KEYMILE security solution raises the bar in simultaneous delivery of ultimate data encryption and system security while guaranteeing strict critical communication high-availability and precise timing needs.

KEYMILE, the leading solution provider in mission critical communication, launches the new encryption card SECU1 for its XMC20 multi-service access and transmission platform. The solution is unique in providing highly secure end-to-end encryption in mission-critical networks, while still maintaining the very high level of data availability required for such infrastructures. State-of-the-art encryption is based on keys generated by a hardware-based quantum random number generator for the highest level of assurance.

KEYMILE’s new solution is targeted at mission-critical networks belonging to energy utilities, gas and oil pipelines, railway companies and authorities such as police, air traffic control and defence. The encryption technology used in the process plays a pivotal role in guaranteeing security. The encryption keys themselves are generated by a quantum random number generator (QRNG), which harnesses the intrinsically random quantum states of photons, to ensure that they are truly random and unique.

The QNRGs are provided by the Swiss company, ID Quantique (IDQ), and they have been tested and certified by multiple independent laboratories according to the most demanding global standards. In addition, a Quantum Key Distribution (QKD) server from ID Quantique can be added to the encryption card. In this quantum-enhanced solution, key exchange is executed via the QKD server which is connected via dark fibres. As a result, man-in-the-middle attacks are no longer possible. The mere attempt at reading the key will change the polarisation condition of the photons and the attack will be revealed.

KEYMILE’s XMC20 hybrid, multi-service access and transmission platform allows companies and authorities to operate SDH / PDH-based and packet-based networks securely in one network node. The XMC20 platform stands out thanks to its fanless operation and it is also ideal in tough ambient conditions.

In combination with the new solution it offers reliable encryption which does not impact the superior availability of mission-critical networks. Central and de-centralised key generation provides trustworthy and shielded distribution of keys. There is no single point of failure and all nodes can communicate securely with one another. This KEYMILE Permanent Encryption approach prevents network islands from forming.

The KEYMILE solution encrypts data end-to-end in packet-based MPLS-TP transmission networks. All the network traffic is natively encrypted in the card at layer two. Therefore, it offers significant benefits over IPsec’s layer three encryption. The KEYMILE encryption solution does not generate overhead or expand the packet size, and therefore it does not cause any reduction in the throughput.

Latency is less than one microsecond instead of milliseconds or even seconds. Due to the low impact on network performance, the solution meets one of the most important demands on mission-critical systems, the data availability.

In order to provide excellent security, the data is encrypted using state-of-the-art AES algorithm. The session keys are replaced every 60s. The encryption card uses programmable FPGAs and therefore achieves maximum flexibility during operation. It enables better customisation and has been enhanced for high-speed encryption with data throughput of up to 10Gbps. The solution can easily adapt to any changes in the future and is therefore also a secure investment in the long term.

Operators of mission-critical networks can integrate the card easily and cost-efficiently into their networks. It is inserted into a free slot on a subrack and connected with the central board. No reorganisation of the network or changes to other pieces of terminal equipment are required. As a board the card is designed to be redundant. Each card has two independent encryption unit, including the power supply and hardware-based quantum random number generator. In addition, the card is tamper-protected.

KEYMILE has implemented a security concept for the encryption card which can be examined at any time and which meets high-level requirements on integrity, confidentiality, and authentication of the data. The cards are developed by security-screened personnel in Germany and Switzerland and produced in Germany. Therefore KEYMILE can supply a backdoor-free solution, or in other words one with no concealed access options. KEYMILE allows the source code to be examined upon request. Furthermore, the company is itself currently being certified to the ISO 27001 standard.

The new security encryption card will be available in Q3. KEYMILE will present it for the first time at infosecurity EUROPE in London from 7-9 June at booth N80.