## **GENERAL DYNAMICS** Mission Systems

# **TSEC FPGA IP Core**

Supporting hardware enforced security labeling and verification based on NCDSMO "Raise the Bar" design requirements.



The Trusted Security Engine Core (TSEC) is General Dynamics Mission Systems' Field Programmable Gate Array (FPGA) Intellectual Property (IP) solution to support hardware-enforced security labeling and verification based on National Cross Domain Strategy and Management Office (NCDSMO) "Raise the Bar" design requirements.

The TSEC IP Core applies and verifies elements of security and trust to IPv4 and IPv6 Ethernet frames when instantiated in the physical link (or channel) of a network device.

### **Available Features:**

|                                                | TSEC Gen1     | TSEC Gen2                                        |
|------------------------------------------------|---------------|--------------------------------------------------|
| Hardware-enforced domain separation            | •             | •                                                |
| Designed for NCDSMO "Raise the Bar" Compliance | •             | •                                                |
| User-programmable rulesets                     | Up to 16      | Up to 16                                         |
| Throughput                                     | Up to 10 Gbps | Up to 10 Gbps,<br>Up to 40 Gbps<br>(4x parallel) |
| IPv4 (CIPSO standard)                          | •             | •                                                |
| IPv6 (CALIPSO standard)                        |               | •                                                |
| VLAN tagged packets                            |               | •                                                |
| Comprehensive statistics gathering             | •             | •                                                |

# **TSEC FPGA IP Core**

### **Overview**

The General Dynamics TSEC IP Core enables the development of Multi-Level Security (MLS) communication components that establish and enforce trust within an Ethernet network using an open-standards approach. It also enforces the Security Policy established within an MLS network by performing checks on all Ethernet frames containing IPv4 and IPv6 datagrams at each MLS network endpoint. This validation ensures that packets have not been altered after entry into the MLS network and the destination node contains privilege(s) sufficient to allow delivery of the packet to the MLS device.

The TSEC IP core can be configured to support Single-Level (SL) and Multi-Level (ML) domain endpoints. This capability enables standard Ethernet devices to operate securely without requiring an awareness of the MLS Ethernet network implementation details.

Two principal applications for the TSEC IP Core are for use in MLS Switch and MLS Network Interface Card (NIC) devices:

- MLS Switch Application Designed for instantiation in a data channel between two Ethernet network interfaces.
- MLS NIC Application Designed for instantiation in a data channel between a securely partitioned PCIe host bus and an Ethernet network interface.

#### **Licensing and Ordering Information**

For full access to the General Dynamics TSEC IP Core, a license must be purchased through the General Dynamics Open Systems Product Line (OSPL).

For more information about the TSEC IP Core and pricing, visit: https://gdmissionsystems.com/products/airborne-systems/open-systems-processing

This product is available for sale to U.S. End-Users only.

| TSEC IP Core Facts Table                     |                                                         |  |
|----------------------------------------------|---------------------------------------------------------|--|
| Core Specifics                               |                                                         |  |
| Supported Device Family                      | Xilinx Ultrascale,<br>Ultrascale+, Versal               |  |
| Supported User Interfaces                    | Xilinx LocalLink<br>configuration and statistics        |  |
| Source Code Format                           | VHDL                                                    |  |
| Provided with Product Core                   |                                                         |  |
| Design Files                                 | Encrypted RTL                                           |  |
| Test Bench                                   | SystemVerilog                                           |  |
| Tested Design Flows                          |                                                         |  |
| Design Entry                                 | Vivado® Design Suite                                    |  |
| Simulation                                   | Questa® Advance<br>Simulator                            |  |
| Synthesis                                    | Vivado® Design Suite                                    |  |
| Protocols Supported                          |                                                         |  |
| Protocols Supported                          | Gen1: IPv4, TCP, UDP, ICMP                              |  |
|                                              | Gen2: IPv4, IPv6, PTP, TCP,<br>UDP, ICMP, RSTP/STP, ARP |  |
| Transmission Types<br>Supported              | Unicast, Multicast,<br>Broadcast                        |  |
| Network Throughput                           | Gen1: Up to 10Gbps                                      |  |
|                                              | Gen2: Up to 10Gbps, up to<br>40Gpbs (4x parallel)       |  |
| Support                                      |                                                         |  |
| Provided by General Dynamics Mission Systems |                                                         |  |



### **GENERAL DYNAMICS**

**Mission Systems** 

For more information contact: Tel 1-877-449-0600 • OSPL@gd-ms.com gdmissionsystems.com/products/airborne-systems/open-systems-processing

©2023 General Dynamics. All rights reserved. General Dynamics reserves the right to make changes in its products and specifications at any time and without notice. All trademarks indicated as such herein are trademarks of General Dynamics. All other product and service names are the property of their respective owners. ® Reg. U.S. Pat. and Tm. Off.