NESTOR (encryption)

Last updated
Soldier using the KY38 "Manpack," part of the NESTOR system. The upper unit is an AN/PRC-77 radio transceiver. The combined weight of the units, 54 pounds (24.5 kg), proved an obstacle to their use in combat. KY38Manpack.jpg
Soldier using the KY38 "Manpack," part of the NESTOR system. The upper unit is an AN/PRC-77 radio transceiver. The combined weight of the units, 54 pounds (24.5 kg), proved an obstacle to their use in combat.
KY-8, vehicular or fixed KY-8 NESTOR wideband tactical secure voice equipment, vehicular or fixed plant - National Cryptologic Museum - DSC08003.JPG
KY-8, vehicular or fixed
KY-28, airborne or shipborne, with KYK-28 key loader KY-28 NESTOR wideband tactical secure voice equipment, airborne or shipborne - National Cryptologic Museum - DSC08006.JPG
KY-28, airborne or shipborne, with KYK-28 key loader
KY-38, man-pack, with key loader KY-8 NESTOR wideband tactical secure voice equipment, manpack - National Cryptologic Museum - DSC08004.JPG
KY-38, man-pack, with key loader
KYK-28 NESTOR key loader "gun" KYK-28 NESTOR Key Gun - National Cryptologic Museum - DSC08005.JPG
KYK-28 NESTOR key loader "gun"

NESTOR was a family of compatible, tactical, wideband secure voice systems developed by the U.S. National Security Agency and widely deployed during the Vietnam War through the late Cold War period of the 1980s. NESTOR consists of three systems. The KY-8 was used in vehicular and afloat applications; the KY-28 was the airborne version; and the KY-38 was the portable or man-pack model. About 30,000 NESTOR equipments were produced prior to their replacement by the VINSON secure voice family. [1] :Vol I,p.79

Contents

Keying was accomplished by setting each switch in a matrix of switches to one of several positions. This was done using a separate mechanical key loader (KYK-28) that had a matching matrix of pins that could be set to different heights as instructed by a key list. The key loader was pushed into a matrix of holes, one hole for each switch. The loader also had two larger index pins that also cocked a spring that would return each switch to its initial position when the door covering the hole matrix was reopened, zeroizing the equipment. [2] [3]

Vietnam War experience

NSA gave high priority to deploying NESTOR systems in Vietnam. Equipment was issued to field units in Vietnam beginning in 1965 with the KY-8 for stationary or vehicular use; the KY-8 was fully distributed by the third quarter of the fiscal year 1968. The KY-28 was issued for use in aircraft beginning in 1967, as was the KY-38 for man-pack or mobile use. The KY-38 was fully distributed in 1968. [4] NESTOR was successfully used in some situations, but the overall experience was not good. NSA estimates that only about one in ten units were actually used. A variety of problems contributed to this rejection: [1] :Vol II,p.43ff

While many in the U.S. military believed that the Viet Cong and NVA would not be able to exploit insecure communications, interrogation of captured communication intelligence units showed they were able to understand the Americans' jargon and informal codes in realtime and were often able to warn their side of impending U.S. actions. [1] :Vol II,pp. 4,10

See also

Related Research Articles

<span class="mw-page-title-main">Communications security</span> Discipline of telecommunications

Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.

<span class="mw-page-title-main">AN/PRC-77 Portable Transceiver</span> Military tactical radio transceiver

AN/PRC 77 Radio Set is a manpack, portable VHF FM combat-net radio transceiver manufactured by Associated Industries and used to provide short-range, two-way radiotelephone voice communication. In the Joint Electronics Type Designation System (JETDS), AN/PRC translates to "Army/Navy, Portable, Radio, Communication."

<span class="mw-page-title-main">Tempest (codename)</span> Espionage using electromagnetic leakage

TEMPEST is a U.S. National Security Agency specification and a NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers both methods to spy upon others and how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).

<span class="mw-page-title-main">STU-III</span> Telephone

STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user. When a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission. They then press a button on their telephones and, after a 15-second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contained an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T, RCA and Motorola.

<span class="mw-page-title-main">KW-26</span>

The TSEC/KW-26, code named ROMULUS, was an encryption system used by the U.S. Government and, later, by NATO countries. It was developed in the 1950s by the National Security Agency (NSA) to secure fixed teleprinter circuits that operated 24 hours a day. It used vacuum tubes and magnetic core logic, replacing older systems, like SIGABA and the British 5-UCO, that used rotors and electromechanical relays.

The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.

