Home   /   Our Competencies  /   Cryptology

BİLGEM

Cryptology

SIR-II / Encrypted USB Memory Device

SIR-II is an encrypted USB memory device serving a single user, which securely stores all the data uploaded to it by encrypting it with its hardware structure. The device, which has 64 GB memory data carrying capacities, has a read-write speed of 10 MB / s.

The device ensures the security of the data loaded into the flash memory. Ensuring the security of the data during reading or writing from the computer to which the device is connected is out of the scope of protection.

Encrypted USB Memory Device serves a single user. Another user cannot access the encrypted data in the device by using their own card. It has many security measures such as emergency delete and tamper switch. Device login, user login, user card active and USB connection status can be observed with the audible warning and the light indicators on it.

With the write-protect switch on the device, it can be prevented from writing data to the device when requested. The device obtains its power via the USB connection interface and does not need any other power connection. There is a battery so that the cryptographic keys can be stored in memory even when there is no power. This battery is charged via the USB connection interface when the device is connected to the computer, and with a fully charged battery, the device can store the data in it for at least 6 months. The device is designed considering the architecture based on red-black separation for COMSEC, EMC, EMI and TEMPEST safety. The case is impact resistant.

USER INTERFACE
  • 12-keypad, 4 lamps each with dual color
  • 1 buzzer, 1 emergency clear key, 1 write protect key
  • 1 user smart card reader interface
OPERATING SYSTEMS
  • Platform independent - Windows (2000+), Linux (Kernel 2.4 and above) platforms
FEATURES
  • Total 64GB data storage capacity
  • Plug-and-play
  • Dimensions: 51 x 91 x 14 mm
  • Weight : 90 g
It is subject to the sales license to be given by the Ministry of National Defense.

EKADAS-II Crypto Key Management Infrastructure

EKADAS-II (Electronic Crypto Key Distribution System) Crypto Key Management Infrastructure enables the centralized or distributed generation of all kinds of sensitive crypto material and its fast, reliable and scalable distribution to the planned usage locations.

It has been designed keeping in mind the criteria of flexibility, modularity, speed, security and scalability. Thanks to the Updatable Security Module, it can easily adapt to different security protocol and algorithm needs. In addition to the traditional Electronic Key Management System capabilities, it offers integrated key management with other management systems and combines crypto key management systems under a single roof.

  • HVTC, which is the key carrying and loading device used at the endpoints of the system, provides all the features of the new generation key loading devices and includes additional capabilities for national use.
  • The system, which can operate with full redundancy, allows portable end switch loading devices to remotely receive sensitive crypto materials by using PSTN, H/F, Satellite and Ethernet connection alternatives.
  • Secure distribution of all kinds of sensitive information (crypto key -symmetric/asymmetric-, certificate, software, code, password, configuration/administration information, file, message, etc.)
  • High quality key generation (with a combination of quantum and traditional RSU techniques)
  • Transition from Electronic Key Management System concept to Key Management Infrastructure concept that can be integrated with all other management systems
  • Supporting complex key management of next generation crypto devices
  • Distribution and accounting of crypto materials by inventory of crypto devices
  • Integration with other systems using the Common Key Management Framework (OAYÇ)
  • Reducing the diversity of key management systems/components and bringing them together under the umbrella of EKADAS-II
  • Ability to generate keys for over a hundred crypto device types
  • Support for operators to design and manage their own key formats
  • Advanced smart key accounting
  • Ability to define cryptographic and managerial relationships between sensitive materials
  • Ability to meet complex key management needs
  • Software update of crypto devices securely remotely
  • Centralized management of crypto devices key upload profiles
      • Platforms
      • Crypto devices,
      • Key types,
      • Key slots,
      • Installation interfaces and parameters, installation packages, etc.
  • Fast response time with online and star connected topology
  • Interoperability with NATO IEKMS
  • Supporting Platform Key Management Systems included with A400M and JSF aircraft
  • Reliable architecture centered on redundant management
  • Built-in secure messaging support

It is subject to the sales license to be given by the Ministry of National Defense.

skater

KAYC-S - Crypto Key Loading Device

NATIONAL KEY LOADING SOLUTIONS
KAYC-S is a cryptographic device that has the features of storing, transporting and transferring data in encrypted form with cryptographic keys received with standard interfaces and protocols (DS-101, DS-102, MILAY) and key uploading/end crypto devices.

