Communications security
Encyclopedia
Communications security is the discipline of preventing unauthorized interceptor
s from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. In the United States Department of Defense
culture, it is often referred to by the abbreviation COMSEC. The field includes cryptosecurity, transmission security, emission security, traffic-flow security. and physical security of COMSEC equipment.
and unclassified traffic on military communications
networks, including voice, video, and data. It is used for both analog and digital applications, and both wired and wireless links.
Secure voice over internet protocol (SVOIP) has become the defacto standard for securing voice communication, replacing the need for STU-X
and STE equipment in much of the U.S. Department of Defense. USCENTCOM moved entirely to SVOIP in 2008.
requires electrical and electronic circuits, components, and systems which handle encrypted ciphertext information (BLACK) be separated from those which handle unencrypted classified plaintext information (RED). The red/black concept can operate on the level of circuits, components, equipment, systems, or the physical areas in which they are contained.
Types of COMSEC equipment:
is DoD key management, COMSEC material distribution, and logistics support system. The NSA established the EKMS program to supply electronic key to COMSEC devices in securely and timely manner, and to provide COMSEC managers with an automated system capable of ordering, generation, production, distribution, storage, security accounting, and access control.
The Army's platform in the four-tiered EKMS, AKMS, automates frequency management and COMSEC management operations. It eliminates paper keying material, hardcopy SOI, and associated time and resource-intensive courier distribution. It has 4 components:
Interceptor
-Vehicles:* Interceptor aircraft , a type of fighter aircraft designed specifically to intercept and destroy enemy aircraft* Ford Crown Victoria Police Interceptor, a police car...
s from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. In the United States Department of Defense
United States Department of Defense
The United States Department of Defense is the U.S...
culture, it is often referred to by the abbreviation COMSEC. The field includes cryptosecurity, transmission security, emission security, traffic-flow security. and physical security of COMSEC equipment.
Applications
COMSEC is used to protect both classifiedClassified information
Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
and unclassified traffic on military communications
Military communications
Historically, the first military communications had the form of sending/receiving simple signals . Respectively, the first distinctive tactics of military communications were called Signals, while units specializing in those tactics received the Signal Corps name...
networks, including voice, video, and data. It is used for both analog and digital applications, and both wired and wireless links.
Secure voice over internet protocol (SVOIP) has become the defacto standard for securing voice communication, replacing the need for STU-X
STU-I
The STU-I, like its successors sometimes known as a "stew phone", was a secure telephone developed by the U.S. National Security Agency for use by senior U.S. government officials in the 1970s.-External links:*-See also:*KY-3*Navajo I*STU-II...
and STE equipment in much of the U.S. Department of Defense. USCENTCOM moved entirely to SVOIP in 2008.
Specialties
- Cryptosecurity: The component of communications security that results from the provision of technically sound cryptosystemsCryptographyCryptography is the practice and study of techniques for secure communication in the presence of third parties...
and their proper use. This includes ensuring message confidentiality and authenticity. - Emission security (EMSEC): Protection resulting from all measures taken to deny unauthorized persons informationInformationInformation in its most restricted technical sense is a message or collection of messages that consists of an ordered sequence of symbols, or it is the meaning that can be interpreted from such a message or collection of messages. Information can be recorded or transmitted. It can be recorded as...
of value which might be derived from interceptInterceptIntercept may refer to:*X-intercept, the point where a line crosses the x-axis*Y-intercept, the point where a line crosses the y-axis*Interception *The Mona Intercept, a 1980 thriller novel by Donald Hamilton...
and analysis of compromising emanations from crypto-equipment, automated information systems (computerComputerA computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
s), and telecommunications systems. - Physical security: The component of communicationsTelecommunicationTelecommunication is the transmission of information over significant distances to communicate. In earlier times, telecommunications involved the use of visual signals, such as beacons, smoke signals, semaphore telegraphs, signal flags, and optical heliographs, or audio messages via coded...
security that results from all physical measures necessary to safeguard classifiedClassified informationClassified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
equipment, material, and documents from accessAccess controlAccess control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
thereto or observation thereof by unauthorized persons. - Traffic-flow security: Measures that conceal the presence and properties of valid messages on a network. It includes the protection resulting from features, inherent in some cryptoequipment, that conceal the presence of valid messages on a communications circuit, normally achieved by causing the circuit to appear busy at all times.
- Transmission securityTransmission securityTransmission security is the component of communications security that results from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis...
(TRANSEC): The component of communications security that results from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysisCryptanalysisCryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
(e.g. frequency hopping and spread spectrumSpread spectrumSpread-spectrum techniques are methods by which a signal generated in a particular bandwidth is deliberately spread in the frequency domain, resulting in a signal with a wider bandwidth...
).
