DOE
UNCLASSIFIED ENCRYPTION EQUIPMENT GUIDE

This guide was developed for Department of Energy (DOE) employees and DOE contractors as an information source concerning the protection of sensitive unclassified (SU) information transmitted over DOE phone lines or other communications media. The contents of this document are intended to provide information relevant to the protection of SU information in electronic form on DOE systems. The information contained herein is not meant to be a guide or standard regarding the process of SU. It is intended to be an information source which may be of use to DOE employees and DOE contractors. Questions concerning DOE policy regarding the encryption of SU should be referred to DOE Headquarters, HR-433.

Entrust is a family of software products designed to provide encryption digital signature capabilities to support public key cryptography. It ensures privacy for information on or transmitted from Windows, Macintosh, and Unix machines with the FIPS approved DES algorithm. Digital signatures which provide for authentication of the sender's identity and non-repudiation may be provided by RSA or DSS public key algorithms. Other algoritms are supported by the Entrust software. Operation of the software is simplified by graphical user interfaces. The cryptographic Module V and cryptographic Kernel V are components of the Engrust Client software package. Entrust Client is a file level encryption and digital signature application used in the Entrust family. The Entrust family of public key cryptographic products were developed by Northern Telecom. Additional information, such as pricing and availability, may be obtained by accessing their web site, http://www.entrust.com, or by calling (919) 992-5525.

BACK TO TOP

The Subscriber Encryption Module is available in the ASTRO line of digital radios. ASTRO is a set of digital radios designed to meet the guidance of Project 25, which was created by the Association of Public Safety Communication Officials (APCO). Project 25 standards promote the development of digital technology in two-way radio communications. The ASTRO radios provide for both analog operation and narrowband digital operation. ASTRO radios support the integration of voice and data communications on a single channel or they can be configured to allow separate dedicated channels for data and voice. The radios operate in VHF, UHF, and at 800 MHz frequencies. Full digital operation is available in a 12.5 KHz narrowband channel. The manufacturer of the ASTRO digital radios is Motorola, Inc., Communications Sector. Additional information, such as pricing and availability, may be obtained by accessing their web site, http://www.mot.com/LMPS/RNSG/portable.htm, or by calling (847) 576-9066.

BACK TO TOP

CIDEC data encryptors secure sensitive unclassified information over point-to-point or dial-up communications links. This encryptor is capable of providing network security in host, LAN server applications. CIDEC encrypts synchronous simplex, half-duplex, or full-duplex data communications. The LSi model also operates in an asynchronous mode. A self-synchronizing encryption mode allows all of the CIDEC encryptor to operate transparent to the user. Key management is handled by the manufacturer's electronic key management system (Secure Electronic Exchange of Keys - SEEK). The device is configurable from a front-panel keypad that controls a menu selection of a liquid crystal display. CIDEC supports the DES encryption algorithm at data rates from 256 Kbps up to 2 Mbps. The individual data rates of the various models are shown below:

CIDEC LSi - 1200 bps-256 Kbps synchronous and 75 bps-19.2 Kbps asynchronous
CIDEC MSi - 1200 bps-768 Kbps synchronous
CIDEC HSi - 56 Kbps-2Mbs synchronous

The manufacturer of CIDEC is CYLINK Corporation. Additional information, such as pricing and availability, may be obtained by accessing their web site, http://www.cylink.com/products/security/securewa.htm, or by calling (408) 735-5800.

BACK TO TOP

The Datacryptor 64E encryption device is an end-to-end packet encryptor designed to protect information transmitted through Public and Private X.25 packet switched networks. Data encrypted prior to transmission remains encrypted throughout the network. Decryption takes place at the data's final destination. The Datacryptor 64E only encrypts the packet's data field. The address and control information remains unencrypted. Key management for the Datacryptor 64E is compliant with the X9.17 Key Management Standard. The Datacryptor 64E can be used with or without the manufacturers key management center. When used with the manufacturer's key management center, the Datacryptor 64E uses a 3-key system for key management functions. Without the manufacturers key management system, a 2-key system is employed. The housing of the Datacryptor 64E is tamper resistant. When tampering is detected, all stored keys are automatically erased and the operating parmeters are reset. The Datacryptor is manufactured by RACAL Data Group. Additional information, such as pricing and availability, may be obtained by accessing their web site, http://205.138.43.41/rdg/products/ds/ds1164/ds1164.htm, or by calling (703) 471-0892.

