top - download
⟦82a207aaa⟧ Wang Wps File
Length: 16464 (0x4050)
Types: Wang Wps File
Notes: LKSAA - vol. II part 1
Names: »4239A «
Derivation
└─⟦84f7719fc⟧ Bits:30006031 8" Wang WCS floppy, CR 0385A
└─ ⟦this⟧ »4239A «
WangText
Issue
1.5
LKSAA - VOLUME II
SYS/84-06-15
Part 1
TECHNICAL PROPOSAL
Page
6 CRYPTO SYSTEM ....................................
275a
6.1 CRYPTO CONTROL SYSTEM HARDWARE ...............
275a
6.1.1 System Interface to Off-Line Crypto-
graphic Equipment ........................
277
6.1.2 Interface to On-Line Crypto ..............
277
6.2 SOFTWARE OF THE CRYPTO CONTROL SYSTEM ........
277
6.2.1 Crypto Key Management ....................
278
6.2.1.1 Input of Crypto Keys .................
278
6.2.1.2 Management of Crypto Keys ............
278
6.2.1.3 Initiation of Crypto Keys ............
279
6.2.1.3.1 Time- and Usage Crypto Keys ......
279
6.2.1.3.2 Modify Present Crypto Key Number
. 279
6.2.2 Management of The OFFLINE Crypto Device ..
279
6.2.3 Management of ONLINE Crypto Devices ......
280a
6.2.4 Communication with the Central
Communication System .....................
280aa
6.3 CRYPTO KEY SUPERVISION .......................
280b
6.4 CRYPTO SECURITY ..............................
280b
6.5 CRYPTO RACKS .................................
280b
6.5.1 Racks for Off-line Cryptos ...............
280b
6.5.2 Racks for On-line Cryptos ................
280c
6.6 CRYPTO CONTROL SYSTEM WITH HIGHER AVAILABILITY
280ca
6̲ ̲C̲R̲Y̲P̲T̲O̲ ̲S̲Y̲S̲T̲E̲M̲
Christian Rovsing A/S's extensive experience in designing
and implementing crypto system will ensure a well functioning
LKSAA.
Christian Rovsing A/S has delivered a very cost effective
crypto system as part of the FIKS system for the Danish
MOD. In this system, several trunk lines share only
one crypto device, which acts as a multiplexor between
the various trunks. Although AA's outline of the crypto
system for LKSAA is different, we believe that we in
close cooperation with AA can design a well functioning
and secure crypto system.
The Crypto System consists of the Crypto Control System,
4 Off Line Cryptos and 90 On Line Cryptos.
The purpose of the Crypto Control System is to store
the crypto key's, and make the keys available to the
crypto units under control of the Central Communication
System.
The procedure by which the Central Communication System
requests keys to be sent to the cryptos is found in
section 2.1.5.2.
6.1 C̲R̲Y̲P̲T̲O̲ ̲C̲O̲N̲T̲R̲O̲L̲ ̲S̲Y̲S̲T̲E̲M̲ ̲H̲A̲R̲D̲W̲A̲R̲E̲
The proposed Crypto Control System is a separate system
configured around a dualized X-net (Non-tempest). A
schematic of the Crypto Control System is shown in
figure 6.1-1.
For a general description of the X-net and X-net components
and expansion possibilities refer to section 2.1.2.
The process capacity in the CRYPTO System is provided
by a work stations, called X-net Administrator, XNA.
This work station is based on the CR16 Terminal.
For redundancy purposes the Crypto System is equipped
with 2 XNA's.
The CR16 is in this configuration equipped as a compact
desk top integrated work station, which includes an
intelligent terminal and one (10M byte unformatted)
mini-Winchester rigid drive.
The storage requirements for Crypto Keys is 400 keys
of 30 bytes for each of the 300 foreign services i.e.
3.6 Mbyte. If storage of more keys would be required
in the future, the CR16 could be equipped with 36 or
72 Mbyte Winchester.
The Crypto System is equipped with one XTA for interface
to the papertape reader, one XTA for interface to the
printer and two XTA for communication with the Central
Communication System. This communication includes requests
for key allocation to the Cryptos and status information
to be exchanged between the two systems.
The paths for data to/from cryptos and the paths for
crypto keys is depicted in figure 6.1-2.
