3b. Crypto/COMSEC
Black (unclassified)
After the encryptor encrypts the traffic using the Traffic Encryption Key (TEK) it will add on an unencrypted header so the data can be routed through the__________________________ NIPR network along with the other unclassified data. Thus, the SIPR data is tunneled through the NIPR network to the peer enclave.
algorithm & crypto-key
All cryptographic systems utilize an_____________ and __________________
SERIAL ENCRYPTION DEVICES
An encryption device used to provide a secure link in serial applications between a host and remote user (point to point) or users (point to multi-point) , and they operate at the layer 2 of the OSI model.
Symmetric Key
Another advantage is the ability to achieve high encryption/decryption speeds using hi-tech crypto systems, significantly faster than public-key systems
Private Key/Public Key
Asymmetric key cryptography, also known as public key cryptography, uses a class of algorithms in which has __________________ and a ________________________
Data Encryption Standard (DES)
DES is a publicly known block cipher cryptographic algorithm that converts plaintext into ciphertext using a key that consists of 64 binary digits. Of the 64 bits, 56 bits are randomly generated and used directly by the algorithm. The extra eight bits are used for error detection. The system uses 16 rounds of algorithm operations that mix the data and keys together
Top Secret, unclassified CCI, highest classification
Due to the effective security control measures it employs, the SKL can store classified key data up to ______________________. Although in itself it is considered _____________________ when not loaded, the SKL will assume the _________________________ of key data it is holding
ANPYQ-10 Simple Key Loader (SKL)
Each unit is paired with its own Crypto Ignition Key (CIK) used to lock and unlock access to the encrypted key database.
serial encryption
Encrypting a router's serial connection to a Wide Area Network is an example of ____________________________.
OVER THE AIR RE-KEY (OTAR).
Ensuring keys are sent securely to remote locations is vital to the nation's security and war efforts. it is also known as Over the Air Distribution (OTAD) is a two-way secure transmission used to update or distribute a key to remote locations.
Red (classified)
In IP encryption __________________ data from the local enclave is sent to the Plain text side of the encryptor. An enclave can be a single computer or an entire routed SIPR network. The two sides of the encryptor are configured with static addresses so that they can be discovered by the local routed network.
public and private symmetric
In the Diffie-Hellman key exchange scheme, each party generates a__________________________ key pair and distributes the public key. After obtaining an authentic copy of each other's public keys can compute a shared secret offline. The shared secret can be used, for instance, as the key for a _________________________ cipher.
ANPYQ-10 Simple Key Loader (SKL)
Is NSA approved, handle-held, ruggedized PDA capable of receiving, storing, andtransferring key variables The SKL can store up to 500,000 individual key variables.
Block ciphers
It has three algorithms that are typically used to encode data: Data Encryption Standard, Triple Data Encryption Standard and Advanced Encryption Standard.
One Time Pad
One of the most secure forms of encryption is called , where a ____________________________ random string of digits is used as the key to encrypt your message, and that key is never used again.
Manual Rekey (MK)
Preferred method for a point-to-point rekey. This can be used to update a remote station that has no users at the location. The main station uses its secure link to transmit and automatically install the proper key.
Automatic Rekey (AK)
Preferred method for point to multi-point rekey. This is used to update a network with multiple subscribers. Automatic rekey is primarily done from a master station or Communications Focal Point (CFP). The CFP can update all the users or select which users are to receive the updated key.
RC4 protocol
Secure Sockets Layer (SSL) uses the _________________and is used for its simplicity and speed in software uses.
symmetric key
The KIV-7M utilizes ___________________system for encryption.
KG-175D (TACLANE)
The TACLANE-Micro is an example of an IP Encryptor sometimes called a Type 1 In-Line Network Encryptor (INE), optimized for both tactical and strategic environment. The TACLANE-Micro is high-speed, compact and mobile. It is fully ruggedized for extreme temperatures and conditions making it suitable for military applications. It is certified for Top Secret and below.
Diffie-Hellman key exchange
The _____________________________________is a method of securely exchanging cryptographic keys over a public channel and was one of the first public key protocols
asymmetric
The advantage is that it uses keys that are so different, that it would be possible to publicize one without danger of anyone being able to derive or compute the other. Although different, the two keys are mathematically related, but the private-key cannot be determined from the public-key.
