TCC’s CipherTalk® Makes Mobile Voice and Text Communications Anonymous

The CipherTalk secure smartphone provides military-grade full-circle protection for all aspects of mobile phone talk and text communications, including an innovative ability to ensure user anonymity. The entire voice and text messaging connection procedure is hidden, and no user data or call logs are generated, collected or stored. Whom and when a user is calling, and where they are calling from, is only known by the user.

To ensure full anonymity of communications the secure CipherTalk infrastructure includes three information gaps. The first gap is between the CipherTalk phones, where the CipherONE® Secure Connect Network isolates the CipherTalk phone initiating the call from the answering CipherTalk phone terminating the call. The CipherONE Secure Connect Network securely authenticates and IP connects the CipherTalk phones, and maintains the CipherTalk IP connections worldwide. The CipherTalk phones communicate only with the CipherONE Secure Connect Network. The CipherONE Network securely relays the encrypted talk or text between the CipherTalk phones, providing anonymity of who is calling whom and their locations. This relay process does not affect the encrypted talk or text communications, which are encrypted and decrypted by the CipherTalk phones only.

The second information gap to ensure anonymity is between the CipherTalk phones and the end-users. The end-user does not have to provide any personal or subscriber information to make a secure call even when using GSM data services. This allows an organization to hide the end-users of the CipherTalk phones, separating the users of the phones from the procurement of the phones, which provides invisibility and anonymity of the end-user.

The third information gap is that TCC’s technology hides the encrypted communications. As the encrypted communications are undetectable, they cannot be seen and therefore intercepted or blocked by the outside world. See Figure 1

Figure 1: Three information-gap infrastructure for anonymous secure CipherTalk call/text communications.  Click image to enlarge

Learn more about the military-grade CipherTalksecure smartphone or contact us at www.tccsecure.com/sales.

TECHNICAL COMMUNICATIONS CORPORATION | www.tccsecure.com | Subscribe to TCC News

Universal, End-to-End Encryption for TCP Performance-Optimized Satellite Networks with the Cipher X® 7211 IP Encryption System

Satellite performance, particularly for Transmission Control Protocol (TCP), is adversely affected by the long round trip delay (over half a second) associated with geostationary high earth satellites. Many satellite equipment vendors have developed techniques to minimize this impact on users; one common technique is the use of a TCP proxy for TCP Acceleration. Application(s) requiring strong end-to-end protection using an installed satellite system with TCP Acceleration, however, have a problem. Use of a Layer 3 or 4 IP encryption system to implement end-to-end security is incompatible with TCP Acceleration techniques utilized by satellite gear unless the encryption system is specifically designed to handle this situation. TCC has developed the Cipher X 7211 IP encryption system with innovative TCP Stream Encryption operating to properly handle these optimizations seamlessly.

Our white paper, which is available for download, provides an overview of satellite communication performance limitations and how a TCP proxy operates to counter the limitations. It then describes TCP proxy incompatibility issues with Layer 3 or 4 end-to-end encryption systems, and how TCC’s Cipher X 7211 IP encryption system with TCP Stream Encryption enables end-to-end security for TCP performance-optimized satellite networks.

TCC’s Cipher X 7211 IP encryption system with innovative TCP Stream Encryption supports TCP Acceleration performed by satellite networking gear. As a result, users of TCP performance-optimized satellite networks no longer have to sacrifice performance to implement end-to-end security. The Cipher X 7211 encryption system operating at Layer 4 includes features to work with and take full advantage of the special capabilities often incorporated into satellite gear for network performance optimization. Further, the Cipher X 7211 encrypts satellite and other transport media, including hybrid networks, and operates independently of the network provider and equipment.

Download the white paper to learn more.

