crypto/comsec 3b
PKI allows you to conduct business electronically with the confidence of what three things?
- The person or process identified as sending the transaction is actually the originator. - The person or process receiving the transaction is the intended recipient. - Data integrity has not been compromised.
FIREFLY-Generated Traffic Encryption Key are generated during what and what are they used for?
- a FIREFLY exchange between peer In-Line Network Encryptors (INEs) - used to encrypt/decrypt traffic
asymmetric key system
- also called Public-Key cryptography - uses two different keys -a public-key for encryption and the private-key for decryption
Public Key Infrastructure (PKI)
- binds public keys to entities - enables other entities to verify public key bindings - provides the services needed for ongoing management of keys in a distributed system
KIV-7M (Link Encryptor)
- multi-purpose, programmable Type 1 (can encrypt up to TOP SECRET) COMSEC link encryption and key management module - can interoperate with a wide variety of legacy encryption devices as well as new Link Encryptor Family (LEF) devices that conform to Cryptographic Modernization Initiative requirements - unit has two, independent link encryption channels
block ciphers
- operate by encrypting/decrypting one chunk of data at a time (64 bits, 128bits, etc) - most common type of symmetric algorithm
Automatic Rekey (AK)
- point to multi-point rekey - update a network with multiple subscribers - done from a master station or Communications Focal Point (CFP)
Manual Cooperative Key Transfer (MK/RV)
- point to point passing of a key that may be stored for future use in a common fill device - useful if the area between the two locations is hostile - common fill device can transmit a key through the secure connection to another common fill device at a remote location
Manual Rekey (MK)
- point-to-point rekey - update a remote station that has no users at the location - main station uses its secure link to transmit and automatically install the proper key
Data Encryption Standard (DES)
- publicly known block cipher cryptographic algorithm that converts plaintext into ciphertext using a key that consists of 64 binary digits - out of the 64 bits, 56 are randomly generated and used directly by the algorithm - remaining 8 used for error detection - uses 16 rounds of algorithm operations that mix the data and keys together - now considered unsecure/insufficient for classified use
Pre Placed Key (PPK)
- symmetric encryption keys pre-positioned in a cryptographic unit - can be designed to be installed in equipment for a year's supply
KIV-7M is capable of storing up to _____ Traffic Encryption Keys (TEKS)
10
Confidential and Secret information requires AES of
128 bit key lengths or higher
Top Secret requires what AES key length?
192 or 256-bit
SKL can store up to how many individual key variables?
500,000
Advanced Encryption Standard (AES)
A symmetric cipher that was approved by NIST in late as a replacement for 3DES.
two types of symmetric key algorithms
Block and Stream ciphers
each key variable in an SKL is paired with what and what does it do?
Crypto Ignition Key (CIK) used to lock and unlock access to the encrypted key database
To keep the keys secure while in transient a _____ ________ ______ is used to encrypt the TEK
Key Encryption Key (KEK)
what are the three types of OTAR?
Manual Rekey (MK), Automatic Rekey (AK), and Manual Cooperative Key Transfer (MK/RV)
Firefly Vector Set (FFVS)
NSA developed cooperative key generation scheme used for exchanging asymmetrical key pairs
Secure Sockets Layer (SSL) uses the ______ protocol
RC4
most common software stream cipher in use
RC4
how does FFVS work?
The sender exchanges key message one with key message two from the receiver. A unique third key is generated and used for encryption/decryption.
SKL can store classified key data up to
Top Secret
PPK can be classified as what two things?
Traffic Encryption Keys (TEK) or Key Encryption Keys (KEK)
TACLANE KG-175D
Type 1 In-line Network Encryptor that supports Internet Protocol (IP) operation over standard commercial networks (symmetric)
ANPYQ-10 Simple Key Loader (SKL)
a NSA approved, handle-held, ruggedized PDA capable of receiving, storing, and transferring key variables and the information associated with each key
symmetric key system
also called Secret-Key cryptography because an identical copy of keys is used in the cryptography process
digital signature
assures that the person sending the message is who they claim to be
problem with the secret-key system is that
copies of one key must be distributed to all sides to establish a mirror image
key-stream is determined by the
crypto-key
advantage of asymmetric key cryptography is that it uses keys that are so different, that it would be possible to publicize one without what?
danger of anyone being able to derive or compute the other
public and private key can be used to create a
digital signature
serial encryption devices
encryption device used to provide a secure link in serial applications between a host and remote user (point to point) or users (point to multipoint) (layer 2)
IP encryption systems are employed to do what?
ensure secure, network-centric connections over satellite, WANs, WiMax, Broadband, Dial-up and Wireless networks
Another advantage of secretkey cryptography is the ability to achieve...
high encryption/decryption speeds using to hi-tech crypto systems, significantly faster than public-key systems
Although it is considered unclassified CCI, the SKL will assume the ______________ ______________ of key data it is holding.
highest classification
what does KG-175D provide?
message confidentiality, data integrity, authentication, and access control security services to protect data classified TOP SECRET/SENSITIVE COMPARTMENTED INFORMATION (TS/SCI) and below with periods processing
If the distant end KIV-7 does not have the same TEK the local KIV-7 has by the key expiring or deleting then what happens and what needs to be done?
no traffic can be sent; the distant end must be updated using one of the three methods of OTAR
IP encryption systems are
products that protect classified data while in transit over Internet Protocol (IP) networks (layer 3)
Asymmetric (Public-Key Systems) uses what two types of keys?
public-key and private-key
two main uses of asymmetric-key algorithms are
public-key encryption and digital signatures
One of the most secure forms of encryption is called a One Time Pad, where a...
random string of digits is used as the key to encrypt your message, and that key is never used again
KG-175D (TACLANE) is intended to do what?
secure local area networks (LAN), interconnected LANs, and wide area networks (WAN)
key-stream
stream of pseudo-random digits
KIV-7M utilizes what for encryption?
symmetric key system
If you do not have a peer enclave to a distant TACLANE but have what's called a Gateway of last resort, the two clients will still ______
talk
SKL is intended to replace what?
the inferior AN/CYZ-10 Data Transfer Device
Triple Data Encryption Standard (3DES) was developed as a countermeasure for
the shortfalls of DES
Over The Air Re-Key (OTAR)
two-way secure transmission used to update or distribute a key to remote locations (also known as Over the Air Distribution (OTAD))
common fill devices (CFD)
used to receive, store, and transfer key variables to End Cryptographic Units (ECU)
3DES
works by encrypting the message with one key, the cipher text is encrypted again with a second key, and the resulting cipher text is yet again encrypted with a third key before finally transmitting the message