Enigmätron-C, High-Security Data Encryption Equipment

Description

Valiant’s Enigmätron-C is a high-security data encryption device that provides tunnel-less data encryption, including Ethernet frame encryption for Layer 2 networks, IP packet encryption for Layer 3 networks, and Layer 4 data payload encryption for IP and MPLS networks. The Enigmätron-C offers full-duplex encryption at speeds up to 12 MBits/s @ AES-256 algorithm.

Valiant’s Enigmätron-C is an easy-to-use encryption device with extremely advanced firewall features that may be installed to secure RTUs, SCADA Terminals, Smart Grid distribution systems. The Enigmätron-C may also be installed in centrally managed encryption networks consisting of multiple branch offices edge installations to secure installation such as Point-Of-Sale Terminals, ATM Networks.

Data Sheet Enigmatron-C

Power Point Presentation (PPS)

The Enigmätron-C also includes a 4 port integrated Ethernet switch which allows a connection of up to 4 Terminals, such as RTUs etc. thereby reducing the cost by avoiding the need to deploy additional Ethernet switches at the network edge.

Enigmätron-C

The Enigmätron-C uses Group Encryption technology to provide scalable encryption without tunnels while encryption is enabled and active. Tunnel-less encryption also allows networking and application monitoring and services such as QoS to operate transparently without modification.

Access to Enigmätron-C is password protected with advanced firewall capabilities that meet and exceed NERC as well as all mandatory requirements of Password Protection and Control as provided in the GR-815-CORE-2 specifications. Enigmätron-C can optionally be managed centrally from a RADIUS Server to provide enhanced levels of access security and central password management and control.

Features and Highlights

  • Interoperable with Valiant's Enigmätron-X
  • Encryption product family
  • Encrypted throughput up to 12 Mbps
  • Per-frame/packet authentication
  • Seamless scalability
  • Infrastructure neutral
  • Transparent to network and applications
  • Easy installation and management

Applications

  • Point-to-point and Point-to-Multi-Point Encryption links
  • Utilities – Oil & Gas production, pipelines, electric generation, transmission and distribution
  • Remote node on SCADA multi-drop networks
  • Law Enforcement
  • Retail – Stores, Point-of-Sale terminals, Credit Card machines
  • Financial institutions, corporate links, branch offices, ATM machines
  • VLAN – Supports multiple VLANs through an external IP network
  • Supports voice and video over public and/or private networks
  • For home use, hotels and secured applications over unsecured public transmission networks

Security

  • Public and Private Key management
  • GR-815-CORE-2 complaint Password Protection
  • SNMP V2 and SNMP V3
  • Radius Authentication options for un-matched security
  • Remote network monitoring
  • Firewall with Black-list and White-list options

Comprehensive Data Protection

  • IPsec site-to-site networks
  • MPLS meshed networks
  • Metro Ethernet and VPLS networks
  • Voice and video over IP applications

Performance

  • Encrypted throughput: 12 Mbps - bidirectional.
  • Encrypted latency: <4 ms* per hop
    *Measured with 512 byte packets with L3 encryption enabled. Latency may vary with packet size.

Encryption and Secure Communication Protocols

  • Encryption: 128-AES, 192-AES and 256-AES
  • IPSec (RFC 2401) for Layer 3 Encryption
  • Authentication (Message Integrity): HMAC-SHA-256-96 (FIPS 180-3, FIPS 198)
  • Signature generation and verification: RSASSA-PS, RSASSA-PKCS v1.5, X.509, DSA FIPS 186-2
  • Management session authentication: RSA, DSS
  • Security Key Exchange Manual, or Automatic, programmed interval key rotation
  • Group keying with SSL/TLS (bilateral authentication) based on certificates
  • X.509 Certificates
  • Certificate revocation: OCSP (RFC 2560), CRL (RFC 5280)

Firewall and Security:

  • Secure Boot
  • Firewall Security
  • Exclusion Policy -Access Control based on Black List,
  • Inclusion Policy - Access Control based in White List IP address based, MAC address based, IP Domain.
  • Password Protection with password strength monitor.
  • Resistance to Denial of Service Attack
  • Non-volatile Access Log with capability to "fingerprint" all successful and failed log-in attempts and keep a log of the IP and MAC addresses of all successful and failed logins / login attempts.
  • Alarm Generation in the event of 3 consecutive failed log-in attempts (wrong user name or Password).
  • Option to generate an E-Mail Alert for Event and Alarm
  • RADIUS Password Authentication
  • SSH (Secure Access Control) with encrypted Password Protection

Network Support:

  • Ethernet
  • VLAN tag preservation
  • MPLS tag preservation
  • IPv4
  • IPv6 (Layer 2 Ethernet encryption mode)
  • Secure NTP

Policy Selector Options:

  • Source or destination IP address
  • Source or destination port number
  • Protocol ID (L3 and L4 options)
  • VLAN ID (L2 option)

Device Management and Alarm Monitoring:

  • Command Line Interface - Telnet, SSH
  • SNMPv2 Alarm Monitoring
  • Alarm condition detection and reporting (traps and SNMP alarm table)
  • Syslog
  • Audit Log

Indicators:

  • System Status LED (Encryption On/ Off Status)
  • Power LED

Environmental:

  • Operational: Temperature -20C to +60C (-4F to 140F)
  • Humidity: Up to 95% R.H. (Non-condensing at 50C)
  • Cold start: temperature -10C
  • Maximum Operational Humidity: 95% R.H. (Non-condensing)

Regulatory:

  • Emissions: As per CISPR 22 / EN55022 Class A
  • CE and FCC: Part 15 Subpart A
  • Immunity: EN55024, En61000

Physical:

  • 19-Inch, Industrial Chassis and optional Small Form Factor (SFF) Chassis
  • Height x Depth x Width: 44 mm x 250 mm x 482 mm
  • Weight: 3 Kgs
  • Power: 1+0 and 1+1 Redundant Power Supply Options.
  • -100~240V AC, 50/60Hz; -48V DC; 110V DC
  • Power consumption: 9W at maximum load
  • MTBF: ≥ 280,000 hours with dual redundant power supplies

Interfaces:

  • Four 10/100 RJ45 locally switched network interfaces to the local (trusted) network
  • One 10/100/1000 RJ45 network interface to the remote (untrusted) network
  • Integrated four-port Ethernet switch
  • Auto MDI/X (straight or crossover Ethernet cable correction)
  • USB serial port for local access and configuration.