This article needs additional citations for verification .(March 2007) |
The National Security Agency took over responsibility for all US government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.
NSA and its predecessors have produced a number of cipher devices. Rotor machines from the 1940s and 1950s were mechanical marvels. The first generation electronic systems were quirky devices with cantankerous punched card readers for loading keys and failure-prone, tricky-to-maintain vacuum tube circuitry. Late 20th century systems are just black boxes, often literally. In fact they are called blackers in NSA parlance because they convert plaintext classified signals (red) into encrypted unclassified ciphertext signals (black). They typically have electrical connectors for the red signals, the black signals, electrical power, and a port for loading keys. Controls can be limited to selecting between key fill, normal operation, and diagnostic modes and an all important zeroize button that erases classified information including keys and perhaps the encryption algorithms. 21st century systems often contain all the sensitive cryptographic functions on a single, tamper-resistant integrated circuit that supports multiple algorithms and allows over-the-air or network re-keying, so that a single hand-held field radio, such as the AN/PRC-148 or AN/PRC-152, can interoperate with most current NSA cryptosystems.
Little is publicly known about the algorithms NSA has developed for protecting classified information, called Type 1 algorithms by the agency. In 2003, for the first time in its history, NSA-approved two published algorithms, Skipjack and AES, for Type 1 use in NSA-approved systems.
NSA has to deal with many factors in ensuring the security of communication and information (COMSEC and INFOSEC in NSA jargon):
The large number of cipher devices that NSA has developed in its half century of operation can be grouped into five generations (decades given are very approximate):
First generation NSA systems were introduced in the 1950s and were built on the legacy of NSA's World War II predecessors and used rotor machines derived from the SIGABA design for most high level encryption; for example, the KL-7. Key distribution involved distribution of paper key lists that described the rotor arrangements, to be changed each day (the cryptoperiod ) at midnight, GMT. The highest level traffic was sent using one-time tape systems, including the British 5-UCO, that required vast amounts of paper tape keying material. [1] : p. 39 ff
Second generation systems (1970s) were all electronic designs based on vacuum tubes and transformer logic. Algorithms appear to be based on linear-feedback shift registers, perhaps with some non-linear elements thrown in to make them more difficult to cryptanalyze. Keys were loaded by placing a punched card in a locked reader on the front panel. [2] The cryptoperiod was still usually one day. These systems were introduced in the late 1960s and stayed in use until the mid-1980s. They required a great deal of care and maintenance, but were not vulnerable to EMP. The discovery of the Walker spy ring provided an impetus for their retirement, along with remaining first generation systems.
Third generation systems (1980s) were transistorized and based on integrated circuits and likely used stronger algorithms. They were smaller and more reliable. Field maintenance was often limited to running a diagnostic mode and replacing a complete bad unit with a spare, the defective cipher device being sent to a depot for repair. Keys were loaded through a connector on the front panel. NSA adopted the same type of connector that the military used for field radio handsets as its fill connector. Keys were initially distributed as strips of punched paper tape that could be pulled through a hand held reader (KOI-18) connected to the fill port. Other, portable electronic fill devices (KYK-13, etc.) were available as well.
Fourth generation systems (1990s) use more commercial packaging and electronic key distribution. Integrated circuit technology allowed backward compatibility with third generation systems. Security tokens, such as the KSD-64 crypto ignition key (CIK) were introduced. Secret splitting technology allows encryptors and CIKs to be treated as unclassified when they were separated. Later the Fortezza card, originally introduced as part of the controversial Clipper chip proposal, were employed as tokens. Cryptoperiods were much longer, at least as far as the user was concerned. Users of secure telephones like the STU-III only have to call a special phone number once a year to have their encryption updated. Public key methods (FIREFLY) were introduced for electronic key management (EKMS), which employed a commercial or militarized personal computer running MS-DOS to generate cryptographic keys and signal operating instructions (SOI/CEOI). An NSA-supplied AN/CSZ-9 hardware random number generator produced the needed random bits. The CSZ-9 connects to the PC through an RS-232 port and is powered by five D cell (BA-30) batteries. In later phases of EKMS, the random data functionality is included in an NSA key processor (KP). [3] Keys could now be generated by individual commands instead of coming from NSA by courier.
A common handheld fill device (the AN/CYZ-10) was introduced to replace the plethora of devices used to load keys on the many third generation systems that were still widely used. Encryption support was provided for commercial standards such as Ethernet, IP (originally developed by DOD's ARPA), and optical fiber multiplexing. Classified networks, such as SIPRNet (Secret Internet Protocol Router Network) and JWICS (Joint Worldwide Intelligence Communications System), were built using commercial Internet technology with secure communications links between "enclaves" where classified data was processed. Care had to be taken to ensure that there were no insecure connections between the classified networks and the public Internet.
In the twenty-first century, communication is increasingly based on computer networking. Encryption is just one aspect of protecting sensitive information on such systems, and far from the most difficult one. NSA's role will increasingly be to provide guidance to commercial firms designing systems for government use. HAIPE solutions are examples of this type of product (e.g., KG-245A [ permanent dead link ] and KG-250 ).
Other agencies, particularly NIST, have taken on the role of supporting security for commercial and sensitive but unclassified applications. NSA's certification of the unclassified NIST-selected AES algorithm for classified use "in NSA-approved systems" suggests that, in the future, NSA may use more non-classified algorithms. The KG-245A and KG-250 use both classified and unclassified algorithms.
The NSA Information Assurance Directorate is leading the Department of Defense Cryptographic Modernization Program, an effort to transform and modernize Information Assurance capabilities for the 21st century. It has three phases:
NSA has helped develop several major standards for secure communication: the Future Narrow Band Digital Terminal (FNBDT) for voice communications, High Assurance Internet Protocol Interoperability Encryption- Interoperability Specification (HAIPE) for computer networking and Suite B encryption algorithms.
The large number of cipher devices that NSA has developed can be grouped by application:
During World War II, written messages (known as record traffic) were encrypted off line on special, and highly secret, rotor machines and then transmitted in five-letter code groups using Morse code or teletypewriter circuits, to be decrypted off-line by similar cipher devices at the other end. The SIGABA rotor machine, developed during this era continued to be used until the mid-1950s, when it was replaced by the KL-7, which had more rotors.
The KW-26 ROMULUS was a second generation cipher device in wide use that could be inserted into teletypewriter circuits so traffic was encrypted and decrypted automatically. It used electronic shift registers instead of rotors and became very popular (for a COMSEC device of its era), with over 14,000 units produced. It was replaced in the 1980s by the more compact KG-84, which in turn was superseded by the KG-84-interoperable KIV-7.
US Navy ships traditionally avoid using their radios to prevent adversaries from locating them by direction finding. The Navy also needs to maintain traffic security, so it has radio stations constantly broadcasting a stream of coded messages. During and after World War II, Navy ships copied these fleet broadcasts and used specialized call sign encryption devices to figure out which messages were intended for them. The messages would then be decoded off line using SIGABA or KL-7 equipment.
The second generation KW-37 automated monitoring of the fleet broadcast by connecting in line between the radio receiver and a teleprinter. It, in turn, was replaced by the more compact and reliable third generation KW-46.
NSA has the responsibility to protect the command and control systems for nuclear forces. The KG-3X series is used in the US government's Minimum Essential Emergency Communications Network and the Fixed Submarine Broadcast System used for transmission of emergency action messages for nuclear and national command and control of US strategic forces. The Navy is replacing the KG-38 used in nuclear submarines with KOV-17 circuit modules incorporated in new long-wave receivers, based on commercial VME packaging. In 2004, the US Air Force awarded contracts for the initial system development and demonstration (SDD) phase of a program to update these legacy generation systems used on aircraft.
Modern communication systems multiplex many signals into wideband data streams that are transmitted over optical fiber, coaxial cable, microwave relay, and communication satellites. These wide-band circuits require very fast cipher devices.
The WALBURN family (KG-81, KG-94/194, KG-94A/194A, KG-95) of equipment consists of high-speed bulk encryption devices used primarily for microwave trunks, high-speed land-line circuits, video teleconferencing, and T-1 satellite channels. Another example is the KG-189, which support SONET optical standards up to 2.5 Gbit/s.
Digital Data encryptors such as KG-84 family which includes the TSEC/KG-84, TSEC/KG-84A and TSEC/KG-82, TSEC/KG-84A and TSEC/KG-84C, also the KIV-7.
The KIV-7 is a National Security Agency Type-1, single-channel encryptor originally designed in the mid-1990s by AlliedSignal Corporation to meet the demand for secure data communications from personal computers (PC), workstations, and FAXs. It has data rates up to 512 kbit/s and is interoperable with the KG-84, KG-84A, and KG-84C data encryption devices.
Several versions of the KIV-7 have been developed over the years by many different corporations that have either bought the rights to build the KIV-7 or through corporate mergers.
(The National Security Agency (NSA) has established new High Assurance Internet Protocol Interoperability Specifications (HAIPIS) that requires different vendor's Inline Network Encryption (INE) devices to be interoperable.)
True voice encryption (as opposed to less secure scrambler technology) was pioneered during World War II with the 50-ton SIGSALY, used to protect the very highest level communications. It did not become practical for widespread use until reasonable compact speech encoders became possible in the mid-1960s. The first tactical secure voice equipment was the NESTOR family, used with limited success during the Vietnam war. Other NSA voice systems include: [1] : Vol I, p.57ff
The operational complexity of secure voice played a role in the September 11, 2001 attacks on the United States. According to the 9/11 Commission, an effective US response was hindered by an inability to set up a secure phone link between the National Military Command Center and the Federal Aviation Administration personnel who were dealing with the hijackings. See Communication during the September 11, 2001 attacks.
