Military Cryptographic Systems Information Assurance Module 3 FA24

Military Cryptographic Systems Information Assurance Module 3 FA24

Military Cryptographic Systems Information Assurance Module 3 FA24 TSEC Jan 22, 2020 Mod 6-HO2 Objectives Students will learn about commonly used military cryptographic systems (ie. KG-84, KIV-7, KIV-19, STE, KG-75), including data rates, connection and fill requirements, and practical applications. Provide an Overview of the DOD Cryptographic Modernization Initiative with Focus on the Army CM Program. Be able to describe the EKMS/AKMS Programs. At the conclusion of this block, students will be able

to choose a cryptographic device to encrypt a link given the data rate, terminal equipment and transmission medium. They will be able to explain the CM, EKMS and AKMS Programs. FA24 TSEC Jan 22, 2020 Mod 6-HO3 Outline

Cryptographic Standards NSA Cryptographic Types Black/Red Signals Military Cryptographic Equipment (Layers 1 3) Telephony Cryptographic Equipment Fill Devices Key Generators Cryptographic Modernization Program Electronic/Army Key Management Systems FA24 TSEC Jan 22, 2020 Mod 6-HO4 Cryptographic Standards (1 of 2) 1. National Security Agency (NSA)

Secret and above Type 1 encryption required Classified Algorithms 2. National Institute of Standards and Technology (NIST) Set standards for Sensitive traffic de facto standards organization for commercial businesses FA24 TSEC Jan 22, 2020 Mod 6-HO5 Cryptographic Standards (2 of 2) 3. American National Standards Institute (ANSI) Cryptographic standards organization for the U.S.

ANSI X9 series closely mirrors NISTs Federal Information Processing Standard (FIPS) 4. International Organization of Standards (ISO) X.509 and Common Criteria FA24 TSEC Jan 22, 2020 Mod 6-HO6 Approved Cryptosystems for the US Army are either: 1. Produced by NSA 2. Commercial Off the Shelf Systems approved by NSA for local purchase 3. Electronically generated and distributed using NSA approved key generating equipment and procedures IAW NAG 16

FA24 TSEC Jan 22, 2020 Mod 6-HO7 NSA Cryptographic Types 1. Products US government/military for Classified Info Only approved commercial users are defense contractors for US classified projects 2. Products US government for sensitive info Requires US government agency sponsorship 3. Algorithms Exportable only to US corporations abroad, and remain under the control of US citizen.

4. Algorithms Exportable to any country and/or organization, except those prohibited by the US government FA24 TSEC Jan 22, 2020 Mod 6-HO8 Black/Red Signals Black/Cipher Text Red/Plain Text Router Red patch panel Router

Red patch panel KIV-7 KIV-7 Black patch panel CSU/DSU Black patch panel CSU/DSU FA24 TSEC

Jan 22, 2020 Mod 6-HO9 Red/Black Installation (1 of 2) Separation of 1 m b/w RED processor and: BLACK equipment BLACK wire lines that exit the inspectable space or are connected to an RF transmitter BLACK power lines Conductors that exit the inspectable space Separation of 5 cm b/w RED wire line and: BLACK wire lines that exit the inspectable space or are connected to an RF transmitter BLACK power lines FA24 TSEC Jan 22, 2020 Mod 6-HO10 Red/Black Installation (2 of 2) RED and BLACK wire lines will not use a common

distribution vehicle unless the power lines exiting the space are equipped with powerline filters. Patch Panels Jack fields should have incompatible connectors to prevent inadvertent RED to BLACK patching Separate RED and BLACK by 1 m 1 m separation required b/w different classifications (i.e. SIPRNET and JWICS, SIPRNET and SECRET Coalition) SCIFs require separate red and black ground FA24 TSEC Jan 22, 2020 Mod 6-HO11 Cryptographic Equipment Layer 1 (Physical) Layer 2 (Data link) KG-84 KIV-7

KG-194 KIV-19 KG-95 KG-189 KG-75 KG-175 (2 and 3) KIV-21 Layer 3 (Network) KG-175 (2 and 3) Network Encryption System (NES) FA24 TSEC Jan 22, 2020 Mod 6-HO12 KG-84

KG-84A -- 256 kbps KG-84C -- 64 kbps Military standard DS-101 fill plug Operates from 50 to 9600 Mbps asynchronous Process up to 32 Kbps using internal clock Built-in wireline modem FA24 TSEC Jan 22, 2020 Mod 6-HO13 KIV-7 Four models

KIV-7 512 Kbps KIV-7HS 1.544 Mbps KIV-7HSA/B 2.048 Mbps Interoperable with KG-84 Serial Data Interfaces EIA-530, EIA-449, EIA-232 Removable CIK No internal strappings Optional Wireline Module for Tactical FA24 TSEC Jan 22, 2020 Mod 6-HO14 KG-194

KG-94/94A/194/194A Operates from 9.6 kbps to 13 Mbps Uses traditional or firefly key Two versions -- tactical and fixed plant FA24 TSEC Jan 22, 2020 Mod 6-HO15 KIV-19

Operates from 9.6 kbps to 13 Mbps Use traditional or firefly key Compatible with KG-194 Newest version KIV-19A FA24 TSEC Jan 22, 2020 Mod 6-HO16 KG-95 DS3 encryptor Bulk Encryption Three models: KG-95-1 operates from 10-50 Mbs KG-95-2 operates only at DS-3 rate KG-95R two KG-95-2s together FA24 TSEC

Jan 22, 2020 Mod 6-HO17 KG-189 SONET Encryptor Operates at OC-3, OC-12 and OC-48 Type I encryption Firefly key DS-101/KSD-64 FA24 TSEC Jan 22, 2020 Mod 6-HO18

KG-75 (FASTLANE) ATM encryptor KG-75 - up to OC-12 KG-75A - up to OC-192 Supports up to 4094 simultaneous, cryptographically isolated ATM channels Supports DS1, DS3, OC3C and OC12C Supports PNNI 1.0, UNI 4.0 and SNMP Firefly and traditional key

CYZ-10/DTD fill device FA24 TSEC Jan 22, 2020 Mod 6-HO19 KG-175 (TACLANE) ATM Encryption -- 45 Mbps DS3 BNC connector 253 cryptographically isolated channels IP Encryption -- 7.2 Mbps RJ-45 and AUI connector

UNI 4.0 and SNMPv1 Firefly and traditional key Uses CYZ-10/DTD E-100 version provides IP encryption up to 100 Mbps FA24 TSEC Jan 22, 2020 Mod 6-HO20 KIV-21 Converts black EIA-422, DB37 HDLC into red IEEE 802.3 ethernet Replaces KIV-7/KG-84/KG-194 and CSU/DSU for a single site Throughput - 8 Kbps to 3 Mbps Frame relay FA24 TSEC

Jan 22, 2020 Mod 6-HO21 Network Encryption System (NES) IP Encryption NES 4001 supports up to 3.4 Mbps NES 4001A throughput is 4.3 Mbps Required black and red IP addresses FIREFLY key distribution FA24 TSEC

Jan 22, 2020 Mod 6-HO22 NES - Virtual Private Network permits traffic from one network to tunnel through another network of a dissimilar security classification FA24 TSEC Jan 22, 2020 Mod 6-HO23 Telephony Equipment

STU-III STE Omni Secure Cell Phones KY-68 FNBDT FA24 TSEC Jan 22, 2020 Mod 6-HO24 STU-III and SDD Secure Data Device Operate at 2.4 or 4.8 kbps code-excited line prediction (CELP)

Data transmitted at 2.4, 4.8 and 9.6 kbps Supports the ITU-T standards V.26bit V.26ter V.32 KSD-64A FA24 TSEC Jan 22, 2020 Mod 6-HO25 STE Replaces STU-III and KY-68 Key is Fortezza Plus (KOV-14) Interoperable with:

STU-III DNVT ISDN: NI-1, NI-2, 5ESS, DMS-100, DEFINITY Euro ISDN Network Interface ISDN S/T BRI 1B+D or 2B+D RJ-45 PSTN RJ-11 TRI-TAC/MSE 4 wire line modem EIA-232/530A

Host Interface EIA-232/530A FA24 TSEC Jan 22, 2020 Mod 6-HO26 Omni Secure Terminal provides Type-1 security for voice and data Analog and Digital network FNBDT compliant Compatible with POTs and STU-III FA24 TSEC Jan 22, 2020 Mod 6-HO27 Secure Cell Phones (1 of 2)

