Nordcoder (Photo courtesy KDC)
The CAUTOR cryptosystem is deployed at the Ministry of Foreign Affairs in Norway.
It consists of two main elements - the actual communication system found at all embassies and in the communication room of the Ministry of Foreign Affairs. This consists of the following subcomponents:
• The NORDCODER. The encryption device handling encryption and decryption of all messages.
• The Red PC which handles all plaintext.
• The Black PC which is responsible for the communication between the Ministry of Foreign Affairs and the Embassies and Consulates.
CAUTOR SYSTEM OVERRVIEW
The Nordcoder is the special purpose encryption device developed specifically for the CAUTOR system. It encrypts all traffic leaving the Embassy or the Ministry of Foreign Affairs. Likewise, the Nordcoder decrypts all traffic entering the Embassy or the Ministry of Foreign Affairs. The Nordcoder forms the barrier between the secure (Red) side of the system, handling classified information and black side of the system handling only encrypted information. The encryption algorithm used is the NATO approved EINRIDE or the AES algorithm.
The Nordcoder is mainly controlled from the Red PC. The only control functions found on the encryption device are Power Control and Key and S mart Card Erase. Unencrypted (Red) keys are loaded directly into Nordcoder. The Nordcoder is connected to the Red and the Black PCs by means of standard fiber optic cable. The Red PC handles all classified (Red) information. Extensive logging is built into the system. Incoming and outgoing traffic are logged in the traffic logs. All security relevant incidents are logged in the event log.
Three different categories of users are defined:
• The Administrator with all rights
• The Crypto Custodian who can load new key material
• The User who can only send and receive messages and observes the logs.
Plain text may be entered directly into E-mail like application or in an attachment. Attached files can be of any type, which the PC is equipped to handle. Specifically the system contains an interface to a standard scanner and printer and can thus be used as a replacement for secure fax. The Red PC application contains software that performs loss-less compression of the messages before encryption, thus saving transmission time.
The Black PC handles the encrypted information. Again, extensive logging is built into the system. Incoming and outgoing encrypted traffic is logged in the traffic logs and all relevant incidents are logged in the event log.
The Black PC application is equipped with an interface towards various E-mail systems. CAUTOR messages are then sent automatically from an Embassy to the Ministry of Foreign Affairs or visa versa. As an alternative, any encrypted CAUTOR message can be stored in a specific catalog on the Black PC for later transmission and/or adaption to to selected communication carrier. Visa versa, the Black application automatically picks up any incoming CAUTOR message from another specified catalog.
To produce the necessary key material CAUTOR is making use of the following equipment:
* The master key production system is an isolated standalone PC- based system producing the plaintext master keys needed in the CAUTOR system. These keys are distributed on smart cards.
* The traffic key production system is an on-line PC-based system producing and distributing encrypted traffic keys.
Kongsberg Defence Communications AS is located in Billingstad, Norway.
1) "Bjarne Carlsen" <bca(at)fakse-ldp.dk>
2) Source: Lars Moldal, Ericsson/Kongsberg Defence Communications AS