Industry Video Teleconferencing Profile - VTC001
B.7.2. TEMPEST recommendations.
B.7.3. Type 3 Cryptographic equipment - export restrictions.
B.7.4. Classified operation over restricted networks.
B.7.5. Network access alternatives.
Type 3 is for transmission of unclassified sensitive information. Use of the DES algorithm outside the DOD community is beyond the scope of this Annex. DES is an export-controlled algorithm. Export of the DES algorithm is handled case by case. Commercial export is controlled by the State Department. FIPS PUB 46-1 and FIPS PUB 140-1 contain information concerning the export of DES.
Type 1 data encryption from a VTU or MCU operating on an unrestricted network, in restricted mode, will result in encryption of the bit 8 sub-channel. A gateway between the unrestricted network and a restricted network will remove the bit 8 sub-channel. This results in corruption of the encrypted data, such that the far-end cryptographic equipment is not able to properly decrypt the data back into the original bit pattern.
For operation of VTU or MCUs using Type 1 security over an unrestricted network connected to a restricted network, the following procedure should be used: Each VTU or MCU is connected through a cryptographic device to a network interface device (that is, an inverse multiplexer (IMUX), or a terminal adapter). The network interface device at the unrestricted network must interface to the cryptographic device at multiples of 56 kbit/s and perform the bit 8 sub-channel stuffing/stripping for the unrestricted network. The cryptographic device and the VTU or MCU at both ends of the network receive network timing at 56 kbit/s. This approach puts the encrypted data in bits 1 to 7 only. These bits will not be affected by the gateway, and the encrypted data will not be corrupted.