Motorola Cipher-Tac 2000 STU-III and STE compatible Type 1 analog cellular security sleeve slides between battery and phone to operate in secure mode Qualcomm Qsec 800 Secure voice and data (CMDA) Type 1 analog cellular security requires no add-on module FA24 TSEC Jan 22, 2020 Mod 6-HO28 Secure Cell Phones (2 of 2) General Dynamics Tri-band (GSM 900/1800/1900) Advanced Encryption Standard (AES) Clip-in security module Type 1 security

Motorola Satellite Series 9505 satellite and cellular service type 1 end-to-end security Iridium security module attaches to it FA24 TSEC Jan 22, 2020 Mod 6-HO29 KY-68 TRI-TAC and MSE Operates at 16/32 Kbps with CVSD (wideband) Provides encryption of voice or data traffic on switched links to a circuit switch FA24 TSEC

Jan 22, 2020 Mod 6-HO30 Future Narrow Band Digital Terminal (FNBDT) Designed primarily for low-bandwidth, error prone networks such as cell phones Secure global interoperability FNBDT is an open standard Satisfies both NATO and individual nation objectives Uses MELP and Forward Error Correction FA24 TSEC Jan 22, 2020 Mod 6-HO31 Fill and Storage Devices

KYK-13 KOI-18 KYX-15 CYZ-10 KG-83 KGX-93 Fortezza Card KOV-14 KSD-64A FA24 TSEC

Jan 22, 2020 Mod 6-HO32 KYK-13 Receive, store and load key in electronic form Can hold six 128 bit keys CCI is unclassified when empty -- takes on highest classification of key in memory FA24 TSEC Jan 22, 2020 Mod 6-HO33 KOI-18 Used to read/transform paper key into electronic key

Can directly fill crypto equipment or load another fill device Unclassified No memory FA24 TSEC Jan 22, 2020 Mod 6-HO34 KYX-15 Can store sixteen 128 bit keys Unclassified when empty - takes on the highest classification of the key in memory Used to perform OTAR Can generate key locally when used with KG-84, KIV-7 or KY-68 FA24 TSEC

Jan 22, 2020 Mod 6-HO35 AN/CYZ-10 Data Transfer Device (DTD) can emulate other fill devices Receives, audits and transfers 128 bit keys with identification information CCI and is unclassified when empty or when the CIK is removed Referred to as an ANCD FA24 TSEC Jan 22, 2020 Mod 6-HO36 Simple Key Loader (SKL)

Processor 32-bit Intel XScale CPU (400 MHz) O/S Win CE.NET (4.1) RAM 128 MB of SDRAM ROM 64 MB of Flash Memory Graphics 2-D Accelerator Size

7 x 3.5 x 1.8 Weight Approx 18 oz. 504 gms. FA24 TSEC Jan 22, 2020 Mod 6-HO37 Fortezza Card (1 of 2) Used with DMS to encrypt/decrypt 1.5 MBs processing rate Tamper proof/ultrasonically welded

Exportable with State Department approval Includes RISC based processor FA24 TSEC Jan 22, 2020 Mod 6-HO38 Fortezza Card (2 of 2) Provides Cryptographic Functions Public Key Exchange Message Encryption

Digital Signature Hashing Timestamp Password Certificate Algorithms used KEA, Skipjack, DSA, SHA-1 FA24 TSEC Jan 22, 2020 Mod 6-HO39 KOV-14 (Fortezza Plus) Special PCMCIA card - provides encryption and other security services Used to enable STE Classified to level of keying material Unclassified when separated from STE

Stays with COMSEC Material Control System (CMCS) until destroyed With operational key classified With seed key -- unclassified FA24 TSEC Jan 22, 2020 Mod 6-HO40 KSD-64A Contains electronic fill info for STU-III May contain classified operational key or unclassified seed key Can operate in three modes FA24 TSEC Jan 22, 2020 Mod 6-HO41

