Encryption The only encryption platform that can defend your sovereignty in all networks! Radio security solutions
Your technological challenge: inhomogeneous networks homogeneous information security Nowadays we see rapid advances in network and communication technologies on the one hand, and changes in user requirements on the other. Individuals with budgetary and operational responsibility in these areas have to cope with complex structures and processes: Networks are becoming ever more universal and flatter; the lines between core and edge areas, ever more blurred. Military organisations as well as governments, ministries, public administration and other civil authorities are using the same networks ever more frequently. Mobile and portable equipment is used more and more as all applications (phone, e-mail, data access, messaging, etc.) are expected to be available at any time. This philosophy of having everything everywhere at any time has given rise to a dense, inhomogeneous mix of radio/wireless, copper, fibre optics and satellite networks. Classic applications such as radio/ wireless, analogue telephony, fax, messaging (civilian and military versions) are competing with IP-based applications (voice, data, messaging, video). One trend that can be seen in the future is the convergence of classic applications to create triple-play IP ( IP convergence ). Inhomogeneous networks are complex to operate for network providers and system managers alike, particularly where sensitive data have to be protected at the same high level of security, regardless of how they are communicated. As a system or security manager, your task is to ensure homogeneous information security in inhomogeneous networks. You have two options: You can purchase application-specific solutions today and accept the fact that they will later have to be converted to IP. Or you select a universal encryption system with integrated IP mode and unified security architecture. With this second option, you have a simple solution that will withstand any technological changes that may occur over the next decade. 2
An ingenious encryption platform: fits any scenario and masters any application The encryption platform opens up new dimensions of efficient, homogeneous information security for you. It is a compact, robust and combatready unit that protects multiple applications (including IP). It creates end-to-end homogeneous information security in complex and inhomogeneous networks. It simplifies installation and operation. It accommodates future advances in technology with no trouble and at minimal expense! Different network technologies are no problem either. The platform can be connected to wire networks, Ethernet, radios and satellite terminals and can protect applications in the appropriate mode. The platform can be upgraded, thus has the potential of accommodating further applications and interfaces. Your investment is protected even if major technological advances do occur. Small and robust, this unit can be used as a stand-alone solution or can be integrated in command and control systems. It is militarily combat-ready and supports tactical as well as strategic scenarios, e.g. at headquarters, in command vehicles or in tanks at the front. The comprehensive Security Architecture from is used in all applications. The central Security Management can manage multiple applications, too, thus reducing the complexity of your ICT while increasing operational efficiency and minimising staff expenses. All encrypted applications are compatible with other encryption units of the same application from. Direct, secure communications across all borders become reality for you! PSTN/ISDN HF V/UHF SAT IP Voice NB NB/WB VoIP Data x x x x x Messaging x x x x x Video still still live live The matrix shows which encrypted applications can be run using which communication technologies. x = generally secure connection, NB = narrowband, WB = wideband, VoIP = Voice over IP, still = transmission of still pictures, live = transmission of live video. 3
Information security: just a matter of configuration for you now... HC-2650 offers you enormous flexibility, which you can use for voice and data applications in military and civilian operational scenarios, for different frequency bands and for all common radios. Application Package voice Legacy HF radios: with the integrated modem, you can establish encrypted connections over an analogue narrowband interface in voice quality of up to 2.4kbps even under extremely poor HF (VHF) conditions. Modern HF radios with hopping capabilities: this application is activated via a digital interface for up to 2.4 kbps. That means security can be provided for even the most modern EPM radios without restricting their properties. That means end-to-end security can be achieved even in mixed networks. Legacy V/UHF radios: besides the narrowband analogue interface, there is also a wideband interface available which fully supports the properties of older units and delivers excellent voice quality. Modern V/UHF radios with hopping capabilities: with this additional digital interface, EPM properties can be used (as in HF radios). If both types of interfaces are combined, encrypted connections can be established from one type of network to another (e.g. SINC- GARS to JAGUAR to FALCON, etc.). Application Package data Synchronous/asynchronous data communications: possible with no further adaptation over all radios and satellite systems (up to 128 kbs), also for (military) messaging applications such as ACP-127, STANAG 5066 and 4406. Automatic Link Establishment, ALE: compatible with systems such as MIL- STD 188-141A and FED-STD 1045. IP VPN Application Package Data: link and end-to-end encryption of large quantities of data even end-to-end all the way to the mobile subscribers on the edge of networks (e.g. command vehicles). Voice over IP (VoIP): also possible between civilian and military organisations thanks to technological compatibility. Messaging over IP: various high-security civilian and military messaging functions can be implemented. Video over IP: image and video are transmitted with no risk of tapping! HC-2650 is also available in individually configured versions for civilian or technically simple user profiles. 4
