ISO Rohde Schwarz

Document Sample
ISO Rohde Schwarz Powered By Docstoc
                                     Secure communications on leased lines

◆ Confidential communications via         ◆ Operates independently of applica-   ◆ Suitable for a large variety of
  synchronous leased lines at transmis-     tions and services                     infrastructures
  sion rates up to 2 Mbit/s               ◆ Provides flexible security manage-   ◆ High-grade encryption through
◆ "Transparent" integration                 ment                                   – powerful algorithms
◆ Easy to install                         ◆ Can be used for:                       – 128-bit keys
◆ Minimal administration required and       – confidential telephony             ◆ Authorization through RSA encryption
  low cost of ownership                     – confidential video telephony         with 2048-bit key
◆ Fulfills all legal data protection        – confidential video conferences
  requirements                              – confidential data transmission
Secure communications on leased lines

                                                      Leased line over
                                                      public network
                                                      (PDH, SDH, X.21)

Fig. 1 Encryption of leased-line link by SITLink system

SITLink provides IT security by protecting           cal of corporations with trusted and inti-   infrastructure. The user is not interested
communications on synchronous leased                 mate partners or corporations with diffe-    in the transmission media or the route of
lines. The system supports transmission              rent subsidiaries and geographically         transmission on the public communicati-
rates of up to 2 Mbit/s. Bit-oriented                dispersed divisions. Sample applications     ons highway. Contrary to popular belief,
encryption of the transmitted information            for SITLink are shown in Fig. 2. Typical     leased-line connections are not necessa-
ensures confidential communications at               environments are the following:              rily the shortest physical connection as
the primary level. This is the basis for con-                                                     even satellite and microwave links may
fidential, service-independent, intra-cor-           ◆ LAN-LAN link with time division multi-     be involved.
porate communications (voice, video, and               plex systems or router and switches
data). Corporate data is protected against           ◆ Coupling of ISDN systems or PDH-           SITLink protects your data against
eavesdropping, modification, and falsifi-              based time division multiplexers           damage, violation, and attacks such as
cation as well as subterfuge. Both espio-                                                         the following:
nage and sabotage are effectively ruled
out.                                                 Security function                            ◆ Damage caused by passive attacks
                                                                                                    with the intention of espionage.
SITLink has been designed to provide a               Corporate communications are usually           These attacks do not affect the trans-
secure backbone for transmission over                based on leased lines as this structure        mitted information or operation of the
public connections (Fig. 1) for use in cor-          may be the most effective means of com-        communications system, but try to ob-
porate networks with a distributed infra-            municating with subsidiaries and part-         tain confidential information such as
structure. Solutions of this kind are typi-          ners over the public communications            passwords, subscriber IDs, project de-
                                                                                                    tails, quotation and price information

                                                                                                        Leased line

Fig. 2 SITLink environment

2       SITLink
                                                            Central location                           The system can be accessed in two ways:
               IP network                                                                              via the local management port, and via the
                                                                                                       secured data port connected to the public

                                                                                                       Remote management via the connection
                                                                                                       used for information transmission is
                                           l   n                                   Telephone network   called in-band management, and
                                                                                                       management via a separate network is
                                                                                                       referred to as out-of-band management.
                                                                                                       The advantage of in-band management is
                                                                                                       the cost saving as the existing infrastruc-
       location B             location A
                                                                                                       ture required for information transmis-
                                                                                                       sion is used. Out-of-band management is
                                                                                                       more reliable and not affected by any fai-
Fig. 3 Connection of local LSM (link security management)                                              lures in the transport network. Further-
                                                                                                       more, it does not occupy bandwidth in
                                                                                                       the network that otherwise could be used
◆ Damage via attacks that manipulate                   reliable signal reception at the receiver       for data transmission.
  and distort the information. The intru-              end. If the clock fails, the entire network
  ders may delay, repeat or change                     shuts down. A symmetrical encryption            PC-based link security management
  transmitted messages by inserting or                 method is used with the same algorithms         (LSM) has been designed for managing
  deleting information. This includes                  and keys (128 bits) at both ends of the link.   and monitoring secured links.
  unauthorized access (deception                       If the symmetry requirement is not met,
  attempts by tampering with the ID                    the recipient, i.e. an unauthorized subscri-    Fig. 3 shows possible applications of LSM.
  codes of communications partners)                    ber, will not receive usable data. Encryp-      For monitoring and management, one of
◆ Damage may also be caused by inad-                   tion is performed by the Kryptochip SCA95       the end nodes on the link to be protected
  vertent loss of information, e.g. when               hardware.                                       is addressed directly (locally) or via the
  the information does not arrive at its                                                               remote-control network. In this scenario,
  destination because of operating mis-                                                                the serial V.24 link is emulated or tunneled
  takes, software faults, transmission                 Management                                      through another network by means of a
  breakdown, or routing errors                                                                         modem link or through the use of terminal
                                                       Appropriate tools are available for system      servers (TS). Thus LSM can remotely
                                                       management, configuration and monito-           access the line to be managed. The com-
Operation                                              ring.                                           plementary unit on the link to be secured
                                                                                                       can then be accessed in-band via the
SITLink units are connected to both ends               SITLink units can be managed locally or         secured data line. A precondition for this
of a public-network line. Terminal equip-              controlled from a remote link security          is, of course, that an active and secured
ment connected to the SITLink units                    management station.                             link has been established between the
"sees" them as belonging to the leased-                                                                SITLink units.
line system (DCE). SITLink does not                    System management performs the follo-
reduce transmission performance and                    wing tasks:
the full bandwidth of the line is available
to the user.                                           ◆ Encrypted saving and storage of sen-
                                                         sitive and critical data
Encryption is performed on OSI layer 1, i.e.           ◆ Secure key assignment/management
at bit level. SITLink units need a clock and           ◆ Generation of sensitive data (keys,
can only operate when connected to a                     chip card programming, etc)
synchronous network. This clock ensures

