The Wang Trusted Interface Unit (TIU) is a high-performance 802.3/Ethernet local area network (LAN) data encryption product. It is capable of encrypting DTE device data frames sizes up to 1518 bytes in length. The TIU's throughput is dependent on size of the data frames. For large frames sizes, the throughput can exceed 1 million bits per second.

The TIU complies with NSA COMSEC Type I product requirements for:

• - INFOSEC protection
• - Encryption/decryption
• - Message integrity
• - TEMPEST protection
• - Tamper-resistant design

Features

• - NSA Type 1 Endorsed
• - Secure communication between classified (RED) Data Terminal Equipment (DTE) devices across unclassified (BLACK) local area networks and wide area networks
• - Security administration control
• - Industry standard protocols: Ethernet Type 1 and Type 2
  IEEE 802.3 AUI
  10BASE-FL (FOIRL)
  
• - Configuration flexibility
• - Ease of use
• - Comprehensive diagnostics
• - NASCIM 5100A Compliant

Note: Only organizations with active NSA COMSEC1 accounts can purchase, handle, and use the Wang TIU and its keying material.

(1) COMSEC is an acronym established by the U.S. National Security Agency (NSA) for "Communications Security", as defined under the NSA's Commercial COMSEC Endorsement Program.

The TIU enables you to attach RED DTE devices to a BLACK local area network or a wide area network. In this configuration, the TIU converts outbound plain text into encrypted data. It also converts encrypted data into inbound plain text. RED DTE and BLACK DTE devices can share use of the same BLACK network. The TIU can serve individual, clustered, or networked minicomputers, engineering workstations, personal computers, and other Ethernet-/802.3-compatible DTE devices. Local and remote devices served by TIUs can be in the same building, in different towns, or in different countries.

Secure Communications
As a Type 1 cryptographic device, the TIU supports

• - Encryption/decryption of TOP SECRET/SCI (or lower) plain text
• - Multiple independent work groups at the same security level
• - 802.2 LLC multicast and broadcast messaging among DTE devices at the same security level

Security Administration Control
As a cryptographic device requiring secure network administration methods prescribed by the U.S. Government, the TIU supports:

• - Installation and initialization under the supervision of a COMSEC-qualified network administrator.
• - Key material distribution and TIU access control by means of loadable SmartKeys®.(More information follows in the section entitled "SmartKeys and SmartLocks®.")

Industry Standard Protocols
As a device that employs industry-standard network protocols and physical-layer connectivity, the TIU supports the following protocols:

• Physical Interface Protocols IEEE 802.3 - Compliant with the Attachment Unit Interface (AUI) specification.
  Optionally complies with IEEE 802.3 10BASE-FL (FOIRL) specification.
  Ethernet Versions 1.0 or 2.0 - Compatible at the transceiver cable interface.
  
• Network Layer Protocol Internet Protocol (IP) - Compatible with the U.S. Department of Defense MIL-STD-1777 specification.
  

The TIU operates primarily in the data link and physical layers of an 802.3 or Ethernet LAN. Under user configuration control, the TIU can also operate in IP network layer mode. With this design, TIU operation is transparent to locally attached Wang and non-Wang DTE devices and LAN/WAN routers running IP at the network layer.

Configuration Flexibility
The RED device side of a TIU can accommodate one (standalone), several (clustered), or many (LAN-based) user devices. The BLACK network side of a TIU can accommodate an Ethernet-compliant transceiver, or an 802.3-compliant Medium Attachment Unit (MAU).

Note that the transceiver or MAU on the BLACK network side of a TIU can be part of a cable plant or integrated within the design of some other suitable connectivity device such as a multi-port repeater. Note also that host devices running a multilevel secure operating system and equipped with multiple Ethernet/802.3 communications ports can have some ports with, and some without a locally attached TIU. The greater the number of DTE devices communicating through a TIU, the lower the cost per DTE device connection. You can decide on a TIU configuration that helps your organization to achieve specific goals for data security, system performances, and budget.

Ease of Use
The front panel of the TIU provides an uncomplicated interface that includes the following features:

• Light-Emitting Diodes (LEDs) -Indicate TIU alarm, bypass, and SmartKey status.
• SmartLocks - Serve as receptacles for SmartKeys.
• Liquid Crystal Display (LCD) - Conveys alphanumeric and clear English messages to the user.
• Pushbutton keys - Allow the user to activate specific TIU functions and manually enter alphanumeric information.
• Visual and aural alarms - Activate upon any cryptographic failure.
• TIU Rear Panel - The rear panel provides either AUI or fiber optic ports. With the AUI option, one connector, (red side), complies with requirements for Ethernet/802.3 Physical Medium Attachment (PMA). The other AUI connector, (black side), complies with requirements for Ethernet/802.3 Physical Layer Signaling (PLS). With the fiber optic option, each TIU interface includes transmit and receive connections using standard ST fiber optic connectors. In addition, there are five LEDs that indicate link, transmit, receive, jabber, and collision status. A tamper-resistant lock on the rear panel helps to prevent unauthorized access to LAN and ac power cable connections.

SmartKeys and SmartLocks
For proper operation, each TIU requires Key Fill Devices (KFDs), that is, cryptographic SmartKeys. The SmartKey is a data storage device, packaged in a shape similar to an automobile key. The user inserts a SmartKey into its corresponding SmartLock receptacle, which, in turn, can read the stored contents of the SmartKey. SmartKeys enable the user to:

• - Control TIU operating modes (for example, Lock/Unlock)
• - Access TIU cryptographic functions
• - Load new network configuration data and encryption/decryption keys into the TIU
• - Extract TIU diagnostic/maintenance information

On-Site Keyfill Requirements
To load BLACK Key Fill Devices at your network site, you can use the Wang Key Manager Loader System (KMLS). The KMLS is not included with the TIU. You can purchase KMLS software and hardware components through your local Wang sales representative.