in an IP network scenario links via satellite, LAN and public transport network with triple play application Satellite Naval Force SAT Terminal Reconnaissance Vehicle SAT Terminal Laptop Server Video Camera SAT Terminal Encryption Laptop Phone Transport Network in a classic radio scenario with voice and messaging applications Satellite HF/VHF/UHF Crypto Field Terminal Modem Radio V/UHF Switch Crypto Field Terminal Modem Satellite Reconnaissance Vehicle Search and Rescue Boat Radio HF Modem Crypto Field Terminal Radio V/UHF Radio Encryption 5
Integration? Only the hard facts count here! Security experts know what ultimately counts in actual practice: Encrypting means integrating! The platform is unique in this respect, too: Multienvironment: mechanically and climatically robust, NEMP immune, EMC design (for detailed information on military standards, please refer to data sheet) Multiconnect: connects to all common types of military radios (over one hundred types tested) and modems Multiintegration: single application (mobile) or rack installation, e.g. for integration in C4I systems with automated functions such as selection of channels, operating modes, etc. (for example, for field command posts, war rooms on ships or surveillance aircraft) Multiband: all common frequency bands can be used (HF, VHF, UHF, SHF, SAT); both for fixed network technologies and for Ethernet, PSTN, and ISDN Multimode: encryption in analogue and digital modes (different bandwidths) and IP VPN mode with tunnel mode protocol (option: transport mode protocol) Multiprotocol: compatible with military standards and protocols for operation in specific networks, e.g. 5066/4406, etc. Multitraffic: simplex, half-duplex and full-duplex transmission, synchronous/asynchronous encryption, frequency hopping supported Multicompatibility: compatible with all equipment in the secure IP VPN family from, great potential for upgrades/updates (P3I=Pre-Planned Product Improvement), compatible with predecessor mode 265 Multicontrol: local or remote control, specific or integrated in C&C system Multialgo: multiple algorithms can be loaded to ensure interoperability with other sub-networks. Exclusively developed national algorithms are available as an option...defends your sovereignty in all networks: HC-2650 6
Network risks will never threaten your sovereignty Thanks to the comprehensive Security Architecture from, Multi- Com HC-2650 excels in meeting the military requirements for information security and provides maximum protection for each of your applications and each technology. The most important elements of the Security Architecture from Crypto AG are as follows: Your own secret cryptographic base, whose parameters your security manager can modify at any time without affecting security. Encryption with your secret symmetrical algorithms, kept secure from attack in a tamper-proof hardware encryption module. Flexible algorithm structure that allows you to form individual cryptographic groups with protected relationships (overlapping/hierarchical). Emanation-proof design of the encryption unit (EMC/EMV/NEMP design and internal red-black separation). Ultra-secure security management (central/decentralised, offline/online) that guarantees maximum security in the definition, management and distribution of your security data. The data are stored encrypted and separate from the network and are protected against access. You can manage multiple networks independently using the same management infrastructure, a feature that reduces investment and staff costs substantially. National algorithm blue National blue Ships with their national algorithm plus the allied algorithm National algorithm green Allied National green 7
To Remain Sovereign is your ideal partner for the efficient and secure handling of information. As a legally and economically independent Swiss company, we are not subject to any export restrictions. We have developed, manufactured and implemented custom security solutions for over 55 years. The package we offer features the latest technology solutions and comprehensive services. Throughout the entire lifetime of your system, we provide you with support services to guarantee autonomous operation and high availability whatever the user environment. You too can rely on the expertise and capabilities of just like our customers in over 130 countries., P.O. Box 460 CH-6301 Zug Switzerland Tel. +41 41 749 77 22 Fax +41 41 741 22 72 crypto@crypto.ch www.crypto.ch, Regional Offices Abidjan 01 B.P. 5852 Abidjan 01 Ivory Coast Tel. +225 22 41 17 71 Fax +225 22 41 17 73 Abu Dhabi Abu Dhabi P.O. Box 41076 Abu Dhabi United Arab Emirates Tel. +971 2 64 22 228 Fax +971 2 64 22 118 Buenos Aires Maipu 1256 PB A 1006 Buenos Aires Argentina Tel. +54 11 4312 1812 Fax +54 11 4312 1812 www.crypto.ch Kuala Lumpur Regional Office Pacific Asia Level 9B Wisma E&C 2, Lorong Dungun Kiri Damansara Heights 50490 Kuala Lumpur Malaysia Tel. +60 3 2080 2150 Fax +60 3 2080 2140 Muscat Regional Office Seeb PC 111 Sultanate of Oman Tel. +968 2449 4966 Fax +968 2449 8929 A member of The Crypto Group 2008 CP EN/0821