KIV-7M (Link Encryptor)
The unit has two, independent link encryption channels. Each channel can be programmed to emulate a different family of link encryption devices.
Manual Rekey (MK), Automatic Rekey (AK), Manual Cooperative Key Transfer (MK/RV)
There is three types of rekeys depending on the type of destination.
Block & Stream Ciphers
These specialized hardware systems utilize algorithms that fall into two categories: ______________________and _________________________
Triple Data Encryption Standard (3DES)
This block cipher secret-key algorithm was developed by the private sector as a countermeasure for the shortfalls of DES. It is a more secure method of using the DES keys by implementing a three-fold compound operation for encryption/decryption. It works by encrypting the message with one key, the cipher text is encrypted again with a second key, and the resulting cipher text is yet again encrypted with a third key before finally transmitting the message. To decrypt the message, the threefold compound process must be reversed in sequence using the same keys
Symmetric Key
This concept allows for a very secure means of telecommunications and is also called Secret-Key cryptography because an identical copy of keys is used in the cryptography process
Over the Air Rekeying
To update the keys stored in the KIV-7 someone must be there to load them from a common fill device or the distant end must be updated using one of the three methods of OTAR. To keep the keys secure while in transient a Key Encryption Key (KEK) is used to encrypt the TEK. If the distant end KIV-7 does not have the same TEK as the local KIV-7 has by the either the key expiring or deleting then no traffic can be sent and OTAR cannot be accomplished.
Asymmetric (Public-Key Systems)
Unlike the secret-key system, which uses the same keys for encryption/decryption, the public key system uses two different keys - a public-key and the private-key
local end & distant end, 10 TEKs
Users must ensure the________________ and __________________ devices are utilizing the same Traffic Encryption Key (TEK). The KIV-7M is capable of storing up to _______________
RC4
____________ is the most common software stream cipher in use.
Firefly vector sets
are a NSA developed cooperative key generation scheme used for exchanging asymmetrical key pairs. It was based on the Diffie-Hellman key exchange.
IP Encryption Devices
are products that protect classified data while in transit over Internet Protocol (IP) networks, and they operate at the layer 3 of the OSI model. These systems are employed to ensure secure, network-centric connections over satellite, WANs, WiMax, Broadband, Dial-up and Wireless networks.
Public Key Infrastructures (PKI)
binds public keys to entities, enables other entities to verify public key bindings, and provides the services needed for ongoing management of keys in a distributed system
Problem Secret key
copies of one key must be distributed to all sides to establish a mirror image. If a key is distributed through a non-secure communication channel, it may become compromised during transmission. This fact makes secret- keys extremely sensitive to cryptanalysis and must be protected.
Stream ciphers
encrypt/decrypt each bit of data, one at a time in a continuous stream of encrypted data. It operates by a stream of pseudo-random digits, called key-stream, being combined with plaintext to generate ciphertext. The key-stream is determined by the crypto-key.
Pre-Placed Key
is a key system that is symmetric meaning it uses only one key to encrypt/decrypt information
Keys (KEK).
is a key that is used for the encryption or decryption of other keys.
KIV-7M (Link Encryptor)
is a multi-purpose, programmable Type 1 (can encrypt up to TOP SECRET) COMSEC link encryption and key management module that can interoperate with a wide variety of legacy encryption devices as well as new Link Encryptor Family (LEF) devices that conform to CryptographicModernization Initiative requirements.
Manual Cooperative Key Transfer (MK/RV)
is a point to point passing of a key that may be stored for future use in a common fill device. A common fill device can transmit a key through the secure connection to another common fill device at a remote location. This can be useful if the area between the two locations is hostile.
Block ciphers
is the most common symmetric algorithm category
COMMON FILL DEVICE (CFD)
is used to receive, store, and transfer key variables to End Cryptographic Units (ECU).
Block ciphers
operate by encrypting/decrypting one chunk of data at a time (64 bits, 128bits, etc). For example, a 128-bit block of plaintext input will yield the same 128-bit block of ciphertext output