Figure 6.1-1
Crypto Control System
Figure 6.1-2
Paths for Keys and Data
6.1.1 S̲y̲s̲t̲e̲m̲ ̲I̲n̲t̲e̲r̲f̲a̲c̲e̲ ̲t̲o̲ ̲O̲f̲f̲-̲L̲i̲n̲e̲ ̲C̲r̲y̲p̲t̲o̲g̲r̲a̲p̲h̲i̲c̲ ̲E̲q̲u̲i̲p̲m̲e̲n̲t̲
The information provided in the request for proposal
is insufficient to evaluate this interface.
This proposal is based on the assumption that the 5-bit
bytes of the keys are transferred under control of
some control signals. Additional information like the
number of the key and the number of the byte in the
key is reported in parallel with the key data. The
key information is only transferred once to the cryptos
each time the Central Communication System requests
a new key to be used.
A special XTA is developed for this purpose. The Crypto
System is equipped with 4 XTAs for interface to 4 off
line crypto's.
6.1.2 I̲n̲t̲e̲r̲f̲a̲c̲e̲ ̲t̲o̲ ̲O̲n̲-̲L̲i̲n̲e̲ ̲C̲r̲y̲p̲t̲o̲
This proposal is based upon the assumption that there
are two types of On-line interfaces, one for the ELCROTEL
E4s and one for ELCROBIT 96. Further it is assumed
that the interface for transfer of keys to E4s is identical
to the interface for transfer of keys to Off-line cryptos.
It is assumed that transfer of keys to EB 96 is performed
in a similar way as transfer of keys to E4s.
The Crypto System is equipped with 90 XTA's for interface
to the On-Line Cryptos.
6.2 S̲O̲F̲T̲W̲A̲R̲E̲ ̲O̲F̲ ̲T̲H̲E̲ ̲C̲R̲Y̲P̲T̲O̲ ̲C̲O̲N̲T̲R̲O̲L̲ ̲S̲Y̲S̲T̲E̲M̲
The software for the crypto control system is divided
in system- and application software. While the system
software is already available and field tested to ensure
maximal software reliability, the application software
will be developed in accordance with the high quality
assurance procedures, using well proven development
and testing techniques. The procedures to be followed
are the same as for the Central Communication System,
and have been described in section 7.5.
The XNA will get its program down line loaded from
the XCT. During operational processing keep alive messages
will constantly be exchanged between the Crypto System
and the Central Commnication System to secure that
unauthorized programmes cannot be entered into the
System without a warning being generated for the System
Supervisor. Additionally the rack where the XCT is
placed is equipped with a lock.
6.2.1 C̲r̲y̲p̲t̲o̲ ̲K̲e̲y̲ ̲M̲a̲n̲a̲g̲e̲m̲e̲n̲t̲
The tasks to be performed by the Crypto Control System
are the following:
- Input of crypto keys
- Management of crypto keys
- Initiation of crypto keys
6.2.1.1 I̲n̲p̲u̲t̲ ̲o̲f̲ ̲C̲r̲y̲p̲t̲o̲ ̲K̲e̲y̲s̲
The crypto keys to be used by ONLINE and OFFLINE crypto
device will be input to the Crypto Control System by
the paper tape reader under control from the VDU display
of the XNA.
Every foreign country representation will have one
dedicated plus one reserve paper tape assigned for
encryption and decryption. All keys will be filed under
a station and a sequence number.
The input of keys will be logged on the printer.
The detail specification will be provided during the
initial phases of the project.
6.2.1.2 M̲a̲n̲a̲g̲e̲m̲e̲n̲t̲ ̲o̲f̲ ̲C̲r̲y̲p̲t̲o̲ ̲K̲e̲y̲s̲
The Crypto Control System will automatically print
a status list of all used crypto keys on a daily basis.
The actual time for print out can be entered and changed
by the crypto supervisor.
A similar list can be displayed on the VDU of the XNA
as per request, and a hardcopy can be made. The detailed
layout of the status list will be specified.
Various safety procedures will be built into the crypto
management program to ensure that a well defined status
will be available even after any system error.
