Electronic Key Management System

Last updated August 22, 2023

The Electronic Key Management System (EKMS) is a United States National Security Agency led program responsible for Communications Security (COMSEC) key management, accounting, and distribution. Specifically, EKMS generates and distributes electronic key material for all NSA encryption systems whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key material. Additionally, EKMS performs account registration, privilege management, ordering, distribution, and accounting to direct the management and distribution of physical COMSEC material for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.^[1]^[2]^[3]

Reasons for development

The primary reason for the development of EKMS centers on the security and logistics problems that plagued the COMSEC Material Control System (CMCS),^[5] which replaced the Registered Publications System (RPS) in the 1970s. The CMCS was a very labor-intensive operation that had been stretched to capacity. The most serious, immediate concern was the human threat associated with access to and exploitation of paper key throughout its life cycle. The disclosure of the Walker spy ring was clear justification of this concern. Although eliminating the majority of paper keys will greatly reduce this human threat, the long-term goal of EKMS to minimize human access to keys will not be realized until benign fill key is fully implemented. Benign fill permits the encrypted distribution of electronic keying material directly to the COMSEC device without human access to the key itself.

The need for joint interoperability led to the Defense Reorganization Act of 1986, under which the Joint Chiefs of Staff (JCS) tasked NSA, the Defense Information Systems Agency (DISA), and the Joint Tactical Command, Control and Communications Agency (JTC3A) to develop a Key Management Goal Architecture (KMGA). Subsequent difficulties in coordinating COMSEC distribution and support during joint military operations, e.g., Desert Storm, Urgent Fury, and Operation Just Cause, have further emphasized the need for a system capable of interoperability between the Services.

Central facility (Tier 0)

EKMS starts with the Central Facility (CF), run by NSA, which provides a broad range of capabilities to the Services and other government agencies. The CF, also referred to as Tier 0, is the foundation of EKMS. Traditional paper-based keys, and keys for Secure Telephone Unit – Third Generation (STU-III), STE, FNBDT, Iridium, Secure Data Network System (SDNS), and other electronic key are managed from an underground building in Finksburg, Maryland which is capable of the following:

processing orders for both physical and electronic keys
electronically generating and distributing keys
generating key material for FIREFLY (an NSA algorithm)
performing seed conversion and rekey
maintaining compromise recovery and management of FIREFLY material
support for over-the-air rekeying (OTAR)

The CF talks to other EKMS elements through a variety of media, communication devices, and networks, either through direct distance dialing using STU-III (data mode) or dedicated link access using KG-84 devices. During the transition to full electronic key, the 3.5-inch floppy disk and 9-track magnetic tape are also supported. A common user interface, the TCP/IP-based message service, is the primary method of communication with the CF. The message service permits EKMS elements to store EKMS messages that include electronic key for later retrieval by another EKMS element.

Tier 1

Under CMCS, each service maintained a central office of record (COR) that performed basic key and COMSEC management functions, such as key ordering, distribution, inventory control, etc. Under EKMS, each service operates its own key management system using EKMS Tier 1 software that supports physical and electronic key distribution, traditional electronic key generation, management of material distribution, ordering, and other related accounting and COR functions. Common Tier 1 is based on the U.S. Navy's key distribution system (NKDS) software developed by the Naval Research Laboratory and further developed by SAIC in San Diego.

Tier 2

KP and LMD LMD-KP.nsa-cf.jpg — KP and LMD

EKMS Tier 2, the Local Management Device (LMD), is composed of a commercial off-the-shelf (COTS) personal computer (PC) running the Santa Cruz Operation's SCO UNIX operating system, and an NSA KOK-22A Key Processor (KP). The KP is a trusted component of EKMS. It performs cryptographic functions, including encryption and decryption functions for the account, as well as key generation, and electronic signature operations. The KP is capable of secure field generation of traditional keys. Locally generated keys can be employed in crypto-net communications, transmission security (TRANSEC) applications, point-to-point circuits, and virtually anywhere that paper-based keys were used. Electronic keys can be downloaded directly to a fill device, such as the KYK-13, KYX-15, or the more modern AN/CYZ-10 Data Transfer Device (DTD) for further transfer (or fill) into the end cryptographic unit.

Tier 3

The lowest tier or layer of the EKMS architecture which includes the AN/CYZ-10 (Data Transfer Device (DTD)), the SKL (Simple Key Loader) AN/PYQ-10, and all other means used to fill keys to End Cryptographic Units (ECUs); hard copy material holdings only; and STU-III/STE material only using Key Management Entities (KMEs) (i.e., Local Elements (LEs)). Unlike LMD/KP Tier 2 accounts, Tier 3 using entities never receive electronic key directly from a COR or Tier 0.

Related Research Articles

Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.

The U.S. National Security Agency (NSA) used to rank cryptographic products or algorithms by a certification called product types. Product types were defined in the National Information Assurance Glossary which used to define Type 1, 2, 3, and 4 products. The definitions of numeric type products have been removed from the government lexicon and are no longer used in government procurement efforts.

A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key's security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.

Articles related to cryptography include:

Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.

STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user. When a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission. They then press a button on their telephones and, after a 15-second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contained an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T, RCA and Motorola.

The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.

The Secure Communications Interoperability Protocol (SCIP) is a US standard for secure voice and data communication, for circuit-switched one-to-one connections, not packet-switched networks. SCIP derived from the US Government Future Narrowband Digital Terminal (FNBDT) project. SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries develop SCIP devices to support the multinational and national modes of SCIP.