Separating classified and unclassified information
The RED/BLACK conceptRED/BLACK concept
The RED/BLACK concept refers to the careful segregation in cryptographic systems of signals that contain sensitive or classified plaintext information from those that carry encrypted information, or ciphertext ....
requires electrical and electronic circuits, components, and systems which handle encrypted ciphertext information (BLACK) be separated from those which handle unencrypted classified plaintext information (RED). The red/black concept can operate on the level of circuits, components, equipment, systems, or the physical areas in which they are contained.
Related terms
- AKMS = the Army Key Management System
- AEK = Algorithmic Encryption Key
- CT3 = Common Tier 3
- CCI = Controlled Cryptographic ItemControlled Cryptographic ItemA Controlled Cryptographic Item is a U.S. National Security Agency term for secure telecommunications or information handling equipment, associated cryptographic component or other hardware item which performs a critical COMSEC function. Items so designated may be unclassified but are subject to...
- equipment which contains COMSEC embedded devices - EKMS = Electronic Key Management System
- NSA = National Security AgencyNational Security AgencyThe National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...
- ACES = Automated Communications Engineering Software
- DTD = The Data Transfer Device
- DIRNSA = Director of National Security Agency
- TEK = Traffic EncryptionEncryptionIn cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
Key - TED = Trunk Encryption Device such as the WALBURN/KG family of CCI
- KEK = Key Encryption Key
- OWK = Over the Wire Key
- OTAR = Over The Air Rekeying
- LCMS = Local COMSEC Management Software
- KYK-13 = Electronic Transfer Device
- KOI-18 = Tape Reader General Purpose
- KYX-15 = Electronic Transfer Device
- KG-30 = TSEC family of COMSEC equipment
- TSEC = Telecommunications Security (sometimes referred to in error transmission security or TRANSEC)
- SOI = Signal Operating Instruction
- SKL = Simple Key Loader
- TPI = Two Person Integrity
- STU-IIISTU-IIISTU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user...
(secure phone) - STE - Secure Terminal EquipmentSecure Terminal EquipmentSecure Terminal Equipment is the U.S. Government's current , encrypted telephone communications system for wired or "landline" communications. STE is designed to use ISDN telephone lines which offer higher speeds of up to 128k bits per second and are all digital...
(secure phone)
Types of COMSEC equipment:
- Crypto equipment: Any equipment that embodies cryptographic logic or performs one or more cryptographic functions (key generation, encryption, and authentication).
- Crypto-ancillary equipment: Equipment designed specifically to facilitate efficient or reliable operation of crypto-equipment, without performing cryptographic functions itself.
- Crypto-production equipment: Equipment used to produce or load keying material
- Authentication equipment:
DoD key management system
The EKMSEKMS
The Electronic Key Management System system is a United States National Security Agency led program responsible for Communications Security key management, accounting and distribution...
is DoD key management, COMSEC material distribution, and logistics support system. The NSA established the EKMS program to supply electronic key to COMSEC devices in securely and timely manner, and to provide COMSEC managers with an automated system capable of ordering, generation, production, distribution, storage, security accounting, and access control.
The Army's platform in the four-tiered EKMS, AKMS, automates frequency management and COMSEC management operations. It eliminates paper keying material, hardcopy SOI, and associated time and resource-intensive courier distribution. It has 4 components:
- LCMS provides automation for the detailed accounting required for every COMSEC account, and electronic key generation and distribution capability.
- ACES is the frequencyFrequencyFrequency is the number of occurrences of a repeating event per unit time. It is also referred to as temporal frequency.The period is the duration of one cycle in a repeating event, so the period is the reciprocal of the frequency...
management portion of AKMS. ACES has been designated by the Military Communications Electronics Board as the joint standard for use by all services in development of frequency management and cryptonet planning. - CT3 with DTD software is in a fielded, ruggedized hand-held device that handles, views, stores, and loads SOI, Key, and electronic protection data. DTD provides an improved net-control device to automate crypto-net control operations for communications networks employing electronically keyed COMSEC equipment.
- SKL is a hand-held PDA that handles, views, stores, and loads SOI, Key, and electronic protection data.
See also
- CryptographyCryptographyCryptography is the practice and study of techniques for secure communication in the presence of third parties...
- Information securityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
- Information warfareInformation warfareThe term Information Warfare is primarily an American concept involving the use and management of information technology in pursuit of a competitive advantage over an opponent...
- NSA encryption systemsNSA encryption systemsThe National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems has become known and its most modern systems share at least...
- Operations securityOperations securityOperations security is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate...
- Secure CommunicationSecure communicationWhen two entities are communicating and do not want a third party to listen in, they need to communicate in a way not susceptible to eavesdropping or interception. This is known as communicating in a secure manner or secure communication...
- Signals Intelligence
- Traffic analysisTraffic analysisTraffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and...
- Type 1 product