CipherPilot Encryption Devices

CipherPilot Encryption Devices

Encryption of data is the best way to prevent any misuse of sensitive, private and secret information that is transmitted over fibre optic links laid on public ground between locations. Using encryption techniques on easy to crack protocols like Ethernet also prevents against manipulation of data and intrusion into a network. Although encryption devices have a rather complex task to fulfil, the CipherPilots are easy to integrate into the existing network topology. Their influence on the network performance is as low as technically possible. Encryption is carried out without overhead, without extra data buffering and without any changes to the network devices and protocols. The CipherPilot encryption devices offer real time 256 bit AES hardware encryption at wire speeds of up to 10Gbit/s for all standard transmission protocols. The CipherPilots introduce very low latency and do not create any overhead that would reduce throughput. The CipherPilots may also be used in combination with any CWDM/DWDM system on the channel ports.

CipherPilot Encryption Devices application

 

Features:

  • Safeguards your data against espionage.
  • May be used with Dark Fibre, WDM and Ethernet links.
  • Encryption takes place with the highest commercially available encryption grade of 256 Bit AES (automatic key change every minute).
  • Encryption at wire speed
  • Supported protocols: ATM, SDH, Ethernet, Fibre Channel
  • Supported speeds: 100 Mbps up to 10 Gbps
  • Transparent to VLAN, MPLS, etc.
  • No encryption overhead
  • No need for changes to the network infrastructure
  • Tamper resistant chassis, maintenance free
  • Exchangeable SFP/XFP interfaces
  • Certified by BSI for VS-NfD, the EU and NATO restricted
  • Complies with FIPS 140-2 L3 and CC EAL3
  • PCI-DSS-Compliant

Hardware Options:

CipherPilot 200:

  • 19” 1RU chassis (H: 44mm, W: 430mm, D: 230mm), 4kg
  • Redundant Power Supply: 110-240V AC 50-60Hz, ca. 11W
  • 10/100BT Ethernet Level 2, Jumbo Frames, transparent to VLAN and MPLS
  • RJ45 10/100BT copper interface

CipherPilot 300:

  • 19” 1HE chassis (H: 44mm, W: 430mm, D: 320mm), 7kg
  • Redundant Hot-Swap PSU: 110-240V AC 50-60Hz, 90W or -48V DC
  • ATM/SDH/SONET (up to 2,5 Gbps), Fibre Channel (1G, 2G), Gigabit Ethernet
  • SFP Modules: RJ45-1000BT, Multi Mode 850 nm,
  • Single Mode 1310/1550 nm SR/IR/LR, CWDM, DWDM

CipherPilot 400:

  • 19” 2HE chassis (H: 88mm, W: 430mm, D: 370mm), 10kg
  • Redundant Hot-Swap PSU: 110-240V AC 50-60Hz, 115W or -48V DC
  • 10G (SDH/SONET, Ethernet):
  • XFP Modules: Single Mode 1310/1550 nm SR/IR/LR, DWDM

Specifications:

Encryption Performance:

  • Real-time wire speed encryption
  • Support of Jumbo Frames
  • Transparent to VLAN, MPLS
  • C4/C4-4c/C4-16c container encryption (path mode) resp. complete SDH/SONET frame (line mode)
  • Fibre Channel E-Port encryption
  • Full-duplex throughput independent of packet size, no encryption overhead
  • Key changes without link interruption
  • Additional latency: 100Mbit/s <40μs / 1Gbit/s <8μS / 10Gbit/s < 4μs per unit

Key Management:

  • Device authentication with Passphrase/Hostkey
  • Tamper resistant key storage
  • Automatic time triggered change of session keys
  • Autonomous operation without external key management

System Management:

  • Configuration through serial console port (RS-232/V.24) or SSH network access (Ethernet RJ45-10/100BT)
  • Integrated monitoring of link status and operation
  • Audit and event Logging
  • Remote monitoring via SNMP (V2c/V3)
  • Link monitoring via CipherMon

Encryption technology:

  • AES (256 bit) encryption with CBC block mode
  • Key generation with hardware random source
  • Key exchange with Diffie-Hellman ECC algorithm
  • Complies with FIPS 140-2 L3 and CC EAL3