3b crypto devices

Firefly Vector Set (FFVS)

-NSA developed -cooperative key generation scheme used for exchanging asymmetrical key pairs -Diffie-Hellman key exchange

Asymmetric

-PUBLIC-KEY SYSTEM -uses two different keys-a public-key and the private-key -keys generated at the same time and data encrypted with one key can be decrypted with the other key

Symmetric

-SECRET-KEY cryptography -identical copy of the key -very secure -ability to achieve high encryption/decryption speeds using hi-tech crypto systems, significantly faster than public-key systems

Data Encryption Standard (DES)

-converts plaintext into ciphertext using a key that consists of 64 binary digits -of the 64 bits, 56 bits are randomly generated and used directly by the algorithm -remaining 8 are error detection -uses 16 rounds of algorithm operations that mix the data and keys together -unsecure and insufficient for classified use

Problems with the secret-key system

-copies of one key must be distributed to all sides to est. a mirror image. -if a key is distributed through a non-secure communication channel, it may be compromised during transmission -if key is discovered/intercepted by someone else, messages encrypted with any copy of that key can easily be decrypted -very sensitive to cryptanalysis

stream ciphers

-encrypt/decrypt each bit of data one at a time in a continuous stream of encrypted data -operates by a stream of pseudo-random digits (key-stream) being combined with plaintext to generate ciphertext -

Triple Data Encryption Standard (3DES)

-more secure -three-fold compound operation for encryption/decryption -encrypts the message with one key, cipher text encrypted again with a second key, and the resulting cipher text is yet again encrypted with a 3rd key before transmitting the message

KIV-7M (Link Encryptor)

-multi-purpose, programmable Type 1 (can encrypt TS) COMSEC link encryption and key management module that can interoperate with a wide variety of legacy encryption and key management module as well as LEF -SYMMETRIC KEY SYSTEM -users must ensure local end and distant end devices are utilizing the same TEK

Diffie-Hellman key exchange

-one of the earliest -each party generates a public/private key pair and distributes the public key -after obtaining the authentic copy of each other's public keys, can compute a shared secret offline -ex shared secret can by used as key for symmetric cipher

One Time Pad

-one of the most secure types of encryption -random string of digits is used as the key to encrypt your message and that key is never used again

IP Encryption Devices

-operate at layer 3 -ensure secure network-centric connections over satellite, WANs, WiMax, Broadband, Dial-up, and wireless networks

Block Cipher

-operate by encrypting/decrypting one chunk of data at a time -most common symmetric algorithm

PKI allows you to conduct business electronically with the confidence that:

-person IDd as sending the transaction is the originator -person receiving the transacting is the intended recipient -data integrity not compromised -uses two-factor authentication

peer enclaves communication on the PT side of a KG-175D when client transmits data

1. goes through PT (Plain text) port 2. through the CT(cipher text) port at which time the PT address is masked as it is encrypted and a new header is added that the TACLANE acquired from the peer enclave 3. a NIPR routed network 4. the Black side of the distant end TACLANE 5. the message is then decrypted as it goes the the PT side 6. when the receiving client obtains the message it is readable

Confidential and Secret info requires AES of

128 bit key lengths or higher

(Rijndael) ability to utilize

128 bit, 192 bit, and 256 bit key-lengths

Top Secret requires AES

192 or 256-bit key length

(Symmetric) Specialized hardware systems utilize algorithms that fall into these two categories:

Block and Stream ciphers

how is the crypto key received?

CRO, KOAM, and the NSA inputted into the equipment by the COMSEC authorized user by using a common fill device

3 main algorithms block ciphers use to encode data

Data Encryption Standard, Triple Data Encryption Standard, Advanced Encryption Standard

what 'routing protocol' does the TACLANE use

IP routing using a form similar to static routing called PEER ENCLAVE ROUTES

To keep the keys secure while in transient a _____ is used to encrypt the _____.

Key encryption Key (KEK) Traffic encryption key (TEK)

Advanced Encryption Standard (AES)

NIST AES selection team chose the new symmetric that commercial users and the govt could use--RIJNDAEL and the RSA algorithm

ANPYQ-10 Simple Key Loader (SKL)

NSA approved, ruggedized PDA capable of receiving, storing, and transferring key variables can store up to 500k individual key variables

what is the most common software stream cipher in use

RC4, Secure Sockets Layer (SSL) uses the RC4 protocol and is used for its simplicity and speed in software uses.

