Escolar Documentos
Profissional Documentos
Cultura Documentos
Advanced Overview
TRANSEC Operation
Encryption Channels
Acquisition Ciphertext Channel (ACC)
Only used during Acquisition and Authentication
Based on ACC key using AES 256 CBC symmetric encryption
Key is initially distributed to the remote manually then updated
over the air in operation
Key is rolled every 28 days by default. Key is stored if the power
is turned off. Remote must manually rekey if it is out of network
for two keyrolls.
Operational Encryption
Wall of Data
Hub System
XLM
XXLMXXLLMLX LLVLMXX
VMXXMM
XXXMVLL
KR
IV
VMXXMM
XXXMVLL
KR
IV
TOS
00110101101001 SADA
LLVLMXX
XLM
XXLMXXLLMLX
ACCkey
ACCkey
IPencryptor
DCCkey
DCCkey
IPencryptor
Evolution e8000
Series Remotes
$%^#$#%@^&&#
SADA
TOS
SADA
TOS
$%^#$#%@^&&#
Demand
Header DID
WAN
DCCkey
ProtocolProcessor
TRANSEC Hub
Evolution e8000
Series Remotes
IPencryptor
Wall of Data
Hub System
XLM
XXLMXXLLMLX LLVLMXX
VMXXMM
XXXMVLL
KR
IV
VMXXMM
XXXMVLL
KR
IV
TOS
00110101101001 SADA
LLVLMXX
XLM
XXLMXXLLMLX
X.509Certificate
IPencryptor
DID #456789
Public Key
DCCkey
Signature
$%^#$#%@^&&#
SADA
TOS
SADA
TOS
$%^#$#%@^&&#
ACCkey
Demand
Header DID
WAN
ProtocolProcessor
TRANSEC Hub
Strong
Authentication
ACCkey
DCCkey
IPencryptor
Evolution e8000
Series Remotes
VMXXMM
XXXMVLL
X.509Certificate
ACCkey
DID #456789
Public Key
DCCkey
Signature
ACCkey
DCCkey
Evolution e8000
Series Remotes
ACCkey
DCCkey
ACCkey
X.509 Certificate
DID #123456
Public Key
ACCkey
DCCkey
Signature
DCCkey
ProtocolProcessor
TRANSEC Hub
Evolution e8000
Series Remotes
ACQ Obfuscation
Key Rolls
Changing encryption keys
Peer 1
periodically helps prevent
attackers from deriving keys
from captured data
(cryptanalysis)
iDirect TRANSEC makes
rolling period configurable
ACC key must be manually
distributed the first time or if
a remote is out of network
for 2 ACC keyrolls
THANK YOU