BACK TO TOP

The Datacryptor 64 encryption device is designed for use in point-to-point, multi-drop, dial-up, and dedicated network applications. It operates at speeds up to 64 Kbps synchronous mode and up to 19.2 Kbps in an asynchronous mode. Key management for the Datacryptor 64 is compliant with the X9.17 Key Management Standard. The Datacryptor 64 uses a 2-key system for key management. It can generate and store up to 400 keys. The housing of the Datacryptor 64 is tamper resistant. When tampering is detected, all stored keys are automatically erased and the operating parameters are reset. The Datacryptor is manufactured by RACAL Data Group. Additional information, such as pricing and availability, may be obtained by accessing their web site, http://205.138.43.41/rdg/products/ds/ds0770/ds0770.htm, or by calling (703) 471-0892.

BACK TO TOP

The MTS 2000 is a full featured portable analog radio designed to be modified through software upgrades. Users can custom program critical features through programmable buttons and soft key access. Bandwidth operation is software configuration and can be programmed to operate at 12.5, 5/30 KHz channel bands. One MTS 2000 radio can operate over multiple sub-bands, providing for interoperability between organizations. Encryption capabilities are compatible with Motorola SECRENET. The MTS 2000 is manufactured by Motorola Corporation. Additional information, such as pricing and availability, may be obtained by accessing their web site, http://www.mot.com/LMPS/RNSG/portable.htm, or by calling (312) 397-1000.

BACK TO TOP

The Spectra is a family of ruggidized analog radios. Spectra radios are designed with front control panel programming to facilitate quick changes inv arious radio features. The Spectra operates at UHF, VHF, 800 MHz, and 900 MHz frequencies. Encryption capabilities are compatible with Motorola SECURENET. The Spectra is manufactured by Motorola Corporation. Additional information, such as pricing and availability, may be obtained by accessing their web site, http://www.mot.com/LMPS/RNSG/mobile.htm, or by calling (312) 397-1000.

BACK TO TOP

SafeNet is an integrated internet security system designed to protect dial-up and Local Area Network (LAN) connections. SafeNet products are compatible with Internet protocols and can support secure Internet connections through encryption and user/data authentication. Packet encryption technics provide operations transparent to users, applications and the network. The SAFENET product line utilizes DES encryption compliant with FIPS 140-1, level 2 requirements. SafeNet also provides digital signature user authentication through ANSI X9.26 requirements, private key management utilizing X9.17, and public key management utilizing X.509 certificates.

SafeNet/LAN combines firewall packet and socket filtering, data encryption and address verification to prevent spoofing. Encrypted authentication codes are generated to prevent modification of IP addresses. SafeNet/LAN automatically generates a security header using encryption that provides protection against address spoofing. It also allows the user to specify only encrypted communications.

SafeNet/Security Center provides comprehensive, central security management for all SafeNet products and security services on a single high performance workstation. Support is provided for public key management (X.509) and private key management (X9.17).

SafeNet/Dial is a pocket size encrypting token with a 28.8 Kbps modem. It authenticates the user and automatically encrypts the data.

Safe/Mail signs and encrypts e-mail messages using digital signatures and standard e-mail packages.

The SafeNet product is manufactured by Information Resource Engineering. Additional information, such as pricing and availability, may be obtained by accessing their web site, http://www.ire.com/prod/safenet/htm, or by calling (410) 931-7500.

BACK TO TOP

Cipher X 5000A is a family of network encryptors capable of providing secure communication over public and private networks. These products are designed to perform synchronous and asynchronous X.25 and TCP/IP protocol sensitive encryption. Synchronous data rates up to 64 Kbps are obtainable and asynchronous up to 38.4 Kbps. Cipher X 5000A encryption products are compliant with the DES encryption algorithm standards. They can support up to 255 simultaneous virtual circuits, each with its own encryption key, effectively providing secure end-to-end encryption for each circuit. The Cipher X 5000A cprotocol sensitive models also provide discretionary access control and support for up to four separate groups. Each group functions as a secure sub-network and is controlled by a network address table. Central key management is provided on-line by the Technical Communications Corporation (TCC) Crypto Management System (CMS) and off-line by the TCC KEYNET Key and Network Management System. Cipher X 5000 products are manufactured by Technical Communications Corporation. These devices are also leasable through General Services Administration (GSA) starting at a base price of $88.00 a month per unit. Also refer to their web site at http://www.tccsecure.com/cx850.htm, or by calling (617) 862-6035 for additional pricing information.

BACK TO TOP

Please send any questions or comments to Sharon L. Shank of the Architecture, Standards and Engineering Group, Office of Information Management, at Sharon.Shank@hq.doe.gov or by telephone at (301) 903-3047.