Key Agreement Algorithm; Key Derivation; Accessing Encryption/Decryption Features; Enabling Encryption From The Front Panel - Comtech EF Data DMD-2050E Installation And Operation Manual

DMD2050E Universal Satellite Modem

3.10.1.2 Key Agreement Algorithm

The key agreement algorithm used to negotiate a shared secret is the Ephemeral Unified Model,
Elliptic Curve Cryptography Cofactor Diffie-Hellman C(2,0,ECC CDH) as specified in the elliptic
curve parameters section of NIST SP 800-56A(3).
3.10.1.2.1
Once the shared secret has been negotiated, the TEK is generated from the shared secret using
the Concatenation Key Derivation Function (KDF) as specified in NIST SP 800-56A Section
5.8.1(3). All hashing algorithms use SHA-512 as defined in FIPS 180-2(4).

3.10.1.3 Accessing Encryption/Decryption Features

The DMD2050E enables the Crypto Officer to administer the FIPs module through
authentication. The Crypto Officer Administrator can:
Load software
Load key material
Configure operating parameters
Monitor performance
The Crypto Officer Administrator must log in from the front panel or the handheld key loader.
IMPORTANT
Any operator can Enable and Disable encryption.
Any operator with access to the front panel can zeroize the unit.
NOTE
To configure the modem for legacy mode operation, first use the front panel to disable
Encryption.

3.10.1.4 Enabling Encryption from the Front Panel

Use the front panel Modulator and Demodulator menus to enable or disable Encryption. The
menu paths are:
MODULATOR->DATA->ENCRYPTION {DISABLE, ENABLE}
DEMODULATOR->DATA->ENCRYPTION {DISABLE, ENABLE}
This allows Encryption to function in half-duplex operation.
MN-DMD2050E Revision 2

Key Derivation

Theory of Operation
3–24