Rohde&Schwarz SIT Germany
Dirk Kretzschmar
Executive Vice president Sales and R&D Crypto Systems
AFCEA Meeting Lisbon, September 12th 2013
Cyber Defense with
effective Crypto Solutions
Selected areas of vulnerability by Cyber Attacks
AFCEA Meeting Lisbon Sep 12th, 2013
Company
HQ
network
Company
Subsidiary
network
Business
Partner
network
Public
Network,
Leased Lines,
Internet
Network Transport
Cloud
Services
Data
Storage
Company
Access
In- out traffic
Mobile Voice
Communication
Selected areas of vulnerability by Cyber Attacks
AFCEA Meeting Lisbon Sep 12th, 2013
Company
HQ
network
Company
Subsidiary
network
Business
Partner
network
Public
Network,
Leased Lines,
Internet
Cloud
Services
Company
Access
In- out traffic
Imagine we had this….
X-Ray Safety
AFCEA Meeting Lisbon Sep 12th, 2013
Next Generation Firewall – Thread Prevention
AFCEA Meeting Lisbon Sep 12th, 2013
Next Generation Firewall – App/Protocol selection
X X
X
X
X X
X
X
X
AFCEA Meeting Lisbon Sep 12th, 2013
Application Detection
Protocol Validation
Protocol Decoding Webfilter
Intrusion Prevention
Malware Protection
Stateful Inspection
R&S SITGate Single Pass Engine
VPN
SSL
AFCEA Meeting Lisbon Sep 12th, 2013
Secure access to Internet and cloud services
R&S®SITGate ı Efficient and comprehensive monitoring of cloud-based applications,
e. g. Facebook, Dropbox and Amazon Web services
ı Integrated malware protection and web filtering
ı Straightforward integration of security policies in existing infrastructures
ı VPN encryption for secure site-to-site communications
AFCEA Meeting Lisbon Sep 12th, 2013
Selected areas of vulnerability by Cyber Attacks
AFCEA Meeting Lisbon Sep 12th, 2013
Company
HQ
network
Company
Subsidiary
network
Business
Partner
network
Public
Network,
Leased Lines,
Internet
Network Transport
Flat network structure reduces
operational expenditures ı Ethernet Service ‘extends’ local area network to remote locations (L2 VPN)
ı No dedicated IP subnet configuration required
ı Change carrier without
reconfiguration of IP settings
Carrier Ethernet
Server
AFCEA Meeting Lisbon Sep 12th, 2013
23.09.2013 R&S SITLine ETH Ethernet Encryptor 11
Fiber connections between and within sites
• VoIP, VCF, database queries
Data center interconnection
• Carrier/Metro Ethernet 1 GbE/10 GbE
Radio relay and satellite links
• Radio relay/ microwave transmission, satellite hops
Rail control networks
• Barriers, interlockings, signals switches
Bank CCTV networks
• Video surveillance, access control
Ethernet encryption secures hardwired and wireless
environments
Confidentiality Integrity
Significant savings in 80% of network traffic
AFCEA Meeting Lisbon Sep 12th, 2013
Secure data transmission via landline,
radio relay and satellite links
R&S®SITLine ETH
ı Ethernet encryptor family from 25 Mbit/s to 1 Gbit/s
ı Q1/2014 10 Gbit/s, 4x10 Gbit/s and Q2 40 Gbit/s
ı Advanced cryptographic methods and standards
(elliptic curves, AES, X.509)
ı Tamper protection and true random numbers
ı EANTC approved
ı BSI-certified for
German Restricted
NATO Restricted
AFCEA Meeting Lisbon Sep 12th, 2013
Selected areas of vulnerability by Cyber Attacks
AFCEA Meeting Lisbon Sep 12th, 2013
Company
HQ
network
Company
Subsidiary
network
Business
Partner
network
Public
Network,
Leased Lines,
Internet
Mobile Voice
Communication
Smartphones can be hacked easily
because of their huge amount of interfaces
Point of attack
Source: Dr. Jens Heider, Rachid El
Khayari (Fraunhofer-Institut SIT)
Communication services
Browser
Baseband processor
Multimedia player
Operation system
3rd party Apps
User
Remote
Wireless interface
Smart card
SIM card
Hardware interface
Memory
Firmware
USB
Logical Physical
The possible attacks of voice communication
are endless Overview of mobile VoIP communication attack points
on mobile device
IP / Internet
on WLAN router
on VoIP server
over the air
in the internet
Tapping of mobile VoIP communication is very easy and affordable.
on base station
The user want …
… not to worry about espionage
… to use their own
Smartphones
… to forget about
unsecure platforms
… to change their Smartphones
as often as they want
Then the users should use TopSec Mobile for
high flexibility & easy handling
TopSec Phone
app
TopSec Mobile
The secure voice encryption consists of:
l Optional: R&S®VoIP-SERVER S110
l Optional: TopSec Admin
Smartphones & Laptops (customers iPhones, Androids, Windows 7;
Blackberry & Windows Phone apps on request)
Maximum security through hardware encryption
l Encryption & decryption in the TopSec Mobile (end to end encryption)
l Encryption NOT in the operating system of the Smartphone
l Only encrypted data will pass the Smartphone
l Malware in the smartphone will tap only useless encrypted calls
IP network
incl. VoIP server
TopSec
Mobile
TopSec
Phone app
Encrypted voice
TopSec
Mobile
TopSec
Phone app
AFCEA Meeting Lisbon Sep 12th, 2013