KAYC-S device, which is activated by being defined in the EKADAS-II (Electronic Crypto Key Distribution) System, can receive keys from EKADAS-II or other systems. The device has the ability to receive cryptographic data and key from HVTCs (Sensitive Data Transport Device), which are EKADAS-II terminal devices, or other supported data transport devices [AN/CYZ-10 (DTD), DTD2000 (SDS), Simple Key Loader (SKL)] and key loading devices (KYK-13, KAYC-10, KAYC-32, KAOC-8, KOI-18, MILAY EAYC) with standard interfaces via the upload interface. It processes the cryptographic data and keys it receives with security-enhancing measures such as integrity control and encryption, securely stores it and uploads it to various key loading/transport and end crypto devices. It has the ability to securely record the accounting information of the keys and transfer them to the EKADAS-II System.

Data security in the device is ensured by the system architecture based on red/black separation, filtering, tamper protection and emergency deletion mechanism. KAYC-S is a tactical device and complies with COMSEC, EMI/EMC, TEMPEST requirements.

INTERFACES

  • Via 6 pin connector
  • DS-102 (EKMS-308F)
  • DS-101/RS-485 (EKMS-308F)
  • DS-101/RS-232-D (EKMS-308F)
  • MILAY
  • Usage for “NATIONAL CONFIDENTIAL” and lower data privacy levels
  • National format key storage and loading
  • User-friendly graphical interface
  • Electrically and mechanically red/black insulation
  • 320 x 240 TFT liquid crystal display and 7-entry keypad
  • External keyboard interface (PS/2)
  • Light and audible warnings
  • Ability to create and initialize users from the EKADAS-II system
  • Receiving cryptographic data from EKADAS-II system
  • Ability to create, store and transfer accounting and transaction records to EKADAS-II system
  • Ability to update software via EKADAS-II
  • TAF approved crypto algorithms
  • System-independent initialization capability (Free Mode)
  • User access control with smart card and password
  • Emergency erasable nonvolatile memory for preservation of cryptographic data and keys
  • Emergency wiping when the device is in use or off
It is subject to the sales license to be given by the Ministry of National Defense.

KAYC-S/N - Crypto Key Loader/NATO

SOLUTIONS TO INSTALL NATO KEYS

KAYC-S/N is a cryptographic device that has the features of storing, transporting and transferring cryptographic keys encrypted with the interfaces and protocols defined by the EKMS-308F standard, and transferring them to various key loading/end crypto devices in NATO inventory.

KAYC-S/N has SECAN security approval at all NATO secrecy levels and has been approved by the “Military Comitee” and has been awarded the title of NATO device.

The device stores the red or black key and cryptographic data it receives from local government devices (LMD/KP, DMD), data transport devices [(AN/CYZ-10 (DTD), DTD2000 (SDS), Simple Key Loader (SKL), EKATAC/EKAYUC)] and key loading devices (KYK-13, KAYC-10, KAYC-32, KAOC-8, KOI-18) securely with integrity control and encryption. It transfers the keys to the data transfer devices in red or black, uploads them to the end devices and upload devices.

It has the ability to save the accounting information of the keys securely and transfer them to local management devices such as LMD/KP, DMD. The device supports CT3 (Common Tier3) application software infrastructure.

Data security in the device is ensured by the system architecture based on red/black separation, filtering, tamper protection and emergency deletion mechanism. KAYC-S/N is a tactical device and complies with COMSEC, EMI/EMC, TEMPEST requirements.

