|
|
|
|
|
|
|
NL Philips FFFE →
Computer security for the Dutch Government
V-Kaart 1 (later: C-Kaart) was a hardware-based
encryption and decryption solution
for Personal Computers (PCs) and networks,
developed by Philips Crypto BV for the Dutch government.
The project was initiated in 1994, and development started in 1997.
Four years later the project was cancelled
and the card was never taken into production.
Eventually in 2003, when Philips Crypto closed down,
Fox-IT acquired the V-kaart legacy and
successfully marketed it as the
Fort Fox File Encryptor (FFFE).
V-kaart is also known as UP-6451, VKC 2 and internally as
4322 085 05151. 3
|
V-Kaart was intended for use by the Dutch Goverment, as a replacement for
the rather large and aging AROFLEX cipher machine.
Based on experiences with the successful MDT-project
for the Eindhoven Police Department, it was decided to implement V-kaart
as a PCMCIA card, which made it suitable for use in a laptop computer. 4
Development of the card started in 1997 and was estimated to take 2 years.
It was supposed to be available in two versions: (1) for use on
stand-alone PCs, and (2) for use on networked computers.
Version 1 would be developed first.
|
|
|
The product would be built around the so-called
GCD-Φ chip
that was developed as part of the project.
In late 2001 however, after a series of field tests and redesigns,
the government pulled the plug. Although strickly speaking Philips had delivered
what was ordered, the circumstances and requirements had changed by the time
the first prototype was ready. It would be Philips Crypto's
last project. In 2003, after a series of reorganisations, the company closed
its doors.
|
-
English: V-card.
-
VKC = V-Kaart-Card.
-
Philips' internal so-called 12NC numbering scheme.
-
At the time, most laptop computers had a PCMCIA interface.
|
|
Although the contract with the Dutch Government for the development of
the V-kaart was signed in July 1997, the actual development of the necessary
crypto chips had started back in 1994, when Philips took part in the development
of a special chip called General Crypto Device (GCD).
|
The GCD was developed in co-operation with SICAN in Braunschweig (Germany).
Although it contained the building blocks for implementing modern
cryptographic algorithms, such as DES and Triple-DES, it was not suitable
for TOP SECRET (Dutch: Stg. Geheim)
applications.
Nevertheless, it allowed Philips to quickly create a working prototype
and start development of the necessary hardware and software.
The image on the right shows the very first test PCB with
all components that were required for the V-kaart. It became operational
in November 1997 [11].
|
|
|
The test card contained the GCD chip,
two Field Programmable Gate Arrays
(FPGA), a memory chip, a flash-memory holding the firmware and a real-time
clock. Each chip is surrounded by numerous test pins.
The double blue connector simulates the PCMCIA connector of the
future V-kaart. At the bottom right is an RS-232 port that was used for
debugging during development of the firmware. Although the test card
allowed Philips engineers to functionally test the GCD chip and the FPGAs,
it could not run at full speed as the bottom side
was completely hand-wired.
|
The next stage of the development involved
shrinking the design to the
size of a PCMCIA card. As the chips had already been functionally verified
with the test card above, it was decided to go straight to a
functional PCMCIA card.
The result is shown on the right. It is a thin PCB with components at both
sides. As space - and especially height - is rather limited inside a PCMCIA
card, a smaller package of the GCD chip was used.
The image on the right shows the side of the PCB where the GCD chip is
located. The black chip at the top left is one of the FPGAs.
|
|
|
The narrow chip at the front is a flash memory device that contains the
firmware for the GCD.
A lithium battery is mounted in a cut-out space of the PCB. It retains
the cryptographic material when the device is powered down. At the
other side of the PCB is the second FPGA
and the RAM memory. Both FPGAs are QL2009
from the Quick Logic family of high-speed
high-security one-time-programmable (OTP) gate arrays.
The prototype shown above became operational in March 1998, just four months
after the first test card and only nine months after the initial order.
|
The GCD-chip was later replaced by the
GCD-Φ chip when it became
available. Eventually, the product evolved into the
V-kaart shown on the right.
As V-kaart was implemented as a PCMCIA card, it could
be used directly in most laptop PCs of the era. When used in a
desktop PC, a suitable PCMCIA adapter card (interface) had to be used.
