TopSec devices The TopSec Mobile voice encryption device and the TopSec GSM encrypting mobile phone are interoperable with the TopSec 703+ and TopSec 711 fixed network encryption devices. For encrypted communications with the TopSec 703+, the ITU T V.110 communications protocol is used; for encrypted communications with the TopSec 711, the ITU-T V.32 communications protocol is used. Voice encryption in mobile radio networks GSM TopSec Mobile Mobile phone with Bluetooth interface TopSec GSM TopSec Mobile Mobile phone with Bluetooth interface Interoperability matrix for voice encryption with TopSec devices TopSec Mobile TopSec GSM TopSec 703+ TopSec 711 TopSec Mobile V.110, V.32 V.110, V.32 V.110 V.32 TopSec GSM V.110, V.32 V.110, V.32 V.110 V.32 TopSec 703+ V.110 V.110 V.110 TopSec 711 V.32 V.32 V.32 Rohde & Schwarz TopSec Product Family 5

Reliable encryption concept Hybrid approach for maximum security The TopSec encryption processes have proven themselves in practical use. Encryption is based on a hybrid process in order to achieve the highest levels of security. This approach combines an asymmetric algorithm for key agreement with a symmetric algorithm for encrypting confidential information. Encryption concept The encryption process used with the TopSec product family is designed to enable secure communications between two communicating parties. It is possible for the encryption devices to verify that both parties belong to the same closed user group. For an encrypted conversation, the partner encryption devices must have the same mathematical parameters at their disposal and use identical algorithms. The TopSec encryption devices utilize the Diffie Hellman key agreement protocol to generate individual session keys for each call (see figure). The Diffie Hellman key agreement protocol is a public key method. This means that both public and secret parameters are used. Both parameters are pre-installed during the manufacturing process and delivered with the equipment. The secret parameters of the Diffie-Hellman key agreement protocol are only generated temporarily for the relevant encrypted connection. Afterwards, the parameters are deleted. Using the Diffie-Hellman key agreement protocol enables encrypted communications between two partner encryption devices without the need for central administrative services. This is referred to as an open system, because it is possible to establish a crypto connection between any two TopSec encryption devices. The session key K calculated by the two partner encryption devices is used by the symmetric algorithms to encrypt or decrypt the digitized and compressed voice information. Encryption with a 128 bit encryption key: 10 38 possible keys In encryption mode, the devices of the TopSec product family and the partner encryption device automatically agree on a new 128 bit key during each call setup. A key is selected at random from a pool of 10 38 possible keys. The key is deleted immediately upon completion of the call. Diffie-Hellmann key agreement protocol A B Assumption: A and B have common prime number p, common natural number g < p A selects a random value a A calculates α := g a mod p A calculates β α B selects a random value b B calculates β := g b mod p B calculates K = β a mod p K = α b mod p Neither a nor b were transmitted; only A and B have sufficient parameters to calculate the session key K 6

Authentication for maximum security Spoofed encrypted connections and man-in-themiddle attacks are prevented TopSec encryption device users want to be certain that they have a secure, encrypted connection with their partner. All spoofed encrypted connections, and man-in-themiddle attacks in which unauthorized third parties masquerade as the legitimate communications partner, must be avoided. In theory, the Diffie-Hellman key agreement protocol is susceptible to a man-in-the-middle attack. Although such attacks require tremendous effort, the TopSec encryption concept includes measures for detecting and preventing them. For this purpose, a unique four-digit security code is generated for each encrypted connection. This code is displayed on and is only available in the TopSec encryption device and the partner encryption device. A secure call can be conducted only when the security codes are identical. With closed user groups, the system also performs certificate-based, automatic authentication between the TopSec partner encryption devices. Combined key agreement and authentication A P A, S 1 A Assumption: common prime number p, common natural number g < p, public keys P A, P B are included in the certificate, associated private keys S 1 A, S 1 B are only available in devices A and B P B, S 1 B B A selects a random value a A calculates χ a := P B mod p P B P A B selects a random value b b B calculates δ := P A mod p A calculates δ χ B calculates S A 1 K = (δ a ) mod p K = (χb ) mod p Neither a, b, S A 1 nor S B 1 were transmitted; only A and B have sufficient parameters to calculate the session key K S B 1 Rohde & Schwarz TopSec Product Family 7

User-managed encryption Open user group Upon delivery the encryption devices of the TopSec product family are able to begin cryptographic operation with other devices of the same product family; they use the open user group. Within a key agreement protocol (see figure on page 6 for the Diffie-Hellman key agreement protocol), the session keys are always generated for each connection and are immediately deleted upon completion of the call. To prevent the possibility of a man-in-themiddle attack, the two communicating parties check that the four-digit security code is the same on both devices. This provides extremely effective encryption management without any additional effort. TopSec certification Creating a digital signature using TopSec Administrator Certificate Checking the digital signature using the TopSec Mobile Certificate All TopSec devices within a closed system receive a certificate from TopSec Administrator. This certificate confirms their membership in a specific user group. Device ID Device ID Name of trust center Parameter 1 Parameter 2 Parameter n Parameter k Parameter xyz P U Creation of hash value Hash value Name of trust center Parameter 1 Parameter 2 Parameter n Parameter k Parameter xyz P U Creation of hash value Hash value? = Digital signature Generation of P U RSA signature with S TC Digital signature RSA verification with P TC Hash value Prime number p, generator g Device U generates S U ; 1 < S U < p 1; GCD (S U, p 1) = 1 S U 1 is the inverse of S U; S U S U 1 = 1 mod (p 1) P U = g S U mod p Device U saves P U, S U 1, P TC P U is part of the certificate 8

