cyber defense with effective crypto solutions - afcea · pdf filecyber defense with effective...

Rohde&Schwarz SIT Germany

Dirk Kretzschmar

Executive Vice president Sales and R&D Crypto Systems

AFCEA Meeting Lisbon, September 12th 2013

Cyber Defense with

effective Crypto Solutions

Selected areas of vulnerability by Cyber Attacks

AFCEA Meeting Lisbon Sep 12th, 2013

Company

HQ

network

Company

Subsidiary

network

Business

Partner

network

Public

Network,

Leased Lines,

Internet

Network Transport

Cloud

Services

Data

Storage

Company

Access

In- out traffic

Mobile Voice

Communication



Company

HQ

network

Company

Subsidiary

network

Business

Partner

network

Public

Network,

Leased Lines,

Internet

Cloud

Services

Company

Access

In- out traffic

Imagine we had this….

X-Ray Safety


Next Generation Firewall – Thread Prevention


Next Generation Firewall – App/Protocol selection

X X

X

X

X X

X

X

X


http://25.media.tumblr.com/tumblr_m7sj7wknya1qme5ufo1_500.jpg

Application Detection

Protocol Validation

Protocol Decoding Webfilter

Intrusion Prevention

Malware Protection

Stateful Inspection

R&S SITGate Single Pass Engine

VPN

SSL


Secure access to Internet and cloud services

R&S®SITGate ı Efficient and comprehensive monitoring of cloud-based applications,

e. g. Facebook, Dropbox and Amazon Web services

ı Integrated malware protection and web filtering

ı Straightforward integration of security policies in existing infrastructures

ı VPN encryption for secure site-to-site communications




Company

HQ

network

Company

Subsidiary

network

Business

Partner

network

Public

Network,

Leased Lines,

Internet

Network Transport

Flat network structure reduces

operational expenditures ı Ethernet Service ‘extends’ local area network to remote locations (L2 VPN)

ı No dedicated IP subnet configuration required

ı Change carrier without

reconfiguration of IP settings

Carrier Ethernet

Server


23.09.2013 R&S SITLine ETH Ethernet Encryptor 11

Fiber connections between and within sites

• VoIP, VCF, database queries

Data center interconnection

• Carrier/Metro Ethernet 1 GbE/10 GbE

Radio relay and satellite links

• Radio relay/ microwave transmission, satellite hops

Rail control networks

• Barriers, interlockings, signals switches

Bank CCTV networks

• Video surveillance, access control

Ethernet encryption secures hardwired and wireless

environments

Confidentiality Integrity

Significant savings in 80% of network traffic


Secure data transmission via landline,

radio relay and satellite links

R&S®SITLine ETH

ı Ethernet encryptor family from 25 Mbit/s to 1 Gbit/s

ı Q1/2014 10 Gbit/s, 4x10 Gbit/s and Q2 40 Gbit/s

ı Advanced cryptographic methods and standards

(elliptic curves, AES, X.509)

ı Tamper protection and true random numbers

ı EANTC approved

ı BSI-certified for

German Restricted

NATO Restricted




Company

HQ

network

Company

Subsidiary

network

Business

Partner

network

Public

Network,

Leased Lines,

Internet

Mobile Voice

Communication

Smartphones can be hacked easily

because of their huge amount of interfaces

Point of attack

Source: Dr. Jens Heider, Rachid El

Khayari (Fraunhofer-Institut SIT)

Communication services

Browser

Baseband processor

Multimedia player

Operation system

3rd party Apps

User

Remote

Wireless interface

Smart card

SIM card

Hardware interface

Memory

Firmware

USB

Logical Physical

The possible attacks of voice communication

are endless Overview of mobile VoIP communication attack points

on mobile device

IP / Internet

on WLAN router

on VoIP server

over the air

in the internet

Tapping of mobile VoIP communication is very easy and affordable.

on base station

The user want …

… not to worry about espionage

… to use their own

Smartphones

… to forget about

unsecure platforms

… to change their Smartphones

as often as they want

Then the users should use TopSec Mobile for

high flexibility & easy handling

TopSec Phone

app

TopSec Mobile

The secure voice encryption consists of:

l Optional: R&S®VoIP-SERVER S110

l Optional: TopSec Admin

Smartphones & Laptops (customers iPhones, Androids, Windows 7;

Blackberry & Windows Phone apps on request)

Maximum security through hardware encryption

l Encryption & decryption in the TopSec Mobile (end to end encryption)

l Encryption NOT in the operating system of the Smartphone

l Only encrypted data will pass the Smartphone

l Malware in the smartphone will tap only useless encrypted calls

IP network

incl. VoIP server

TopSec

Mobile

TopSec

Phone app

Encrypted voice

TopSec

Mobile

TopSec

Phone app

cyber defense with effective crypto solutions - afcea · pdf filecyber defense with effective...

Documents