Depending on the application, security could be increased by
adding a smart card
that contained a personal code, much like
a Crypto Ignition Key (CIK). In order to use the software, the
personal key card
had to be inserted into a card reader.
|
|
|
After several updates of the firmware and the software, the
project was cancelled by the Dutch Government in 2001,
as it couldn't match the ever increasing demands of the
Department of Defence (DoD). An adapted version of the
V-kaart, called S-card (see below) was later released
successfully to the Belgian Government, followed sometime later
by the so-called C-card for the Dutch Government.
Although the software for the latter two was different,
they were based on the same (V-kaart) hardware.
The C-card was later re-released by
Fox-IT
as the FFFE by
(see below).
|
The project started in 1994 after the new Information Security Act came into
effect in The Netherlands [1].
It made each department of the Dutch Government responsible for
its own information security. The Ministry of Defence, Home Office,
Foreign Office and Justice decided to have an encryption card
that would be suitable for Secret and Top Secret information.
Before this decision was made, a feasibility study was conducted by the
NBV
and Philips Crypto.
The combined approach of the four ministries had the advantage that the
development cost could be shared and that it would enable secure
interdepartemental communication.
For reasons of security it was decided that the card would be developed
in The Netherlands [2].
|
|
The contract with Philips Crypto was signed on 2 July 1997 and the
Department of Defence (DoD) would act as the official client. The total
development cost was estimated at NLG 14.5 million
(approx. EUR 6.6 million), of which each department would contribute
as follows [2]:
|
- Defence: 8.8 million
- Home Affairs 3.1 million
- Justice: 2.1 million
- Foreign Affairs 0.5 million
|
|
For this, Philips would develop two variants:
|
- Stand-alone version
- Network version
|
|
They would also study the feasibility of creating Secure Private Networks,
by means of the the so-called VPN-Guard, for which the development order
was signed in November 1997 [7].
The most important customer of the V-kaart would be the DoD, who was also
responsible for the functional specification. Development would take place
in several stages, each of which would be evaluated by Philips, the DoD,
the NBV and TNO/FEL.
|
|
Initially, the project took off rather well. After just five months,
the first test board was working, and another four month later
the first prototype, based on the older GCD-chip,
was implemented as a PCMCIA card.
In the next stage, the new GCD-Φ chip
was incorporated into the design.
|
|
In late 1998, Philips Crypto announced a delay of approximately half a year,
because software development took more time then anticipated.
Around the same time, an investigation showed that the network version had
important shortcomings and would not match with the DoDs network procedures.
It was then decided to concentrate on the stand-alone version first.
|
|
The project was delayed several times and even caused delays with the
development of the new Dutch passport. In November 2000 it was announced
that the new passport would not be ready at the planned introduction date
of 2 april 2001 [9]. They had hoped to be able to use the network version
of the V-kaart for secure distribution of the sensitive data, but instead
had to develop their own solution now. This even led to questions in
the Dutch Parliament [10].
|
During the 2nd half of 2000, the stand-alone version was tested under various
circumstances. Ciphering and deciphering of files worked as expected, but
both the NBV and TNO discovered vulnerabilities in the card's security.
Fixing these security issues would require another design-round, with no
guarantee for success. The fact that the card was only suitable for stand-alone
applications, plus the fact that the penetration of computer networks
had increased drastically since the start of the project, led to the decision
to terminate the project in late 2001 [3].
Although the Dutch government considered filing a claim against Philips
for the fact that they had not delivered, they never did.
Stricktly speaking, Philips had delivered what was ordered
and it was not their fault that the market had changed and that
the customer, the DoD, kept changing the functional specification.
By the time the product was ready, it had become obsolete.
|
Once the V-kaart project was terminated, Philips decided to develop
a series of new products that would be based on the V-kaart experience.
The first product that was released, was a security card for the
Belgian Government: the UP-1351.
The card was designated Special-Card, or S-card and the hardware
was identical to V-kaart. The image on the right shows the personal key
card (UP-1303) that was used with S-card.
|
|
|
Another product that was derived from V-kaart, was the so-called
Crypto-Card or C-Card. Again, the hardware was identical
to V-kaart, but the software was rewritten in order to meet the
requirements of the Dutch Government. It was given the internal designator
UP-6461 and the functional demands of the DoD were dropped in this project.