NSA has approved a variety of devices for securing Internet Protocol communications. These have been used to secure the Secret Internet Protocol Router Network (SIPRNet), among other uses.
The first commercial network layer encryption device was the Motorola Network Encryption System (NES). The system used the SP3 and KMP protocols defined by the NSA Secure Data Network System (SDNS) and were the direct precursors to IPsec. The NES was built in a three part architecture that used a small cryptographic security kernel to separate the trusted and untrusted network protocol stacks. [5]
The SDNS program defined a Message Security Protocol (MSP) that was built on the use X.509 defined certificates. The first NSA hardware built for this application was the BBN Safekeeper. [6] The Message Security Protocol was a successor to the IETF Privacy Enhance Mail (PEM) protocol. The BBN Safekeeper provided a high degree of tamper resistance and was one of the first devices used by commercial PKI companies.
NSA still supports simple paper encryption and authentication systems for field use such as DRYAD.
NSA has participated in the development of several cipher devices for public use. These include:
In cryptography, encryption is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.
Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.
In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
Articles related to cryptography include:
STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user. When a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission. They then press a button on their telephones and, after a 15-second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contained an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T, RCA and Motorola.
The TSEC/KW-26, code named ROMULUS, was an encryption system used by the U.S. Government and, later, by NATO countries. It was developed in the 1950s by the National Security Agency (NSA) to secure fixed teleprinter circuits that operated 24 hours a day. It used vacuum tubes and magnetic core logic, replacing older systems, like SIGABA and the British 5-UCO, that used rotors and electromechanical relays.
The TSEC/KL-7, also known as Adonis was an off-line non-reciprocal rotor encryption machine. The KL-7 had rotors to encrypt the text, most of which moved in a complex pattern, controlled by notched rings. The non-moving rotor was fourth from the left of the stack. The KL-7 also encrypted the message indicator.
The Electronic Key Management System (EKMS) is a United States National Security Agency led program responsible for Communications Security (COMSEC) key management, accounting, and distribution. Specifically, EKMS generates and distributes electronic key material for all NSA encryption systems whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key material. Additionally, EKMS performs account registration, privilege management, ordering, distribution, and accounting to direct the management and distribution of physical COMSEC material for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.
The Secure Communications Interoperability Protocol (SCIP) is a US standard for secure voice and data communication, for circuit-switched one-to-one connections, not packet-switched networks. SCIP derived from the US Government Future Narrowband Digital Terminal (FNBDT) project. SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries develop SCIP devices to support the multinational and national modes of SCIP.
Multiple encryption is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm. It is also known as cascade encryption, cascade ciphering, multiple encryption, and superencipherment. Superencryption refers to the outer-level encryption of a multiple encryption.
BATON is a Type 1 block cipher in use since at least 1995 by the United States government to secure classified information.
This glossary lists types of keys as the term is used in cryptography, as opposed to door locks. Terms that are primarily used by the U.S. National Security Agency are marked (NSA). For classification of keys according to their usage see cryptographic key types.
The vast majority of the National Security Agency's work on encryption is classified, but from time to time NSA participates in standards processes or otherwise publishes information about its cryptographic algorithms. The NSA has categorized encryption items into four product types, and algorithms into two suites. The following is a brief and incomplete summary of public knowledge about NSA algorithms and protocols.
NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified information and most classified information.
Over-the-air rekeying (OTAR) refers to transmitting or updating encryption keys (rekeying) in secure information systems by conveying the keys via encrypted electronic communication channels. It is also referred to as over-the-air transfer (OTAT), or over-the-air distribution (OTAD), depending on the specific type, use, and transmission means of the key being changed. Although the acronym refers specifically to radio transmission, the technology is also employed via wire, cable, or optical fiber.
Below is a timeline of notable events related to cryptography.
A High Assurance Internet Protocol Encryptor (HAIPE) is a Type 1 encryption device that complies with the National Security Agency's HAIPE IS. The cryptography used is Suite A and Suite B, also specified by the NSA as part of the Cryptographic Modernization Program. HAIPE IS is based on IPsec with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt multicast data using a "preplaced key". This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data over an untrusted or lower-classification network.
The Joint Range Extension Applications Protocol (JREAP) enables tactical data messages to be transmitted over long-distance networks, e.g. satellite links, thereby extending the range of Tactical Data Links (TDLs).
Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.
{{cite web}}
: CS1 maint: bot: original URL status unknown (link){{cite web}}
: CS1 maint: archived copy as title (link) CS1 maint: bot: original URL status unknown (link)