Closed user groups Another way to prevent man-in-the-middle attacks and limit the number of potential partners for secure communications connections is to create closed user groups. This requires an entity referred to in some systems as a trust center. In the TopSec system, this trust center is called TopSec Administrator. TopSec Administrator combines the functions of a trust center with the centralized administration of operational parameters. The trust center function is required when creating closed user groups. All TopSec devices within a closed system receive an individual certificate from TopSec Administrator. This certificate confirms membership in the group. The certificate contains information defined in the ITU T X.509 standard. The most important pieces of information contained in the certificate are the device ID for the TopSec device and a corresponding public authentication key. The certificate contains a digital signature. Within TopSec Administrator, a public key pair is generated for this digital signature. This pair consists of a public and a private key. The certificate's hash value is signed using the private key S TC (digital signature). The private key S TC remains in TopSec Administrator because it is the most confidential part of a closed system. The public key P TC is used to verify the digital signature, and thus validate the certificate. TopSec devices that are already members of a closed system can later be supplied with new certificates and the associated public key via public communications networks. This is accomplished using a secure process that is protected against manipulation and includes authentication by TopSec Administrator. Devices that have certificates and belong to the same closed system are able to authenticate each other automatically. To accomplish this, each encryption device first examines the certificate that identifies its partner encryption device. This is followed by a combined process for key agreement and authentication (see figure on page 7 for the Combined key agreement and authentication). An encrypted connection is only established if this process succeeds. In addition, the communicating parties can verify the authentication by checking the four-digit security code. Consequently, calls made using the TopSec encryption devices meet the highest security requirements. TopSec devices that belong to a closed system generate an additional public key pair during initialization. This pair is used for authentication. The private authentication key S U 1 remains stored in the TopSec device; the public authentication key P U is included in the certificate. Together with the certificate, the TopSec devices receive the public key P TC for validating certificates. Rohde & Schwarz TopSec Product Family 9

TopSec Administrator the convenient administration software Trust center functionality The TopSec Administrator administration software offers additional options for securing the system. A connection between a TopSec encryption device and TopSec Administrator via a telecommunications network is always encrypted. Using this encrypted connection, the TopSec encryption devices and TopSec Administrator authenticate each other's identity before any device configuration takes place. TopSec Administrator is a trust center that is run under the responsibility of the system operator. Remote administration Administered TopSec encryption devices that are members of a closed user group can be configured by TopSec Administrator via the public network (remote administration). Using this remote administration process, it is possible to issue new certificates and distribute black lists and white lists. Black lists Black lists contain device IDs that are not allowed to participate in a specific user group's cryptographic operation. (These device IDs are also included in the certificates.) White lists Within a closed user group, white lists allow additional segmentation of the potential communicating parties. Only those TopSec encryption devices that are entered in a white list in the same subgroup can establish an encrypted connection. Settings for operational parameters For TopSec encryption devices that are managed by TopSec Administrator, this software can set operational parameters depending on the specific device model. For example, with the TopSec 711, it is possible to determine whether pulse dialing or tone dialing is to be used for call setup. The software for the TopSec 711 and TopSec 703+ can be updated securely by TopSec Administrator via a telecommunications network. 10

Specifications TopSec voice encryption devices Data rate with voice encryption TopSec Mobile, TopSec GSM, TopSec 703+, TopSec 711 9.6 kbps Maximum data rate TopSec 703+ up to 2 64 kbps TopSec 711 (fax mode) up to 14400 bps Communications protocol used with the partner encryption device TopSec Mobile, TopSec GSM, TopSec 703+ V.110 TopSec Mobile, TopSec GSM, TopSec 711 V.32 Communications interface TopSec GSM GSM 900/1800 TopSec Mobile Bluetooth, version 2.0 TopSec 703+ four-wire, basic rate interface (S 0 ), Euro ISDN TopSec 711 two-wire, analog interface Ordering information Designation Type Order No. Voice Encryption Device TopSec Mobile 5411.0002 Encrypting Mobile Phone TopSec GSM 3531.6527 Encryption Device for digital connections TopSec 703+ 3531.6504 Encryption Device for analog connections TopSec 711 5400.2450 Administration Software TopSec Administrator 3531.6610 Rohde & Schwarz TopSec Product Family 11

Service you can rely on J Worldwide J Local and personalized J Customized and flexible J Uncompromising quality J Long-term dependability About Rohde & Schwarz Rohde & Schwarz is an independent group of companies specializing in electronics. It is a leading supplier of solutions in the fields of test and measurement, broadcasting, radiomonitoring and radiolocation, as well as secure communications. Established 75 years ago, Rohde & Schwarz has a global presence and a dedicated service network in over 70 countries. Company headquarters are in Munich, Germany. Environmental commitment JJ Energy-efficient products JJ Continuous improvement in environmental sustainability JJ ISO 14001-certified environmental management system Certified Quality System ISO 9001 Rohde & Schwarz SIT GmbH Am Studio 3 D-12489 Berlin +49 30 65884-223 Fax +49 30 65884184 E-Mail: info.sit@rohde-schwarz.com www.sit.rohde-schwarz.com www.rohde-schwarz.com Regional contact JJ Europe, Africa, Middle East +49 89 4129 137 74 customersupport@rohde-schwarz.com JJ North America 1 888 TEST RSA (1 888 837 87 72) customer.support@rsa.rohde-schwarz.com JJ Latin America +1 410 910 79 88 customersupport.la@rohde-schwarz.com JJ Asia/Pacific +65 65 13 04 88 customersupport.asia@rohde-schwarz.com R&S is a registered trademark of Rohde & Schwarz GmbH & Co. KG Trade names are trademarks of the owners Printed in Germany (ch) PD 5214.0301.12 Version 01.01 September 2009 TopSec Product Family Data without tolerance limits is not binding Subject to change

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback