on-the-job training. The CMS custodian is responsible
for ensuring that cryptographic operators receive the
training necessary to perform these duties and that they
meet the following minimum qualifications:
Be properly cleared for access to the material
with which they will be working;
Be authorized by the commanding officer to
perform crypto duties; and
Be familiar with local crypto procedures.
TRANSMISSION SECURITY
Transmission security results from measures
designed to protect transmission from interception and
exploitation by means other than cryptographic
analysis. In the next paragraphs, we will discuss
specific methods of transmission security.
COMMUNICATIONS SECURITY
(COMSEC) EQUIPMENT
There are numerous types of cryptographic
equipment used throughout the Navy. However, they
all perform the same basic function—to encipher or
decipher a communications signal.
During secure transmission, the cryptoequipment
accepts a “plain text” teleprinter or data signal
containing classified information from the classified
(red) patch panel and adds a “key” (randomly chosen
bits generated internally). This composite signal is
relayed as an encrypted signal.
Following this encryption, the signal is fed to the
unclassified (black) patch panel where it is patched
directly to a converter. This converted audio signal is
then routed to the transmitter for transmission.
Over-the-Air Rekey/Transfer (OTAR/OTAT)
Many of the new cryptosystems that use the 128-bit
electronic key (ANDVT, KY-58, KG-84A/C, and
KY-75) are now capable of obtaining new or updated
key via the circuit they protect or other secure
communications circuits. This process is known as
over-the-air rekey (OTAR) or over-the-air transfer
(OTAT). The use of OTAR or OTAT drastically reduces
the distribution of physical keying material and the
physical process of loading cryptoequipments with key
tapes.
A station may have nothing to do with actual
physical CRYPTO changeovers on a day-to-day basis.
All an operator would have to do is observe the alarm
indications and ensure the alarm indicator returns to
operate. The electronic key would normally come from
the Net Control Station (NCS).
The added feature of OTAT is that the key can be
extracted from an OTAT-capable cryptosystem using a
KYK-13 or KYX-15/KYX-15A. The key is then
loaded into another cyptosystem as needed. More
detailed information on OTAR/OTAT is available in the
Procedures Manual for Over-the-Air Transfer (OTAT)
and Over-the-Air Rekey (OTAR) and Field Generation
and Over-the-Air Distribution of Tactical Electronic
Key, NAG-16C/TSEC.
Authentication
Authentication is a security measure designed to
protect a communications or command system against
fraudulent transmissions or simulation. Authenticating
systems have instructions specifying the method of use
and transmission procedures. By using an
authenticating system properly, an operator can
distinguish between genuine and fraudulent stations or
transmissions. A station may include authentication in
a transmitted message. This security measure is called
transmission authentication. The types of
authentication are:
l
l
Challenge and Reply— This is a prearranged
system whereby one station requests
authentication of another station (the challenge).
By a proper response, the latter station
establishes its authenticity (the reply).
Transmission Authentication— A station
establishes the authenticity of its own
transmission by either a message- or a
self-authentication method. A message
authentication is a procedure that a station uses
to include an authenticator in the transmitted
message. Self-authentication is a procedure that
a station uses to establish its own authenticity,
and the called station is not required to challenge
the calling station.
The following examples are instances when
authentication is mandatory:
l
l
l
A station suspects intrusion on a circuit;
A station is challenged or requested to
authenticate;
A station directs radio silence or requires another
station to break an imposed radio silence; and
3-11
