NSA to get new high-speed encryption
- By William Jackson
- Nov 04, 2009
The National Security Agency has awarded General Dynamics C4 Systems a $7.6 million contract to develop the next generation of high-speed encryptors for the nation’s military and intelligence communities.
The KG-530 SONET OC-768C in-line encryptor will be the first to encrypt traffic at a full 40 gigabits/sec and will be based on the latest field-programmable gate array (FPGA) chips from Altera Corp.
“It is based on new hardware technology,” different from the 10- and 1-Gbps encryptors now being used by NSA and the Defense Department, said Mike Guzelian, General Dynamic’s vice president of secure voice and data products. The new technology is capable of 100-Gbps encryption, he said.
The KG-530 is scheduled to be fielded in 2011. There is now no schedule for developing a 100-Gbps encryptor, but Guzelian said that a best guess for that would be around 2013.
“They have a real need for higher speed,” he said of the military and intelligence agencies that would use the encryptors to secure very large data, image and video files classified up to top secret during transmission over synchronous optical networks (SONET). Currently they are aggregating racks of 10-Gbps encryptors, which creates delays and adds to network complexity.
General Dynamics also provides several current generations of NSA-certified high-speed encryptors for classified data. The 1-Gbps encryptor is similar to its Fast Ethernet encryptor. Its Fastlane Asynchronous Transfer Mode/SONET 10-Gbps encryptor (KG-75) is based on a different technology, using application-specific integrated circuit (ASIC). Although Fastlane is certified for SONET as well as ATM, its rated speed over SONET is 2.5 Gbps.
Using custom-designed ASICs for product development is “very expensive, with a long development schedule,” Guzelian said, because the integrated circuit chips have to be manufactured to meet the user’s needs. FPGA circuits can be configured by the customer and are not application specific like an ASIC.
“We have been working pretty closely with Altera, and got some of their first prototype silicon” to see if the new chips would be quick enough for high-speed encryption, Guzelian said.
General Dynamics began working on a prototype for the KG-530 in the summer of 2008 and got samples of Altera’s new Cyclone IV chips in February. The prototype was running by May.
“There’s a lot more than just the chips,” in designing a high speed encryptor, Guzelian said. Signal integrity at 40 Gbps “is not a trivial task. But we proved that it works, showed it to the NSA, and we won the 530 contract” in July. “At this point it’s a matter of turning the crank to do the development” on the final product.
The KG-530 will be designed to use the government’s AES encryption algorithm, but will be programmable to use other algorithms without changing out the hardware.
Guzelian said that inability to do in-line encryption at a full 40 Gbps has been a roadblock in fully implementing DOD and intelligence community plans for data security. The KG-530 will be available only to federal users and will not be commercially available, although Guzelian said a commercial version could be developed if there is a market for it. Few nongovernmental organizations have the need for protecting large amounts of data at those speeds with strong encryption, he said.
William Jackson is a Maryland-based freelance writer.