[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference 7.286::fddi

Title:	FDDI - The Next Generation

Moderator:	NETCAD::STEFANI

Created:	Thu Apr 27 1989
Last Modified:	Thu Jun 05 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	2259
Total number of notes:	8590

626.0. "FDDI Encryption Equipment Available?" by SCHOOL::LEKAS (From the Workstation of Tony Lekas) Thu Jun 25 1992 11:27

I am looking for FDDI encryption equipment.  We have potential VAXcluster
Multi-Datacenter Facility customers that have a policy requiring any data
going off site to be encrypted.

If there is anything available from any vendor please let me know.  If there
is a project in progress within Digital let me know who the product manager is.

We have one customer who would probably be willing to start with MDF now if they
knew encryption was comming.


		tony

T.R	Title	User	Personal Name	Date	Lines
626.1		KONING::KONING	Paul Koning, A-13683	`Thu Jun 25 1992 11:57`	6
	There was a project at one time to do this (a chip called FCP, FDDI Crypto Processor). I believe a fair amount of work was done, but it was put on hold before completion. The driving person was Amar Gupta; I don't remember the others. And Amar doesn't seem to be at DEC anymore... paul
626.2	Contacts: latest NI & FDDI cryptographic hardware	MUDDY::WATERS		`Thu Jun 25 1992 12:44`	98
	Subj: DECcrypto - High Performance, Low Cost End-to-End Encryption +---------------------------+ TM Company Confidential ! ! ! ! ! ! ! ! ! d ! i ! g ! i ! t ! a ! l ! I N T E R O F F I C E M E M O ! ! ! ! ! ! ! ! +---------------------------+ To: Distribution Date: November 19, 1991 From: Dan Frommer Pini Lozowick Nik Bahram Enet: ZENDIA::FROMMER JEREMY::PINI ASIC::NBAHRAM Subject: DECcrypto - High Performance, Low Cost End-to-End Encryption DECcrypto, an integrated part of DSSA (Distributed Systems Security Architecture), is a family of advanced security products that provide secure channels across networks and in distributed systems. The products utilize a unique division of functionality between a dedicated hardware cryptographic engine and software residing in the host. The software performs authentication, access control and key management; the hardware provides the cryptographic services at line speeds by processing packets as they are transferred to the network. A high performance, low cost solution is provided. Software functions are implemented with transparency to applications at the transport layer of TCP/IP or OSI. An option to implement security at the datalink layer (for LAT or SCA) exists as well. Two optional hardware "cryptographic engines" provide security either on an Ethernet or an FDDI interface. The engine for Ethernet may reside in an external box to provide support for existing hosts, or may be integrated into new systems for an even lower-cost solution. The engine for FDDI resides in the FDDI corner. Transfer cost for the external Ethernet box version will be on the order of $250. Transfer costs for the FDDI engine and for the integrated Ethernet engine will be under $100. DECcrypto V1.0, currently being developed by the Secure Systems Group, will provide transparent end-to-end protection for TCP/IP applications running on ULTRIX/OSF Ethernet hosts. Future versions may be implemented on other operating systems, protocol stacks and hardware platforms. The program includes several engineering activities being implemented by the following groups: o DECcrypto V1.0 software: SSG and SCO (Jerusalem Design Center) DECcrypto V1.0 is scheduled to be ready for internal field test with an external Ethernet crypto box in Q2FY93. o Tandu, cryptographic chip for Ethernet: SCO (Jerusalem Design Center) The Tandu chip is the core of the external Ethernet crypto box or integrated engine. The Tandu is scheduled to be manufactured by December 1991. First samples availability is expected in March 1992. o FCP, FDDI Cryptographic Processor: SCO (ESTG Design & Advanced Development) The FCP is scheduled for prototype manufacturing in late January 1992. First sample availability is expected in March 1992. Due to funding constraints, no commitments for productization have been made and DECcrypto is currently being developed as an A/D effort. We strongly encourage feedback on any related issue, specifically: o Do you see a need and a market for end-to-end (transport or network layer) encryption? If so, do you prefer true end-to-end encryption over LAN-to-LAN encryption? o How would you prioritize the needs in terms of hardware and software platforms? o What is the price sensitivity of the DECcrypto solution? o Assuming a very low cost, is there need to support multiple clients on a single Ethernet crypto box? o Would you use a non-DES "exportable" encryption algorithm? Your response and comments would be highly appreciated. Detailed information and specifications can be obtained from the following: o DECcrypto V1.0 software: Dan Frommer, ZENDIA::FROMMER o Tandu Ethernet encryption chip: Pini Lozowick, JEREMY::PINI o FCP FDDI Crypto Processor: Nik Bahram, ASIC::NBAHRAM Please note that the specifications are export restricted and can only be made available to persons within the United States.
