fox skytale brochure download
TRANSCRIPT
SkyTale is a family of IP network cryptos equipped with a unique mode of
network encapsulation, custom created in close cooperation with the armed
forces of the Netherlands, and tried and tested over several years. Although
initially developed for use in vehicles and specially geared towards aerial
networks, it has now been adapted in order to be used in configurations ranging
from server rooms to soldier uniforms.
SkyTale provides confidentiality, integrity and availability for mobile networks,
from the highest Information Assurance level to the lowest.
SkyTaleHigh Security for the Tactical Domain
Payload Encryption and SkyTale
The cryptographic network encapsulation solution
– Payload Encryption, or PLE for short – that was born
from this concept, and is implemented in all SkyTale family
members, addresses the following challenges:
Unstable links
Aerial networks are naturally unstable. They fade with
distance, suffer from earth- intrinsic physical oddities, skip
distances, atmospheric conditions, weather, and natural
and man-made objects in the line of sight.
Low and fluctuating bandwidths
Network-tunneling mechanisms that supply both
confidentiality and authentication typically encounter
non-trivial hurdles in the areas of reliability, overhead
and replay-detection when dealing with the low and
fluctuating bandwidths that are the result of unstable
links. Payload Encryption addresses these challenges
head-on, resulting in significantly decreased instability
of your secure connection.
Using a single addressing scheme
When using NAT in cryptographically protected networks,
or in mobile ad-hoc networks, it is very difficult to main-
tain red/black mapping of addresses. In multicast, without
falling back on the (inefficient) star-network topology
and without duplicating all packets, it is almost impos-
sible. PLE is a form of bump-in-the-wire transport-mode
and therefore does not interfere with the addressing
scheme underlying your network. Your packets will arrive
as intended.
Usable in unilaterally separated networks
Because Payload Encryption does not require a security
association, and can be configured with pre-shared keys,
it can be used through one-way separations between
different classified networks (data diodes).
Supporting QoS and multicast
Networks suffering from such low and fluctuating band-
widths will benefit from a well thought-out quality-of-
service scheme that is supported throughout the network.
Also, in certain areas of applications (VoIP, position-data)
using multicast can significantly ease the burden of
carrying packets on a network. It is therefore important that
our solution supports both mechanisms transparently,
allowing red hosts to alert black routers about pertinent
occurrences in the traffic. Payload Encryption, allows you
to fine-tune precisely and effectively which aspects of
your packet should be declassified in order to achieve this.
IPv6 support
With more and more networks and network-equipment
moving on from IPv4 and given its superior support for
flexible addressing and roaming, it is obvious that the
SkyTale family supports IPv6 out of the box.
Mission approved
A Payload Encryptor is envisioned for usage in everything
from infrastructure to military vehicles and dismounted
soldiers, carrying network information from strategic
to tactical. Each family member certified to its own,
appropriate, security level.
In 2008, the Dutch armed forces initiated an experiment to address
the following challenge: to build a durable global communications system
to be mounted inside vehicles that can carry both voice and data, with
acceptable bandwidths and latencies. A system that is capable of using
all available means of communication at a given site, capable of roaming
without disconnections and is appropriately secure.
Productsis a Payload Encryptor/Ad-hoc Router combination for
vehicles. It has a rugged casing design, mil-std-38999
connectors, is water- and dustproof, EMC-safe, and is
resistant to vibrations of military vehicles according to
mil-std-810. It will stand temperatures according to STANAG
2895 and has an input range of 10-36 Volt DC (mil-std 1275).
The Ad-hoc Router connects to WLAN-AP and -AH, wired and
mobile networks and has provisions for sitcom modems over
RJ45, serial and USB. It can be managed from the trusted side
through the crypto.
is a Payload Encryptor/IPsec tunnel-mode hybrid for high
IA levels (Secret and above) with a sturdy design. Primarily
intended for server-room, shelter- and command-vehicle
use, it has been more or less designed to the same environ-
mental specifications as SkyTale/DCV, but its looks are more
‘civilian’: two of them fit neatly side-by-side in a 1U slot of
a 19 ̓ ̓ rack and it uses regular copper and fiber inter faces.
It has a keypad and a screen for authentication, configuration
and status output.
is a software package, compatible with the broader family
of SkyTale offerings. Using SkyTale/SRM on telephones or
tablets, for example, allows for field operatives to securely
communicate with deployed vehicles (equipped with
SkyTale/DCV for example), using apps of their choosing.
Using it on a laptop means that you can connect to the
broader network from your hotel room. This software
package works independently in the background, over
your network connections transparently and turning your
end-point solution into a crypto.
SkyTale/DCV
SkyTale/DSS
SkyTale/SRM
110-013-EN
fox-it
• Was founded in 1999.
• Established one of the first Cyber Security
Operations Centers in Europe.
• Is Europe’s largest specialized cyber security
company.
• Operates in three business areas:
1 Cyber Threat Management: a solution portfolio
aimed at reducing the risks of cyber threats,
and includes: professional services, managed
security services, and technology;
2 Web and Mobile event analytics: a solution
portfolio that is aimed at reducing financial
risks in (online) payment transactions;
3 High Assurance: solutions that make trusted
communication possible to the highest
classification levels.
• Has been involved in many high-profile Incident
Response cases. Most of the cases we worked on
are secret. An approved selection can be shared
upon request.
SkyTale Feature List
• IPv4 / IPv6 support.
• Stateless, group-keyed Payload Encryption.
• Multicast support.
• NAPT support.
• SNMP and TFTP (custom) based management.
• AES-256 / SHA256 algorithms.
Depending on platform:
• Dutch national, EU, NATO algorithms.
• High throughput.
• IP56 (water & dust-proof).
• Mil-Std-810 (vibration), 1275 (input, filter), 38999 (connectors).
• STANAG 2895 (temperature).
• SDIP27 (TEMPEST).
fox-it
Olof Palmestraat 6, Delft
PO box 638, 2600 AP Delft
The Netherlands
T +31 (0) 15 284 79 99
F +31 (0) 15 284 79 90
www.fox-it.com