  • Usage for “NATO TOP SECRET” and lower data privacy levels
  • NATO approved crypto algorithm
  • Storing, decrypting and loading NATO-formatted (encrypted/non-encrypted) keys
  • User access control with smart card and password
  • User-friendly graphical interface
  • Electrically and mechanically red/black insulation
  • 320 x 240 TFT liquid crystal display and 7-entry keypad
  • External keyboard interface (PS/2)
  • Light and audible warnings
  • Ability to create, store and transfer accounting and transaction records
  • Emergency erasable nonvolatile memory for preservation of cryptographic data and keys
  • Emergency wiping when the device is in use or off

INTERFACES
Via 6 pin connector

  • DS-102 (EKMS-308F)
  • DS-101/RS-485 (EKMS-308F) - end-to-end or bus structure
  • DS-101/RS-232-D (EKMS-308F)
It is subject to the sales license to be given by the Ministry of National Defense.
kayc-sec

HVTC - Sensitive Data Transport Device

It is a new generation upload device that combines crypto key processing (strategic) and transport device (tactical) capabilities in a single device. Thanks to its updateable security module component, it can adapt to scenarios that require other protocols and algorithms. It is designed for tough tactical field conditions. It allows to perform complex key management functions with its user-friendly GUI and touch screen capabilities.

  • Secure electronic crypto key and data transfer from EKADAS-II (Electronic Crypto Key Distribution System) system via WAN interface
  • Uploading/receiving crypto keys and data in NATO and national formats to NATO and national key transport devices and crypto devices
  • Legacy and modern crypto key support
  • Crypto key accounting and detailed transaction/event records
  • Profile database of remotely managed Tier3 devices
      • Platforms
      • Crypto devices
      • Key types, key loading slots, key segment assignments
      • Download interfaces and parameters
      • Key relationships
  • Secure communication interfaces (between Tier2 and Tier3 layers)
      • PSTN, HF/UHF, SATCOM, Ethernet
  • Key loading interfaces
      • DS101,
      • DS102,
      • MILAY,
      • RS232,
      • TapePuncher
      • USB 2.0 (Smart card, USB memory, CD/DWDRW, Printer)
      • Ethernet (Integration with other systems using special protocol)
  • High storage capacity (~32GB)
  • Rule and role-based access control
  • Two-factor authentication (PIN and smart card)
  • User-friendly, icon-based interface (Multi-language support)
  • Shockproof PCAP+ touchscreen (16:9, 7 inch color TFT WSVGA)
  • High screen resolution (1024×600)
  • Touch patterns with special meaning
  • Readable in sunlight
  • Can be used with gloves
  • Built-in crypto processor (able to host and run 1000+ crypto algorithms)
  • Agile crypto support (updatable crypto algorithms)
  • Remote/close secure software/firmware update
  • Tamper proof
  • EMI/EMC Compliant (MIL-STD 461E)
  • TEMPEST Compatible ( SDIP-27/1 Level A)
  • Waterproof and dustproof (IP67)
  • Operating temperature: Lowest -20 °C, Maximum +60 °C
  • Storage temperature: Lowest -30 °C, Maximum +70 °C
  • Physical dimensions: 23.2 cm x 15.8 cm, 4.9 cm, ~2 kg
It is subject to the sales license to be given by the Ministry of National Defense.

QUANTUM RSU - Quantum Based Random Number Generator

The Quantum Random Number Generator device makes the random data obtained from the quantum source contained in it more reliable by passing it through various mathematical tests and mixer functions and gives it via the USB 2.0 interface.

The fact that quantum mechanical systems are random in nature is the biggest advantage of quantum random number generators. Especially in cryptographic systems where security is very important, using QUANTUM RSU gives better results than other random generators in terms of security of the whole system.

