Cipher Box M


Identity management

Cipher Box M uses XXLSEC proprietary MultiParty Protocol (MPP) to distribute the identities of a constellation in a defined network. There are no centralized services and no risk for the network participants if a device is lost.

Multipoint security

Cipher Box M is ideally suited for secure tunnels in multipoint networks. There are no complications stemming from centralized servers or heavy duty security key management. All users are connected and encrypted without PKI mechanism.


Scaling benefits

As is the case with all PKI based secure connections, VPN connections are difficult to implement in scale. Cipher Box M uses the MultiParty Protocol (MPP) to create secured tunnels with significant scale benefits for easier and faster implementation.


Forensic security

Cipher Box M is equipped with both physical and software level protection in case the device is lost. Physical lock and multiparty based secret sharing ensure that all critical communication secrets stay in the user’s exclusive posession.

Cipher Box – next generation IP-security

Cipher Box M is the next generation IP encryption device with clean hardware design for modern security requirements in IP networked world. It creates secure connectivity with upgraded security in ways current legacy based technologies can not deliver.

The unique Cipher Box M gains from multiparty protocol (“MPP”) which handles identity and cipher key exchanges between multiple entities. MPP protocol is XXLSEC proprietary multiparty consensus protocol with no visible META DATA on transmission and complete device forensic security.

Cipher Box M with MPP fully meets the functional requirements under modern zero trust cyber security strategy.

One unique world calss feature is MACSEC keying enterprise WAN and LAN networks. Read more details from XXLSEC Gibhub >>

Cipher Box M device runs PriveOS, vanilla Linux based Operating System and selected software components. They meet essential base for highest level of security requirements for any business critical system or infrastructure. The hardware and all software components are auditable to source code level. Therefore there are no hidden elements or binary code from unknown sources.

Encrypting IP connections with Cipher Box M upgrades traditional VPN device approach, including multicast encryption. Cipher Box M encrypts IP traffic with any symmetric algorithm user choose to use and enables crypto modernization to reach required security level.

Cipher Box M physics and electronics are designed to secure your cipher primitives at strictest professional level. Abloy lock on the unit prevents any physical intrusion while in transport and in use.

  • Immediate revocation

    If any of the Cipher Boxes in a constellation is lost, it can be separated and isolated immediately from the trusted constellation using the MultiParty Protocol (MPP) revocation mechanism.

  • Dynamic trust anchor

    Implements dynamic user controlled trust anchor in zero trust environment.

  • Low latency compatible for 5G networks

    Cipher Box M is designed for connections and communication requiring sub 1ms response. This is vitally important in 5G networks and all critical real time response applications.

  • Secure MACsec key delivery

    Cipher Box M with multiparty protocol delivers secure method for exchanging MACsec keys in closed user group. This creates layer 2 secure network slice for example to SD-WAN and LAN networks. Read more from XXLSEC Github.

  • Multi-layer security

    Cipher Box M is equipped to offer multi-layer security. Payload can be sliced to deliver a communication in different layers and in different networks. This is a fundamentally important feature to meet 5G slicing recuirements.

  • Meta data protection

    For enhanced security, the payload traffic does not include clear text identities or used security parameters – but only random traffic.

  • Multicast traffic

    Cipher Box M is capable of delivering encrypted multicast payload with none or minimal latency depending on network quality – which may be needed for broadcasting purposes, and for certain real time voice communication like Push-To-Talk (PTT) and other applications in local/tactical and public networks.

Solution example 1:
Global enterprise secure WAN, LAN and cloud

Global enterprise wants to establish secure connectivity between its global HQ and its other operating sites and factories, secure WAN. Cipher Boxes are deployed globally to create a distinct security layer fully and exclusively controlled by the user. Also separate network slices with MACsec keying for critical business systems inside the WAN. All connections are now secured and updated with the multiparty protocol. This represents a major security enhancement with reduced risks and it creates better resiliency for all business critical operations.

Solution example 2:
IoT and M2M authentication

Enterprise IT-system for a global professional services firm includes end devices, servers and sensors which carry sensitive operating and client information. Cipher Boxes are deployed to create a secure authentication platform to cover all critical communications and systems with Zero Trust fundamentals. Added with fast and easy revocation and new peer installation capability, security risks are significantly diminished. Moreover efforts and related costs of system administration are reduced.

Why MACsec for enterprise networks?

Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle eavesdropping, masquerading, passive wiretapping, APT, ARP poisoning and replay attacks.

MACsec allows you to secure an Ethernet link for almost all traffic, including frames from the Link Layer Discovery Protocol (LLDP), Link Aggregation Control Protocol (LACP), Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP), and other protocols that are not typically secured on an Ethernet link because of limitations with other security solutions. MACsec can be used in combination with other security protocols such as IP Security (IPsec) and Secure Sockets Layer (SSL) to provide end-to-end network security.

How MACsec Works

MACsec provides industry-standard security through the use of secured point-to-point Ethernet links. The point-to-point links are secured after matching security keys are exchanged and verified between the interfaces at each end of the point-to-point Ethernet link. The key can be user-configured or can be generated dynamically, depending on the security mode used to enable MACsec.

Cipher Box M for secure MACsec key delivery

MACsec has been slowly implemented to enterprise networks and mainly because key distribution and management protocols, like MKA, has been very limited and hard to scale. XXLSEC multiparty protocol with Cipher Box M can deliver all the keys between all servers and computers in enterprise network. This means ease in scalability and secure key management and handling in all circumstances. Same time all computers and servers in cryptographically isolated network segment are automatically authenticated.

With XXLSEC MACsec solution, also links between LAN segments and private cloud can be linked in same layer-2 encrypted networks segment over public networks. Complete solution for protecting business and operation critical data bases and communication with them.

Study more MACsec from 2017 RSA Conference presentation (YouTube) >>

Cipher Box M technical features

Size 90x142x42 mm
Case Aluminium with a physical lock
Display None – browser based UI
Processor A9 NXP iMX6
Memory 2 GB RAM, 8 GB
Connectivity 10/100 Mbit/s RJ45
2*usb, 1*HDMI
Audio 3,5mm
Buttons None
Operating System PriveOS
Manufactured Finland by XXLSEC
Image