The Wang Trusted Interface Unit (TIU) is a high-performance 802.3/Ethernet local
area network (LAN) data encryption product. It is capable of encrypting DTE device
data frames sizes up to 1518 bytes in length. The TIU's throughput is dependent on
size of the data frames. For large frames sizes, the throughput can exceed 1 million
bits per second.
The TIU complies with NSA COMSEC Type I product requirements for:
Note: Only organizations with active NSA COMSEC1 accounts can purchase, handle, and use the Wang TIU and its keying material.
(1) COMSEC is an acronym established by the U.S. National Security Agency (NSA) for "Communications Security", as defined under the NSA's Commercial COMSEC Endorsement Program.
The TIU enables you to attach RED DTE devices to a BLACK local area network or a wide area
network. In this configuration, the TIU converts outbound plain text into encrypted data.
It also converts encrypted data into inbound plain text. RED DTE and BLACK DTE devices can
share use of the same BLACK network. The TIU can serve individual, clustered, or networked
minicomputers, engineering workstations, personal computers, and other Ethernet-/802.3-compatible
DTE devices. Local and remote devices served by TIUs can be in the same building, in different
towns, or in different countries.
As a Type 1 cryptographic device, the TIU supports
Security Administration Control
As a cryptographic device requiring secure network administration methods prescribed by the U.S. Government, the TIU supports:
Industry Standard Protocols
As a device that employs industry-standard network protocols and physical-layer connectivity, the TIU supports the following protocols:
The TIU operates primarily in the data link and physical layers of an 802.3 or Ethernet LAN.
Under user configuration control, the TIU can also operate in IP network layer mode. With this
design, TIU operation is transparent to locally attached Wang and non-Wang DTE devices and
LAN/WAN routers running IP at the network layer.
The RED device side of a TIU can accommodate one (standalone), several (clustered), or many (LAN-based) user devices. The BLACK network side of a TIU can accommodate an Ethernet-compliant transceiver, or an 802.3-compliant Medium Attachment Unit (MAU).
Note that the transceiver or MAU on the BLACK network side of a TIU can be part of a cable plant
or integrated within the design of some other suitable connectivity device such as a multi-port
repeater. Note also that host devices running a multilevel secure operating system and equipped
with multiple Ethernet/802.3 communications ports can have some ports with, and some without a locally
attached TIU. The greater the number of DTE devices communicating through a TIU, the lower the cost
per DTE device connection. You can decide on a TIU configuration that helps your organization to
achieve specific goals for data security, system performances, and budget.
Ease of Use
The front panel of the TIU provides an uncomplicated interface that includes the following features:
SmartKeys and SmartLocks
For proper operation, each TIU requires Key Fill Devices (KFDs), that is, cryptographic SmartKeys. The SmartKey is a data storage device, packaged in a shape similar to an automobile key. The user inserts a SmartKey into its corresponding SmartLock receptacle, which, in turn, can read the stored contents of the SmartKey. SmartKeys enable the user to:
On-Site Keyfill Requirements
To load BLACK Key Fill Devices at your network site, you can use the Wang Key Manager Loader System (KMLS). The KMLS is not included with the TIU. You can purchase KMLS software and hardware components through your local Wang sales representative.
The TIU is flexible in regard to the identity of the red hosts that the TIU protects. It can be configured in one of two ways: static or dynamic. When statically configured, the addresses of the red hosts are entered manually using the Smart Keys. LAN traffic originating from theses hosts is encrypted and forwarded to the appropriate destination TIU. Traffic originating from any other source is blocked. In dynamic mode, the TIU "learns" the identity of its red host DTEs.
Static mode is suitable when access to the TIU is to be restricted to a selected group of DTEs. Dynamic mode is suitable when all connected red DTEs are to have access to the encryption services of the TIU.
The TIU provides the following internal diagnostic test capabilities:
The Wang TIU provides the following additional design features:
Refer to the "Specifications" section for more detailed information on these features of the TIU.
You can order standard non-TEMPEST AUI cables, fiber optic cables, and blank unclassified SmartKeys for the TIU through your local Wang sales representative. Table 1 describes 16 kilobit (kb) or 64 kb SmartKey packages.
Each TIU requires a minimum of one 16 kb and two 64 kb Black Key Fill Device (BKFD) SmartKeys to place it into operation. Additional 64 kb BKFDs will be required for TIUs that are installed in large networks of 50 or more nodes. Wang Laboratories, Inc., recommends that you maintain at least one backup set of SmartKeys for each TIU.
Wang offers a Maintenance Plan M, which is a mail-in maintenance program that covers all repair material and labor costs for the TIU. You pay a fixed monthly contract fee that covers an unlimited number of return-for-repair incidents for a single TIU. The exception is for TIU battery replacement for which there is a fee. For any TIU not covered by Maintenance Plan M, you pay a flat fee for each return-for-repair incident. The fee covers all repair material and labor costs.
Performance The Wang TIU provides a data throughput of up to 1 MBPS in a normal network environment. The Wang TIU is capable of encrypting DTE device data frame sizes up a maximum of 1518 bytes in length. Large host DTE frames will be fragmented by the encrypting TIU and will be reassembled by the decrypting TIU. This has virtually no impact on throughput performance.
SmartKey Procurement Address inquiries relating to the procurement of Key Fill Devices for the Wang TIU to your Wang Account Representative. Cabling Requirements Attachment interface unit TIU (model YET-TIU1-T) requires two standard IEEE 802.3 (AUI) or Ethernet transceiver cables, each of which can be up to 50 meters (164 ft) long. The cables you purchase for the TIU should satisfy all TEMPEST mandates followed by your organization. TEMPEST-qualified cables are available from a variety of communications cable vendors. Fiber optic TIU (model YET-TIU-RF-BF) requires two standard IEEE 802.3 FOIRL-compliant dual fiber optic cables, each of which can be up to 1 kilometer (3280 ft) long.
Standard Warranty Applies
Ethernet is a registered trademark of the Xerox Corporation. SmartKey and SmartLock are registered trademarks of Ultron Laboratories, Inc.
Wang Federal, Inc.
7900 WESTPARK DRIVE
MCLEAN, VIRGINIA 22102-4299
TEL (800) 356-4038
Wang Federal, Inc., reserves the right to change specifications without prior notice. Copyright 1995 Wang Federal, Inc.