HAIPE

From Wikipedia, the free encyclopedia

A HAIPE (High Assurance Internet Protocol Encryptor) is a Type 1 encryption device that complies with the National Security Agency's HAIPE IS (formerly the HAIPIS, the High Assurance Internet Protocol Interoperability Specification). The cryptography used is Suite A and Suite B, also specified by the NSA as part of the Cryptographic Modernization Program. HAIPE IS is based on IPsec with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt multicast data using a preplaced key. This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data over an untrusted network.

Examples of HAIPE devices include L-3 Communication's [1]KG-245X 10Gbps, General Dynamics' [2] TACLANE KG-175, and ViaSat's [3]AltaSec KG-250. These devices use the current HAIPE IS version 1.3.5, which has a couple of notable limitations: no support for routing protocols or open network management. A HAIPE is a routing device, looking up the destination IP address of a packet in its internal routing table and picking the encrypted tunnel based on that table. By not supporting routing protocols the HAIPEs must be preprogrammed with their routes and cannot adjust to changing network topology. While manufactures support centralized management of their devices through proprietary software, the current devices offer no management functionality through open protocols or standards. Both of these limitations are due to be addressed in HAIPE IS version 3.0 due to be accredited in early 2008.

A couple of new HAIPE devices will combine the functionality of a router and encryptor when HAIPE IS version 3.0 is approved. Cisco is due to enter the HAIPE marketplace with its [4]5750 KG-275, which will combine a 5700 series router with a HAIPE device. General Dynamics is also pursuing this combination of devices with its TACLANE router, which is built on the Cisco 3200 series router platform.[5]. EADS has also entered the HAIPE market in the UK with its Ectocryp™ range [6]. Ectocryp™ Blue is HAIPE v3.0 compliant and provides a number of the HAIPE extensions as well as support for network quality of service.


 This cryptography-related article is a stub. You can help Wikipedia by expanding it.
Retrieved from "http://en.wikipedia.org../../../h/a/i/HAIPE_9d0c.html"