Creating certified cryptographic products used to be a complex task, especially if you require a certification for government use. Not only must the products provide unsurpassed levels of security, but they must also undergo lengthy evaluations by various certification bodies. This often leads to a very long time to market. A lot of time, and thus money, is spent before the end-user benefits from your cryptographic solution.
Fox-IT has developed the RedFox carrier module in close cooperation with the Dutch government. The RedFox allows for swift certification of products based on it. The RedFox offers very high levels of security, both logical and physical. Cryptographic algorithms are implemented in hardware and provide high-performance throughput up to 800 Mbit/sec. Integrating the RedFox into new high-security products is a straightforward task using the SDK and reference implementations, thereby allowing time to market to be reduced significantly.
Many security products require strong cryptography. Providers of such products and their customers need to rely on a strong cryptographic core. This ensures that their products are truly secure. Examples of such high security products abound, both in government and commercial settings. These include VPN solutions, hard disk encryption and hardware security modules (HSMs).
As cryptography lies at the heart of these products, government or commercial evaluations of such products focus heavily on the strength of the underlying cryptographic system. There are good reasons for this focus. Although modern cryptographic algorithms are theoretically strong, many mistakes can be made in their implementation.
A common solution to this problem is to offload cryptographic operations to a trusted external hardware security module (HSM). However, traditional HSMs cannot implement complex data processing logic, do not provide strict red-black separation, and do not offer flexible hardware interfacing. They must therefore be integrated into a host system that provides these features, thereby extending the scope of the security functionality to include the HSM and host system. That complicates the security design, makes it more difficult to ensure correct implementation, and increases the cost of certification and the time to market.
The RedFox Carrier Module (RF-CM) is a flexible HSM designed to be used as a building block in a wide variety of products. It can run complex data processing logic and provides strict red-black separation in hardware. The RF-CM was developed in close cooperation with the Dutch National Communications Security Agency (NL-NCSA). As such, it is designed to be used at the highest levels of Dutch, EU, and NATO security. The RF-CM is available in two editions to suit both government and enterprise customers.