Table of Contents
Advertisement
DMD2050E Universal Satellite Modem
3.10
FIPs TRANSEC Module
The DMD2050E FIPS Security Module provides bulk encryption and decryption of traffic over the
satellite that conforms to Security Level 2 as defined in FIPS PUB 140-2 using NIST approved
256-bit AES encryption (Advanced Encryption Standard). Bulk Encryption includes all data
coming from the baseband user ports (baseband serial port, overhead channel port and the
embedded channel). Bulk Decryption decrypts all of the data coming from the baseband
demodulator going to the baseband user ports and the embedded channel. Bulk Encryption and
Bulk Decryption are supported by independent AES engines, AES keys and counters.
3.10.1
Traffic Encryption and Decryption Keys and Key Generation
The AES key and the initial counter value of the counter are negotiated using the key negotiation
algorithm and messages. The resulting key and initial counter value are then loaded into the AES
engine.
3.10.1.1 Key Agreement
The Encryption application has the responsibility for negotiating the traffic encryption keys (TEK)
used on the link. To accomplish this, the Encryption application utilizes Initiator and Responder
roles. The initiator starts the key agreement protocol with the goal of negotiating a TEK used to
encrypt the data transmitted on the link by the initiator. The responding end responds to the
messages in the key agreement protocol, using the TDK to decrypt the data received on the link.
The Initiator is synonymous with Transmitter (modulator) of a link while Responder is
synonymous with Receiver (demodulator) of the same link.
MN-DMD2050E Revision 2
Theory of Operation
3–21
Advertisement
Table of Contents
Troubleshooting
