FOR

The CryptoCom 2000 is a V.90 data and fax modem with built-in 168-bit triple-DES encryption. It is small and portable, running off a 9-volt PP3 Lithium battery or a small mains adaptor. It may be used on an analogue dial-up phone line or on two-wire leased lines. A leased line provides additional security because it is a private circuit but, even over dial-up circuits, CryptoCom offers additional security by using the dial-back security principle. Dial-back security requires that the modem calls back the originators of a call on a pre-determined phone number to ensure that they are calling from an agreed site. Although drivers are provided for all 32-bit versions of Windows, the CryptoCom modem is effectively operating system independent and may be used with Windows 3.x, MS-DOS, UNIX, and any other operating system or hardware capable of sending data to a serial port.

Four differently colored and clearly labeled LEDs indicate the status of the modem. A red LED indicates that the power is on. A yellow one indicates that a phone line connection is up. Green indicates a secure encrypted connection and orange flashes as data flows. An on/off switch is located on the side of the unit.

With encryption switched off, the unit supports all speeds up to 56Kbits/sec and behaves exactly like any standard V.90 data and fax modem, complying with all relevant ITU-T modulation standards up to V.90. As you would expect, it also offers V.42 and MNP error correction plus V.42bis and MNP5 data compression. It is also compatible with the Rockwell proprietary standard K56flex. Fax is supported at a maximum speed of 14,400bits/sec via the Group 3 standard with EIA/TIA Class 1 and 2 compatibility plus T.30 error correction.

Encryption may be DES or triple-DES depending simply on how many 56-bit keys you load. To use encryption you need a pair of CryptoComs, of course, and data may be encrypted only on point-to-point links between two CryptoComs - not for general dial-up Internet traffic. With encryption switched on, the maximum data speed is 33,600bits/sec (V.34bis) simply because an ISDN router supporting encryption would be required at one end of the link to achieve V.90 speeds above 33k6 - this is the nature of the asymmetric V.90 standard, not a limitation of the CryptoCom units. To the best of our knowledge, compatible encrypting ISDN routers are not available from CryptoCom or anybody else. Faxes cannot be encrypted.

Installation is straightforward using the supplied serial cable and Windows .INF file. We did receive an error message indicating that a .CAT file was not found on the supplied driver diskette, but it didn't seem to make any difference to the subsequent operation of the modem under Windows 98SE. The RS-232/V.24 serial interface supports DTE speeds of up to 230,400bits/sec and can sense automatically the speed at which it is being addressed by the computer.

There's no easy way to configure the encryption features of the modem. You have to use a terminal emulator to issue Hayes AT commands, or program them into your communications application. [Ed: Western DataCom states that it is currently developing a GUI that should be available later this year or early next year.] For example, to load encryption keys, you must send the command AT+KEYz= followed by a 64-bit key in ASCII or hexadecimal, where z denotes the key number. For single DES you just use KEY1 but for triple-DES you must load three different keys, KEY1, KEY2 and KEY3. Only 56 bits of each 64-bit key are independent of each other - the remaining 8 bits are parity bits used to check for errors in the key. If you don't get the parity correct, the CryptoCom modem automatically adjusts the parity.

There are a number of other security features that may be programmed using AT commands. For example, you can set up user IDs for various users, and PIN numbers to limit access to the modem to authorized users. We would have liked to have seen a simple Windows-based GUI or wizard for loading and clearing keys plus setting up the other special parameters that are not catered for in the Windows Device Manager for modems.

Power consumption is quoted as 750mW, which is quite a high current to draw from a PP3 battery. Even with the specified Lithium battery, battery life would be short and mains power is therefore advisable except where it is not available. Although supplied to our U.K. office for testing, the mains power adaptor was for 120VAC only, so we had to find a suitable adaptor for our domestic 230VAC supply. [Ed: Western DataCom confirms that it does offer 230V supplies for European operation, which come in various plug interfaces depending on the country of usage.] For a portable device that has European as well as North American telecom approvals, we feel it should be supplied with a dual-voltage mains adaptor and physical adaptors to suit most national mains power connector standards. Motorola and Ericsson do this with the international models of their mobile phones, so there's no excuse for not doing so with a device costing as much as the CryptoCom does.

CryptoCom has tamper detection circuitry to zeroize keys and any sensitive data stored in the modem - this complies with the U.S. Federal Information Processing Standard FIPS PUB 140-1 level 2. It is also up-gradeable to the new advanced encryption standard (AES).

Besides the obvious secure data transfer applications on a point-to-point basis, other applications include secure out-of-band management of networking components such as routers, servers and uninterruptible power supplies. Such devices can be managed over a dial-up connection to remote sites via their serial ports even when the network itself is down. Many companies are concerned about sending such management information over insecure public telephone lines, rather than their own VPNs, and CryptoCom offers a solution to this concern while retaining the independence of an out-of-band communications medium. The best applications are those requiring interactive control of devices such as those we have just described, because simple file transfers may be encrypted by software solutions.
   

SC On-Line
SC Magazine
www.scmagazine.com