icon
Back

KATIM GATEWAY 9001

ULTRA-SECURE ENCRYPTION FOR SMALL OFFICES AND REMOTE LOCATIONS

KATIM GATEWAY 9001
Dimensions 147 mm (W) x 262 mm (D) x 33 mm (H)
Weight 2kg target
Power USB-C DC power input

Organisations interested in protecting data in transit are faced with the challenge of Quantum Computing. Based on latest research, it is predicted that traditional cryptographic algorithms relying on factorization of large numbers, or the discrete logarithm problem are vulnerable to attacks that are more practical to execute with Quantum Computers. The most capable global threat actors are expected to have such capabilities in near future.

 

For more details:
  • Download Brochure
    • Visit Website

    KATIM Gateway 9001 has been designed from the ground up to mitigate these risks. The field-upgradeable platform integrates post-quantum resistant cryptographic primitives with a modern tunnelling protocol for protecting data in transit. Full lifecycle tamper detection and response ensures integrity of the hardware while management access is secured with enforced segregation of duties with hardware-based multi-factor authentication.

    Hardware-based, QoS-aware, cryptographic implementation ensures excellent user experience for video and voice
    applications, even in parallel to bulk transfers. QoS-aware encryption planes isolate traffic in different classes of service to eliminate impact of congestion in transit network to higher priority encrypted traffic. In addition to point-to-point connections, meshed or hub/spoke deployment architectures are supported.

    KEY FEATURES:
    • Purpose-designed to deliver network encryption for office-like environments with a small form-factor device.
    • Portable, next-generation, high-performance platform with a full lifecycle tamper detection / response.
    • Unparallel deployment flexibility in a single device:
      • L2 or L3 encryption
      • Up to 1 Gbps cryptographic capacity options
      • 10 / 100 / 1000BASE-T copper
      • 1000BASE-SX / LX / EX fibre
      • USB-C
    • Red / crypto / black separation for reduced attack surface to sensitive data from external interfaces.
    • Custom-designed and hardened peer authentication, key exchange and data tunnelling protocol to mitigate many classes of vulnerabilities by design.
    • Standards-based or national ciphers to secure your data and key exchanges in post-quantum world.
    • Software-programmability for crypto, security, management, networking to protect your investment for years post the initial deployment.
    • Application- and QoS-aware in-transit protection delivers ultimate user experience by minimizing impact of traffic shaping and loss in a cipher network. 
    • KATIM Gateway OS powered and KATIM Gateway Network Management Suite managed for operational simplicity, functional parity and full interoperability in mixed KATIM Gateway product deployments.

     

    CRYPTOGRAPHY AND SECURITY
    CRYPTOGRAPHY
    • Standards-based or national Crypto Suite
    • Post-quantum resistant primitives
    • 512-bit or stronger keys for elliptic curves and 256-bit
    • symmetric keys for 256-bit security
    • Up to 1 Gbps bi-directional encryption capacity
    IN-TRANSIT DATA PROTECTION 
    • L2 or L3 VPN overlay with full tunnelling
    • P2P and (M)P2MP hub-and-spoke or mesh topologies Authenticated key exchange
    • Dual-layer asymmetric handshake leveraging both classical and post-quantum cryptography
    • Frequent re-handshake with ephemeral keys for enhanced post-compromise security
    • Per-packet confidentiality and integrity protection
    • Aggressive, customizable key ratcheting of tunnel-specific data plane encryption keys
    • Peer identity protection
    • Optional, secure bypass for traffic not requiring encryption
    KEY MANAGEMENT
    • KATIM Gateway Customizer application for key management
    • In-device generated, non-exportable peer authentication private keys 
    • Ephemeral keys generated for each handshake
    • QRNG and non-deterministic, hardware-based random number generators from multiple vendors

     

    MANAGEMENT
    LOCAL & REMOTE MANAGEMENT
    • Local management using USB or a plain I/O port
    • In-band remote management
    • SSH, SFTP, SNMPv3, rSysLog, TLS1.3, authenticated NTP
    • Role-based access control with enforced multi-factor authentication using USB tokens
    • KATIM Gateway Network Management Suite applications for off-line and on-line management

     

    NETWORKING
    DATA PLANE
    • Cipher and plain ports for copper or optical
      10/100BASE-T/1000Base-TX RJ-45, or
      1000BASE-SX, LX and EX SFP, or
      USB-C (future SW option)
    • Plain/cipher: untagged 802.3 Ethernet II or single VLAN tagged 802.1Q/p Ethernet
    • Jumbo frames up to 9216 bytes
    • ARP, GARP, ICMP, unknown MAC learning
    • Policy-based forwarding/routing, static routing and dynamic routing with OSPFv2
    • Ingress replication on plain interfaces for broadcast and multicast

    QUALITY OF SERVICE
    • Up to 8 QoS-aware encryption planes for each gatewayto-gateway association with independent encryption keys deliver best voice/video/data end- to-end QoS in a presence of cipher network failure/ discards
    • User-configurable or automatic mapping of plain traffic to QoS-aware encryption planes 
    • Internal classes of service with configurable mapping ensure optimized latency and deliver discard priority on congestion within the KATIM Gateway
     
    SPECIFICATIONS
    Dimensions147 mm (W) x 262 mm (D) x 33 mm (H)
    Weight2kg target
    Power and CoolingUSB-C DC power input
    Active cooling with field-replaceable fan
    Operating EnvironmentalTemperature: 0°C - +50°C
    Humidity: 5% - 85% non-condensing
    Altitude: 0m – 5000m
    Storage EnvironmentalTemperature: -20°C - +70°C
    Humidity: 5% - 90% non-condensing
    Altitude: 0m – 15000m
    OtherEMI/EMC protection RoHS, EN62368-1