2 key agreement algorithm, 1 key derivation, 3 accessing encryption/decryption features – Comtech EF Data DMD-2050E User Manual

DMD2050E Universal Satellite Modem

Theory of Operation

MN-DMD2050E Revision 2

3–24

3.10.1.2 Key Agreement Algorithm

The key agreement algorithm used to negotiate a shared secret is the Ephemeral Unified Model,
Elliptic Curve Cryptography Cofactor Diffie-Hellman C(2,0,ECC CDH) as specified in the elliptic
curve parameters section of NIST SP 800-56A(3).

3.10.1.2.1

Key Derivation

Once the shared secret has been negotiated, the TEK is generated from the shared secret using
the Concatenation Key Derivation Function (KDF) as specified in NIST SP 800-56A Section
5.8.1(3). All hashing algorithms use SHA-512 as defined in FIPS 180-2(4).

3.10.1.3 Accessing Encryption/Decryption Features

The DMD2050E enables the Crypto Officer to administer the FIPs module through
authentication. The Crypto Officer Administrator can:

•

Load software

•

Load key material

•

Configure operating parameters

•

Monitor performance

The Crypto Officer Administrator must log in from the front panel or the handheld key loader.

IMPORTANT
Any operator can Enable and Disable encryption.
Any operator with access to the front panel can zeroize the unit.

NOTE
To configure the modem for legacy mode operation, first use the front panel to disable
Encryption.

3.10.1.4 Enabling Encryption from the Front Panel

Use the front panel Modulator and Demodulator menus to enable or disable Encryption. The
menu paths are:

•

MODULATOR->DATA->ENCRYPTION {DISABLE, ENABLE}

•

DEMODULATOR->DATA->ENCRYPTION {DISABLE, ENABLE}

This allows Encryption to function in half-duplex operation.