assuredcommunications ® BID/2370 END Cryptographic Unit (ECU) A Sierra II based network-centric, TM programmable encryption device The BID/2370 ECU was developed as part of the UK MOD Common-good High-grade INFOSEC Module (Programmable) or CHIM(P) programme. It is based on a modular system architecture that features programmability, module reuse, full UK sovereignty, and scalability to accommodate a wide range of cryptographic equipment and/or applications. The BID/2370 provides functionality for legacy high-speed link and Internet Protocol (IP) packet encryption (i.e., High Assurance IP Encryptor or HAIPE) applications. The Rack-Mount ECU can simultaneously store four IP and Link Crypto applications (HAIPIS V1.3.5, IP-UKEO, High-Speed Link, and BID/1650). Applications are selectable via menu entries from the web-based management interface. The Rack-Mount ECU is field software re-programmable and can be programmed (software and firmware components) to provide future algorithm support, including a software-only upgrade to HAIPE version 3. Contained within the BID/2370 is the SierraTM II Core Cryptographic Module (CCM). The CCM contains cryptographic algorithms and functions in conjunction with integrated Red, Black, and management processing capabilities to maximize portability. The CCM also contains embedded network and link interface functions to allow connectivity into Ethernet or serial-based applications with the addition of the appropriate interface circuits. The CCM was independently evaluated by Communications Electronic Security Group (CESG) for use in other embedded applications. The BID/2370 ECU and CCM are CESG-certified to pass UK EYES ONLY COMSEC traffic up through TOP SECRET CODEWORD level. The Rack-Mount ECU also supports reverse tunneling. The BID/2370 has a product form factor of 1U (19-inch rack mount). The Rack-Mount ECU product has its own internal power supply to support various AC power sources and typically consumes 20 watts. A backup battery is included to retain the cryptographic key variables and algorithms. Sierra II was developed by Harris to address all of the cryptographic requirements of the JTRS and National Security Agency (NSA) Crypto Modernization program, including the requirement for programmability. Sierra II’s software programmability provides a low-cost migration path for future upgrades (HAIPE standards evolution) to embedded communications equipment without the logistics and cost burdens associated with updating legacy cryptographic hardware. SECURED BY: Specifications for BID/2370 End Cryptographic Unit (ECU) Features HAIPE Data throughput rates up to 100 Mbps full duplex. Higher data rates achievable with updated programming. 500 Pre-Placed Key (PPK) or IKE generated keys 1U, 19-inch Rack Mountable (19” x 12.7” x 1.72”) 500 security association pairs 6 kg approximate weight 32 security policies Red and Black traffic interface connectors Operational temperature: +5° to +30°C 100 Mbps full duplex LCD panel–122 x 32 pixel display Web-based management interface provided 5-button keypad Power-240 VAC@50 Hz, 110/115 VAC@60 Hz, 115 VAC@440 Hz Supports UK, CCEB, and NATO EFF Key Material (software upgrade to include additional items) Power varies by application (nominally 20 W) U.K. Eyes Only (UKEO) Application HAIPE application with UKEO algorithm Dedicated management programming interface Stores up to four separate applications Web-based software for application selection (https) Same features as HAIPE Supports UK EFF material Application switching within 30 seconds without software reprogramming High-Speed Serial (HSS) CESG certified for compliance with High Grade (Top Secret UK Eyes) requirements Supports LEF key specification and Algorithm/Mode definitions. Software upgradeable to support full LEF capabilities. Front panel accessible battery and fuse LVDS Red & Black Synchronous Serial Dedicated key and algorithm zeroization and switches 2 PPK, software upgrade to include more Anti-tamper mechanisms LCD and keypad interface TEMPEST 45 Mbps serial full duplex Interfaces BID/1650 Link Encryption Red/Black traffic Ethernet interface (up to 1000 Mbps) V.10/V.11 Red management and re-programming Ethernet interface (up to 100 Mbps) Asynchronous 9600 Baud–full duplex Synchronous 96K Baud rate–full duplex Red/Black serial (up to 10 Mbps) HAIPE V1.3.5 compliant, (SPAWAR HIT-tested) V3.1 (with software upgrade) 10/100/1000 based-TX Ethernet Field reprogrammable FIREFLY/Enhanced FIREFLY, Internet Key Exchange (IKE) Red/Black high-speed serial (up to 45 Mbps) Cryptographic Ignition Key (CIK) EKMS-308 Key Fill–DS-101/DS-102 OPT A, OPT B, TDM, HF, Redundant, non-Redundant 2 PPK Interoperable with legacy KG-84C “HAIPE” and the “HAIPE” design are trademarks of the National Security Agency, an agency of the United States Government and with permission. These item(s)/technical data have been reviewed in accordance with the international traffic in arms regulations, 22 CFR 12 – 130, and the export administration regulations, 15 CFR 730 – 774, and determined by the export control department to be rated EAR99. General prohibitions apply. RF Communications | 1680 University Avenue | Rochester, NY USA 14610 www.harris.com 585-244-5830 Specifications subject to change without notice. Copyright © 2009 Harris Corporation 04/09 DS-379