626.3		JEREMY::DAN	Dan Frommer	`Sun Jun 28 1992 02:55`	11
	You might want to contact Nik Bahram (asic::nbahram), the FCP project leader, to get the latest FCP project status. To the best of my knowledge, there are no plans to build an FDDI adapter board that includes the FCP nor write the required software to incorporate encryption into SCA. The Secure Systems Group had plans to support the FCP but this would probably have been for TCP/IP or OSI rather than SCA. These plans have been cancelled recently. The only effort that's still going on is an A/D project to support TCP/IP encryption for Ethernet on OSF using the Tandu chip. Dan
626.4	just snap some chips together, and presto...	MUDDY::WATERS		`Sun Jun 28 1992 22:35`	15
	Fwiw, the problem stated in .0 doesn't require DES-capable FDDI adapter options, nor software support in SCA. A customer is satisfied with his "local" LAN security, but he insists that data flowing between the lobes of a Multi Datacenter Facility VAXcluster be encrypted. For this simple application, you "just" need to hack up some MAC-equipped FDDI "relay" box, such as a GIGAswitch line card, to add the FCP chip and rudimentary control software. Since FDDI concentrators don't have a MAC chip for each port, that may not be the right equipment to upgrade with link-level encryption. Other FDDI "relay" boxes that could be hacked up for link-level encryption might be a brand-X 2-port FDDI bridge, or our brand, the DECnis 600 (#?). Then, there are some "2-port" FDDI-to-DS3 boxes coming to market--right?--but those are limited to 50 Mbit/s?
626.5	DATALOCK ?	LARVAE::HARVEY	Baldly going into the unknown...	`Fri Jul 03 1992 09:42`	14
	I'm a little sketchy on the details and suitability just yet but have been told that there is a software product called DATALOCK by JPY Associates UK. There may be some restrictions in respect of MDFs and HBVS2 in the way that MSCP servers are encrypted. Can I suggest you contact Andy Beale @ UCG (the Crescent Basingstoke UK) as he has been looking into this from his general Security viewpoint. If I find out more I'll post in here. Regards Rog
626.6		KONING::KONING	Paul Koning, A-13683	`Mon Jul 06 1992 11:29`	5
	Actually, if software encryption is good enough, VAX Encryption is a possibility. (Then again, if so then FDDI datarates aren't an issue! You can't encrypt that fast in software...) paul
626.7	announcing Engineering Office of Field Security	MUDDY::WATERS		`Tue May 18 1993 13:40`	44
	If you're searching for the organization responsible for delivering secure computer products to our non-government customers, try this new Engineering Office of Field Security Programs. From: PATEL::MAHENDRA "MAHENDRA PATEL, SYSTEMS ENGINEERING 18-May-1993 1122" Please distribute this widely throughout your respective organizations. Regards, Mahendra Patel/Dennis Roberson 5/18/93 ________________________________________________________________________________ *********************************************************** * THIS ANNOUNCEMENT IS FROM * * DENNIS ROBERSON AND MAHENDRA PATEL * *********************************************************** The physical and logical security of computing systems is of increasing concern to the market as distributed computing takes root in commercial, enterprise scale solutions. In order to ensure efficient and skilled Engineering support in this domain for our Field organizations we are moving the Engineering Security Services Center from The Software Group managed by Orsen Niederhauser and Dennis Roberson to Mahendra Patel's Systems Engineering group. The group will continue to be directly managed by Dave Hamilton who will now report to John Shebell, Technical Director of the Engineering Office of Field Programs. The group's name will change to The Engineering Office of Field Security Programs as part of the organizational alignment. This cadre of domain experts will provide direct consulting via our Professional Services organization, and training, interface, and coordination between the Field and Engineering communities at large within this discipline. They join the Engineering Office of Field Environmental Support, managed by Steve Zabinski, as part of a growing set of focussed, technology-intensive consulting groups whose goal is to increase the competitive mobilization of Engineering on behalf of the Corporation's overall system integration strategies and capabilities. Please join me in welcoming Dave and his group to our organization. A summary of fiscal year 1994 operations and organization will be available on or about July 1, 1993.