Over-the-air rekeying

Last updated

Over-the-air rekeying (OTAR) refers to transmitting or updating encryption keys (rekeying) in secure information systems by conveying the keys via encrypted electronic communication channels ("over the air"). [1] It is also referred to as over-the-air transfer (OTAT), or over-the-air distribution (OTAD), [2] depending on the specific type, use, and transmission means of the key being changed. Although the acronym refers specifically to radio transmission, the technology is also employed via wire, cable, or optical fiber.

Contents

As a "paperless encryption key system" OTAR was originally adopted specifically in support of high speed data communications because previously known "paperless key" systems such as supported by Diffie-Hellman key exchange, [3] or Firefly key exchange technology [4] (as used in the now obsolete STU-III "scrambled" telephone) [5] were not capable of handling the high speed transmission volumes required by normal governmental/military communications traffic. [6] Now also adopted for civilian and commercial secure voice use, especially by emergency first responders, OTAR has become not only a security technology, but a preferred basis of communications security doctrine world-wide. The term "OTAR" is now basic to the lexicon of communications security.

History

OTAR technology created by NSA inventor, innovator, and author, Mahlon Doyle [7] was operationally introduced to the US Department of Defense in 1988. Lieutenant Commander David Winters, an American naval officer in London and code master during the final years of the Cold War, [8] was first to recognize the necessity and security potential of OTAR. In order to exploit the advantages of this technology, he conceived and initiated its first large scale practical application and deployment. [9]

Due to the efficiency and vast cost savings inherent to OTAR, Commander Winters' methods were quickly adopted and spread Navy-wide, following which Vice Admiral J.O Tuttle, Commander of the Navy Telecommunications Command, [10] the Navy "J6", shortly influenced the Joint Chiefs of Staff to bring all the other military services into compliance. [11] In due course, OTAR shortly became the NATO standard.

This coincided with the introduction of newer NSA cryptographic systems that use a 128-bit electronic key, such as the ANDVT, KY-58, KG-84A/C, and KY-75, capable of obtaining new or updated keys via the circuit they protect or other secure communications circuits. Adoption of OTAR reduces requirements both for the distribution of physical keying material and the physical process of loading cryptographic devices with key tapes.

Accordingly, OTAR eliminates the need for individual stations to be involved with physical key changeovers. Instead, electronically transmitted keys would normally come from a network control station (NCS). The OTAT feature permits a key to be extracted from an OTAT-capable cryptographic system using a fill device, such as the KYK-13 or KYX-15/KYX-15A and then loaded ("squirted") into another cryptographic system as needed. Alternatively, encryption systems may also be configured to automatically receive and update code keys with virtually no manual intervention, as is the case for GPS (Global Positioning System) navigation satellite signals.

Present and future

Now that OTAR applications have been adapted for civilian emergency service providers and other users requiring enhanced communications security, extensive parallel technology conversion and development have produced commercially viable systems that include end-to-end key generation, distribution, management, and control. [12] [13] [14] [15] [16] [17] [18] Network controllers can remotely, dependably, and securely change encryption keys for an entire network at their discretion. This simplifies and streamlines operations while virtually eliminating risk of compromise. In practical terms, this means users need not bring or return their units for manual updates, nor must technicians visit each user, station, or node to service their units in the field. Further, in the unlikely event that a unit, station, or node is stolen, mimicked, or otherwise compromised, a network controller may:

Significance

Telecommunications protected by encryption require proprietary or classified keys to lock and unlock them. Security of such telecommunications is no greater than the security of its keys. Therefore, key protection is paramount. So long as use of encryption remains reasonably limited, key security is realistically manageable. However, in the mid-twentieth century, military and diplomatic telecommunications loads grew by orders of magnitude. Encryption systems became automated and key quantities ballooned.

These encryption keys usually comprised printed sheets, punched paper strips or cards, or electromagnetic tapes. The security of their production, transport, storage, distribution, accounting, employment, and finally destruction required thousands of trusted agents, world-wide. Vulnerability of so many physical keys to theft or loss became a statistical reality that was exploited for two decades by the infamous "Johnny Walker" spy ring. Elimination of this vulnerability through adoption of Over The Air Rekeying (OTAR) although little appreciated at the time, was an innovation of inestimable impact. Placing this technology in perspective, OTAR comprised a transformation at the most basic foundations of communications security such that through the decades since introduction of OTAR, not a single new breach of US code systems has occurred. Introduction of OTAR technology into practical application precipitated NSA creation of the Electronic Key Management System (EKMS) which permanently altered the power balance in communications security and espionage. Recent declassification of the details relating to its introduction may be expected to now become the subject of more scholarly work. [19]

Vulnerabilities

Vulnerabilities due to accidental, unencrypted “In the clear” transmissions have been demonstrated with systems incorporating OTAR as implemented in Project 25 Digital Mobile Radio Communications Standards.

Related Research Articles

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

<span class="mw-page-title-main">Communications security</span> Discipline of telecommunications

Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.

A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key's security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.

Articles related to cryptography include:

<span class="mw-page-title-main">Clipper chip</span> Encryption device promoted by the NSA in the 1990s

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.

<span class="mw-page-title-main">Onion routing</span> Technique for anonymous communication over a computer network

Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.

