Editing NSA encryption systems (section)

== Five generations of NSA encryption ==

The large number of cipher devices that NSA has developed in its half century of operation can be grouped into five generations (decades given are very approximate):

=== First generation: electromechanical ===

[[File:KL-7 from front.jpg|thumb|[[KL-7]] at NSA Museum]]

First generation NSA systems were introduced in the 1950s and were built on the legacy of NSA's [[World War II]] predecessors and used rotor machines derived from the [[SIGABA]] design for most high level encryption; for example, the [[KL-7]]. Key distribution involved distribution of paper key lists that described the rotor arrangements, to be changed each day (the ''[[cryptoperiod]]'') at midnight, [[GMT]]. The highest level traffic was sent using one-time tape systems, including the British [[5-UCO]], that required vast amounts of paper tape keying material.<ref name=boaklectures />{{rp|p. 39 ff}}

=== Second generation: vacuum tubes ===

[[File:Kw-26.jpg|thumb|An array of [[KW-26]] cipher devices]]

Second generation systems (1970s) were all electronic designs based on [[vacuum tube]]s and transformer logic. Algorithms appear to be based on [[linear-feedback shift register]]s, perhaps with some non-linear elements thrown in to make them more difficult to cryptanalyze. Keys were loaded by placing a [[punched card]] in a locked reader on the front panel.<ref name="klein">Melville Klein, "Securing Record Communications: The TSEC/KW-26", 2003, NSA brochure, p. 4, [https://www.nsa.gov/about/cryptologic-heritage/historical-figures-publications/publications/misc/assets/files/tsec_kw26.pdf (PDF)]</ref> The cryptoperiod was still usually one day. These systems were introduced in the late 1960s and stayed in use until the mid-1980s. They required a great deal of care and maintenance, but were not vulnerable to EMP. The discovery of the [[Walker spy ring]] provided an impetus for their retirement, along with remaining first generation systems.

=== Third generation: integrated circuits ===

[[File:KOI-18.nsa.jpg|thumb|[[KOI-18]] field paper tape reader]]

Third generation systems (1980s) were transistorized and based on [[integrated circuit]]s and likely used stronger algorithms. They were smaller and more reliable. Field maintenance was often limited to running a diagnostic mode and replacing a complete bad unit with a spare, the defective cipher device being sent to a depot for repair. Keys were loaded through a connector on the front panel. NSA adopted the same type of connector that the military used for field radio handsets as its fill connector. Keys were initially distributed as strips of [[punched tape|punched paper tape]] that could be pulled through a hand held reader ([[KOI-18]]) connected to the fill port. Other, portable electronic [[fill device]]s ([[KYK-13]], etc.) were available as well.

=== Fourth generation: electronic key distribution ===

[[File:STU-IIIphones.nsa.jpg|thumb|STU-III phones with crypto-ignition keys]]

Fourth generation systems (1990s) use more commercial packaging and electronic key distribution. Integrated circuit technology allowed backward compatibility with third generation systems. [[Security token]]s, such as the [[KSD-64]] crypto ignition key ('''CIK''') were introduced. Secret splitting technology allows encryptors and CIKs to be treated as unclassified when they were separated. Later the [[Fortezza]] card, originally introduced as part of the controversial [[Clipper chip]] proposal, were employed as tokens. Cryptoperiods were much longer, at least as far as the user was concerned. Users of secure telephones like the [[STU-III]] only have to call a special phone number once a year to have their encryption updated. Public key methods ([[FIREFLY]]) were introduced for electronic key management ([[EKMS]]), which employed a commercial or militarized personal computer running [[MS-DOS]] to generate cryptographic keys and [[signal operating instructions]] (SOI/CEOI). An NSA-supplied '''AN/CSZ-9''' [[hardware random number generator]] produced the needed random bits. The CSZ-9 connects to the PC through an RS-232 port and is powered by five [[D battery|D cell]] (BA-30) batteries. In later phases of EKMS, the random data functionality is included in an NSA key processor (KP).<ref>{{Cite web |url=http://www.globalsecurity.org/military/library/policy/army/fm/11-1/Ch1.htm |title=US Army Field Manual FM-11-1, 1996, Chapter 1, Section C |access-date=24 April 2023 |archive-date=30 December 2005 |archive-url=https://web.archive.org/web/20051230003923/http://www.globalsecurity.org/military/library/policy/army/fm/11-1/Ch1.htm |url-status=bot: unknown }}</ref> Keys could now be generated by individual commands instead of coming from NSA by courier.

A common handheld fill device (the [[AN/CYZ-10]]) was introduced to replace the plethora of devices used to load keys on the many third generation systems that were still widely used. Encryption support was provided for commercial standards such as [[Ethernet]], [[Internet Protocol|IP]] (originally developed by [[United States Department of Defense|DOD's]] [[DARPA|ARPA]]), and optical fiber multiplexing. Classified networks, such as [[SIPRNet]] (Secret Internet Protocol Router Network) and [[JWICS]] (Joint Worldwide Intelligence Communications System), were built using commercial [[Internet]] technology with secure communications links between "enclaves" where classified data was processed. Care had to be taken to ensure that there were no insecure connections between the classified networks and the public [[Internet]].

=== Fifth generation: network-centric systems ===

[[File:MBITR.jpg|thumb|Hand-held microprocessor-controlled radios like this [[AN/PRC-148]] have multiple encryption modes.]]

In the twenty-first century, communication is increasingly based on computer networking. Encryption is just one aspect of protecting sensitive information on such systems, and far from the most difficult one. NSA's role will increasingly be to provide guidance to commercial firms designing systems for government use. [[High Assurance Internet Protocol Encryptor|HAIPE]] solutions are examples of this type of product (e.g., [http://www.L-3Com.com/HAIPE KG-245A ]{{Dead link|date=April 2020 |bot=InternetArchiveBot |fix-attempted=yes }} and [http://www.viasat.com/government-communications/information-assurance/altasec-kg-250 KG-250 ]).

Other agencies, particularly [[NIST]], have taken on the role of supporting security for commercial and sensitive but unclassified applications. NSA's certification of the unclassified NIST-selected [[Advanced Encryption Standard|AES]] algorithm for classified use "in NSA-approved systems" suggests that, in the future, NSA may use more non-classified algorithms. The KG-245A and KG-250 use both classified and unclassified algorithms.

The NSA Information Assurance Directorate is leading the Department of Defense [[Cryptographic Modernization Program]], an effort to transform and modernize Information Assurance capabilities for the 21st century. It has three phases:

* Replacement: Replace all devices at risk.
* Modernization: Integrate modular programmable/embedded crypto solutions.
* Transformation: Be compliant with Global Information Grid/NetCentric requirements.

NSA has helped develop several major standards for secure communication: the ''Future Narrow Band Digital Terminal ([[FNBDT]])'' for voice communications, ''High Assurance Internet Protocol Interoperability Encryption- Interoperability Specification ([[HAIPE]])'' for computer networking and [[Suite B]] encryption algorithms.