Tandberg videoconferencing system, Appendices encryption – TANDBERG Video Conferencing System 7000 User Manual

TANDBERG Videoconferencing System

121

Appendices

Encryption

All TANDBERG systems support both AES* and DES encryption. By default this feature is enabled such that when
connecting with any other video system or MCU, a TANDBERG system will attempt to establish a secure conference
using AES* or DES encryption. The TANDBERG system will attempt this for both IP and ISDN connections. Where a
remote system or MCU supports encryption, the highest common encryption algorithm will be selected on a port by port
basis.

The type and status of the encryption negotiated is indicated by padlock symbols and on-screen messages. Encryption
on the TANDBERG systems is fully automatic, and provides clear security status indicators;

An open padlock indicates that encryption is being initialized, but the conference is not yet encrypted.

Single padlock indicates DES encryption.

Double padlock indicates AES encryption.

In addition to on-screen indicators the ‘Call Status’ menu provides two information fields regarding call encryption. The
first field is the ‘Encryption Code’ which will identify either ‘AES’ or ’DES’. The second field is the ‘Encryption Check
Code’ and is comprised of an alphanumeric string. This string will be the same for systems on either side of an
encrypted conference. If the Check Codes do not match this would indicate that the call has been exposed to a ‘Man In
The Middle’ attack.

When a TANDBERG codec with MultiSite functionality hosts a conference, the highest possible encryption algorithm will
be negotiated on a site by site basis. MultiSite conferences can therefore support a mix of AES and DES encrypted
endpoints in the same conference.

A conference will only be as secure as its ‘weakest link’. Even though conference participants may have negotiated and
be running AES encryption, if just one participant has negotiated DES encryption, the AES system will display the single
padlock symbol to advise all users of the lowest encryption mechanism currently in effect.

All TANDBERG endpoint supporting DES encryption can upgrade to AES encryption by applying TANDBERG’s AES
Encryption option. Please contact your TANDBERG representative for more information.

The standards supporting the encryption mechanisms employed by TANDBERG are: AES*, DES, H.233, H234 and
H.235 with extended Diffie Hellman key distribution via H.320, H.323 and Leased Line connections.

T

HE

TANDBERG AES

IMPLEMENTATION

IS

VALIDATED

AS

CONFORMING

TO

THE

A

DVANCED

E

NCRYPTION

S

TANDARD

(AES) A

LGORITHM

,

AS

SPECIFIED

IN

F

EDERAL

I

NFORMATION

P

ROCESSING

S

TANDARD

P

UBLICATION

197, A

DVANCED

E

NCRYPTION

S

TANDARD

,

BY

THE

T

HE

N

ATIONAL

I

NSTITUTE

OF

S

TANDARDS

AND

T

ECHNOLOGY

(NIST)

NOTE