<span class="mw-page-title-main">Whitfield Diffie</span> American cryptographer (born 1944)

Bailey Whitfield 'Whit' Diffie ForMemRS is an American cryptographer and mathematician and one of the pioneers of public-key cryptography along with Martin Hellman and Ralph Merkle. Diffie and Hellman's 1976 paper New Directions in Cryptography introduced a radically new method of distributing cryptographic keys, that helped solve key distribution—a fundamental problem in cryptography. Their technique became known as Diffie–Hellman key exchange. The article stimulated the almost immediate public development of a new class of encryption algorithms, the asymmetric key algorithms.

Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

<span class="mw-page-title-main">National Cryptologic Museum</span> Museum in Maryland, U.S.

The National Cryptologic Museum (NCM) is an American museum of cryptologic history that is affiliated with the National Security Agency (NSA). The first public museum in the U.S. Intelligence Community, NCM is located in the former Colony Seven Motel, just two blocks from the NSA headquarters at Fort George G. Meade in Maryland. The motel was purchased, creating a buffer zone between the high security main buildings of the NSA and an adjacent highway. The museum opened to the public on December 16, 1993, and now hosts about 50,000 visitors annually from all over the world.

<span class="mw-page-title-main">STU-III</span> Telephone

STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user. When a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission. They then press a button on their telephones and, after a 15-second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contained an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T, RCA and Motorola.

<span class="mw-page-title-main">Fortezza</span> Information security system

Fortezza is an information security system that uses the Fortezza Crypto Card, a PC Card-based security token. It was developed for the U.S. government's Clipper chip project and has been used by the U.S. Government in various applications.

The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.

The Electronic Key Management System (EKMS) is a United States National Security Agency led program responsible for Communications Security (COMSEC) key management, accounting, and distribution. Specifically, EKMS generates and distributes electronic key material for all NSA encryption systems whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key material. Additionally, EKMS performs account registration, privilege management, ordering, distribution, and accounting to direct the management and distribution of physical COMSEC material for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.

The Secure Communications Interoperability Protocol (SCIP) is a US standard for secure voice and data communication, for circuit-switched one-to-one connections, not packet-switched networks. SCIP derived from the US Government Future Narrowband Digital Terminal (FNBDT) project. SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries develop SCIP devices to support the multinational and national modes of SCIP.

<span class="mw-page-title-main">Fill device</span> Module used to load cryptographic keys into encryption machines

A fill device or key loader is a module used to load cryptographic keys into electronic encryption machines. Fill devices are usually hand held and electronic ones are battery operated.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

<span class="mw-page-title-main">Crypto Wars</span> Attempts to limit access to strong cryptography

Attempts, unofficially dubbed the "Crypto Wars", have been made by the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).

In cryptography, rekeying refers to the process of changing the session key—the encryption key of an ongoing communication—in order to limit the amount of data encrypted with the same key.

References

  1. NAG-16C/TSEC.U.S. Navy, Information Systems Technician Training Series
  2. http://www.gps.gov/multimedia/presentations/2015/04/partnership/tyley.pdf [ bare URL PDF ]
  3. See Diffie–Hellman key exchange
  4. See Firefly (key exchange protocol)
  5. See STU-III
  6. [Creation of OTAR] "echoed some of the objectives of my own development of public key cryptography..." Letter from Whitfield Diffie, Turing Award Winner, to Vice Admiral Sean Buck, Superintendent, United States Naval Academy, Annapolis, MD, August 6th, 2020
  7. See Mahlon Doyle
  8. Also see STU-III and John Anthony Walker
  9. Navy Award Citations for Lieutenant Commander David D. Winters, dtd. 15 May 1992, 3 August 1992, and 26 August 1994,
  10. See Jerry O. Tuttle
  11. (U) American Cryptology During the Cold War (1945-1989), (U) Book IV, Cryptologic Rebirth, 1981-1999, by Thomas R. Johnson, Center For Cryptologic History, National Security Agency, pp 40-41.
  12. Sandy Clark; Travis Goodspeed; Perry Metzger; Zachary Wasserman; Kevin Xu; Matt Blaze (8–12 August 2011). Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System (PDF). 20th USENIX Security Symposium. USENIX Association.
  13. https://www.hsdl.org/?view&did=455597 Saving Lives and Property Through Improved Interoperability: Introduction to Encryption Key Management for Public Safety Radio Systems, October 2001, Public Safety Wireless Network Program
  14. https://www.ncjrs.gov/pdffiles1/nij/224791.pdf JAN. 09 U.S. Department of Justice, Office of Justice Programs, National Institute of Justice, TOWARD CRIMINAL JUSTICE SOLUTIONS, Over-the-Air (OTA) Communications, Improvements for Police Departments, JAN 09
  15. http://www.vsp.state.va.us/downloads/STARSContract/Appendix%2005%20-%2032%20-%20Encryption%20Info%202%20KMF.pdf Specification Sheet, KMF, Key Management Facility
  16. http://www.relmservice.com/manuals/bk/otar_setup.pdf OTAR CHECK LIST
  17. https://www.manualslib.com/manual/617020/E-F-Johnson-Company-5300-Series.html?page=64 E.F. Johnson Company 5300 SERIES Operating Manual: Otar (over-the-air Rekeying); Introduction; Encryption Key Types; Keysets
  18. http://cs.oswego.edu/~kbashfor/isc496/projects/p25/Kyle_Bashford_Project_25.pdf Project 25 (P25/APCO-25) Radio by Kyle Bashford (ISC 496 Fall 2014)
  19. OVER THE AIR REKEYING, A ROGUE SECURITY REVOLUTION, oral presentation by David Winters, Symposium for Cryptologic History, Applied Physics Laboratory, Johns Hopkins University, 19 October 2017, (referenced with permission of author).