Copyright © 2019 KVMGalore® - All rights reserved.
AVSD1004-US: Ultra secure EAL4+ certified USB, dual-link DVI-I and audio KVM switch
ideal for government, military and other secure data environments
AdderView secure KVM switch allows a keyboard, monitor and mouse to be shared between high and low security systems, sometimes known as red and black networks, and is designed carefully to prevent information flowing between computers or to the outside world via emissions snooping.
The AdderView secure design prevents sensitive data from leaking between ports, sensitive data leaking to the outside world and sensitive data from being stored in the device to actively combat a range of potential leakage "threats".
AdderView Secure Digital are highly robust KVMA switches for critical applications. When information absolutely must not be leaked between systems or networks, AdderView Secure units combine the necessary isolation with a desirable ease of use.
AdderView Secure units combine a number of overlapping strategies that are designed and proven to defeat potential points of infiltration or protect against user error. Firstly, all channel switching is controlled only from the front panel buttons. No keyboard or mouse switching commands are permitted and all operations are continually monitored by a dedicated sub-system. Any deviation from a strictly ordered sequence of events will result in an error condition, where all channels are immediately isolated and the operator is informed via a front panel indicator.
Data diodes, implemented within hardwired electronic circuitry, rather than software, are liberally employed to ensure that critical data paths can flow only in one direction. These data diodes ensure that a compromised peripheral, a keyboard for instance, cannot read information back from a connected system in order to transfer such details to another system. Whenever a channel is changed, the connected keyboard and mouse are always powered down and re-initialized to provide yet another level of protection against hidden peripheral malware.
In general, the role of software within the unit has been reduced to an absolute minimum to avoid the possibility of subversive reprogramming. Additionally, all flash memory has been banished from the design, to be replaced by one-time programmable storage which cannot be altered.
The outer casing contains extensive shielding to considerably reduce electromagnetic emissions. Additionally, the casing has been designed with as few apertures as possible to reduce the possibility of external probing and several primary chassis screws are concealed by tamper-evident seals to indicate any unauthorized internal access. Shielding extends also to the internal circuitry with all channels providing a minimum of 60dB crosstalk separation between computer input signals and any signals from the other computers at frequencies up to 100MHz.
These are just a few of the many strategies and innovations that have been combined to ensure separation between differing systems. Numerous other defences lie in wait to defeat any potential threat.
Various strategies are employed to ensure complete separation between the switched channels:
• One-way data diodes are used on keyboard and mouse communication channels so that data isolation does not rely on software.
• The keyboard and mouse are powered down and re-initialized during every channel switch to ensure that they cannot act as transport media for malicious data between computers.
• Many aspects of operation are internally monitored. For instance, if a second channel attempts to open while another is still active, all operation will be instantly halted and an error
condition signalled to the user.
More security features
• Common keyboard, mouse, video monitor and speakers are able to access multiple high security computers/networks, safe in the knowledge that data will not be transferred from one to another, either by user error or subversive attack.
• The switching section is hard wired to allow only one channel to be selected at any time. This operation is also closely monitored by separate checking circuitry.
• Channel switching is by physical button press only, no keyboard or mouse codes are permitted.
• Individually colored indicators provide clear visual feedback about the currently selected channel.
• Hard wired data diodes enforce a one-way flow on information.
• The casing is shielded to reduce electromagnetic emissions to an absolute minimum. Casing is secure with access apertures minimized and vital access screws having tamper-evident
• Switching is controlled solely by the clearly labeled front panel buttons. Each selected channel is represented by an individually colored indicator to provide additional visual feedback.
• Clear error indication. Any unexpected operation (such as an attempt to select two channels simultaneously) will be signalled by the ERR indicator, accompanied by complete isolation of all channels.
• Clear and simple connections. All connections are clearly marked to avoid any ambiguity. Full dual link DVI-I video connections are provided and USB connections are used throughout for keyboard and mouse links.
• Clear stored states. Attached keyboard and mouse are both powered down and reset at every switchover to clear stored states.
The primary casing access screws are pre-fitted with tamper-evident seals. It may be a policy of your organization to fit proprietary tamper-evident labels across certain chassis screws. Additionally, seals could be added between each connection and the unit to highlight any connections that have been altered.
Independantly tested against common criteria, AdderView Secure Digital achieves Evaluation Assurance Level 4+. Certification report No. CRP259.
EAL2+ Common Criteria Evaluation Assurance Level 2 (augmented by ALC_FLR.2) Common Criteria (ISO 15408) Assurance Level and Peripheral Sharing Switch (PSS) For Human Interface Devices Protection Profile, IAD, Version 2.1, 7 September 2010. Certification report No. CRP268.
Uni-directional data paths for keyboard and mouse
Unique one-way data paths ensure that data isolation does not rely on trusting microprocessor software, but is instead assured by hardware and prevents a hidden software weaknesses that could potentially cause data leakage. A uni-directional structure also protects against timing analysis or forced malfunction attacks and prevents computers influencing the operation of any common circuitry.
Minimal emissions profile
AdderView Secure is heavily shielded with double shielding in critical areas to minimise the risk of eavesdropping equipment being able to pick up signals from the equipment.
No shared RAM between ports
The keyboard and mouse processor is powered down and reset at each switchover to thwart shared RAM leakages. Separate memories hold the num, caps and scroll states and are only accessible when the relevant channel is selected. All data buffers are cleared once they have been used.
One time programmable microprocessors
Microprocessors are one time programmable and don't contain reprogrammable flash memory. This protects against sensitive data being stored within the device and protects the software against being corrupted.
60dB crosstalk isolation
High crosstalk isolation ensures that less than 1/1000th of any signal from one computer is presented to the input of another computer due to electrical crosstalk.
Restricted USB function
The USB ports will only support keyboards and mice and other devices, such as USB storage drives, are actively prohibited.
No microphone connections
To prevent small levels of crosstalk noise from being "recorded", microphone connections are banned from the design.
Independent power supplies block power line signalling
The circuitry for each port is independently powered from the USB lead. Power line signaling is therefore blocked because different port circuits don't share the same power feed.
AdderView Secure checks its own operation
The hardware and software must agree before data flow is enabled. The switch constantly checks its own operation and will stop operating and flash its error light if an unanticipated event occurs.
For maximum compatibility and security USB keyboard/mouse and dual link DVI-I monitor interfaces are used and makes the AdderView Secure truely platform independent.
Superb video performance
Dual link DVI interface operates at full DVI bandwidth to ensure higher end applications that require exact video quality, sometimes at very high video resolutions, are not compromised. DVI interfaces have the added security advantage that randomizing the low order video bit can make snooping much harder.
• Digital or analogue video
• Simple channel selection
• Tamper proof design
• Keyboard and mouse hotkey switching is banned from the design
• AVSD1004 switch
• 5V, 2A power supply w/ U.S. mains cable
• Installation CD-ROM
• Cables not included
* DVI-I dual-link connectors support the following video connections:
• DVI-A – No adapter required
• VGA – Via adapter, or adapter-cable
• DVI-D – No adapter required
• DVI-I – No adapter required
• HDMI – Via adapter or adapter-cable