1. IP encryption _____ from the local ____ is sent to the plain text side of the encryptor.

Red data, enclave

When the encryption device encrypts the data using ____ the ____ data frame is no longer readable by a device on the ____ side except the other encryption device with the same _____ ____ and being used

TEK, red, black, TEK loaded

4. After the encryptor encrypts the traffic using the ____ it will add on an _____ so the data can be routed through the ____ along with the other unclassified data.

TEK, unencrypted header, Black (unclassified) NIPR network

SKL can store classified key data up to

Top Secret

KG-175D (TACLANE)

Type 1 In-Line Network Encryptor (INE) optimized for both tactical and strategic environment. -high speed, compact, mobile -TS/SCI -supports IP ops over standard commercial networks -rudimentary router functionality

although keys used by the US govt are secret, unclassified 3DES keys can be found in

a # of devices for commercial use such as VPN apps for secure tunneling connections

what are asymmetric algorithms better suited for

achieve authentication, integrity, and non-repudiation, and support confidentiality through key-management

all cryptographic systems utilize

an algorithm and a crypto-key

public key infrastructures (PKI)

binds public keys to entities, enables other entities to verify public key bindings, and provides the services needed for ongoing management of keys

how is they key-stream determined

by the crypto-key

enclave

can be a single computer or an entire routed SIPR network

peer enclave routes

configured with the addresses of the other (peer) TACLANE as a router of last resort or a directed route to the destination network or subnet

TEK is a key that encrypts the __________, whereas the KEK is a key that is used for the encryption or decryption of ______.

data passing through the device, other keys

what are asymmetric algorithms poorly suited for

encrypting large messages because they are relatively slow

over the air re-key (OTAR)

ensure keys are sent securely to remote locations is vital to the nation's security and war efforts

the TEKs are used to

exchange data between the peer In-Line Network Encryptors (2 IP encryptors)

KIV-7M has two _______.

independent link encryption channels -configurable RED and BLACK input/output (I/O) ports enable the KIV-7M to interface with a wide array of communications and networking equipment

a common fill device can transmit a ____ through the secure connection to another _____ at a remote location

key, common fill device

Network encryption systems enable war-fighters to ______ while sharing _____ throughout air, land, sea, space, and enterprises.

maintain their mobility, classified information

three types of rekeys depending on the type of destination

manual rekey (MK), automatic rekey (AK), manual cooperative key transfer (MK/RV)

Gateway of last resort

no peer enclave to a distant TACLANE, two client will still talk. usually has a Peer Enclave to the distant end TACLANE or it will forward the data to another that may have a peer enclave to the destination (just takes longer)

Manual cooperative key transfer (MK/RV)

point to point passing of a key that may be stored for future use in a common fill device at a remote location -useful if the area between two locations is hostile

RIJNDAEL is the most ______ in both the commercial and government sectors.

popular

automatic rekey (AK)

preferred method for point to multi-point rekey. -used to update a network with multiple suscribers -primarily done from master station or communications focal point (CFP)

manual rekey (MK)

preferred method for point-to-point rekey. -used to update a remote station that has no users at the location -main station uses its secure link to transmit and automatically install the proper key

To decrypt the 3DES

process must be reversed in sequence using the same keys

serial encryption devices

provide a secure link in serial applications between a host and a remote user (point to point) or users (point to multi-point), -layer 2

common fill device (CFD)

receive, store, and transfer key variables to End Cryptographic Units (ECU)

3. The encryptor will be configured with a _____ to send the message packets to the other ____ or _____.

routing function, SIPR network or peer enclave

The Diffie-Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a _________over an _____ channel. This key can then be used to encrypt subsequent communications using a _______

shared key secret, unsecure, symmetric key cipher

2. The two sides of the encryptor are configured with _____ so that they can be ____ by the local routed network.

static addresses, discovered

PPK Pre Placed Key

system that is symmetric meaning it uses only one key to encrypt/decrypt information -encryption keys pre-positioned in cryptographic unit

If the distant end KIV-7 does not have the same TEK as the local KIV-7 (either by the key expiring or deleting)

then no traffic can be sent and OTAR cannot be accomplished

the unique ____ is generated called _____ and used for encryption/decryption

third key, FIREFLY-Generated Traffic Encryption Key

over the air rekeying

to update the keys stored in the KIV-7 someone has to load them from a common fill device or distant end must be updated using 3 methods of OTAR

SIPR data is ____ through the ______ to the ______.

tunneled, NIPR network, peer enclave

over the air distribution (OTAD)

two-way secure transmission used to update or distribute a key to remote locations

Crypto Ignition Key (CIK)

used to lock and unlock access to the encrypted key database

advantage of asymmetric key cryptography

uses keys that are so different, so it would be possible to publicize one without danger of anyone being able to derive or compute the other private key cannot be determined from public key