Although there were several set-backs, C-card was nearly finished by the
time Philips Crypto closed its doors in 2003.
It was later bought by Fox-IT who –
after another software revision – released it as the
FFFE
(see below).
|
|
After the demise of Philips Crypto in 2003, crypto company
Fox-IT in Delft (Netherlands)
bought part of the Philips legacy, including the C-card and
V-kaart development, but also the GCD-Φ
and GCD-Φ 2000 chips.
After a few alterations to the hardware and a full rewrite of the
software, they successfully implemented the concept as a PCMCIA card.
The new product was called
Fort Fox File Encryptor (FFFE) and was approved
for information up to State Secret (Secret) level [4].
|
At the time, PCMCIA slots were available on most portable PCs (laptops),
making installation of the FFFE very easy. Desktop computers could easily be
adapted by installing a PCMCIA interface card.
FFFE cards were still in use within the Dutch Government in 2011.
As the PCMCIA interface is no longer available on modern laptops, the FFFE
was phased out from 2012 onwards, and has since been succeeded by newer products
such as the Red Fox File Encryptor
[6].
➤ More about FFFE
➤ More about RedFox
|
|
|
|
|
Similar but not compatible
|
|
|
|
Model
|
Product
|
12NC
|
Remark
|
|
|
|
UP 6451
|
V-Kaart
|
4322 085 05151
|
Initial project (Dutch Government and DoD)
|
|
?
|
Chipcard
|
9922 416 40399
|
Smartcard for use with V-Kaart
|
|
?
|
Manual
|
9922 154 21511
|
Full V-Kaart instruction manual (Dutch)
|
|
UP 1351
|
S-Kaart
|
?
|
Crypto Module for Belgian government
|
|
?
|
Chipcard
|
9922 411 30399
|
Smartcard for use with S-Kaart
|
|
UP 6461
|
C-Kaart
|
?
|
Crypto Module for Dutch government
|
|
- Voorschrift Informatiebeveiliging Rijksoverheid (VIR94)
Dutch government. 1994.
- Tweede Kamer der Staten-Generaal, Defence budget for 1997 (Dutch)
Vaststelling van de begroting van de uitgaven en ontvangsten van het
Ministerie van Defensie (X) voor het jaar 1997.
Vergaderjaar 1996-1997, 25000 X, nr. 93.
1 July 1997.
7K2364. ISSN 0921-7371.
- Tweede Kamer der Staten-Generaal, Defence budget for 2002 (Dutch)
Vaststelling van de begroting van de uitgaven en ontvangsten van het
Ministerie van Defensie (X) voor het jaar 2002.
Vergaderjaar 2001-2002, 28000 X, nr. 6.
17 October 2001.
KST56292. ISSN 0921-7371.
- Fox-IT, Fort Fox File Encryptor (FFFE card)
2-page productsheet, retrieved 15 september 2011.
- NRC Handelsblad, Crypto-chip Red Fox... (Dutch)
Crypto-chip RedFox gebruikt algoritmes om data te versleutelen en veilig
te verzenden.
1 December 2005. Retrieved July 2012.
- Fox-IT, RedFox Crypto chip
Fox-IT website. Retrieved July 2012.
- Ing BJ van Maaren en Lkol MC van Riemsdijk MBT, De Kwaliteit van de Informatievoorziening, De juiste informatie op de juiste tijd en de juiste plaats.
Intercom 2001-4, pp. 28-31.
- Compumatica, Company Profile
Retrieved May 2012.
- Computable, Nieuw paspoort wederom vertraagd
17 November 2000. Retrieved May 2012.
- Tweede Kamer der Staten-Generaal, Questions and Answers about the New Passport
Vergaderjaar 2000-2001, 25764, Reisdocumenten, Nr. 15.
Verslag van Algemeen Overleg, p. 2 (Dutch).
6 February 2001. KST51317. ISSN 0921-7371.
- Anonymous former Philips Crypto engineer, Interview
Crypto Museum, November 2012.
- Quick Logic, QL2009 Datasheet
Rev. C. Date unknown. Retrieved November 2012.
|
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Friday 02 November 2012. Last changed: Thursday, 16 February 2023 - 16:09 CET.
|
 |
|
|
|
|
