https://www.rohde-schwarz.

com

Rohde & Schwarz SIT GmbH

Rohde & Schwarz SIT GmbH

Rohde & Schwarz SIT GmbH has been supplying crypto products and IT security solutions to military and
government agencies worldwide for over 25 years. Rohde & Schwarz SIT develops and produces exclusively in
Germany. The company is a NATO supplier and, since 2004, IT security partner of the Federal Republic of Germany.
As part of the Rohde & Schwarz group, the company serves its customers through an international sales and service
network spanning more than 80 countries.
As of 2016, Rohde & Schwarz SIT in Stuttgart has focused on its core business of encryption solutions for secure
radiocommunications.

Products

ELCRODAT 4-2
Ruggedized encryption device for voice and data communications via HF/VHF/UHF and SatCom (NATO).
The ELCRODAT products from Rohde & Schwarz protect voice and data communications in digital and analog
networks of armed forces and government authorities for all German and NATO security classifications.

The ELCRODAT 4-2 is a fully ruggedized tactical crypto device used to encrypt and decrypt voice and data
communications for all German and NATO security classifications. Since it is TEMPEST-proof, it is interoperable with
HF/VHF/UHF radio, satellite communications and line transmission equipment. It is ideal for deployment on stationary
and mobile platforms in rugged terrain and in naval and airborne environments.
References
The French navy uses the ELCRODAT 4-2 as part of its RIFAN II program (rseau IP de la force aronavale). The
encryption device has also been qualified for operation in advanced airborne platforms such as the Eurocopter Tiger
(in Germany and Spain) and the A400M transport aircraft (in Belgium, Germany, Spain, France, Great Britain,
Luxembourg and Turkey). The MMC3000, a variant of the encryption device aimed at the global market, is in demand
by customers outside Europe.
Key Facts

Voice and data encryption from the highest German security levels up to COSMIC TOP SECRET

Protects HF/VHF/UHF, satellite communications and line transmission

Fully rugged, tamper protected, TEMPEST-proof

Stationary and mobile deployment in all military branches (army, navy, air force)

Multi-Remote Control Software for Windows 7 und MIL-Bus

Approved for all German and NATO classification levels

R&SMMC3000 Multimode Multirole Crypto Device

Ruggedized encryption device for voice and data communications via HF/VHF/UHF and SatCom (Non-NATO).
The R&SMMC3000 is a fully ruggedized tactical crypto device used to encrypt and decrypt voice and data
communications at the highest security levels. It is based on the ELCRODAT 4-2 but does not contain NATO crypto
algorithms. Since it is TEMPEST-proof, it is interoperable with HF/VHF/UHF radio, satellite communications and line
transmission equipment. It is ideal for deployment on stationary and mobile platforms in rugged terrain and in naval
and airborne environments.
Key Facts

Voice and data encryption to the highest security levels

Protects HF/VHF/UHF, satellite communications and line transmission

Fully rugged, tamper protected, TEMPEST-proof

Stationary and mobile deployment in all military branches (army, navy, air force)

Customizable crypto algorithms for specific user requirements

ELCRODAT 5-4
Highly secure voice and data communications in digital and analog networks.
The ELCRODAT products from Rohde & Schwarz protect voice and data communications in digital and analog
networks of armed forces and government authorities for all German and NATO security classifications.
The ELCRODAT 5-4 (ED5-4) is used by military organizations and government authorities for encrypted transmission
of voice and data signals in analog and ISDN networks. It provides secure end-to-end encryption, which protects
messages against eavesdropping and manipulation attacks along the entire transmission path.
Key Facts

Encrypted operation across networks

Interoperable with existing voice encryption devices (ELCROVOX 1-4D, STU-IIB, TCE 500/B)

Encryption keys can be loaded manually via the standardized NATO fill interface or provided automatically via a key
distribution center

Approved for all German and NATO levels of classified information

Access to all cryptological functions with personal chip card and PIN code

ELCRODAT 6-2
Secure voice and data communications in ISDN up to TOP SECRET classification level.
The ELCRODAT products from Rohde & Schwarz protect voice and data communications in digital and analog
networks of armed forces and government authorities for all German and NATO security classifications.
The ELCRODAT 6-2 is the first encryption unit approved by the German Federal Office for Information Security (BSI)
for the transmission of information classified up to TOP SECRET, which uses a public key method for key agreement.
In conjunction with the public key method, the noise generator implemented in the encryption unit permits mutual
authentication and key agreement. New session keys are generated in the encryption unit for each connection. The

keys do not leave the units and are deleted after the session, ensuring maximum security. Access for users and
administrator is secured by state-of-the-art processor chip cards.
The system is available in two versions: ELCRODAT 6-2 S and ELCRODAT 6-2 M.
Version "S" is used for Euro-ISDN basic rate access (S0 bus/port). It is the secure supplement to existing Euro-ISDN
terminals or PBXs.
Version "M" is used for Euro-ISDN primary rate access (S2M port) and permits simultaneous individual encryption of
up to 30 channels. A typical application of this version is the 2 Mbit/s port encryption at the frontend of ISDN PBX
systems.
The devices are connected between commercial ISDN terminals and the ISDN access point. For the network, the
encryption devices act like terminal equipment. For terminal equipment, the ELCRODAT 6-2 acts as a network
termination (NT).
The ELCRODAT 6-2 high-end encryption system consists of the following components:

Encryption unit

Management station for certificate administration

Logging station for remote monitoring of the encryption units

Service station for remote administration

More Information

R&STrustedFilter IP
Real-time capable information flow between security domains
The R&STrustedFilter IP separates IP networks with different classification levels. It applies deep packet inspection
to all passing packets to prevent the unwanted leakage of classified information. If a packet violates the configured
filtering rules the packet is dropped and the event is logged.
The R&STrustedFilter IP supports the filtering of VoIP traffic (SIP, RTP) and of various radio control protocols. It is
possible to add further filter rules for other protocols as necessary. Filtering is performed stateless focusing only on
the current processed packet. Additionally, the R&STrustedFilter IP can be configured to only allow communication
between certain devices in both networks. The IP addresses of the higher-classified network can be hidden from the
lower-classified networks using network address translation (NAT). Audio data sent from the higher-classified network
to the lower-classified network may only pass the R&STrustedFilter IP if they bear a correct cryptographic signature.
The filter configuration of the R&STrustedFilter IP is easily configured using its management system.

The R&STrustedFilter IP is based on the R&S SIT Cryptodevice-Platform, which is embedded Linux based and uses
hardware developed and manufactured by R&S. The R&S SIT Cryptodevice-Platform offers among others the
following security features:

Separation of networks with different classification levels

Hardware security module

Secure boot

Security management and configuration system

System and security log

CIK for classification, configuration, and detamper oft he devices

Emergency clear and tamper proteciton

Key Facts

Whitelist filters with deep packet inspection

Kryptographic verification of the classification of voice data

Blocks not authorized network traffic

Not authorized network traffic is dropped and logged

Red-black separation and TEMPEST according to SDIP27 Level C

Secure Boot, Secure Update, Secure Remote Management

R&SFT5066 Trusted Filter

Radio control information filter red/black separation to STANAG
The R&SFT5066 trusted filter is developed for a scenario consisting of a STANAG 5066 message handling
application involving a radio and/or modem interface and a remote control protocol. The device provides firewall
functionality for the radios control information. Inserted in the control path of a system, the filter provides a strict
red/black separation. This ensures that only explicitly permitted control commands are transmitted and prevents
(un)intentional data leakage over the control interface.
Key Facts

Rigid enforcement of classifi cation boundary between red and black data

Prevents data leakage over the control interface

Operates in systems classified up to SECRET

Built-in tests and access control

Audiovisual status indicators and detailed logging function

Supports R&SM3SR radios, Harris and RM6 as well as GA-123 modems

Competencies

Crypto modules for radio sets

Tamper proof modules for military environment and highest security requirements
Rohde & Schwarz SIT has a longtime experience in the development of hardware and software of crypto modules.
These crypto modules implement the highest security standards and can be operated even under extreme
environmental conditions. Our crypto modules are not only used in SIT products, but also in radios ofRohde &
Schwarz (e.g., SVFuA, SDTR).
The crypto modules are manufactured in secured areas of Rohde & Schwarz manufacturing in Germany. Depending
on the requirements, they can be equipped with a high-class drilling and tamper protection. This together with other
built-in security features allows for a secure download of future crypto algorithms into the module.
The key features of our crypto modules are:

Software-defined crypto

Tamper protection

Support of state-of-the-art crypto procedures (national, NATO, NON-NATO)

Secure software download

Access protection

Interfaces according to EKMS 308

High performance

Low power dissipation

Small, configurable form factor

VS - Approval of products

Long time experience in development of crypto products to reach an approval for all national (BSI) and NATO
(SECAN) classification level
Rohde & Schwarz SIT has the technical expertise and longtime experience in the creation of security concepts and
the development of modules and devices. This includes the security certification for all national (Germany) and NATO
classification levels, and according to Common Criteria.

Cryptologie Expertise
Secure side channel resistent Implementation of modern crypto algorithms and crypto methods.

Longtime experience in the secure, side-channel resistant implementation of modern cryptographic algorithms and
procedures.

Consulting in the analysis of security aspects, the selection of security procedures, and the creation of security
concepts. Development partner of new security products.

Expertise in designing and engineering of highly sophisticated random number generators, including their successful
certification. Consulting services in development and certification of random number generators.

Training in modern cryptography.

Rohde & Schwarz SIT creates security concepts for various security applications.