KSD-64A Modes 1. Operational Key Load STU-III to make direct secure calls to other STU-IIIs Fill Device 2. Seed Key Load STU-III to electronically obtain its operational key during a rekey phone call Fill Device 3. Crypto Ignition Key (CIK) Stores an electronic "password." CIK is used in STU-III that shares this password to unlock the terminal's secure transmission features FA24 TSEC Jan 22, 2020 Mod 6-HO42 Key Generators

KG-83 KGX-93 LMD/KP (KOK-22) FA24 TSEC Jan 22, 2020 Mod 6-HO43 KG-83 TRI-TAC and stand alone applications Generates 128 bit TEK up to Top Secret Compatible with most COMSEC equipment that accepts 128 bit keys Requires initial/annual certification FA24 TSEC

Jan 22, 2020 Mod 6-HO44 KGX-93 MSE and TRI-TAC switches Generates 128 bit key up to Top Secret Can also store key Requires initial/annual certification FA24 TSEC Jan 22, 2020 Mod 6-HO45 Local Management Device/Key Processor (LMD/KP) 128 bit key Key Processor

KOK-22A Key Generation Local key generation, distribution, auditing and reconciliation Access to ACCOR Tier 2 of EKMS Can load 1000 keys at once FA24 TSEC Jan 22, 2020 Mod 6-HO46 Cryptographic Modernization Program Replacement of DODs aging Cryptographic Equipment Inventory to meet Current and Objective Capability Needs.

Intent is to achieve more robust security, network adaptability (NetworkCentric) and performance enhanced equipment solutions. FA24 TSEC Jan 22, 2020 Mod 6-HO47 Background (1 of 2) FY 99/00 MCEB and NSA Studies Concluded: Technologically Obsolete 20-30 years old Cannot Support Network-Centric Architectures Inventory Becoming Logistically Unsupportable Feb 01 ASD(C3I) Arthur Money memo directs: Road Map for Crypto Systems Upgrade/Replacement/Retirement Services Procure Modernized Crypto in FY0309 POM FA24 TSEC

Jan 22, 2020 Mod 6-HO48 Background (2 of 2) Sep 02 JRB 9 Crypto Systems as near term Modernization efforts Approved Joint Forces Command as CRD Sponsor Directed Joint Staffing of CM MNS and Completion of CM Implementation Plan Nov 03 SIGCEN BG Hicks, signed the Charter establishing the CM ICT ICT process serves to shorten the requirements determination event of the acquisition process by employing the team approach to requirements determination. FA24 TSEC Jan 22, 2020 Mod 6-HO49

Existing Deficiencies Equipment Obsolescence Incompatibilities with new architectures/technologies Interoperability/Releasability problems Restrictions on key management pose major challenges Affects ability to support dynamic communications Lack of programmability/flexibility Incompatibility with modernized DOD KMI Lack direct interfaces Cryptographic equipment shortages Readiness and surge capabilities affected FA24 TSEC Jan 22, 2020 Mod 6-HO50 Cryptographic Inventory Posture Unsupportable within 10 years

Supportable beyond 10 years 2% 2% Unsupportable within 5 years 15% 43% 38% Currently Unsupportable Programmed Replacements

Current inventory 1.2 Million Items (Sources: ISSP Database, ATAV, MYNSN, UIT, CMCS) Programmed Replacements JTRS, WIN-T, FCS and Other Major Programs. FA24 TSEC Jan 22, 2020 Mod 6-HO51 Threat Continuing trends reflect significantly increased risks of C4ISR, IT, and weapons systems to attacks on cryptography

Increases in computing power Increasing reliance upon COTS systems Service/Allied/Coalition use Availability of Electronic Warfare Systems Widespread distribution of Computer Network Attack (CNA) and Computer Network Exploitation (CNE) Tools FA24 TSEC Jan 22, 2020 Mod 6-HO52 CM Concept Leverage Latest Technology Develop Multi-Functional Components that Replace Entire Families of Crypto Equipment NSA Partnership with Services on Program Development NSA will: - Retain Crypto Certification Approval - Fund Services for Program Development R&D

Services will: - Program Funding for Procurement and Fielding - Conduct Program Development Process - Develop Equipment Shortage/Supportability Lists - Prepare Fielding and Transition Plans FA24 TSEC Jan 22, 2020 Mod 6-HO53 CM Core Capabilities Programmable/Reprogrammable Algorithms Capable of Receiving an Algorithm Scalable Components Embedded Modules (Whenever Possible) EKMS/KMI Compliant/Capable Network-Centric Functionality Assured control of DOD networks Interoperability Physical - Form and Fit

