ATM-ENCRYPTION WITH 155 MBIT/S

Sven Kuhn, Christoph Ruland, Kai Wollenweber

University of Siegen / Germany

Abstract
Already today, ATM-networks are not only used in backbone configurations of corporate networks, but also to connect Local Area Networks (LANs). Personal computers and workstations
can be equipped with ATM interfaces, as well as other devices that require high transmission
rates, i.e. video cameras. ATM encryption devices are required in order to guarantee data confidentiality during transmission. The ATM Forum has defined Security Specifications for this.
This contribution presents the ATM encryption technology, the difficulty with synchronization,
as well as its realizability. The described implementation uses SDWSONET connections with
155 Mbit/s as network interfaces, VLSI components for the encryption algorithm, and FPGA
modules for the management and control of the ATM encryption.

1 Introduction
ATM networks (Asynchronous Transfer Mode) will largely be used on all kinds of network configurations because this technology has a scalable bandwidth and uses various AAL, classes (ATM
Adaption Layer) which guarantee different qualities of services. The ATM technology is not limited
to wire-dependant communication networks, but is also used in Wireless ATM networks.
With respect to confidentiality and trustworthiness of the transmitted information, ATM networks
are neither more secure nor less secure than other network technologies. In order to guarantee a secure transmission, additional measures have to be taken. One possibility is the use of specific ATM
encryption devices. Depending on the positioning of such encryption devices within the network,
they can guarantee confidentiality for the transmission via different network domains: Individual
end-to-end ATM connections can be as much secured as all other connections within an ATM network, or an ATM subnetwork.
The security services and security mechanisms for ATM networks are described in the Security
Speczjications [ATM99] of the ATM Forum. In this presentation we will focus on ATM specific
encryption techniques because the security protocols which are used for authentication, key management, etc. mostly correspond to standard solutions. Particular importance lies herewith on the
synchronization protocol which maintains the synchronization of the decryption process under consideration of the cell loss rate that is allowed within ATM networks.

3 0 7

The mode of operation is based on the principle that not the actual clear text which in this case is
the payload of an ATM cell will be encrypted but rather a so-called State Vector of 64 Bits. The
cipher text is then created through XOR-operation of the cleartext which is a 64 Bit segment of the
payload with the encrypted State Vector. In order to be able to correctly decrypt the cipher text
again, both sides have to use the same 64 Bit State Vector. This 64 Bit State Vector consists of different counters, indicators and the content of a linear shift register and is modified in dependancy of
each 64 Bit segment of each ATM cell to be encrypted. It is guaranteed that each State Vector is
used only one single time.
(Re-) synchronization cells are added in defined cell periods into the ATM cell stream in order to
ensure the synchronism between the en- and the decryption side. These (re-) synchronization cells
include as a payload a new State Vector. The required re-synchronization rate is related to the
Quality of Service (QoS) parameters of the individual ATM connection. The (re-) synchronization
cells are separately generated for each virtual connection because the encryption process for each
virtual connection is done separately as well.

3 Concept of an ATM Encryption Device

Figure 2 gives an overview of the architecture of the developed ATM encryption device. It consists
of ATM interfaces with SDWSONET-connection (see paragraph 4) for the access to the physical
layer, as well as of the crypto module for en- and decryption (see paragraph 5 ) which are required
for the actual data encipherment, rsp. decipherment.

SDHlATM interface

SDHlATM interface
Overhead

Figure 2: Architecture of the ATM Encryption Device

308

The mode of operation is based on the principle that not the actual clear text which in this case is
the payload of an ATM cell will be encrypted but rather a so-called State Vector of 64 Bits. The
cipher text is then created through XOR-operation of the cleartext which is a 64 Bit segment of the
payload with the encrypted State Vector. In order to be able to correctly decrypt the cipher text
again, both sides have to use the same 64 Bit State Vector. This 64 Bit State Vector consists of different counters, indicators and the content of a linear shift register and is modified in dependancy of
each 64 Bit segment of each ATM cell to be encrypted. It is guaranteed that each State Vector is
used only one single time.
(Re-) synchronization cells are added in defined cell periods into the ATM cell stream in order to
ensure the synchronism between the en- and the decryption side. These (re-) synchronization cells
include as a payload a new State Vector. The required re-synchronization rate is related to the Quality of Service (QoS) parameters of the individual ATM connection. The (re-) synchronization cells
are separately generated for each virtual connection because the encryption process for each virtual
connection is done separately as well.

3 Concept of an ATM Encryption Device

Figure 2 gives an overview of the architecture of the developed ATM encryption device. It consists
of ATM interfaces with SDWSONET-connection (see paragraph 4) for the access to the physical
layer, as well as of the crypto module for en- and decryption (see paragraph 5) which are required
for the actual data encipherment, rsp. decipherment.
Encryption Side

Decryption Side

SDHlATM interface

SDHlATM interface

Overhead

Figure 2: Architecture of the ATM Encryption Device

309

The properties of the encryption device are as follows:

Connection-dependant Encryption
Unlike the link encryption, the encryption of the ATM cells of the presented device is done in
dependancy of the chosen virtual connection (VC). A different key can be used for each of these
connections. Furthermore, this encryption method offers the advantage that management cells
are recognized and therefore can be transmitted in clear text.