  • Input voltage: 12V
  • Typical power consumption: 4 W
  • Interface: USB 2.0
  • Max data rate (Tested throughput rate): 12 Mbit/s
  • Typical data rate (Tested throughput rate): 4 Mbit/s
  • Physical size: 80mm x 80mm x 150mm
  • Weight: 500 grams
  • Operating temperature: 0- 35 °C
  • TEMPEST feature: Yes
  • COMSEC feature: Yes
  • Outer case: Aluminum
It is subject to the sales license to be given by the Ministry of National Defense.
quantumr
gm

GM - Security Module

GM (Security Module) is a general purpose hardware security module that offers cryptographic data generation/processing and secure data storage capabilities. It is designed as a portable device with the aim of military and commercial use. The device complies with COMSEC, EMI/EMC, TEMPEST standards. Since security mechanisms are predominantly modular and software-based, they can be easily updated and integrated into security products without requiring hardware changes. With its USB interface, it can be easily integrated into any platform as a component that completes security. It can exchange data securely both with the platform it is installed on and with external transport devices and data transport environments. Data exchange is supported with GM upload interfaces, smart card, USB memory, crypto and military key carrying devices with supported interfaces.

  • High quality key generation
  • Ability to add/update new crypto algorithms
  • Crypto Device private key encryption/decryption/signing capability
  • Receiving and uploading electronic key or confidential data to initialize itself and system devices via key upload interfaces
  • Key format support compatible with national key formats
  • Legacy and modern crypto key support
  • Crypto key accounting and detailed transaction/event records
  • Communication with Key Generation and Distribution Servers (USB 2.0)
  • Key loading interfaces
      • DS101 (RS485/RS232)
      • DS102
      • MİLAY
      • USB 2.0 (Smart card, USB memory)
  • Built-in hardware-based TRSU (True Random Number Generator)
  • Support for working with external RSU
  • High storage capacity (~32GB)
  • Ability to host and run multiple crypto algorithms
  • Updatable crypto algorithms support
  • Software update
  • Authentication with Crypto Initialization Key
  • Tamper resistance
  • Attachable and detachable
  • Crypto Permission Key
  • EMI/EMC compliant (MIL-STD-461E)
  • TEMPEST compliant (SDIP-27/1 Level A)
  • COMSEC compliant
  • Operating temperature: -20 °C to +60 °C
  • Storage temperature: -30 °C to +70 °C
  • Physical Dimensions (Excluding Connector): 209 mm x 153 mm x 46 mm (±10%) ~1.4 kg
It is subject to the sales license to be given by the Ministry of National Defense.

KMA - Cryptographic Architecture and Algorithm Design

Cryptography is the science of providing information security with mathematical methods. Cryptography provides solutions to security needs, such as data privacy, data integrity, non-repudiation, authentication, access control. These solutions are implemented in all places where information security and privacy are required, from smart cards to satellites, from network security devices to sensors. Cryptographic structures (algorithms, protocols and architectures) form the basis of these services.

Experienced and qualified researchers specialized in fields such as mathematics, statistics and electronics are required to develop unique cryptographic structures. TÜBİTAK BİLGEM UEKAE has been operating in this field since the 1980s and meets the needs of our country.

  • Cryptographic algorithm (encryption, digest, key wrapping, text authenticating codes, etc.) design
  • Cryptographic protocol (authentication, key agreement, etc.) design
  • Cryptographic architecture (device and/or all cryptographic structures in the system) design
  • Noise processing function design (used in random number generators)
  • Training and consultancy on cryptography

It is subject to the sales license to be given by the Ministry of National Defense.

km
sge

(SGE) Cyber Security Institute

The Cyber Security Institute, which was established to carry out studies to increase the national cyber security capacity, carries out research and development activities in the field of cyber security; carries out solutions-oriented projects for military institutions, public institutions and organizations and the private sector.

The main fields of activity of our institute, which has made a significant contribution to the creation of cyber security knowledge and tactical infrastructure in our country with many successful projects to date, are secure software development, penetration tests and vulnerability analysis.

6-yze card logo

(IZE) Artificial Intelligence Institute

Artificial Intelligence Institute is the first institute established within the scope of TUBITAK centers and institutes, which cuts the sectors and research fields horizontally and focuses directly on the emerging technology field. For this reason, it constitutes an innovative model in terms of both the open innovation and co-development approach of the institute and its focus on emerging technology.

