By Charlotte Adams
WASHINGTON - Systems designers are starting to use standard, portable PC card-format tokens that implement the National Security Agency`s (NSA) high-grade, Type 1 encryption algorithms for protecting classified information in next-generation military telephones and radios.
These security tokens provide communications systems with convenient, relatively low-cost cryptographic cores. Related technology will be embedded in high-speed Asynchronous Transfer Mode (ATM) and ATM/IP (Internet Protocol) encryptors.
At the same time, however, NSA officials are leaning toward allowing software and scaled-down smart card cryptographic implementations, at least for low-assurance applications, industry officials say.
Agency leaders have supported two different implementations of Fortezza algorithms (different from Fortezza Plus algorithms), associated with the protection of sensitive but unclassified data. This trend may mean less business down the road for PC Card crypto vendors than there otherwise would have been, but more choice and convenience for users.
The Fortezza Plus (Krypton) card from Mykotronx Inc. of Torrance, Calif. - the first all-hardware Fortezza Plus PC Card implementation - is being designed into the Secure Terminal Equipment (STE), the military`s next-generation secure telephone, say officials at L-3 Communications Corp. of Camden, N.J., a portion of Lockheed Martin Co. spun off last spring, whose engineers have developed a version of STE.
Fortezza Plus is NSA`s shorthand for a group of algorithms and the hardware and software through which they function that are in place to protect classified information. The Mykotronx cards will be available in December for $270 apiece in quantities of 10,000, says John Droge, Mykotronx vice president of program development. They are intended to protect sensitive-but-unclassified through top secret-level information.
Krypton supersedes a similar device developed earlier for STE at the AlliedSignal Inc. Communications Systems Division in Baltimore. Allied Signal`s software implementation on a programmable logic chip was part of L-3`s first 300 proof-of-concept phones.
The architecture of these cards, however, would not have supported multilevel-secure capability, say L-3 designers. Because of the software-oriented approach, the AlliedSignal card can`t be used for top-secret data, Droge contends. AlliedSignal officials could not be reached for this report.
The Krypton card will ease the management of secure communications, Droge says. Because the card that contains the encryption algorithms is separable from the phone, STE users won`t have to treat the phones as "cryptographic controlled items (CCIs)," with stringent accounting procedures. Only the cards will be CCIs, and will be unclassified when not in use. When the two devices are married together, the combination becomes classified at the level of the keys contained in the card.
STE offers several additional benefits, L-3 officials say. It uses Integrated Services Digital Network technology - better known as ISDN - which provides better quality voice communications than older systems and moves data at 128 kilobits per second, which is 14 times faster than the current STU-III military secure telephone. Users can employ data and voice channels simultaneously and at different classification levels, neither of which is possible with the STU-III. First deliveries are expected by year end, company officials say.
Near-Term Digital Radio
Another Krypton user will be the Near-Term Digital Radio (NTDR) from the ITT Aerospace/Communications division in Fort Wayne, Ind. The NTDR is the U.S. Army`s multimedia communications system based on commercial cellular phone technology. Krypton will give NTDR a much lower-cost cryptographic module than has been available before, Droge says. Whereas the Mykotronx product will be available for "several hundred dollars," comparable capability has been in the $1,000 range, he says.
A related joint project between Mykotronx and the GTE Communications Division in Taunton, Mass., involves developing a PC Card-format encryption core for high-speed ATM and IP communications for GTE`s new Fastlane and Taclane encryptors.
Although the card is not user-removable, engineers will not have to redesign the core when new encryptors are developed, says Gary Cohen, GTE`s product manager. The core does the actual data encryption, but requires additional hardware and software to input, control, and send encrypted information.
This CypherCAT cryptographic accelerator token, expected to be available this spring, will use the 32-bit CardBus interface, enabling it to move data at greater speeds than the older, 16-bit bus associated with the predecessor PC Memory Card International Association standard, better known as PCMCIA.
GTE engineers will use the card to provide key management services for their Fastlane ATM encryptor and for key management and encryption with their newer Taclane ATM/IP encryptor, Cohen says. The token will use some of the same algorithms as Fortezza Plus, but initial versions will not be interoperable with Krypton-based products.
A potential aviation use for the Krypton card involves encrypting sensitive data on the ground as it downloads from airplanes, Droge says. Company officials have fielded inquiries from some aerospace companies about this as a potential laptop application.
Where is Fortezza headed?
Cryptographic product developers are looking at software and smart card implementations "because the government is going in that direction," Droge explains. Officials from San Jose-based competitor, Spyrus, for example, plan pending NSA approval to introduce a software version of Fortezza algorithms for use with Windows 95 and NT this fall. NSA leaders also supported the development of Fortezza algorithm software by Information Security Corp. of Deerfield, Ill., whose designers have demonstrated these algorithms on a laptop computer.
Software implementations are often cheaper and more flexible than hardware solutions. And, if these approaches catch on, they may eat into the sales of hardware products. But smart cards lack the processing power to do everything that a bigger PC Card token can do and software-only approaches perform more slowly and are harder to secure.
The Defense Message System, for example, is unlikely to move to software-only solutions; as a command and control network, it requires high assurance, even when handling unclassified data, Droge says. What`s more, NSA officials will have to declassify Fortezza`s Skipjack encryption algorithm and Key Exchange Algorithm before software can be released.