Design of a key agile cryptographic system for OC-12c rate ATM

The paper describes an experimental key agile cryptographic system under design at MCNC. The system is compatible with ATM local- and wide-area networks. The system establishes and manages secure connections between hosts in a manner which is transparent to the end users and compatible with existing public network standards. A Cryptographic Unit supports hardware encryption and decryption at the ATM protocol layer. The system is SONET compatible and operates full duplex at the OC-12c rate (622 Mbps). Separate encryption keys are negotiated for each secure connection. Each Cryptographic Unit can manage more than 65,000 active secure connections. The Cryptographic Unit can be connected either in a security gateway mode referred to as a `bump-in-the-fiber´ or as a direct ATM host interface. Authentication and access control are implemented through a certificate-based system. The current status of the system is that hardware and software detail designs have been completed. An early version of the key management software has been completed and demonstrated. Hardware fabrication and systems integration are expected to take place over the next several months. Once completed the proof-of concept system will be used to explore issues of privacy, access control and authentication in relation to communications over emerging public networks