date

/ re

fere

nce s

Thales Norway AS

Thales Norway ASNISnet Kick-offUiB 10. oktober 2007Leif Nilsen

2

date

/ re

fere

nce s

Th

is d

ocu

men

t is

the

pro

pert

y o

f Th

ales

Gro

up

an

d m

ay

not b

e co

pie

d or

co

mm

uni

cate

d w

ithou

t writ

ten

con

sen

t of T

hale

s

Thales Norway AS

Thales

Thales

Internasjonalt konsern medhovedkontor i Frankrike

68 000 ansatte i tre forretningsområder

Omsetning >10.2 milliarder Euro (2006)

Thales Norway

Heleid datterselskap med 185 ansatte

Kontorer i Oslo, Trondheim og Stavanger

Produktutvikling, systemintegrasjon, tjenester

Største produktområder Sikkerhetsløsninger – krypto - MMS Kommunikasjonsnettverk

Defence

Aerospace

Security

Thales Norway er verdensledende på leveranserav High Grade krypto til NATO (-land)

3

date

/ re

fere

nce s

Th

is d

ocu

men

t is

the

pro

pert

y o

f Th

ales

Gro

up

an

d m

ay

not b

e co

pie

d or

co

mm

uni

cate

d w

ithou

t writ

ten

con

sen

t of T

hale

s

Thales Norway AS

1956

ETCRRM

TCE 300

1987

1993

TCE 500

Selma

1960

Cryptel 240

1967

KTP 3

1963

TCE 160

Cryptel 245

1970

1999

TCE 621

1997

TCE 611

Historical Product Overview - Security

TCE 520RACE 1978

Cryptel 265

2002

EKMS

TVPN

4

date

/ re

fere

nce s

Th

is d

ocu

men

t is

the

pro

pert

y o

f Th

ales

Gro

up

an

d m

ay

not b

e co

pie

d or

co

mm

uni

cate

d w

ithou

t writ

ten

con

sen

t of T

hale

s

Thales Norway AS

Cryptel®-IP family

High grade crypto device for IP based data networks Approved by Norwegian National Security

Authorities for all security levels Approved by NATO for all security levels

– including Cosmic Top Secret

7000 units sold Used in national networks in 21 countries

Prepared for Dual Algorithms / national adaptation and evaluation

Main functions (TCE 621, TCE 621/B & TCE 621/C) Supports both IPv4 and IPv6 Electronic and/or manual key distribution Removable crypto ignition key Tamper protected case Tempest according to AMSG 720B NATO approved crypto algorithm

TCE 621 - 10 Mb/s

TCE 621/B - 100 Mb/s – TCE 621/C - 1 GB/s

TCE 621 the NATO standard IP crypto equipment

5

date

/ re

fere

nce s

Th

is d

ocu

men

t is

the

pro

pert

y o

f Th

ales

Gro

up

an

d m

ay

not b

e co

pie

d or

co

mm

uni

cate

d w

ithou

t writ

ten

con

sen

t of T

hale

s

Thales Norway AS

Cryptel®-IP family components

Data rate

10 Mbps

Throughput

>6 Mbps

Internal power

AUI interface

NATO approved for CTS

Selected as NICE

TCE 621(GEN-1-17)

TCE 6212nd generation

Characteristics as1st generation

Additional features

Multicast

Redundancy

NAT / UDP encaps.

ACR load

SW upgradeable locally

TCE 621/B

Fully compatible with 10 Mbps version

Data rate 10/100 Mbps

Throughput~100 Mbps~100.000 pps

External power Ethernet / Fibre

interface Approved for Secret,

target CTS Central SW upgrade Prepared for

new/dual algorithms

TCE 621/C

Fully compatible with 10 Mbps version

Data rate 10/100/1000 Mbps

Throughput>300 Mbps~100.000 pps

External power Ethernet / Fibre

interface Approved for

Secret, target CTS Central SW upgrade Prepared for

new/dual algorithms

6

date

/ re

fere

nce s

Th

is d

ocu

men

t is

the

pro

pert

y o

f Th

ales

Gro

up

an

d m

ay

not b

e co

pie

d or

co

mm

uni

cate

d w

ithou

t writ

ten

con

sen

t of T

hale

s

Thales Norway AS

TCE 621

TCE 621

TCE 671

TCE 621 KP TCE 621 FE

Wide Area

Network

(WAN)

Cryptel®-IP family today

Examples of available functionality

TCE 621/B

TCE 621/B

Networkprotection

Host protection

Real timeapplications

Out of areaoperations

QoS-router

Security Management Center

Tacticalnetworks

Redundancy

Network managerinterface

NAT-traversal

Multicast

TCE 621

7

date

/ re

fere

nce s

Th

is d

ocu

men

t is

the

pro

pert

y o

f Th

ales

Gro

up

an

d m

ay

not b

e co

pie

d or

co

mm

uni

cate

d w

ithou

t writ

ten

con

sen

t of T

hale

s

Thales Norway AS

SubDA

TCE 621TCE 621

NDA

TCE 621TCE 621

LDA

TCE 621TCE 621

eCustodian System KeyProductionEquipments

KPE

ADS clientMMHSServer

ADS serverMMHS client

KPE

ADS serverMMHS clientADS server

MMHS client

IP networkIP network

Reproduction PC

KPEDTD

8

date

/ re

fere

nce s

Th

is d

ocu

men

t is

the

pro

pert

y o

f Th

ales

Gro

up

an

d m

ay

not b

e co

pie

d or

co

mm

uni

cate

d w

ithou

t writ

ten

con

sen

t of T

hale

s

Thales Norway AS

OTA i VCS

Cryptounit

Cryptounit

LANLAN

LANLAN

VCF

MFT

OTA

VCF

MFT

OTA

VCF

MFT

OTA

VCF

MFT

OTA

VCF

MFT

OTA

VCF

MFT

OTA

Non-secureRadio and TelephoneSwitching

Non-secureRadio and TelephoneSwitching

RemoteRadio

TelephoneNetwork

SecureRadio and TelephoneSwitching

Cryptounit

Cryptounit

Cryptounit

Cryptounit

Non-secure switching network

Secure switching network

RadioTransmissionNetwork

LocalRadio

9

date

/ re

fere

nce s

Th

is d

ocu

men

t is

the

pro

pert

y o

f Th

ales

Gro

up

an

d m

ay

not b

e co

pie

d or

co

mm

uni

cate

d w

ithou

t writ

ten

con

sen

t of T

hale

s

Thales Norway AS

NNEC challenges

Cross Domain Solutions (CDS) Information exchange between security domains

Trusted platforms, MLS (MILS), Content/role based access Object labelling, XML security

Flexible and dynamic infrastructure Protected Core Networking (PCN)

Prevention of unauthorized traffic

End-to-end QoS Extended core, Object level protection

Key management Number of keys, flexibility and speed

10

date

/ re

fere

nce s

Th

is d

ocu

men

t is

the

pro

pert

y o

f Th

ales

Gro

up

an

d m

ay

not b

e co

pie

d or

co

mm

uni

cate

d w

ithou

t writ

ten

con

sen

t of T

hale

s

Thales Norway AS

Aktuelle problemstillinger

Implementasjon med maksimal tillit (assurance) Design for evaluering Fleksible implementasjoner Interoperabilitet

SCIP HAIPE EKMS

Høyhastighetskrypto (> 10 Gbps) Nettverksutfordringer (NEC, AdHoc) Dual Mode