Artificial Intelligence Institute aims to develop core technologies in the field of artificial intelligence and bring these innovations from the forefront of science to the use of the industry as soon as possible. Focusing on the transformative potential of artificial intelligence, it will continue to play its part in pioneering efforts to create and sustain artificial intelligence-based innovation, growth and productivity in Turkey. Working with industry and public institutions in Turkey, together with other organizations within the artificial intelligence ecosystem, spreading the use of artificial intelligence and increasing the workforce specialized in this field are among its primary goals.

Discover institutes laboratories technologies products projects of BİLGEM.

Discover institutes laboratories technologies products projects of BİLGEM.

Intern

TÜBİTAK BİLGEM builds its basic strategy for the future on qualified knowledge and qualified people focused on national targets in the research, technology development and innovation ecosystem.

Starting from the understanding that "the most important resource of a country is generally people, specifically scientists," TÜBİTAK encourages and supports our youth from an early age. In this context, providing young minds with early exposure to technology production is crucial for the success of our National Technology Move. Accordingly, TÜBİTAK BİLGEM offers internship opportunities to undergraduate students from universities every year.

You can follow internship announcements and submit your applications through the Career Gateway at https://kariyerkapisi.cbiko.gov.tr.

You can access frequently asked questions about internships at TÜBİTAK BİLGEM from here. 

Application Conditions
  • Students enrolled in undergraduate (2nd year and above) and associate degree programs in departments offering education in universities and conducting insurance procedures through the higher education institution to which they are affiliated can benefit from the internship opportunity.
  • For undergraduate and associate degree students, a minimum Weighted Grade Point Average (GPA) of 2.50 out of 4 is required. The GPA of candidates with a 100-point system is converted to a 4-point system based on the "Conversion Table of Grades from the 4-Point System to the 100-Point System" published by the Higher Education Council.
  • There is no requirement for a foreign language certificate during the internship application process.
  • Students enrolled in departments such as Forensic Computing Engineering, Computer Sciences, Computer Science and Engineering, Computer Engineering, Computer and Informatics, Computer and Software Engineering, Information Systems Engineering, Electrical and Electronics Engineering, Control Engineering, Control and Computer Engineering, Control and Automation Engineering, Mechanical Engineering, Mechatronics Engineering, Telecommunication Engineering, or Software Engineering in universities can apply for internships.

Internship applications are accepted between December and January, and the internship period covers June, July, and August.

intern-img-1

Scholar

Scholar assignments are made for research and development activities for undergraduate, master's, doctoral students, and post-doctoral researchers. In our center, scholars are appointed for practical purposes in externally funded, TARAL, or European Union projects.

You can contact us via the email address bilgem.yetenekkazanimi@tubitak.gov.tr to apply to be a scholar.
Application Conditions

(1) The conditions for undergraduate scholars in externally funded projects conducted by the institution are specified below:

  •  Being a student continuing undergraduate education at higher education institutions established in Turkey (excluding foreign language preparatory students).
  • Having a weighted cumulative GPA for previous years, excluding preparatory years, based on the university's grading system, which satisfies the formula score and foreign language requirements in the recruitment criteria.
  • Completing at least the first semester of the first year of undergraduate education.
  • Having a GPA of "+3.00" and a University Placement Exam Ranking of "10,000 ≥" for undergraduate general average.
  • For foreign students placed in Turkish universities without taking the ÖSYM exam or for those who completed undergraduate education through exams such as Vertical Transfer Exam, the lowest university placement ranking of the department from the year the candidate started the undergraduate program is considered in the ranking formula.

(2) The conditions for master's degree scholars in externally funded projects conducted by the institution are specified below:

  • Being a student continuing master's degree education at higher education institutions established in Turkey (excluding special students and foreign language preparatory students).
  • Currently pursuing a master's degree in the project's field of responsibility.

