| dbo:abstract |
A High Assurance Internet Protocol Encryptor (HAIPE) is a Type 1 encryption device that complies with the National Security Agency's HAIPE IS (formerly the HAIPIS, the High Assurance Internet Protocol Interoperability Specification). The cryptography used is Suite A and Suite B, also specified by the NSA as part of the Cryptographic Modernization Program. HAIPE IS is based on IPsec with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt multicast data using a "preplaced key" (see definition in List of cryptographic key types). This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data over an untrusted or lower-classification network. Examples of HAIPE devices include: * L3Harris Technologies' Encryption Products * KG-245X 10Gbit/s (HAIPE IS v3.1.2 and Foreign Interoperable), * KG-245A fully tactical 1 Gbit/s (HAIPE IS v3.1.2 and Foreign Interoperable) * RedEagle * ViaSat's AltaSec Products * KG-250, and * KG-255 [1 Gbit/s] * General Dynamics Mission Systems TACLANE Products * FLEX (KG-175F) * 10G (KG-175X) * Nano (KG-175N) * Airbus Defence & Space ECTOCRYP Transparent Cryptography Three of these devices are compliant to the HAIPE IS v3.0.2 specification while the remaining devices use the HAIPE IS version 1.3.5, which has a couple of notable limitations: limited support for routing protocols or open network management. A HAIPE is an IP encryption device, looking up the destination IP address of a packet in its internal Security Association Database (SAD) and picking the encrypted tunnel based on the appropriate entry. For new communications, HAIPEs use the internal Security Policy Database (SPD) to set up new tunnels with the appropriate algorithms and settings. Due to lack of support for modern commercial routing protocols the HAIPEs often must be preprogrammed with static routes and cannot adjust to changing network topology. A couple of new HAIPE devices will combine the functionality of a router and encryptor when HAIPE IS version 3.0 is approved. General Dynamics has completed its TACLANE version (KG-175R), which house both a red and a black Cisco router, and both ViaSat and L-3 Communications are coming out with a line of network encryptors at version 3.0 and above. Cisco is partnering with Harris Corporation to propose a solution called SWAT1 There is a UK HAIPE variant that implements UKEO algorithms in place of US Suite A. Cassidian has entered the HAIPE market in the UK with its Ectocryp range. Ectocryp Blue is HAIPE version 3.0 compliant and provides a number of the HAIPE extensions as well as support for network quality of service (QoS). Harris has also entered the UK HAIPE market with the BID/2370 End Cryptographic Unit (ECU). In addition to site encryptors HAIPE is also being inserted into client devices that provide both wired and wireless capabilities. Examples of these include L3Harris Technologies' KOV-26 Talon and KOV-26B Talon2, and Harris Corporation's KIV-54 and PRC-117G radio. (en) |
| dbo:wikiPageExternalLink |
http://www.cnss.gov/Assets/pdf/CNSSP-19.pdf |
| dbo:wikiPageID |
4141389 (xsd:integer) |
| dbo:wikiPageLength |
7024 (xsd:nonNegativeInteger) |
| dbo:wikiPageRevisionID |
1095413599 (xsd:integer) |
| dbo:wikiPageWikiLink |
dbr:Routing_protocols dbr:Cryptography dbr:General_Dynamics_Mission_Systems dbr:NSA_Suite_A_Cryptography dbr:NSA_encryption_systems dbr:Cryptographic_Modernization_Program dbr:Network_packet dbc:Cryptographic_protocols dbr:Quality_of_service dbr:Harris_Corporation dbr:ARPANET_encryption_devices dbc:National_Security_Agency_encryption_devices dbr:L3Harris_Technologies dbr:National_Security_Agency dbr:Red/black_concept dbr:Multicast dbr:Network_management dbr:Type_1_encryption dbr:IPsec dbr:ViaSat dbr:Static_routing dbr:List_of_cryptographic_key_types dbr:NSA_Suite_B |
| dbp:wikiPageUsesTemplate |
dbt:Cleanup dbt:Multiple_issues dbt:Primary_sources dbt:Refimprove dbt:Reflist dbt:Citation_Needed |
| dcterms:subject |
dbc:Cryptographic_protocols dbc:National_Security_Agency_encryption_devices |
| gold:hypernym |
dbr:Device |
| rdf:type |
yago:WikicatNationalSecurityAgencyEncryptionDevices yago:Artifact100021939 yago:Device103183080 yago:Instrumentality103575240 yago:Object100002684 yago:PhysicalEntity100001930 dbo:Device yago:Whole100003553 |
| rdfs:comment |
A High Assurance Internet Protocol Encryptor (HAIPE) is a Type 1 encryption device that complies with the National Security Agency's HAIPE IS (formerly the HAIPIS, the High Assurance Internet Protocol Interoperability Specification). The cryptography used is Suite A and Suite B, also specified by the NSA as part of the Cryptographic Modernization Program. HAIPE IS is based on IPsec with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt multicast data using a "preplaced key" (see definition in List of cryptographic key types). This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data ov (en) |
| rdfs:label |
High Assurance Internet Protocol Encryptor (en) |
| owl:sameAs |
freebase:High Assurance Internet Protocol Encryptor yago-res:High Assurance Internet Protocol Encryptor wikidata:High Assurance Internet Protocol Encryptor https://global.dbpedia.org/id/4mqQ4 |
| prov:wasDerivedFrom |
wikipedia-en:High_Assurance_Internet_Protocol_Encryptor?oldid=1095413599&ns=0 |
| foaf:isPrimaryTopicOf |
wikipedia-en:High_Assurance_Internet_Protocol_Encryptor |
| is dbo:service of |
dbr:Viasat_(American_company)__Viasat,_Inc.__1 |
| is dbo:wikiPageRedirects of |
dbr:TACLANE dbr:HAIPE dbr:HAIPE-IS dbr:HAIPIS dbr:KG-175_TACLANE dbr:Inline_Network_Encryptor |
| is dbo:wikiPageWikiLink of |
dbr:Viasat_(American_company) dbr:NSA_encryption_systems dbr:Cryptographic_Modernization_Program dbr:ARPANET_encryption_devices dbr:TACLANE dbr:HAIPE dbr:HAIPE-IS dbr:HAIPIS dbr:SPD_(disambiguation) dbr:KG-175_TACLANE dbr:Inline_Network_Encryptor |
| is dbp:services of |
dbr:Viasat_(American_company) |
| is foaf:primaryTopic of |
wikipedia-en:High_Assurance_Internet_Protocol_Encryptor |