End-to-end transport-agnostic WAN security with TCP performance-enhanced satellite networks

TECHNICAL COMMUNICATIONS CORPORATION | www.tccsecure.com 

On-Demand Webinar: 360 Degrees of Data Security Know-How Made Easy

VPN, secure email, access control, edge encryption ... the list goes on. What are the differences among data security capabilities and what should you implement in your organization to protect your information onsite, across locations, with remote employees and with customers, suppliers and partners?

This complimentary, 1.5 hour non-technical webinar taught by a cryptography expert will:

• Provide a high-level technical understanding of data encryption and security
• Walk through a company scenario with diverse applications and activities while describing security threats, options & best practices
• Arm you with the knowledge to identify security needs, understand available security solutions, and be confident that the right security issues are being addressed for your business

Curriculum Detail

Encryption technical foundation. Overview of the basic concepts of encryption, keys and passwords, integrity & hashing, authentication & signatures, and public key infrastructure.

Data security solutions and their applications. Covered areas include access control, secure email, file encryption, voice security, firewalls, virus/malware, intrusion detection system, edge encryption, virtual private network and e-commerce.

Securing activities inside the LAN. Learn about access and logging in, and securely sending/receiving email files. Also, understand risks and protection for wireless LANs, as well as security for databases, shared folders and Internet browsing.

Protecting the LAN perimeter. Outlines threats and security measures to protect the boundary between the trusted LAN inside and outside such as firewalls and intrusion detection systems.

Encrypting the wide area network. Bulk and protocol sensitive encryption devices are explored and compared to secure multi-site communications.

Communicating securely outside the core network. Discusses the differences of securing remote employees with uncontrolled remote access and securing partners, contractors and customers. An overview of VPN and application security options are provided.

TECHNICAL COMMUNICATIONS CORPORATION | www.tccsecure.com | Subscribe for TCC updates

Enhancing Mobile User Security with Cipher X® 7211 IP Encryption

Modern enterprises have the need to securely enable a mobile workforce. Employees need access to corporate data services to enhance productivity and improve corporate responsiveness. TCC's Cipher X 7211 IP encryption system easily integrates into networks that have mobile users and helps enforce security policies, providing a more robust and flexible security solution that enhances the security of traditional VPN access.

Inter-operates with Traditional VPN Services 

TCC’s Cipher X 7211 system can be easily configured to inter-operate with and enhance the security of traditional user VPN services. It’s security policy engine can be configured to allow remote user VPN service access in the corporate network while maintaining the security overlay on core network communications. The Cipher X 7211 security policy engine protects services such as software-based VPN servers by restricting the traffic granted access to the VPN server to only what conforms to strict security policy.

Tight Control, Simplified Monitoring

Routing remote users through a single Cipher X 7211 access point in the network allows security managers tight controls and simplified monitoring of network traffic to minimize the threat opportunity that mobile devices inherently add to corporate data security. The flexibility of the Cipher X 7211 security overlay means access to the corporate network’s VPN service can be provided by any one of the Cipher X 7211 devices in the network. This gateway access can be easily moved between sites through centralized control of the Cipher X 7211. The Cipher X 7211 adds a secure circuit breaker capability in the event of a significant network security event. 

 Infinite Flexibility to Minimize Threat Opportunity

The flexibility of Cipher X 7211 security policy engine provides network security engineers the ability to limit VPN access to pre-approved source networks to ensure that global threats or compromise of mobile devices has a minimum threat opportunity. TCC’s Cipher X 7211 system provides network security engineers simple to deploy strategic communications with infinite flexibility all enabled by its centrally managed powerful security policy engine.  

Learn more about the Cipher X 7211 IP encryption system.

TECHNICAL COMMUNICATIONS CORPORATION  |   www.tccsecure.com  |  Subscribe to Email News

All About Cryptographic Bit Lengths

You’re evaluating cryptographic solutions and you come across the term bit length for various security parameters. So, what is a bit length? And what size is sufficient to secure your data? The most common bit length refers to the encryption algorithm, and another important length refers to key management.