6.2.1.3 I̲n̲i̲t̲i̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲C̲r̲y̲p̲t̲o̲ ̲K̲e̲y̲s̲
The following functions can be performed by the Crypto
Supervisor:
6.2.1.3.1 T̲i̲m̲e̲-̲ ̲a̲n̲d̲ ̲U̲s̲a̲g̲e̲ ̲C̲r̲y̲p̲t̲o̲ ̲K̲e̲y̲s̲
The Crypto Control System differentiate between time-
and usage crypto keys. The usage keys are only used
once, while the time keys are used over a specific
period of time. The segregation between the two type
of keys for one or more foreign country representation
can be changed.
Regarding time keys for each foreign country representation,
the following information will be available:
- Period of days for time keys usage
- Time of day of automatical change of time key
The number of the next usage key to be used will automatically
be incremented when a usage key has been utilized.
This information is stored on the Winchester Disc.
6.2.1.3.2 M̲o̲d̲i̲f̲y̲ ̲P̲r̲e̲s̲e̲n̲t̲ ̲C̲r̲y̲p̲t̲o̲ ̲K̲e̲y̲ ̲N̲u̲m̲b̲e̲r̲
This function allows the operator to change the number
of the next key to be used. He can choose to change
either:
- A single representation
- Some representation in one session
6.2.2 M̲a̲n̲a̲g̲e̲m̲e̲n̲t̲ ̲o̲f̲ ̲T̲h̲e̲ ̲O̲F̲F̲L̲I̲N̲E̲ ̲C̲r̲y̲p̲t̲o̲ ̲D̲e̲v̲i̲c̲e̲
For each incoming message, the Central Communication
System will transmit a crypto key identification, and
then the Crypto Control System will retrieve the associated
key from its local disc storage, and hand it over to
the Crypto. When the key has been loaded, the Central
Communication System will be informed.
The procedure used when the Central Communication System,
or the operator detects incoming garbled message is
described in part 2, para. 1.5.3.2
A similar scheme for control of crypto keys is performed
for outgoing messages.
The Crypto Control System is able to use all the OFFLINE
crypto devices based on traffic volume needs, etc.
During encryption of a message, the encrypted characters
are stored by the Central Communication System. When
encryption is complete a Chi-Square-Test is performed
in order to verify that the message has been encrypted
correctly. Only after correct encryption or after a
special operator command can the message be transmitted.
6.2.3 M̲a̲n̲a̲g̲e̲m̲e̲n̲t̲ ̲o̲f̲ ̲O̲N̲L̲I̲N̲E̲ ̲C̲r̲y̲p̲t̲o̲ ̲D̲e̲v̲i̲c̲e̲s̲
The ONLINE Crypto Devices are inserted directly in
the transmission path, and the system will maintain
a status of all crypto devices. Bypassing of cryptos
is controlled by the Central Communication System.
Allocation of Crypto Device to communication channel
may be changed on the line switch facility. The according
list which is stored in the Crypto Control System may
be changed by the Crypto Supervisor.
The detailed specification of the crypto system will
be agreed during the initial phases of the program.
To ascertain that only correct encrypted messages are
transmitted on the lines, it is a necessity that the
Crypto devices are able to inform the Crypto System,
or the Central Communication System, whether a key
has been received and synchronization with the remote
equipment has been obtained. Information to the Central
Communication System could be given by the 'ready for
data' - state (for X21 Protocol) or similar as described
in section 2.1.5.2.
If such status is delivered from the crypto device
to the Crypto Control System the Crypto Control System
will inform the Central Communication System when the
line is ready to transmit data.
First at this time, data will be released for transmission.
The first data to be exchanged will be a "who are you"
session, which will ensure that the distant crypto
is operating on the same key. If key cannot be entered,
synchronization is lost, or cannot be obtained, Crypto
Supervisor and Message Distribution Operator will be
informed. The Crypto Supervisor will be informed about
which crypto unit is failing and the crypto key identification.
The Message Distribution Operator will be given the
same information together with an indication of which
link or message that has been affected.
6.2.4 C̲o̲m̲m̲u̲n̲i̲c̲a̲t̲i̲o̲n̲ ̲w̲i̲t̲h̲ ̲T̲h̲e̲ ̲C̲e̲n̲t̲r̲a̲l̲ ̲C̲o̲m̲m̲u̲n̲i̲c̲a̲t̲i̲o̲n̲ ̲S̲y̲s̲t̲e̲m̲
Whenever the Central Communication System wants to
utilize the Cryptographic Equipment, a request to load
a key will be sent to the Crypto Control System. This
request will contain an identification of the counterpart
with which communication shall take place and the communication
channel which shall be used. When the corresponding
key has been loaded the Crypto Control System will
inform the Central Communication System. This communication
takes place via the XTA's dedicated for this purpose.
