Misplaced Pages

#743256

17-566: Key Management Infrastructure (KMI) replaces EKMS. The primary reason for the development of EKMS centers on the security and logistics problems that plagued the COMSEC Material Control System (CMCS), which replaced the Registered Publications System (RPS) in the 1970s. The CMCS was a very labor-intensive operation that had been stretched to capacity. The most serious, immediate concern was

34-831: A fill device , such as the KYK-13 , KYX-15, or the more modern AN/CYZ-10 Data Transfer Device (DTD) for further transfer (or fill ) into the end cryptographic unit. The lowest tier or layer of the EKMS architecture which includes the AN/CYZ-10 (Data Transfer Device (DTD)), the SKL (Simple Key Loader) AN/PYQ-10 , and all other means used to fill keys to End Cryptographic Units (ECUs); hard copy material holdings only; and STU-III/STE material only using Key Management Entities (KMEs) (i.e., Local Elements (LEs)). Unlike LMD/KP Tier 2 accounts, Tier 3 using entities never receive electronic key directly from

51-604: A COMSEC Mission. KYK-13 The KYK-13 Electronic Transfer Device is a common fill device designed by the United States National Security Agency for the transfer and loading of cryptographic keys with their corresponding check word. The KYK-13 is battery powered and uses the DS-102 protocol for key transfer. Its National Stock Number is 5810-01-026-9618. Even though the KYK-13

68-506: A COR or Tier 0. Communications security#Key Management Infrastructure (KMI) Program Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. In the North Atlantic Treaty Organization culture, including United States Department of Defense culture, it

85-539: A Key Management Goal Architecture (KMGA). Subsequent difficulties in coordinating COMSEC distribution and support during joint military operations, e.g., Desert Storm , Urgent Fury , and Operation Just Cause , have further emphasized the need for a system capable of interoperability between the Services. EKMS starts with the Central Facility (CF), run by NSA, which provides a broad range of capabilities to

102-445: A central office of record (COR) that performed basic key and COMSEC management functions, such as key ordering, distribution, inventory control, etc. Under EKMS, each service operates its own key management system using EKMS Tier 1 software that supports physical and electronic key distribution, traditional electronic key generation, management of material distribution, ordering, and other related accounting and COR functions. Common Tier 1

119-677: A variety of media, communication devices, and networks, either through direct distance dialing using STU-III (data mode) or dedicated link access using KG-84 devices. During the transition to full electronic key, the 3.5-inch floppy disk and 9-track magnetic tape are also supported. A common user interface, the TCP/IP -based message service, is the primary method of communication with the CF. The message service permits EKMS elements to store EKMS messages that include electronic key for later retrieval by another EKMS element. Under CMCS, each service maintained

136-507: Is a trusted component of EKMS. It performs cryptographic functions, including encryption and decryption functions for the account, as well as key generation, and electronic signature operations. The KP is capable of secure field generation of traditional keys. Locally generated keys can be employed in crypto-net communications, transmission security (TRANSEC) applications, point-to-point circuits, and virtually anywhere that paper-based keys were used. Electronic keys can be downloaded directly to

153-684: Is based on the U.S. Navy 's key distribution system (NKDS) software developed by the Naval Research Laboratory and further developed by SAIC in San Diego. EKMS Tier 2 , the Local Management Device (LMD), is composed of a commercial off-the-shelf (COTS) personal computer (PC) running the Santa Cruz Operation 's SCO UNIX operating system, and an NSA KOK-22A Key Processor (KP) . The KP

170-506: Is often referred to by the abbreviation COMSEC . The field includes cryptographic security, transmission security , emissions security and physical security of COMSEC equipment and associated keying material. COMSEC is used to protect both classified and unclassified traffic on military communications networks, including voice, video, and data. It is used for both analog and digital applications, and both wired and wireless links. Voice over secure internet protocol VOSIP has become

187-467: The EKMS program to supply electronic key to COMSEC devices in securely and timely manner, and to provide COMSEC managers with an automated system capable of ordering, generation, production, distribution, storage, security accounting, and access control. The Army's platform in the four-tiered EKMS, AKMS, automates frequency management and COMSEC management operations. It eliminates paper keying material, hardcopy Signal operating instructions (SOI) and saves

SECTION 10

#1732791980744

204-494: The Services and other government agencies. The CF, also referred to as Tier 0, is the foundation of EKMS. Traditional paper-based keys, and keys for Secure Telephone Unit – Third Generation ( STU-III ), STE , FNBDT , Iridium , Secure Data Network System (SDNS), and other electronic key are managed from an underground building in Finksburg, Maryland which is capable of the following: The CF talks to other EKMS elements through

221-447: The de facto standard for securing voice communication, replacing the need for Secure Terminal Equipment (STE) in much of NATO, including the U.S.A. USCENTCOM moved entirely to VOSIP in 2008. Types of COMSEC equipment: The Electronic Key Management System (EKMS) is a United States Department of Defense (DoD) key management, COMSEC material distribution, and logistics support system. The National Security Agency (NSA) established

238-763: The encrypted distribution of electronic keying material directly to the COMSEC device without human access to the key itself. The need for joint interoperability led to the Defense Reorganization Act of 1986, under which the Joint Chiefs of Staff (JCS) tasked NSA, the Defense Information Systems Agency ( DISA ), and the Joint Tactical Command, Control and Communications Agency (JTC3A) to develop

255-466: The human threat associated with access to and exploitation of paper key throughout its life cycle. The disclosure of the Walker spy ring was clear justification of this concern. Although eliminating the majority of paper keys will greatly reduce this human threat, the long-term goal of EKMS to minimize human access to keys will not be realized until benign fill key is fully implemented. Benign fill permits

272-493: The time and resources required for courier distribution. It has 4 components: KMI is intended to replace the legacy Electronic Key Management System to provide a means for securely ordering, generating, producing, distributing, managing, and auditing cryptographic products (e.g., asymmetric keys, symmetric keys, manual cryptographic systems, and cryptographic applications). This system is currently being fielded by Major Commands and variants will be required for non-DoD Agencies with

289-596: Was first introduced in 1976 and was supposed to have been made obsolete by the AN/CYZ-10 Data Transfer Device , it is still widely used because of its simplicity and reliability. A simpler device than the CYZ-10, the KIK-30 "Really Simple Key Loader" (RASKL) is now planned to replace the KYK-13, with up to $ 200 million budgeted to procure them in quantity. This United States military article

#743256