Free Choice of Cipher Algorithm

In its Security Specifications, the ATM Forum recommends the use of the algorithms DES40,
DES, Triple DES or FEAL. The developed encryption module meets these requirements through
its modular design and the use of FPGA technology because it offers a simple adjustment to the
different encryption algorithms.

ATM Security Specification Compatibility

The ATM Security Specification compatibility guarantees a flexible usage of the crypto module
because it is an international standard to which also industry products correspond to.

Modular Architecture
The crypto module is designed for a transmission rate of 155 Mbit/s, however can also be used
for even higher throughputs, i.e. 622 Mbit/s through the use of pipelining of the cryptographic
components and modification of the interfaces.

4 ATM-Interface with SDWSONET-Interface

The SDH(SONET)/ATM interface is a duplex interface which on the receiving side demaps an
ATM cell stream from an optical STM-1 signal (155 Mbit/s), and respectively re-maps it back into
SDWSONET frames on the sending side. Therefore, an optical STM- 1-interface with multi-mode
fibre is available as the external interface, and as the internal interface inside the encryption device
an ATM-interface according to the UTOPIA-Specifications (Universal Test & Operations PHY Integace for ATM) [ATM95] is provided.
After the conversion of the optical signal into an electrical signal, the clock is re-covered which is
used by the receiving and sending interface of the same direction, as well as by the crypto module
supporting this direction. The administration- and management information respectively (Path- and
Section-Overhead) is temporarily stored in order to have it re-assembled to the data stream that is to
be sent. The important signals for the management, i.e. the checksum or the synchronization bytes
are re-calculated and re-added. Occurring SDH-errors are therefore recognized and the relevant information is passed on to the following or previous network elements.
According to the in RU-T 1.432 [RU32] described process, the ATM cells are recognized from the
C4-Container (Cell Delineation). Idle- and unassigned cells are discarded as well as corrupted cells

310

which show errors that cannot be corrected. A new checksum (Header Error Check) will be calculated for each sent ATM-cell and added to the cell header. The interface is able to process ATMcells of the UNI- (User Network Interface) as well as the NNI- (Network Node Zntetface) signalling.

5 Concept of the Crypto Module

The logic of the crypto module is realized by the FPGA-technique and consists of the crypto management and the ATM Cell Control. The Data Encryption Standard (DES) is used in the alternating
mode (double key length) [INF97] as block cipher algorithm and is available as a VLSI (Very Large
Scale Integration) component.
rn

Crypto Management
The main task of the crypto management includes functions for signalization of user-cells and
non-user-cells (i.e. OAM-cells), the calculation of the State Vectors, the management of the
cryptographic context as well as the key management. Furthermore, the module is responsible
for the generation and the evaluation of the (re-) synchronization cells.

rn

ATM Cell Control

The task of the ATM Cell Control consists of the splitting and the re-assembling of the
155 Mbit/s cell streams. The parallelization of the data stream is required, because the throughput of one of the encryption VLSI components is not high enough for the data rate. In addition
to this, (re-) synchronization cells generated by the crypto management are multiplexed to the
transmitted cell stream and demultiplexed out of the receiving one for being forwarded to the
crypto management.

6 Summary and Outlook

In this contribution the ATM-specific Counter Mode, as well as the synchronization protocol have
been described according to the definition of the ATM Security Specifications for the encryption in
ATM networks. The realization of an ATM encryption device has been published which uses a
technology that is open for modifications and future developments. Such developments will take
other encryption components into consideration, as well as the analysis and evaluation of the ATM
signalling, the cooperation with the ATM network management and the integration into an overall
security management. Furthermore, already today, it is foreseeable that the ATM Security Specifications will be further developed and also these modifications will have to be considered with future
developments.

311

Literature
[ATM95]

ATM Forum: UTOPIA, An ATM-PHY Interface Specification Level 2. 1995

[Am991

ATM Forum: ATM Security Specification. Version 1.0, Final Ballot. Januar 1999

[m971
[IS0971

INFOSYS: CE99C003B Technical Reference (Preliminary). 1997

ISO/IEC: Modes of operationfor an n-bit block cipher algorithm. Revision 1997

[ITU361]

ITU-T: 1.361 B-ISDN ATM Layer Specification. Februar 1995

[ITU432]

ITU-T: 1.432 B-ISDN User-Network Interface: Physical Layer Spe-cification.

Januar 1994
[SCH96]

SCHNEIER, Bruce: Applied Cryptography. C. Wiley, 1996

3 1 2