Future-proof cryptography: the security of TelsyMusa

TelsyMusa crittografia future proof orizz

Ensuring proper security standards for our systems and servers has never been more essential.

This need, coupled with the growth rate of cyber threats and, more importantly, the increasingly various nature of the vulnerability surfaces targeted by attacks, imposes significant expense and ongoing support.


Protect your data

In the last few years, the amount of data exchanged has reached huge proportions. And this data transits from system to system, server to server, with all the risks and potential vulnerabilities that these processes entail.

Especially when it comes to sensitive, critical or confidential data, protecting them properly is a necessary condition if we don’t want to run into economic, reputational or even legal problems.

To meet this need, for more than fifty years Telsy has been working to develop and produce cryptographic devices, equipment and systems designed to protect data and communications from attackers.


Future-proof security with TelsyMusa

The TelsyMusa encryptors family provides a full range of IP-based encryption solutions that find application in large-scale network architectures.

This family includes TelsyMusa – available in Desk and Rack versions – and TelsyMusaX, Layer 3 IP encryptors designed to cover simple use cases, such as a point-to-point configuration for connecting headquarters to its data center, up to complex center-to-star systems.

Like all devices belonging to this encryptors family, TelsyMusa and TelsyMusaX use the proprietary TelsyGuard protocol, which is optimized to maximize performance in terms of throughput while maintaining high-security standards.

QKD scheme TelsyMusa crittografiaSpecifically, TelsyMusaX is a software solution designed and developed by Telsy, implemented on DELL PowerEdge family servers. It features four Ethernet network interfaces: one for local management, one for LAN unencrypted traffic, one for WAN encrypted traffic, and one dedicated to the Quantum Key Distribution (QKD) system.

For the cryptographic key lifecycle, TelsyMusa encryptors use a USB token into which two separate smartcards are inserted: IT (Initialization Token) for the initialization phase, and CIK (Crypto Ignition Key) during operation. Removing the token with the CIK smartcard renders the device inert, blocking the passage of network traffic in either direction.


The features of TelsyMusaX

TelsyMusa X is a network encryptor that uses a derivation of TelsyGuard, a proprietary protocol developed by Telsy.

This version of the protocol integrates quantum keys generated by the QKD “Quell-X” system developed by QTI, a Telsy investee company, to which TelsyMusaX encryptor is connected.

Thanks to optimizations implemented to maximize performance in terms of throughput, TelsyMusa X can reach 1 Gbps, with latencies of less than 2 ms.

quantum computer TelsyMusa crittografiaThe TelsyGuard protocol guarantees:

  • Post-quantum confidentiality
  • Different and unique communication keys for each session
  • Perfect forward secrecy (PFS)
  • Mutual authentication between parties
  • Handshake in 1-RTT
  • Throughput greater than 1 Gbps with 1420-byte packets
  • Latency of less than 2 ms

To support TelsyMusa encryptors, the system provides a specific solution for managing cryptographic parameters: the Key Distribution Center (KDC), for generating and distributing encryption keys.

The Key Distribution Center is a subsystem that manages operations to ensure the correct lifecycle of the cryptographic material and configuration parameters, in relation to the operationalization of the encryptor network.

KDC features include:

  • Cryptographic security parameter management
  • Smartcard programming for initialization (IT) and device usage (CIK).

Like all devices belonging to the TelsyMusa encryptors family, TelsyMusaX uses the proprietary TelsyGuard protocol, properly modified for the QKD system.

For this protocol, in addition to the communication keys provided by KDC, TelsyMusaX uses the QKD component keys provided by Quell-X.

TelsyMusa encryptors also provide a physical port for local device management, through which is possible access to an interface that allows an operator, with appropriate credentials, to perform the following operations:

  • Device initialization
  • Uploading cryptographic material from KDC
  • Loading configurations
  • Non-sensitive details about the uploaded traffic keys view
  • Traffic statistics view
  • Device zeroize


Telsy and QTI

TelsyMusa rack

As mentioned, the quantum-resistant TelsyMusaX encryptors were developed to be interfaced with the quantum key distribution systems of QTI, a spin-off company of the National Institute of Optics of the National Research Council (CNR-INO), which became a Telsy investee company in 2021.

QTI – Quantum Telecommunications Italy, is the first Italian Quantum Key Distribution company, which develops and manufactures industrial-grade systems for quantum networks for the unconditional security of digital communications.

The merging of Telsy and QTI allows the seamless integration of QTI’s QKD system with Telsy’s encryptors.

The sharing of technologies and expertise between the two companies, embedded within the TIM Group ecosystem, allows for an end-to-end encryption system compatible with current telecommunications infrastructures for civil and government applications, representing a unicum in the European Union.


Learn more about TelsyMusa and Telsy’s other crypto solutions.