The KSD-64[A] Crypto Ignition Key (CIK) is an NSA-developed EEPROM chip packed in a plastic case that looks like a toy key. The model number is due to its storage capacity — 64 kibibits, enough to store multiple encryption keys. Most frequently it was used in key-splitting applications: either the encryption device or the KSD-64 alone is worthless, but together they can be used to make encrypted connections. It was also used alone as a fill device for transfer of key material, as for the initial seed key loading of an STU-III secure phone.

This glossary lists types of keys as the term is used in cryptography, as opposed to door locks. Terms that are primarily used by the U.S. National Security Agency are marked (NSA). For classification of keys according to their usage see cryptographic key types.

Over-the-air rekeying (OTAR) refers to transmitting or updating encryption keys (rekeying) in secure information systems by conveying the keys via encrypted electronic communication channels. It is also referred to as over-the-air transfer (OTAT), or over-the-air distribution (OTAD), depending on the specific type, use, and transmission means of the key being changed. Although the acronym refers specifically to radio transmission, the technology is also employed via wire, cable, or optical fiber.

<span class="mw-page-title-main">KYK-13</span> Fill device

The KYK-13 Electronic Transfer Device is a common fill device designed by the United States National Security Agency for the transfer and loading of cryptographic keys with their corresponding check word. The KYK-13 is battery powered and uses the DS-102 protocol for key transfer. Its National Stock Number is 5810-01-026-9618.

<span class="mw-page-title-main">Fill device</span> Module used to load cryptographic keys into encryption machines

A fill device or key loader is a module used to load cryptographic keys into electronic encryption machines. Fill devices are usually hand held and electronic ones are battery operated.

The AN/PYQ-10 Simple Key Loader (SKL) is a ruggedized, portable, hand-held fill device, for securely receiving, storing, and transferring data between compatible cryptographic and communications equipment. The SKL was designed and built by Ralph Osterhout and then sold to Sierra Nevada Corporation, with software developed by Science Applications International Corporation (SAIC) under the auspices of the United States Army. It is intended to supplement and eventually replace the AN/CYZ-10 Data Transfer Device (DTD). The PYQ-10 provides all the functions currently resident in the CYZ-10 and incorporates new features that provide streamlined management of COMSEC key, Electronic Protection (EP) data, and Signal Operating Instructions (SOI). Cryptographic functions are performed by an embedded KOV-21 card developed by the National Security Agency (NSA). The AN/PYQ-10 supports both the DS-101 and DS-102 interfaces, as well as the KSD-64 Crypto Ignition Key. The SKL is backward-compatible with existing End Cryptographic Units (ECU) and forward-compatible with future security equipment and systems, including NSA's Key Management Infrastructure.

The Cryptographic Modernization Program is a Department of Defense directed, NSA Information Assurance Directorate led effort to transform and modernize Information Assurance capabilities for the 21st century. It has three phases:

FASCINATOR is a series of Type 1 encryption modules designed in the late-1980s to be installed in Motorola digital-capable voice radios. These radios were originally built to accept a DES-based encryption module that was not approved by NSA for classified communications. The FASCINATOR modules replaced the DES units and can be used for classified conversations at all levels when used with appropriately classified keys. FASCINATOR operates at 12 kbit/s for encryption and decryption. It is not compatible with DES-based voice systems.

The KIK-30 "Really Simple Key loader" (RASKL) is a fill device made by Sypris Electronics and approved by the US National Security Agency for the distribution of NSA Type 1 cryptographic keys. It can also store and transfer related communications security material, including control data for frequency hopping radios, such as SINCGARS and Have Quick. It can store up to 40 cryptographic keys and has male and female U-229 connectors for the NSA DS-101 and 102 fill protocol, allowing it to be plugged into most other NSA fill devices and EKMS equipment. It is 6.14 inches long, weighs less than one pound and is powered by four AAA batteries. The operator interface has an 8 line of 20 characters and 6 buttons, with what Sypris calls "1-button key squirt" and 2-button zeroize.

Mahlon E. Doyle was an American cryptologist, inventor, innovator, and author. He enjoyed a three decade career at the National Security Agency and its predecessor organizations.

References

↑ See OTAR
↑ Al Walton (2005). "AKMS update: army key management system". Army Communicator. Archived from the original on 2008-02-17. Retrieved August 30, 2022.
↑ Editor, CSRC Content. "electronic key management system (EKMS) – Glossary | CSRC". csrc.nist.gov. Retrieved 2023-07-26.{{cite web}}: |last= has generic name (help)
↑ "FY20 DOD PROGRAMS – Key Management Infrastructure (KMI)" (PDF). Retrieved 2023-08-21.
↑ "The Communications Security Material System" (PDF). Archived (PDF) from the original on September 16, 2012. Retrieved 2013-08-17.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] See OTAR

[2] Al Walton (2005). "AKMS update: army key management system". Army Communicator. Archived from the original on 2008-02-17. Retrieved August 30, 2022.

[3] Editor, CSRC Content. "electronic key management system (EKMS) – Glossary | CSRC". csrc.nist.gov. Retrieved 2023-07-26.{{cite web}}: |last= has generic name (help)

[4] "FY20 DOD PROGRAMS – Key Management Infrastructure (KMI)" (PDF). Retrieved 2023-08-21.

[5] "The Communications Security Material System" (PDF). Archived (PDF) from the original on September 16, 2012. Retrieved 2013-08-17.

[1]

[2]

[3]

[4]

[5]