+1 613 254 5456
adjust font size Increase Font Size Reset Font Size Decrease Font Size

Suite B

The National Security Agency (NSA) in the United States mandates cryptographic algorithms in support of SECRET and TOP SECRET communications in government and military systems. By mandating the algorithms, the NSA encourages interoperability among departments in the United States but also with allies. Suite B includes the following algorithms:

 

Encryption:Advanced Encryption Standard (AES) - FIPS 197
Digital Signature:Elliptic Curve Digital Signature Algorithm - FIPS 186-2
Key Exchange:Elliptic Curve Diffie-Hellman (ECDH) - Draft NIST Special Publication 800-56
Hashing:Secure Hash Algorithm (SHA-256 and SHA-384) - FIPS 180-2

 

As per CNSSP-15 (Committee on National Security Systems Policy 15) AES with either 128 or 256-bit keys and SHA-256 are specified to protect classified information up to the SECRET level. Protecting TOP SECRET information requires the use of 256-bit AES keys combined with SHA-384.

For asymmetric algorithms, the NSA has mandated the conversion of equipment to Elliptic Curve Cryptography (ECC). At the very high security level required for SECRET and TOP SECRET communications, an RSA key length of 4096 or 8192 would have been required and made the asymmetric algorithms very inefficient on all but the most powerful processors. Therefore, the much lighter ECC algorithm was chosen using the 256-bit prime modulus elliptic curve as specified in FIPS-186-2 for the protection of classified information up to the SECRET level. Use of the 384-bit prime modulus elliptic curve is required for the protection of TOP SECRET information.

Elliptic has both hardware and software solutions that are targeted specifically at Suite B. Elliptic also offers consulting services to help customer develop new products compliant with Suite B or adapting existing products to meet the standard. One of the key focus areas for Elliptic consulting is deciding what operations are done in software and what should be offloaded in hardware. Elliptic consultants can offer customers guidance on the most effective solution and can work with Ellipsys software which fully supports hardware engine integration in support of the final design agree with the customer.

Elliptic IP portfolio includes a selection of cores for Suite B applications for SoC/ASIC designs. It also includes Ellipsys Cryptography Middleware in support of Suite B. The middleware is split into symmetric algorithms such as AES and SHA, and the asymmetric ECC algorithms used for authentication and key exchange. The middleware is licensed as C source code.

 

 

 

 

Featured Products

media ETS-020: tVault HDCP 2.2
A proven HDCP-based content protection solution that provides robust security inside Trusted Execution Environments (TEEs) and enforces the protection of sensitive information to ensure that it is stored, processed and accessed only by authorized applications.The solution integrates seamlessly within frameworks such as ARM TrustZone™, where the critical security components are embedded in a trusted and secure OS environment. The non-critical components are executed by the rich OS, such as Android.
tower CLP-630: Multi-Packet Manager Security Engine
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.