TACLANE

A TACLANE (short for "Tactical FASTLANE" or Tactical Local Area Network Encryption) is a network encryption device developed by the National Security Agency (NSA) to provide network communications security on Internet Protocol (IP) and Asynchronous Transfer Mode (ATM) networks for the individual user or for enclaves of users at the same security level. A TACLANE is a low-cost, Type 1, key-agile, in-line network encryptor for deployment in Department of Defense (DOD) tactical and strategic networks. TACLANEs allow users to communicate securely over legacy networks such as the Mobile Subscriber Equipment (MSE) packet network, Non-Secure Internet Protocol Router Network(NIPRNet), Secret Internet Protocol Router Network (SIPRNet), and emerging ATM networks. TACLANEs provide encryption for IP datagram traffic. ATM traffic and IP datagrams are encapsulated in ATM cells to support a variety of IP, ATM, and mixed network configurations. TACLANEs can be used to overlay Secure Virtual Networks on top of existing public and/or private network infrastructures.

The TACLANE is manufactured by General Dynamics C4 Systems.

Technical specifications

• IP

160+ Mb/s aggregate throughput

• Interfaces:

Copper 10/100 Base-TX Ethernet, RJ-45 connectors for CAT 5 copper wiring, auto negotiating Fiber 100 Base-FX Ethernet, MT-RJ connectors for multimode fiber (62.5/125u, 1300mm), intermediate reach (~2 km)

Physical Characteristics

• Dimensions: 4.25" H x 8.25" W x 16.5" D
• Weight: approximately 14 lbs.
• Desktop or rack-mountable

Environment

• -31°C to 65°C/–25°F to +150°F (storage)
• -20°C to 50°C/0°F to 120°F (operating)
• 95% humidity (non-condensing)
• MIL-STD 810E (shock/vibration)
• MIL-STD 810F (sand/dust, rain, altitude)
• MIL-STD 901D (hammer test 400 lbs/91 Gs)
• RTCA/DO-160D
• MIL-STD 2169B (High Altitude Electromagnetic Pulse (HAEMP))
• MIL-STD 461D (Electromagnetic Interference (EMI))

Power

• 100-240+ VAC, 50/60 Hz, auto-ranging/18-36 VDC
• 40 Watts

Operator Interface

• Front panel
• Remote management/configuration via SNMP v1

Addressing/Networking

• Up to 4000 simultaneous destinations via automated peer discovery or static routing
• 1000 Route entries using static routing table
• Default route or Automated Peer Discovery
• Multicast and Unicast
• Point-to-multipoint
• Autorecovery and Discovery

Maximum Number of Security Associations

• 253 simultaneous associations (full duplex)
• Virtually unlimited through dynamic reuse

Network Applications

• IP wireless connections
• Satellite connections
• VoIP

Field Tamper Recovery

• By use of tamper recovery Crypto Ignition Keys (CIK)

Keys

• One master and one user CIK with tags
• One tamper recovery CIK

• Key management

-Key fill via Data Transfer Device (DTD) AN/CYZ-10 (DTD 2000/SKL) -Basic and enhanced FIREFLY key (dynamically generated Traffic Encryption Keys [TEKs])

• 48 Preplaced Keys (PPK) chains (traditional TEKs)
• Automated TEK update and changeover

Security Management Using GEM

• Centrally manage TACLANE encryptors/protected hosts
• IP Backup Network Manager
• Bad Guy List
• Manage on Plain Text (RED) or Cipher Text (BLACK) sides
• FIREFLY protection of management traffic
• Manage all SNMP v1 protected hosts
• Automatic discovery of device; reconfiguration
• Download/ change routing tables remotely
• Configure/monitor TACLANE secure calls
• Monitor/update device network settings
• Collect audit logs for querying and archiving

Protocols

• IPv6 via TACLANE-Micro trade-in program
• Automated peer discovery
• Multicast
• Internet Engineering Task Force (IETF), Internet Protocol Security (IPSEC), Encapsulating Security Payload (ESP)
• Internet Control Message Protocol (ICMP)
• Address Resolution Protocol (ARP)
• IGMP (v1/v2) Queries/Reports
• Security Association Management Protocol (SAMP)
• SNMP v1

Reliability

• 300,000+ operating hours Mean Time Between Failures (MTBF)

(calculation based on 52,000+ deployed units)

Certifications/Approvals

• NSA certified for TOP SECRET Codeword and below
• TEMPEST Approved

High Assurance IP Encryptor Interoperability Specification (HAIPE® IS) Compliance

• Release 3.0/3.0E is now standard in all new TACLANE units. It is mandatory for current users to upgrade to 3.0/3.0E. This update includes:

• Secure Dynamic Discovery (SDD)
• Traffic Flow Security (TFS)
• Internet Key Exchange (IKE)
• Enhanced FIREFLY (EFF) (IP only)

References

• TACLANE Encryptor (KG-175), General Dynamics product page
• TACLANE (KG-175) at Federation of American Scientists