Header-Banner

KG-340 Type 1 SONET Encryptor

Government-Strength Encryption at OC-192 Speeds

KG-340 Type 1 SONET Encryptor

image SONET Encryptor - Classified Government (KG-340)

KG-340 SONET Encryptor

Download Product Brief

The SafeNet Type I SONET Encryptor (KG-340) is a high-performance solution for SONET/SDH network security applications demanding speeds up to 10 Gbps.

The KG-340 type 1 encryption  integrates transparently and easily into new and existing SONET/SDH network architectures with line-rate throughput,extremely low latency, and no overhead.  As a key part of the Cryptographic Modernization Initiative, the encryptor is ideal for high-speed data, as well as time-sensitive voice and video applications traversing the Global Information Grid.

Up to 384 independent security associations and key pairs can be configured to support encryption at STS-1 level granularity or any Path-level SONET/SDH encryption is supported at various rates and at distances up to 80 kilometers over a duplex fiber-optic network connection.  Administrators can selectively encrypt, zeroize, regenerate, or bypass section, line, and path overhead bytes when configuring these connections.

A single, comprehensive solution, the KG-340 delivers scalable performance and seamless end-to-end integration, optimizing security without compromising operations or performance. It combines highly secure, NSA-approved algorithms with the flexibility to integrate into SONET/SDH-based networks at virtually any rate.

The encryptor´s integrated keypad and RS-232 serial interface provide local management access.  Operational status is displayed through front panel LEDs and on a two-line 20-character LCD.  The status of the local and network interfaces, power, temperature, battery, system operation, security, and interface transmission and reception are displayed via LEDs.

View Specification Resource Library

Physical:  2U high, 19" wide, 23" deep.  Rack mountable

Power:  Dual-48V DC power inputs

Key Management:  Automatic session key update

Performance:  Full duplex at wire speed

Audit:  Event Log/Security Log/Interface Status

Environmental:  Operating Temp.: 0 to 40°C; 0 to 85% RH; non-condensing

Encryption:

  • Path level encryption
  • Security associations capable for each STS-1 (up to 192) or STM-1 (up to 64) bi-directional time slot for SONET/SDH
  • Supports MEDLEY encryption for network traffic
  • Security policy database defines:
    • allowable time slots
    • line, section, and path overhead bytes processing
    • autodiscovery of timeslots
  • Auto crypto resynch

Network Interfaces:

  • Full duplex support available in OC-192(c), OC-48(c) versions, as well as a user-selectable OC-3/12(c) version
  • Available with built-in 1 + 1 redundant port versions for integrated line protection (OC-48(c) and OC-3/12(c) version
  • Available in short, intermediate, and long range optics
  • OC-48 and OC-3/12 supports user replaceable Small Form Factor Pluggable (SFP) optical transceiver modules
  • Support for 1310 and 1550 nm frequencies
  • Duplex LC connections

Security Certifications:

  • NSA Type 1
  • NACSIM 5100A

Key Management

  • Enhanced FIREFLY (EFF); negotiations configurable in-band using F2, Z3, Z4, and Z5 POH bytes
  • Supports up to 384 SAs (max. 192 bi-directional associations)
  • Supports 2 vector sets per SPD
  • Supports HAIPE® 3.0 requirements for key update/change (soft and hard timers) of vector sets

Statistics:

  • Number of processed SPEs per path

  • Bypass, zeroize, and crypto SPEs

  • Management Interface Packets

  • Alarm indication (LOS, LOF, AIS [path line], REI [path line])

  • Current and previous 15-minute and 24-hour counters for near and far end (CV-S, ES-S,SES-S, CV-L, ES-L, SES-L, UAS-L, FC-L, CV-P)

  • Current counts for 15-minute and 24-hourintervals resettable to zero during an interval

View Feature & Benefits Resource Library

Supports encryption up to TopSecret Sensitive Compartmented Information (TS/SCI)

Simple, secure management using front panel, RS-232 serial port

Supports concatenated SONET/SDH streams:  STS-3c, STS-12c, STS-48c, STS-192c

Supports up to 192 individual STS-1 channels

Front Panel:

  • Interactive keypad (CU command subset) & LCD (2 lines by 20 characters) for simple configuration
  • RS-232 CLI for full local encryptor management
  • USB port supporting firmware upgrade
  • LEDs for Zeroized Power, Standby, Alarm, Battery, Temperature

Crypto Ignition Key:

  • Serial Crypto Ignition Key Interface
  • Supports DataKey´s KSD 4000 device

Key Fill:

  • MIL-CON MC283 six-pin audio connector
  • RS-232 fill interface

User Accounts:

  • Crypto officer account
  • Users with assigned privilege levels

Log Capabilities:

  • Enabled via console
  • Logging to internal flash capability
  • 3 Log Types:  Audit, Security, and Event
  • For each SA establishment: Universal ID, Time: Peer KMID, Expiration Date

Diagnostics:

  • Information during session establishment and release events
  • Auto power-on self test & logging capability
  • Available from console; subset from front panel

Conformance:

  • Telcordia GR-1377 (jitter tolerance)
  • Telcordia GR-253 
View How to Buy Resource Library

Use this form to contact sales now.

Americas
Phone: 866-251-4269
Complete this short form
EMEA
Phone:+44-01276-608000
Complete this short form
APAC
Phone: 866-251-4269
Complete this short form

US Federal Sales Type 1
Phone: 443-327-1235
Complete this short form

 

Office Locations
Find a Partner
Order Inquiries? View contact information here.
View Overview Resource Library
KIV7 Training Classes

RSA SecureID? CTA

Data Protection RSS

Subscribe