Algorithms

In a digital system, data is represented as a sequence of bits. That is, a sequence of 0’s and 1’s. A cryptographic algorithm is the means by which an encryption device scrambles data. It is a mathematical function which converts unencrypted data (called plaintext) into encrypted data (called ciphertext). 

Most commonly encountered algorithms are block algorithms. This means that they operate on blocks of data of a fixed size, encrypting one block after another. An example is the Advanced Encryption Standard (AES) algorithm, which takes 128 consecutive bits of plaintext and transforms it into 128 bits of ciphertext. The block size of AES is said to be 128-bits. AES can be thought of as a permutation on 128-bit blocks, mapping every 128-bit sequence to a unique, seemingly unrelated 128-bit output sequence. Note: The block size does not bear directly on the encryption strength.

Cryptographic Key

Now, if the permutation is known, ciphertext can be reversed to its original plaintext state. A cryptographic algorithm prevents unauthorized parties from reversing the ciphertext by use of a key. A cryptographic key for an algorithm is a string of bits (0’s and 1’s) of a defined length called the key length. An algorithm that uses keys of length “n” is often called an n-bit algorithm. The key is used in the definition of the algorithm itself, and each distinct choice of key turns the algorithm into a distinct permutation. Without the key, the permutation is not known and the ciphertext cannot be reversed.

An adversary may attempt to decrypt ciphertext by guessing the key and using it to see if the ciphertext decrypts into something that looks like plaintext. In practice, this means testing every possible key until the one that was used is found. A key search can be time-consuming if not impossible, even with modern computers. The reason is the mathematics of exponentiation.

Inside the Math

An n-bit key is a sequence of 0’s and 1’s of length n. Since there are two possibilities for each bit in the key, there are 2ⁿ different n-bit keys. Thus, if an algorithm used an 8-bit key, there would be 2⁸ = different 256 keys to try. The number of keys grows exponentially. A 16-bit algorithm has 2¹⁶ = 65,536 keys to try, and a 32-bit algorithm has 2³² = 4,294,967,296 keys. Modern algorithms use length of 128 or 256 bits.  2²⁵⁶ is roughly the same as the estimated number of particles in the universe.

Examples of algorithms include DES (64-bit blocks, 56-bit keys), IDEA (64-bit blocks, 128-bit keys), and AES (128-bit blocks, and implementations supporting 128-, 192-, and 256-bit keys).

What Key Size is Sufficient?

How large of a key is large enough to prevent a successful key search? Computers can search through possibilities very quickly, but even they are eventually overwhelmed by the task. The following table estimates the  amount of time it would take to find the correct key on a computer capable of trying one key every microsecond (ms, a millionth of a second), as well as on a parallelized network (one in which the search is split among many computers) capable of testing a million keys every microsecond.

Length of Key	Number of Keys	Testing 1 key per ms	Testing 106 keys per ms
32 bits	232 = 4.3 x 109	231ms = 35.8 minutes	2.15 milliseconds
56 bits	256 = 7.2 x 1016	255ms = 1142 years	10 hours
128 bits	2128 = 3.4 x 1038	2127ms = 5.4 x 1024 years	5.4 x 1018 years
256 bits	2255 = 5.8 x 1076	2255ms = 1.8 x 1063 years	1.8 x 1057 years

Summing It Up

Certain things stand out from the table above. First, a 56-bit algorithm such as DES is still secure against anything except an organized parallelized effort. Second, the key space of a 128-bit algorithm is sufficiently large to resist a key search from even national-scale efforts. And finally, even if the available computing power and speed doubles every year, 128-bit keys will remain secure over our lifetimes. No computer or network of computers will be able to search every 128-bit key. For this reason, 128- and 256-bit algorithms are recommended, and bit-sizes beyond these are considered superfluous.   

·         View products to secure network, phone and radio communications at: www.tccsecure.com.

·         Learn more about information and communications security by visiting TCC’s Crypto Learning Center.

TECHNICAL COMMUNICATIONS CORPORATION | www.tccsecure.com