New encryptor meets NSA Type 1 standards
- By William Jackson
- Oct 15, 2008
SafeNet Inc. of Baltimore has launched a new high-speed Type 1 encryptor that can perform at speeds of up to 10 gigabits/sec over Synchronous Optical Networks (SONET).
Type 1 devices are certified by the National Security Agency for securing classified information and are used primarily by the military and intelligence communities. The KG-340 was developed under the NSA’s Commercial COMSEC Evaluation Program and is the first of its kind designed to operate at those speeds in a SONET network.
“It is not serving a bridging function to a SONET capability,” said Jim Summers, senior vice president and general manager of the SafeNet government sales division. “Certainly there are other 10G encryptors out there; it’s a capability the government already has.” But most operate at the network layer, where processing packets adds network overhead. Operating at the SONET layer is more efficient and increases throughput.
SONET, which uses time-division multiplexing to provide permanent connections, is considered a physical layer protocol.
The Commercial COMSEC Evaluation Program was established by NSA to shepherd products developed by the private sector through the certification process required for handling classified and national security data. The company provides the funding for development; NSA commits resources for certification, with evaluation going on throughout the development process. Because of the requirements that security be designed into products from the beginning, it would be impractical to submit a finished product for Type 1 certification at the end of the process, Summers said.
The KG-340 was developed with a trusted computing base platform, with all hardware, software and firmware that contribute to its security designed from the ground up. Four line cards can be used interchangeably in the platform, providing speeds of OC-3 (155 megabits/sec), OC-12 (622 megabits/sec), OC-48 (2.5 gigabits/sec) and OC-192 (10 gigabits/sec). It is a full-duplex hardware based encryptor with High Assurance IP Encryptor compliant key exchange, and sits at the network core.
SafeNet has been selling a commercial SONET encryptor, but the Type 1 model requires a COMSEC sales authorization for purchase.
Although few organizations now require 10 gigabits/sec speeds for encryption, the capability is expected to be in demand in the future.
William Jackson is a Maryland-based freelance writer.