Cryptographic Key Management for Tactical Environments

KeySecure G160 is a tactical cryptographic key management platform that protects and manages cryptographic keys and associated policies used to encrypt the most sensitive data-at-rest in remote and tactical environments. This cost-effective solution is conducive for deployments ranging from small enclaves to large disconnected environments.

KeySecure G160’s small form factor allows it to be easily deployed across bandwith-limited mobile data centers. It enables rapid tactical key destruction and recovery to keep mission-critical data safe, even in the most hazardous environments.

KeySecure G160 is manufactured, sold, and supported exclusively in the United States by SafeNet Assured Technologies.

Rightsizing Cryptographic Key Management for the Field

KeySecure G160 adapts core-level cryptographic key management capabilities to address tactical challenges in the field:

• Forward Deployed Environments
• Disconnected Environments
• Forward Operating Bases
• Mobile Command Centers
• Forward Mission Operations
• Disaster Recovery Centers

Addressing Tactical Challenges

Category	Issue	Adaptation
Physical Environment	Footprint	Small Form Factor, Lightweight, Portable
	Loss of Control	Crypto Erase (CE), Memory processing
Operational Environment	Personnel Constraints	Limited SME
Manageability		Active Export, Non-Retention, Delayed Availability
	Configuration	Enterprise or Local
	Policies	Enterprise or Local
	Configuration	Enterprise or Local
Acquisition	Supply Chain Integrity	Controlled Configurations, U.S. Manufactured
	Technology Refresh	COTS product lifecycle

KeySecure G160 Applications

KeySecure G160 integrates with SafeNet encryption products and third-party solutions for data, storage, virtual workload, and application encryption.

• Storage: supports leading storage platforms and cloud storage services
• Virtual Machine Encryption Provides a “keys in hardware” solution for virtual machine encryption
• Data Encryption Solutions:Provides encryption solutions for data in various formats including structured, unstructured and Self Encrypting Drives with SafeNet AT ProtectSED
• Applications:Supports application level encryption via SafeNet ProtectApp and integrations from cloud application partners

• Heterogeneous Key Management. Manage keys for SafeNet encryption products as well as a large variety of third-party encryption solutions through an industry standard interface 
• Key Types. Centrally manage Symmetric Keys, secret data, and X.509 certificates along with associated policies.
• HSM Integration. The eToken 5110 or HA token provides on-board cryptographic processing capabilities through its embedded hardware security module. The token leveraged by KeySecure G160 is used as a secure root of trust for key generation, secure key storage, and encryption/decryption. The token is capable of performing all private and public key cryptographic functions inside the token.
• Full Lifecycle Key Support and Automated Operations. Simplify the management of encryption keys across the entire lifecycle including secure key generation, storage and backup, key distribution, deactivation and deletion. Automated, policy driven operations simplify key expiry and rotation tasks.
• Centralized Administration of Granular Access, Authorization Controls and Separation of Duties. Unify key management operations across multiple encryption deployments and products, while ensuring administrators are restricted to roles defined for their scope of responsibilities, from a centralized management console.
• High-Availability and Intelligent Key Sharing.Deploy in flexible, high-availability configurations within an operations center and across geographically dispersed centers or service provider environments using an active-active mode of clustering.
• Auditing and Logging. Detailed logging and audit tracking of all key state changes, administrator access and policy changes. Audit trails are securely stored and signed for non- repudiation and can be consumed by leading 3rd party SIEM tools.
• Next-Generation Storage and Archive Solution.Simplify secure storage and efficiently scale data centers while reducing costs and complexity.
• Cryptographic Erase.Securely sanitize target media in compliance with NIST SP 800-88 Rev 1 by centrally managing key lifecycle.
• Multi-Tenant Solution. Includes a breadth of features to optimize performance, security, and usability in a multi-tenant environment offering numerous capabilities used to ensure separation of tenant keys and administrative capabilities.

• Leverages eToken 5110 or HA Token
• Small form factor
• Lightweight
• Low power consumption
• Mobile vehicle, tactical networks
• Deny access to crypto-ignition
• Secure wipe/erase (data)
• Secure zeroization (keys)
• HSM/Keystore removal
• 1G Ethernet interface
• CLI and web user interface

Physical Characteristics

• G160 Dimensions: 6.5” x 4.0” x 1.5”
• Weight: 1.2 lbs.
• Direct mount or 1U 19in. rack mount
• Thermal Storage: -30°C ~  80°C
• Thermal Operation: -30 ~  65°C
• Storage Humidity: 5 ~ 95% @ 40C
• Operating Humidity: 0% ~ 90% relative humidity
• Vibration Testing: Random, 1Grm, 5~500Hz

Interfaces

• Web UI Management
• Serial and SSH command line
• KMIP and XML Key Management Protocols
• 1G Ethernet interface
• Integrated Token HSM connection

Audit and Logging

• SNMP
• Syslog
• Secure log files
• Integration with 3rd party SIEM tools