                                                                                                                                     SITLink      3

General data

 Dimensions (HxWxD, 19" rackmount) 44 mm x 482.6 mm x 242 mm                           G.703 E1 link
                                                                                          Transmission rate                      2048 kbit/s
 Weight                                  4 kg                                             Line coding                            HDB3 or AMI
                                                                                          Electrical interface                   G.703 with G.704 framing (PCM 30/31)
 Operating voltage                       100 V to 240 V AC ±5%, 50 Hz to 60 Hz,
                                                                                          Connector                              D-Sub 15-pin connector (ISO 4903)
                                         optional 48 V DC, self-regulating
                                                                                          Clock                                  co-directional
 Power consumption                       peak 30 VA                                       Latency                                18 bits (~8.8 μs), no jitter
                                         norm <24 VA                                      Mode                                   30/31 × 64 kbit/s, structured

 Fusing                                  2AT via fine-wire fuse, accessible            G.703 link
                                         from exterior                                    Transmission rate                      2048 kbit/s
                                                                                          Line coding                            AMI or HDB3
 Safety class                            I                                                Electrical interface                   G.703
                                                                                          Connector                              Sub-D 15 (ISO 4903)
 Climatic class                          3K2, DIN IEC 721                                 Clock                                  co-directional
                                                                                          Latency                                18 bits (~8.8 μs), no jitter
 Permissible temperature range           5ºC to 40 ºC (ambient temperature)               Mode                                   2048 kbit/s, unstructured
 Operating temperature range             15ºC to 32 ºC
 Relative humidity                       10% to 75%, no condensation
                                                                                      Operating modes
 Service port                            D-Sub 9-pin connector (V.28)
                                         for servicing only                            Encrypted                                 user-selectable channels
                                                                                       Bypass                                    local activation, setting and activation
 Display                                 2 x 20-digit LCD, no illumination
                                                                                                                                 via LSM

                                                                                                                                                                            R&S® is a registered trademark of Rohde&Schwarz GmbH&Co. KG · Trade names are trademarks of the owners · Printed in Germany (bb)
 Operation                               5 keys or management system or                Error                                     in case of a fault, random numbers
                                         service application                                                                     are sent

 Chip card                               in line with ISO 7816, incl. cryptocont-     Algorithm                                  Siemens SCA95 algorithm
                                         roller and RSA with 2048-bit key

                                                                                                                                                                            PD 5213.8367.32 · SITLink · Version 04.01 · May 2008 · Data without tolerance limits is not binding · Subject to change

                                         D-Sub 15-pin connector, male                  EN 60950:2000                             product safety
                                         (ISO 4903)
 Transport                                                                             EN55022:1998 class B G.703,
                                         V.24 (RS-232-C)                                                                         EMC, ITE EMI emission
 Application                                                                                      class A X.21
                                         link management LSM: local via V.24
                                         and in-band to complementary unit,
                                                                                       N61000-6-2                                EMC, ITE immunity
                                         remote management via modem or
                                         terminal server                               EN 61000-3-2:1995                         EMC, mains harmonic currents
Firmware                                 version 4.x
                                         (management interface in V.24 mode)

Line versions

 X.21 link
    Transmission rate                    up to 2048 kbit/s
    Line coding                          NRZ                                                                     Certified Quality System
    Electrical interface                 X.27
    Connector                            D-Sub 15-pin connector (ISO 4903)                                       ISO 9001
    Clock                                from "public" or "home" interface                                          DQS REG. NO 1954 QM

    Latency                              1 bit (~1.9 μs to 833 μs)
    Other data                           possible also via unframed E1
                                         control of C, I link

                               Customer Support: Telephone: +49 30 65884111 · Fax: +49 30 65884184 · E-mail:

Shared By: