Se cu re C om m un ic at ion s Pro du ct B ro ch ure | 0 1. 01
R&S®MKS9680
Modular Encryption
Device
2
TheR&S®MKS9680isahighlysecuredevicefor
encryptingvoice,faxanddatafortransmission
over analog and digital landline networks and
satellite links. It meets even the most demanding
requirementsintermsofcryptographicsecurity,
emanationsecurityandresistancetomechanical
attacks,andiscapableofoperatinginpoor-quality
networks.
R&S®MKS9680
ModularEncryption
Device
At a glance
The R&S®MKS9680 is a modular device, available in differ-ent configurations, and designed to support various use scenarios. The device is equipped with interfaces for op-eration in heterogeneous networks.
The R&S®MKS9680 enables users to communicate securely over the following types of networks:
❙Analog networks
❙Digital, circuit-switched networks
❙IP networks (in combination with the R&S®IP-GATE) ❙BGAN and Thuraya satellite links
The R&S®MKS9680 has been optimized to deliver secure voice, fax and data communications, even in difficult sig-nal environments. For this purpose, it automatically selects the optimum data rate to provide the best possible trans-mission quality.
Key facts
❙Modular design enables flexible adaptation to available interfaces
❙Convincing transmission quality in poor-quality networks ❙Chip-card-based authentication for enhanced security ❙Highly secure communications worldwide using landline
networks and satellite links
❙Tamper-protected casing to guard against mechanical attacks
R&S®MKS9680
ModularEncryption
Device
Benefits and
keyfeatures
Highly secure communications for diverse operating scenarios
❙Fulfills the highest confidentiality requirements
❙Supports a wide range of applications and transmission protocols
❙Usable anywhere – from cities to remote regions ▷ page 4
Sophisticated security concept allows straightforward key management
❙Cryptographic control is in the hands of the customer ❙Secure authentication of users based on smart cards ❙Consistently high level of security within networks due to
individually secured communications relationships ▷ page 5
Tamper-proof, versatile hardware
❙Modular design supports multiple network scenarios with a single device
Store-and-forward functionality enables time-shifted operations
Encrypted storage: Message/file is decrypted and forwarded to target system. At target site, PC with R&S®MKS9680 transfer software running must be connected to R&S®MKS9680, and authentication card must be inserted in R&S®MKS9680
¸MKS9680 transfer software
(short messages and file transfer)
Network
¸MKS9680 transfer software
(short messages and file transfer)
Fax machine
Network
Fax machine Encrypted storage:
Fax is decrypted and forwarded to target system. At target site, fax machine must be connected to R&S®MKS9680, and authentication card must be inserted in R&S®MKS9680
4
Highlysecure
communications for
diverseoperating
scenarios
Fulfills the highest confidentiality requirements
The R&S®MKS9680 sets new standards internationally for the secure transmission of sensitive information. Its se-curity features encompass cryptographic and mechanical protection as well as the ability to support organizations' own security policies.
The R&S®MKS9680 employs strong cryptographic algo-rithms with key lengths as required today in many coun-tries to effectively secure government communications. The device creates the necessary key material using a hardware-based noise generator. To protect the crypto-graphic functionality as well as confidentiality and integrity, the R&S®MKS9680 has been ruggedized. Besides guard-ing the device against physical manipulation, the rugged-ization also protects it against emanation attacks.
Supports a wide range of applications and transmission protocols
The device can be used to protect various types of real-time transmissions, including voice, data and video. The R&S®MKS9680 additionally includes store-and-forward capabilities for the secure transmission of faxes and short messages. It can also be used in heterogeneous network infrastructures.
The device is modular and, depending on the version, has both analog and digital interfaces. The R&S®MKS9680 can also operate in IP networks when combined with the R&S®IP-GATE. Together, these capabilities give users a maximum degree of independence from the diverse trans-mission protocols employed in today's landline and satel-lite communications, and allow cross-network communi-cations that are secured from end to end.
Usable anywhere – from cities to remote regions
Sophisticated
securityconcept
allows
straight-forwardkey
management
Security architecture based on individually secured communications relationships Cryptographic control is in the hands of the
customer
Production of the R&S®MKS9680 (carried out in dedicated Rohde & Schwarz facilities in Germany) and first-time cryp-tographic initialization of the device are two separate and independent processes. A device's unique cryptographic identity is set by the customer using a special smart card in a one-time operation performed in a secure environ-ment. In subsequent operation, the user authentication process and the keys provisioned by the system are based on this cryptographic identity.
The consistent use of smart cards based on the devices’ unique cryptographic identity simplifies key management and effectively prevents unintentional misconfiguration of the overall system.
Secure authentication of users based on smart cards
Users authenticate themselves to the R&S®MKS9680 using a special smart card that they insert into the device's built-in card reader. This smart card is assigned cryptographical-ly to both the user and the device. If need be, a user's card can also be assigned to additional R&S®MKS9680 devices.
Consistently high level of security within networks due to individually secured communications relationships
A central crypto management system allows separate key material to be generated for any predefined communica-tions relacommunica-tionship. The central crypto management also sets the period of validity for the key material for each in-dividual communications relationship. R&S®MKS9680 de-vices change the key material automatically, depending on the material's defined validity.
6
Modular design supports multiple network scenarios with a single device
The R&S®MKS9680 comes with diverse network inter-faces (analog and digital). This allows the R&S®MKS9680 to adapt easily to users' specific needs and requirements as well as changes in communications environments, and thus affords high safety of investment.
Physical protection
The R&S®MKS9680 incorporates intelligent engineering to detect and ward off mechanical attacks. The modules are separated from one another, and the casing is tamper-proof to prevent mechanical attacks on the device and its built-in security functions. Separating the modules also serves to shield individual circuits and the entire device electrically and electromagnetically to provide effective protection against side-channel attacks.
Tamper-proof,
versatile hardware
Security architecture based on individually secured communications relationships A range of interfaces
Irrespective of the type of network available at the point of use – analog or digital – users can always connect the same terminal equipment and need not worry what kind of network their counterpart is using: The R&S®MKS9680 automatically chooses the right transmission technology. The graphic depicts a typical use scenario for the
Specifications
Ordering information
Designation Type Order No.
R&S®MKS9680
Encryption device with analog interface and digital Euro-ISDN basic rate interface R&S®MKS9680 5415.0671.04 Transfer software for the R&S®MKS9680 R&S®MKS9680Transfer-SW 5415.1910.02
Management system
Key management software R&S®MKS0810 5415.2168.03
Hardware-based true random number generator R&S®MKS0606 5415.0365.02
Smart card read/write device R&S®MKS0707 5415.0007.02
Smart card
(installation, authentication and key card)
R&S®MKS0503 5415.1778.02 Specifications of the R&S®MKS9680
Interfaces
Analog 1
Digital 1 × Euro-ISDN
(two B channels)
SatCom ❙ BGAN over ISDN
❙ BGAN/IP over R&S®IP-GATE ❙ Thuraya/IP over R&S®IP-GATE Landline IP over R&S®IP-GATE
Encryption
Symmetric algorithm AES256
General data
Dimensions (W x H x D) 190 mm × 220 mm × 170 mm (7.5 in × 8.7 in × 6.7 in)
Weight 7.6 kg (16.8 lb)
Operating temperature range +10 °C to +40 °C Transportation temperature range –10 °C to +60 °C Power supply
About Rohde & Schwarz
Rohde & Schwarz is an independent group of companies specializing in electronics. It is a leading supplier of solu-tions in the fields of test and measurement, broadcasting, radiomonitoring and radiolocation, as well as secure communications. Established more than 75 years ago, Rohde & Schwarz has a global presence and a dedicated service network in over 70 countries. Company headquar-ters are in Munich, Germany.
Environmental commitment
❙Energy-efficient products
❙Continuous improvement in environmental sustainability ❙ISO 14001-certified environmental management system
CertifiedQualitySystem
ISO 9001
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG Trade names are trademarks of the owners | Printed in Germany (ch) PD 5214.4042.12 | Version 01.01 | May 2011 | R&S®MKS9680 Data without tolerance limits is not binding | Subject to change © 2011 Rohde & Schwarz GmbH & Co. KG | 81671 München, Germany
Service you can rely on
J Worldwide
J Local and personalized
J Customized and flexible
J Uncompromising quality
J Long-term dependability
Rohde & Schwarz SIT GmbH
Am Studio 3 | D-12489 Berlin Phone +49 30 65884-223 | Fax +49 30 65884-184 E-mail: [email protected] www.sit.rohde-schwarz.com www.rohde-schwarz.com Regional contact
