Wikipedia

High Assurance Internet Protocol Encryptor: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
nbsp
m Added non-breaking space to non-template file size, frequency, bitrate, and bandwidth values (via WP:JWB)
Line 5:
}}
 
A '''High Assurance Internet Protocol Encryptor''' ('''HAIPE''') is a [[Type 1 encryption]] device that complies with the [[National Security Agency]]'s HAIPE IS (formerly the HAIPIS, the High Assurance Internet Protocol Interoperability Specification). The [[cryptography]] used is [[NSA Suite A Cryptography|Suite A]] and [[NSA Suite B|Suite B]], also specified by the NSA as part of the [[Cryptographic Modernization Program]]. HAIPE IS is based on [[IPsec]] with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt [[multicast]] data using a "preplaced key" (see definition in [[List of cryptographic key types]]). This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data over an untrusted or lower-classification network.
 
Examples of HAIPE devices include:
* [[L3Harris Technologies]]' Encryption Products<ref>[https://www2.l3t.com/cs-east/what-we-do/products/encryption-products_red-eagle.htm L-3 Communication Encryption Products]</ref>
** KG-245X 10&nbsp;Gbit/s (HAIPE IS v3.1.2 and Foreign Interoperable),
** KG-245A fully tactical 1 &nbsp;Gbit/s (HAIPE IS v3.1.2 and Foreign Interoperable)
** RedEagle
* [[ViaSat]]'s AltaSec Products<ref>[http://www.viasat.com/government-communications/information-assurance/ ViaSat Information Assurance web page]</ref>
** KG-250,<ref>[http://www.viasat.com/government-communications/information-assurance/altasec-kg-250 ViaSat KG-250]</ref> and
** KG-255 [1 &nbsp;Gbit/s]<ref>[http://www.viasat.com/government-communications/information-assurance/altasec-kg-255 ViaSat KG-255]</ref>
* [[General Dynamics Mission Systems]] TACLANE Products<ref name="ge">[https://gdmissionsystems.com/encryption/taclane-network-encryption General Dynamics TACLANE Encryptor (KG-175)]</ref>
** FLEX (KG-175F)
Line 23:
Three of these devices are compliant to the HAIPE&nbsp;IS&nbsp;v3.0.2 specification while the remaining devices use the HAIPE IS version 1.3.5, which has a couple of notable limitations: limited support for [[routing protocols]] or open [[network management]].
 
A HAIPE is an IP encryption device, looking up the destination IP address of a [[Network packet|packet]] in its internal Security Association Database (SAD) and picking the encrypted tunnel based on the appropriate entry. For new communications, HAIPEs use the internal Security Policy Database (SPD) to set up new tunnels with the appropriate algorithms and settings. Due to lack of support for modern commercial routing protocols the HAIPEs often must be preprogrammed with [[static routing|static routes]] and cannot adjust to changing network topology.
 
A couple of new HAIPE devices will combine the functionality of a router and encryptor when HAIPE IS version 3.0 is approved. General Dynamics has completed its TACLANE version (KG-175R), which house both [[Red/black concept|a red and a black]] Cisco router, and both ViaSat and L-3 Communications are coming out with a line of network encryptors at version 3.0 and above. Cisco is partnering with [[Harris Corporation]] to propose a solution called SWAT1<ref>[https://www.cisco.com/web/strategy/docs/gov/swat1_ds.pdf Cisco Harris SWAT1 Solution]</ref>
 
There is a UK HAIPE variant that implements UKEO algorithms in place of US Suite A. Cassidian has entered the HAIPE market in the UK with its Ectocryp range. Ectocryp Blue is HAIPE version 3.0 compliant and provides a number of the HAIPE extensions as well as support for network [[quality of service]] (QoS). Harris has also entered the UK HAIPE market with the BID/2370 End Cryptographic Unit (ECU).<ref>[https://www.harris.com/press-releases/2008/12/next-generation-bid-2370-device-developed-under-uk-ministry-of-defence-chimp Harris UK BID/2370 ECU]</ref>
Retrieved from "https://en.wikipedia.org/wiki/High_Assurance_Internet_Protocol_Encryptor"