To avoid errors in this transfer of information a HDLC-like
protocol will be used.
For this purpose a set of command and status messages
will be defined during the detailed specification.
Undefined commands will be rejected by the Crypto Control
System, and an error message will be given to the Crypto
Supervisor.
6.3 C̲R̲Y̲P̲T̲O̲ ̲K̲E̲Y̲ ̲S̲U̲P̲E̲R̲V̲I̲S̲I̲O̲N̲
Due to the use of the HDLC-like protocol on the X-Net,
the key information which has been entered correctly
from the papertape is ensured to arrive uncorrupted
to the XTA, or the user will be informed of errors.
Consequently errors in the transfer of key information
from the disk to the crypto can only occur in the part
of the XTA which transmits the key to the crypto or
in the receiving part of the crypto. Consequently it
can only be gauranteed that the key has been received
correctly by the crypto device, if the crypto device
is able to return the key it has received to the Crypto
System.
To avoid errors from the reading of the papertape the
tapes will be entered twice, and the information compared.
Additionally, the use of a check sum could be used.
If the cryptos can also check this check sum, the above
mentioned error could also be avoided in this way.
The operator will be informed of errors detected during
read-in of keys and transfer of keys to the cryptos.
In such cases the operator may try to enter a new key,
or request a failing crypto to be blocked.
6.4 C̲R̲Y̲P̲T̲O̲ ̲S̲E̲C̲U̲R̲I̲T̲Y̲
The devices in the crypto system will be secured by
various means like physical keys, password or similar.
Certain functions may be defined to require two sets
of password. The keep alive message exchange with the
Central Communication System and the locks on the racks
ensure that a new program, which could dump the key
information, cannot be entered in the system.
6.5 C̲R̲Y̲P̲T̲O̲ ̲R̲A̲C̲K̲S̲
6.5.1 R̲a̲c̲k̲s̲ ̲f̲o̲r̲ ̲O̲f̲f̲-̲L̲i̲n̲e̲ ̲C̲r̲y̲p̲t̲o̲s̲
According to Ant Nachrichtentechnik, the CE1-3 is a
plug-in unit of the special equipment of AA.
Therefore Ant Nachrichtentechnik cannot provide mechanical
specification for the installation of this unit. Neither
do they produce racks for this equipment.
Consequently no racks for Off-line Cryptos are included
in the proposal.
6.5.2 R̲a̲c̲k̲ ̲f̲o̲r̲ ̲O̲n̲-̲L̲i̲n̲e̲ ̲C̲r̲y̲p̲t̲o̲s̲
For the On-line Cryptos three different types are mentioned.
The E4's and the Elcrobit 1 exist in two different
configurations, the size 1 and the size 2. The racks
for the E4s can house 2 size 2 units, 2 size 2 units
plus 2 size 1 unit, or 6 size 2 units.
Consequently the necessary amount of racks cannot be
decided.
An optional proposal (unit price) for these racks is
included.
The Elcrobit 96 fits into a standard 19 inch rack.
The rack type in the optional proposal for racks for
this equipment can house 12 Elcrobit 96 each.
Power Cables for the Cryptos, and a Power Distribution
Panel are not included.
6.6 C̲R̲Y̲P̲T̲O̲ ̲C̲O̲N̲T̲R̲O̲L̲ ̲S̲Y̲S̲T̲E̲M̲ ̲W̲I̲T̲H̲ ̲H̲I̲G̲H̲E̲R̲ ̲A̲V̲A̲I̲L̲A̲B̲I̲L̲I̲T̲Y̲
In the proposed system, loading of key to a dedicated
crypto may be impossible, if the XTA connected to the
key-input of the crypto fails.
In the proposed system this would lead to an error
report which would result in selection of another communication
channel of the same type enabling use of another crypto,
or another crypto could be patched in on the line patched
facility.
As a system with higher availability is necessary,
a dualization of the XTA's for crypto key control could
be performed. This dualization is proposed. The configuration
drawing (figure 6.1-1) does not show this dualization.
