Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
NSA encryption systems
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Fourth generation: electronic key distribution === [[File:STU-IIIphones.nsa.jpg|thumb|STU-III phones with crypto-ignition keys]] Fourth generation systems (1990s) use more commercial packaging and electronic key distribution. Integrated circuit technology allowed backward compatibility with third generation systems. [[Security token]]s, such as the [[KSD-64]] crypto ignition key ('''CIK''') were introduced. Secret splitting technology allows encryptors and CIKs to be treated as unclassified when they were separated. Later the [[Fortezza]] card, originally introduced as part of the controversial [[Clipper chip]] proposal, were employed as tokens. Cryptoperiods were much longer, at least as far as the user was concerned. Users of secure telephones like the [[STU-III]] only have to call a special phone number once a year to have their encryption updated. Public key methods ([[FIREFLY]]) were introduced for electronic key management ([[EKMS]]), which employed a commercial or militarized personal computer running [[MS-DOS]] to generate cryptographic keys and [[signal operating instructions]] (SOI/CEOI). An NSA-supplied '''AN/CSZ-9''' [[hardware random number generator]] produced the needed random bits. The CSZ-9 connects to the PC through an RS-232 port and is powered by five [[D battery|D cell]] (BA-30) batteries. In later phases of EKMS, the random data functionality is included in an NSA key processor (KP).<ref>{{Cite web |url=http://www.globalsecurity.org/military/library/policy/army/fm/11-1/Ch1.htm |title=US Army Field Manual FM-11-1, 1996, Chapter 1, Section C |access-date=24 April 2023 |archive-date=30 December 2005 |archive-url=https://web.archive.org/web/20051230003923/http://www.globalsecurity.org/military/library/policy/army/fm/11-1/Ch1.htm |url-status=bot: unknown }}</ref> Keys could now be generated by individual commands instead of coming from NSA by courier. A common handheld fill device (the [[AN/CYZ-10]]) was introduced to replace the plethora of devices used to load keys on the many third generation systems that were still widely used. Encryption support was provided for commercial standards such as [[Ethernet]], [[Internet Protocol|IP]] (originally developed by [[United States Department of Defense|DOD's]] [[DARPA|ARPA]]), and optical fiber multiplexing. Classified networks, such as [[SIPRNet]] (Secret Internet Protocol Router Network) and [[JWICS]] (Joint Worldwide Intelligence Communications System), were built using commercial [[Internet]] technology with secure communications links between "enclaves" where classified data was processed. Care had to be taken to ensure that there were no insecure connections between the classified networks and the public [[Internet]].
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)