TACLANE
   HOME

TheInfoList



OR:

A High Assurance Internet Protocol Encryptor (HAIPE) is a
Type 1 encryption The U.S. National Security Agency (NSA) used to rank cryptographic products or algorithms by a certification called product types. Product types were defined in the National Information Assurance Glossary (CNSSI No. 4009, 2010) which used to define ...
device that complies with the
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collect ...
's HAIPE IS (formerly the HAIPIS, the High Assurance Internet Protocol Interoperability Specification). The
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
used is Suite A and
Suite B NSA Suite B Cryptography was a set of cryptographic algorithms Promulgation, promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassi ...
, also specified by the NSA as part of the Cryptographic Modernization Program. HAIPE IS is based on
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt
multicast In computer networking, multicast is group communication where data transmission is addressed to a group of destination computers simultaneously. Multicast can be one-to-many or many-to-many distribution. Multicast should not be confused with ...
data using a "preplaced key" (see definition in
List of cryptographic key types This glossary lists types of key (cryptography), keys as the term is used in cryptography, as opposed to key (lock), door locks. Terms that are primarily used by the U.S. National Security Agency are marked ''(NSA)''. For classification of keys ac ...
). This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data over an untrusted or lower-classification network. Examples of HAIPE devices include: *
L3Harris Technologies L3Harris Technologies (L3Harris) is an American technology company, defense contractor, and information technology services provider that produces C6ISR systems and products, wireless equipment, tactical radios, avionics and electronic systems, ...
' Encryption Products ** KG-245X 10Gbit/s (HAIPE IS v3.1.2 and Foreign Interoperable), ** KG-245A fully tactical 1 Gbit/s (HAIPE IS v3.1.2 and Foreign Interoperable) ** RedEagle *
ViaSat Viasat may refer to: *Viasat (American company) (founded 1986) * Viasat (Nordic television service) (founded 1991) * Danish 1st Division, officially Viasat Divisionen, second-highest football league in Denmark * Viasat Cup, 2006 Danish football to ...
's AltaSec Products ** KG-250, and ** KG-255 Gbit/s*
General Dynamics Mission Systems General Dynamics Mission Systems is a business unit of American defense and aerospace company General Dynamics. General Dynamics Mission Systems integrates secure communication and information systems and technology. General Dynamics Mission Syste ...
TACLANE ProductsGeneral Dynamics TACLANE Encryptor (KG-175)
/ref> **FLEX (KG-175F) **10G (KG-175X) **Nano (KG-175N) *Airbus Defence & Space ECTOCRYP Transparent Cryptography Three of these devices are compliant to the HAIPE IS v3.0.2 specification while the remaining devices use the HAIPE IS version 1.3.5, which has a couple of notable limitations: limited support for
routing protocols A routing protocol specifies how routers communicate with each other to distribute information that enables them to select routes between nodes on a computer network. Routers perform the traffic directing functions on the Internet; data packets ...
or open
network management Network management is the process of administering and managing computer networks. Services provided by this discipline include fault analysis, performance management, provisioning of networks and maintaining quality of service. Network managem ...
. A HAIPE is an IP encryption device, looking up the destination IP address of a
packet Packet may refer to: * A small container or pouch ** Packet (container), a small single use container ** Cigarette packet ** Sugar packet * Network packet, a formatted unit of data carried by a packet-mode computer network * Packet radio, a fo ...
in its internal Security Association Database (SAD) and picking the encrypted tunnel based on the appropriate entry. For new communications, HAIPEs use the internal Security Policy Database (SPD) to set up new tunnels with the appropriate algorithms and settings. Due to lack of support for modern commercial routing protocols the HAIPEs often must be preprogrammed with static routes and cannot adjust to changing network topology. A couple of new HAIPE devices will combine the functionality of a router and encryptor when HAIPE IS version 3.0 is approved. General Dynamics has completed its TACLANE version (KG-175R), which house both a red and a black Cisco router, and both ViaSat and L-3 Communications are coming out with a line of network encryptors at version 3.0 and above. Cisco is partnering with Harris Corporation to propose a solution called SWAT1 There is a UK HAIPE variant that implements UKEO algorithms in place of US Suite A. Cassidian has entered the HAIPE market in the UK with its Ectocryp range. Ectocryp Blue is HAIPE version 3.0 compliant and provides a number of the HAIPE extensions as well as support for network
quality of service Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitat ...
(QoS). Harris has also entered the UK HAIPE market with the BID/2370 End Cryptographic Unit (ECU). In addition to site encryptors HAIPE is also being inserted into client devices that provide both wired and wireless capabilities. Examples of these include L3Harris Technologies' KOV-26 Talon and KOV-26B Talon2, and Harris Corporation's KIV-54 and PRC-117G radio.


HAIPE Managers

Viasat and General Dynamics Mission Systems both develop their own propriety software for managing HAIPE devices, VINE and GEM One, respectively. The GEM One specifications list support for the Viasat HAIPEs, KG-250X and KG-250XS while the data sheet for VINE only lists supported Viasat Network Encryptors. Both the HAIPE IS v3 management and HAIPE device implementations are required to be compliant to the HAIPE IS version 3.0 common MIBs. Assurance of cross vendor interoperability may require additional effort. An example of a management application that supports HAIPE IS v3 is the L3Harris Common HAIPE Manager (which only operates with L3Harris products).


See also

*
ARPANET encryption devices The ARPANET pioneered the creation of novel encryption devices for packet networks in the 1970s and 1980s, and as such were ancestors to today's IPsec architecture, and High Assurance Internet Protocol Encryptor (HAIPE) devices more specifically ...
*
NSA encryption systems The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have becom ...


References

{{Reflist


External links


CNSS Policy #19 governing the use of HAIPE
Cryptographic protocols National Security Agency encryption devices