FA24 TSEC Jan 22, 2020 Mod 6-HO54 Priority Nine Systems PROGRAM SERVICE LEAD UTILIZATION IFF Mode V Navy AVN/GND-Air/Water Craft KG-30 (NC2)

Air Force Joint Interface KI-22 (Air Force Only) Air Force N/A KG-40 (LINK 11) Navy ADA/Joint Interface CTIC/CDH

Air Force Integrated Modules KG-94 (Family) NSA Trunk Encryptors NES (INE) NSA Inline Network Encryptors STU III Replacement NSA

Secure Voice/Data KY-68/78 Army Tactical DSVT FA24 TSEC Jan 22, 2020 Mod 6-HO55 EKMS and AKMS EKMS Architecture and Concepts AKMS Description and Operational Concepts Doctrinal Impacts Roles/Responsibilities

Issues FA24 TSEC Jan 22, 2020 Mod 6-HO56 Electronic Key Mgt System DOD initiative to modernize management/distribution of COMSEC to support the warfighter and non-military government users. Replaces slow cumbersome paper and manpower intensive processes of management and distribution of COMSEC material. Increase security of key management processes Increase responsiveness to user needs Provide for interoperability FA24 TSEC Jan 22, 2020 Mod 6-HO57

EKMS Tier Levels 0. National Security Agency (NSA) 1. Central Office of Record (COR) 2. LCMS COMSEC User Accounts 3. Common Fill Devices FA24 TSEC Jan 22, 2020 Mod 6-HO58 EKMS Operations TIER 0: POLICIES, MODERN KEY CF COR EKMS ID



FA24 TSEC Jan 22, 2020 Mod 6-HO59 Tier 0 NSA Central Facility Provides for production, management, and distribution of specialized electronic cryptographic key and associated materials. MODEM key National Security Agency (NSA) FA24 TSEC Jan 22, 2020 Mod 6-HO60 Tier 1 - Central Office of Record

CORs are focal points for production, management, auditing, and distribution of ServiceUnique electronic cryptographic key and materials Supports joint operations at theater and strategic levels Act as alternates to the other in cases of degraded operations, activity, and geographic location Major functional areas: Central Office of Record (COR) Registration Authority (RA) Privilege Certificate Manager (PCM) Ordering Privilege Manager (OPM) FA24 TSEC Jan 22, 2020 Mod 6-HO61 Extension Tier 1 COR Ft. Huachuca

EXTENSION TIER 1 - COR Kelly AFB Facilities replicate Tier 1 - Does not provide COR capability for users - Installed geographically CONUS/OCONUS in area containing concentrations of accounts FA24 TSEC Jan 22, 2020 Mod 6-HO62 Tier 2 LCMS User Accounts Represents individual EKMS user accounts

Developed by NSA Used by all services Individual service policies and procedures AKMS Army Tier 2 outlines Army policies and procedures

FA24 TSEC Jan 22, 2020 Mod 6-HO63 AKMS Replaces slow, cumbersome paper and manpower intensive processes Provides a reliable, responsive and secure system Implements an electronic key strategy w/in the Army Provides Tier 0 and Tier 1 electronic interoperability Provides COMSEC and communications planning

capabilities Provides real time key generation and distribution To make AKMS work as a system, all three components (LCMS, ACES, DTD) are required FA24 TSEC Jan 22, 2020 Mod 6-HO64 LCMS Workstation NSA and Army produced and distributed Automated account management Local key generation, distribution, auditing, reconciliation Access to CF and COR

FA24 TSEC Jan 22, 2020 Mod 6-HO65 ACES Workstation Army produced and distributed Designed for Cryptonet planning and management Includes SOI/ EP planning and management Employs ACES-specific application functions FA24 TSEC Jan 22, 2020 Mod 6-HO66 Fill Device DTD

Receive, distribute, store, and manage key Receive, transfer, and display SOI SKL Perform Audit FA24 TSEC Jan 22, 2020 Mod 6-HO67 ACES Scenario U.S. MILITARY IS NEEDED SOMEWHERE ACES COMMUNICATIONS PLAN