(3) The conditions for doctoral students in externally funded projects conducted by the institution are specified below:

  • Being a student continuing doctoral education at higher education institutions established in Turkey (excluding special students and foreign language preparatory students).
  • Currently pursuing a doctorate in the project's field of responsibility or conducting a doctorate in areas determined within the framework of the YÖK-TÜBİTAK Doctoral Program Project Collaboration Protocol. (Students in medical specialization and artistic proficiency are accepted as doctoral students.)
scholarship-img-1

Candidate Researcher

Students in the 3rd and 4th years of relevant engineering departments at universities can apply to our Part-Time Candidate Researcher positions through our Job Application System at kariyer.tubitak.gov.tr. By doing so, they can gain work experience at TÜBİTAK BİLGEM during their university years.

This program does not have an end date. Candidate Researcher personnel working part-time during their university period can seamlessly transition to full-time employment as Researcher personnel at TÜBİTAK BİLGEM without interrupting their career journey after graduating from the undergraduate program.

Application Conditions

Conditions for the Candidate Researcher Program:

  • Being a 3rd or 4th-year student in the relevant departments specified in the announcements at universities.
  • Foreign language proficiency: Achieving appropriate scores in the exam types specified in the announcement or studying in a program that is 100% in English for undergraduate education.
  • Satisfying the formula score:

Weighted Graduation Average + (10,000/University Placement Exam Ranking) + Additional Score* >= 3.20

*Candidates who have achieved rankings and awards in national and international competitions will receive an additional score of 0.3.

candidate-researcher-img-1

Researcher

By joining TÜBİTAK BİLGEM as a Researcher, you can contribute to developments in the fields of information technology, information security, and advanced electronics. You'll have the opportunity to make your mark on innovations, closely follow advancements, enhance your skills, and shape your future by advancing in your career.

You can apply to our currently open positions through the TÜBİTAK Job Application System .

Application Conditions

Conditions for Job Application:

  • Foreign language proficiency: Attaining appropriate scores in the exam types specified in the announcement or studying in a program that is 100% in English for undergraduate education.
  • Fulfilling specific requirements stated in the announcement (such as undergraduate department, years of experience, expertise, etc.).
  • Satisfying the formula score:

For Candidates with Less than 3 Years of Experience:

Weighted Graduation Average + (10,000 / University Placement Exam Ranking) + Additional Score* >= 3.20

 

For Candidates with 3 Years and More of Experience:

Weighted Graduation Average + (10,000 / University Placement Exam Ranking) + 5*[1 / (1 + e^(5 - years of experience) ) ] + Additional Score* >= 3.20


*Candidates who have achieved rankings and awards in national and international competitions will receive an additional score of 0.3.

researcher-img-1

MILSEC 4 - Secure IP Terminal

SAFE IP TERMINAL

While the MİLSEC-4 terminal offers an up-to-date solution for next-generation secure communication (voice, data and video) in IP networks, it provides an uninterrupted communication service by maintaining the compatibility of secure voice communication in PSTN networks with PSTN secure phones in use.
provides.

Configuration, surveillance and software update processes of MILSEC-4 terminals are carried out securely remotely using the Security Management Center (GYM). MİLSEC-4 terminal is capable of IP Network Key Loading (IPAAY) through secure communication with GYM without the need for an additional device.

MİLSEC-4 terminals are interoperable with MİLSEC-1A and MİLSEC-2 phones and offer the opportunity to replace MİLSEC-1A and MİLSEC-2 phones without interruption in the gradual transformation of PSTN networks to next generation IP networks.

FEATURES

  • End-to-end secure voice communication in PSTN networks
  • End-to-end secure voice, image and data transmission in IP networks
  • NATO SCIP compliance on IP networks
  • Compatibility with commercial SIP products
  • Interoperability with MILSEC1A and MILSEC2 secure phones
  • National and AES crypto algorithms
  • Remote software update
  • Easy operation with touch screen

It is subject to the sales license to be given by the Ministry of National Defense.