Dynamic Learning
The TIU is flexible in regard to the identity of the red hosts that the TIU protects. It can be configured in one of two ways: static or dynamic. When statically configured, the addresses of the red hosts are entered manually using the Smart Keys. LAN traffic originating from theses hosts is encrypted and forwarded to the appropriate destination TIU. Traffic originating from any other source is blocked. In dynamic mode, the TIU "learns" the identity of its red host DTEs.
Static mode is suitable when access to the TIU is to be restricted to a selected group of DTEs. Dynamic mode is suitable when all connected red DTEs are to have access to the encryption services of the TIU.

Comprehensive Diagnostics
The TIU provides the following internal diagnostic test capabilities:

• Automatic tests
  • - Initial power-up diagnostics (cold start)
    
  • - Pre-operational diagnostics (warm start)
    
• Optional test
  • - Inquiries/requests (for reading TIU internal hardware setup parameters, such as a cable address or a firmware version)
    
  • - Loopback diagnostics (for local- and remote-loopback testing of TIU and network operational integrity)
    
  • - Diagnostic dumps (for analysis of various TIU internal conditions)
    

Additional Features
The Wang TIU provides the following additional design features:

• - An internal backup battery for TIU data protection during power failures
• - An internal, regulated dc supply that provides
• - Automatic ac source-voltage sensing
  
• - Brownout protection
  
• - Low power consumption
  
• - A compact and lightweight physical design

Refer to the "Specifications" section for more detailed information on these features of the TIU.

Accessories
You can order standard non-TEMPEST AUI cables, fiber optic cables, and blank unclassified SmartKeys for the TIU through your local Wang sales representative. Table 1 describes 16 kilobit (kb) or 64 kb SmartKey packages.

Each TIU requires a minimum of one 16 kb and two 64 kb Black Key Fill Device (BKFD) SmartKeys to place it into operation. Additional 64 kb BKFDs will be required for TIUs that are installed in large networks of 50 or more nodes. Wang Laboratories, Inc., recommends that you maintain at least one backup set of SmartKeys for each TIU.

Maintenance
Wang offers a Maintenance Plan M, which is a mail-in maintenance program that covers all repair material and labor costs for the TIU. You pay a fixed monthly contract fee that covers an unlimited number of return-for-repair incidents for a single TIU. The exception is for TIU battery replacement for which there is a fee. For any TIU not covered by Maintenance Plan M, you pay a flat fee for each return-for-repair incident. The fee covers all repair material and labor costs.

Specifications

• Model Numbers
  • YET-TIU1-T Trusted Interface Unit (AUI)
  • YET-TIU-RF-BF Trusted Interface Unit (FO)

• Operating Environment Temperature Range
  • 50 to 90 F (10 to 32.2 C) Relative Humidity
    
  • 20 to 80%, noncondensing Physical Characteristics
    
  • Width: 10.75 in (27.31 cm)
  • Depth 14.25 in (36.20 cm)
  • Height 4.00 in (10.16 cm)
  • Weight 10 lb (4.6 kg), approximately
  • Color Gray

• Power Supply
  • AC Input Automatic sensing of source voltages from 90 to 264 V rms, line frequencies from 47 to 400 Hz
  • Surge Rating 264 V rms
  • Brownout Protection The supply shuts off at ac inputs below 90 V rms and restarts when the source voltage reaches 90 V rms

• Agency Approvals
  • UL478; CSA C22.2, No. 154-M1983;
  • CSA bulletin 1402C; and VDE 0806

• Internal Backup Battery Type: Nickel-Cadmium (NiCad), self-charging Backup Protection Interval: More than 60 minutes

• Power Consumption Less than 64 watts

• Heat Dissipation Less than 218 BTU/Hr

• TEMPEST Approval NACSIM 5100A Compliant

• Data Format Complies with IEEE 802.3 and Ethernet Version 1.0 and 2.0 specifications

• Operating Modes
  • The TIU can operate in the following modes:
  • Link-layer encryption
  • Network-layer encryption
  • Cryptographic bypass

  Performance The Wang TIU provides a data throughput of up to 1 MBPS in a normal network environment. The Wang TIU is capable of encrypting DTE device data frame sizes up a maximum of 1518 bytes in length. Large host DTE frames will be fragmented by the encrypting TIU and will be reassembled by the decrypting TIU. This has virtually no impact on throughput performance.

  SmartKey Procurement Address inquiries relating to the procurement of Key Fill Devices for the Wang TIU to your Wang Account Representative. Cabling Requirements Attachment interface unit TIU (model YET-TIU1-T) requires two standard IEEE 802.3 (AUI) or Ethernet transceiver cables, each of which can be up to 50 meters (164 ft) long. The cables you purchase for the TIU should satisfy all TEMPEST mandates followed by your organization. TEMPEST-qualified cables are available from a variety of communications cable vendors. Fiber optic TIU (model YET-TIU-RF-BF) requires two standard IEEE 802.3 FOIRL-compliant dual fiber optic cables, each of which can be up to 1 kilometer (3280 ft) long.

  Standard Warranty Applies

  Ethernet is a registered trademark of the Xerox Corporation. SmartKey and SmartLock are registered trademarks of Ultron Laboratories, Inc.

  Wang Federal, Inc.
  7900 WESTPARK DRIVE
  MCLEAN, VIRGINIA 22102-4299
  TEL (800) 356-4038
  Wang Federal, Inc., reserves the right to change specifications without prior notice. Copyright 1995 Wang Federal, Inc.