The Secure Communications Interoperability Protocol (SCIP) is a US standard for secure voice and data communication, for circuit-switched one-to-one connections, not packet-switched networks. SCIP derived from the US Government Future Narrowband Digital Terminal (FNBDT) project. SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries develop SCIP devices to support the multinational and national modes of SCIP.

The red/black concept, sometimes called the red–black architecture or red/black engineering, refers to the careful segregation in cryptographic systems of signals that contain sensitive or classified plaintext information from those that carry encrypted information, or ciphertext. Therefore, the red side is usually considered the internal side, and the black side the more public side, with often some sort of guard, firewall or data-diode between the two.

VINSON is a family of voice encryption devices used by U.S. and allied military and law enforcement, based on the NSA's classified Suite A SAVILLE encryption algorithm and 16 kbit/s CVSD audio compression. It replaces the Vietnam War-era NESTOR (KY-8/KY-28|28/KY-38|38) family.

SAVILLE is a classified NSA Type 1 encryption algorithm, developed in the late 1960s, jointly by the Government Communications Headquarters (GCHQ) in the UK and the National Security Agency (NSA) in the US. It is used broadly, often for voice encryption, and implemented in many encryption devices.

BATON is a Type 1 block cipher in use since at least 1995 by the United States government to secure classified information.

<span class="mw-page-title-main">Have Quick</span> Frequency-hopping system

HAVE QUICK is an ECM-resistant frequency-hopping system used to protect military aeronautical mobile (OR) radio traffic.

<span class="mw-page-title-main">Secure voice</span> Encrypted voice communication

Secure voice is a term in cryptography for the encryption of voice communication over a range of communication types such as radio, telephone or IP.

<span class="mw-page-title-main">Secure telephone</span> Telephone that provides encrypted calls

A secure telephone is a telephone that provides voice security in the form of end-to-end encryption for the telephone call, and in some cases also the mutual authentication of the call parties, protecting them against a man-in-the-middle attack. Concerns about massive growth of telephone tapping incidents led to growing demand for secure telephones.

Over-the-air rekeying (OTAR) refers to transmitting or updating encryption keys (rekeying) in secure information systems by conveying the keys via encrypted electronic communication channels. It is also referred to as over-the-air transfer (OTAT), or over-the-air distribution (OTAD), depending on the specific type, use, and transmission means of the key being changed. Although the acronym refers specifically to radio transmission, the technology is also employed via wire, cable, or optical fiber.

<span class="mw-page-title-main">Fill device</span> Module used to load cryptographic keys into encryption machines

A fill device or key loader is a module used to load cryptographic keys into electronic encryption machines. Fill devices are usually hand held and electronic ones are battery operated.

<span class="mw-page-title-main">KY-3</span> Secure telephone system

The KY-3 (TSEC/KY-3) is a secure telephone system developed by the U.S. National Security Agency in the early 1960s. It was one of the first widely accepted voice voice encryption systems. The "TSEC" prefix to the model number indicates NSA's Telecommunications Security nomenclature system.

FASCINATOR is a series of Type 1 encryption modules designed in the late-1980s to be installed in Motorola SECURENET-capable voice radios. These radios were originally built to accept a DES-based encryption module that was not approved by NSA for classified communications. The FASCINATOR modules replaced the DES units and can be used for classified conversations at all levels when used with appropriately classified keys. FASCINATOR operates at 12 kbit/s for encryption and decryption. It is not compatible with DES-based voice systems.

The Advanced Narrowband Digital Voice Terminal (ANDVT) is a secure voice terminal for low bandwidth secure voice communications throughout the U.S. Department of Defense. Devices in the ANDVT family include the AN/USC-43 Tactical Terminal (TACTERM), the KY-99A Miniaturized Terminal (MINTERM), and the KY-100 Airborne Terminal (AIRTERM). ANDVT uses LPC-10 voice compression.

A cryptoperiod is the time span during which a specific cryptographic key is authorized for use. Common government guidelines range from 1 to 3 years for asymmetric cryptography, and 1 day to 7 days for symmetric cipher traffic keys.

References

  1. 1 2 3 A History of U.S. Communications Security; the David G. Boak Lectures, National Security Agency (NSA), Volumes I, 1973, Volumes II 1981, partially released 2008, additional portions declassified October 14, 2015
  2. 1 2 "KY-38 Voice Security Unit". www.prc68.com.
  3. "KY28 Cryptosystem". www.jproc.ca.
  4. 1 2 Vietnam Studies—Division-Level Communications 1962-1973, Lieutenant General Charles R. Myer, U.S. Department of the Army, 1982, Chapter 8