KEYS EEDED N S A BUTED DISTRI DTD/SKL (TIER 3) FA24 TSEC Jan 22, 2020 Mod 6-HO68 Doctrinal Impacts

Accounts no longer manual Acclaims no longer in effect Sub-accounts no longer authorized Key produced locally and distribution process streamlined Electronic key transfer increased; physical key transfer decreased Modern key ordering incorporated to mainstream FA24 TSEC Jan 22, 2020 Mod 6-HO69 Roles/Responsibilities CIO/G-6: EKMS/AKMS oversight; IA system

integrator G-2: COMSEC Policy G-8: Program Funding PEO C3T: Responsible PEO; DAA PM TRCS: PM for LCMS, ACES, and DTD, under PM WIN-T CSLA: Primary service authority role; primary Tier 1 segment (COR); EKMS subject matter experts and support to IA directorate CECOM: Tier 1 software support activity; Tier 2 lifecycle support (minus SW) SIGCEN: AKMS requirements and operational concepts; sustainment training FA24 TSEC Jan 22, 2020 Mod 6-HO70 IA Directorate (DCD) Role Provides EKMS/AKMS oversight Provides representation to:

KMI Committee (KMI EC) Joint Key Management Infrastructure Working Group EKMS Transition Team (ETT) Tier 1 System Management Board (TSMB) Other working groups and boards Chairs AKM Infrastructure Working Group (AKMIWG) Facilitates exchange of info/coordination among Army Orgs (G-8, G-2, CIO/G-6, SIGCEN, CSLA, PM WIN-T) FA24 TSEC Jan 22, 2020 Mod 6-HO71 E/AKMS Issues Simple Key Loader (SKL) Testing Tier 1 & Tier 2 phase 4 certification and accreditation

Software Support Activity (SSA) merging of EKMS, KMI, and COMSEC modernization programs ACES Fielding FA24 TSEC Jan 22, 2020 Mod 6-HO72

Recently Viewed Presentations

  • ThemeGallery PowerTemplate

    ThemeGallery PowerTemplate

    Chapter 7 Recreation
  • Strategies for Reading If you find yourself having

    Strategies for Reading If you find yourself having

    NONFICTION - IS BASED ON FACT - CAN BE VERIFIED FACT = TRUTH The act of putting it in writing CHANGES IT The author's chosen words reveal BELIEFS PREJUDICES BACKGROUND PURPOSE An author's PURPOSE determines his/her METHOD OF WRITING PURPOSE...
  • Copyright Roundup

    Copyright Roundup

    Prior to UCLA, Marty was the Librarian for Medical Education and Curriculum Development at the NYU School of Medicine in New York City, and has worked in similar health sciences educational positions at the Miner Library at the University of...
  • Diamond and Box Factoring

    Diamond and Box Factoring

    X-box Factoring. This is a guaranteed method for factoring quadratic equations—no guessing necessary! We will learn how to factor quadratic equations using the x-box method. LET'S TRY IT! Students apply basic factoring techniques to second- and simple third-degree polynomials. These...
  • Accounting Principles 8th Edition - Grantham University

    Accounting Principles 8th Edition - Grantham University

    Margin (income) measure. Controllable margin, income from operations, or net income. Only controllable margin is a valid basis for evaluating performance of investment center manager. Judgmental Factors in ROI. LO 4
  • Conduct of Poll Maintenance of law & order

    Conduct of Poll Maintenance of law & order

    The position of the camera should be such that a broad view of the following aspects of elections (poll) proceeding are clearly captured and transmitted: (i) Process of identification of voter by Polling Officer; ... BUs, CUs & VVPATs match...
  • Session 5: Lion tamers and horse whisperers - shaping ...

    Session 5: Lion tamers and horse whisperers - shaping ...

    Allow people to follow their conscience. There is little research data to support Anne Frank's dictum that 'most people are good at heart', but most of us prefer to believe it. When there is an explicit expectation that the workplace...
  • Login on your Computer login USERNAME: APUSHRAMOS

    Login on your Computer login USERNAME: APUSHRAMOS

    Login on your Computer login USERNAME: APUSHRAMOS PASSWORD: apushsisd Click on MY KAHOOTS Click on SHARED with ME