Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Classified Crypto
From: John Young (jyapipeline.com)
Date: Tue Oct 03 2000 - 10:55:39 CDT

We've received several responses on encryption protection
for classified information, and pursued a few leads. Here's a
brief summary - for which supplements and corrections are

NSA has at least three levels of strength for categorizing
encryption algorithms, Types 1, 2 and 3, with 1 the strongest.


Type 2 examples: KEA, BLOWFISH

Type 3 all the rest.

Type 1 for highest level, and, according to some, the
technical details for none of the algorithms are public.

Type 2 details are partially known.

Type 3 details are generally known but some parts may
not be public, such as covert access features.

Here are a few URLs for BATON citations:




"Harris Corporation is developing the world's first
high-security wireless local area network interface
card. The product, known as SecNet-11 (Secure
Wireless Local Area Network), is a secure Type 1
encryption (Baton algorithm) wireless network card
(PCMCIA) based on the Harris Sierra Encryption
Module and the Intersil PRISM II chip set."




Designed and programmed by Mykotronx, Inc., the
MYK-85 features a complete 32-bit RISC-based
cryptographic processor. The Type 1 government
encryption/decryption algorithm, called Baton as well
as DES and Triple DES is in hardware. The MYK-85
also implements NIST Digital Signature and Secure
Hash Standards.




By FY97, the program will demonstrate secure guards and firewalls at
B3 level of service. Multilevel security requirements will be addressed
by the insertion of tactical end-to-end encryption device (TEED)
hardware into Task Force XXI. TEEDs to support the tactical internet
protocol internetwork should be available for user testing in FY97.
Following successful development and testing, TEED will be upgraded
to support asynchronous transfer mode cell encryption using Baton

technology in FY98."




6.4.3 Tactical End-to-End Encryption Device (TEED)

TEED is an encryption device used to provide end-to-end security for
Force XXI data users. As long as the MSE/TPN remains at its current
SECRET High security level, TEED would be used by:

    Unclassified logistics users who need to use the MSE/TPN as a
    common carrier.
    IEW users whose security needs exceed the SECRET level of the

In the first instance, TEED is used to protect the base-level Secret users
from users working at lower classifications. In the second, TEED
protects the higher-level Top Secret users from the base network. TEED
is designed to protect both of these applications. Further development is
needed to produce a TEED that will encrypt ATM and IP traffic. The
National Security Agency (NSA) is investigating the new BATON
encryption algorithm for this use.




The National Security Agency (NSA) has funded a study to
investigate the new BATON encryption algorithm for application to
TEED. BATON is an algorithm that will encrypt ATM, as well as
IP, traffic. BATON is the encryption technique for the future. The
TEED Internet Security Manager (TISM) is being developed to
support TEEDs in the field; it will perform remote keying, remote
zeroization, auditing, and other security and security-management
functions for TEED. Full-scale engineering development (FSED)
TEEDs will be IP/ATM-capable. If the POC TEEDs are successful
at JWID '95, a possible acquisition scenario would be to provide
production funding in FYs 97 through 99. The R&D cost would be
amortized over a production lot of 4,500 units. An initial delivery
of 200 TEEDs will support the Corps XXI AWE. The acquisition
of an additional 4,300 units will allow the Army to acquire the
minimum number of TEEDs needed as rapidly as possible (4,500
units represents one TEED at every C3-XA packet switch in the
Army). "



[No date]

The programmable, embedded encryption not only allows interoperability
with current legacy encryption, but also allows for a migration path to
upgrade our aging encryption algorithms to modern ones such as BATON
and CRAYON. The embedded ANDVT option includes MELP voice
encoding which is a much better sounding modernization of LPC-10. The
embedded ANDVT will automatically drop back to LPC-10 when talking
to a legacy ANDVT. The embedded encryption is also compatible with
single point black key fill systems that will allow for automating key fill