block 11 part 3 crypto/COMSEC

Question 1

what is COMSEC?
(communication security)

Answer 1

measures taken to deny unauthorized persons access to information (US GOV specific)

COMSEC protection results from applying security measures to communication and information systems generating, handling, storing, processing.

Question 2

what is National Security Agency (NSA)?

Answer 2

prevents foreign adversaries from gaining classified national security information

Agency collects, processes, and disseminates intelligence information from foreign electronic signals for national foreign intelligence and
counterintelligence purposes and to support national and departmental operations.

Question 3

what is Central Security Services (CSS)?

Answer 3

provides timely/accurate cryptologic support, knowledge, and assistance to the military cryptological community

CSS coordinates and develops policy and guidance on the SIGINT and IA
missions of NSA/CSS to ensure military integration

Question 4

what is NIST (National Institute of Standards and Technologies)?

Answer 4

agency that promotes U.S. innovation/industrial competitiveness by advancing measurement
science, standards, and technology in ways that enhance economic security

approves techniques. Approved techs are asymmetric (public key) + symmetric (secret key)

CTG (cryptographic technology group) - work w/ cryptographic mechanisms like hashing algorithms, symmetric and asymmetric cryptographic techniques, key
management, authentication, and random number generation.

Question 5

what is cryptographic security?

Answer 5

using cryptography to send messages/information that cannot be understood by enemies

cryptography (encryption) = (plain text) turned into (ciphertext) then back to original form by the person it was intended (cipher text - plain text) using a cryptographic algorithm and key (decryption)

relies on two components : an algorithm and crypto-key

Question 6

what is a cryptographic key?

Answer 6

A parameter or numeric value used in conjunction with cryptographic algorithm that determines its operation

aka key variable

Question 7

what is cryptanalysis?

Answer 7

science of deciphering a coded message without prior knowledge of the key

Question 8

what is transmission security (transec)?

Answer 8

security control measures applied to prevent interception, disruption of reception, communications deception

deals with the security of
communication movement

deals with the transmission aspect of info/communications as opposed to the actual message/information

authorized TRANSEC methods include:

• implement radio signals
• change radio frequencies,
• cancel or alter communication patterns
• use frequency hopping systems
• use directional antennas

Question 9

what is TEMPEST?

Answer 9

it’s aim is to limit
TEMPEST vulnerabilities are unintentionally emitted signals, or compromising emanations.

preventing compromise of emitted signals

technique - the RED/BLACK Separation concept.

Question 10

what is key management infrastructure (KMI)?
(KOAM = KMI operating account manager)

Answer 10

usually wing level manager

• local point of contact for all matters COMSEC
• will adequately train and certify COMSEC Responsible Officers (CROs) to be responsible for smaller COMSEC sub-accounts that support a squadron or flight’s mission requirements

Question 11

what does comsec responsible officer do? (CRO)

Answer 11

• administers physical security procedures for their responsible sub account(s),
• validating access to materials
• training/certifying all authorized COMSEC users

Question 12

what are the 3 access requirements?

Answer 12

• the need to know (commander grants)
• proper security clearance
• proper identification
  (need to be US citizen)

Question 13

what are the 3 GSA (general services administration) security containers classifications ?

Answer 13

• top secret
  approved class 5 container or class A vault)
  TS material stored = alarmed areas + surveillance by armed guards
• secret
  (Class “B” vault (or Class “A” vault with TS)
  can be equipped with a lock requiring a single combination.
• confidential
  stored in a secure room but can also be stored under the same safeguards as Top Secret or Secret COMSEC materials

any approved GSA container will have a Standard Form 702 (SF 702)
The SF 702 is used to record events such as who opened/closed the container, the time it was opened/closed, and who checked the container to ensure it was properly secured

Question 14

what is two person integrity (TPI)?

Answer 14

required when dealing with Top Secret information and material.

TPI requires the presence of at least two authorized individuals who have both been briefed on TPI procedures and are capable of detecting incorrect or unauthorized security procedures concerning the
task being performed.

Question 15

what is controlled cryptographic items (CCI)?

Answer 15

can be classified in one of two ways: keyed and unkeyed.

Keyed CCI will be protected at the highest classification of the key it contains.

Unkeyed CCI, are considered sensitive and should be stored in a secure place (such as a locked cabinet or locked desk).

Question 16

what is the AF form 1109?

Answer 16

visitor register log
red or pink distinct badge

You would record the name, organization, and arrival and departure times of all individuals not named on the access list.

Question 17

what is AFCOMSEC Form 16?

Answer 17

is used to record daily, shift, or local inventories of accountable
COMSEC material.

• used to record any discrepancies noted during inventory

four areas recorded: short title, quantity, edition, registry number

Question 18

what are accounting legend codes (ALC)?

Answer 18

used to identify the level of accountability of a particular COMSEC
item. The main ALCs are ALC-1, 2, 4, and 6.

ALC-1 : requires continuous
accountability from cradle to grave (creation to destruction). ALC-1
material must be inventoried every day the storage container (vault,
safe, etc.) is opened. The inventory will include the Short Title,
Edition, Registry (Reg) Number, and Quantity.

ALC-2: are generally cryptographic equipment or instruments used within the equipment. Unlike ALC-1, they are inventoried by short title and
quantity rather than accounting control number.

ALC-4: are generally publications
of some type (AFKAG-1, AFKAG-2, AFKAGs 11-16, etc.). ALC-4
material does not require continuous accountability as does ALC-1,
and ALC-2, material. No inventory is required unless the local
COMSEC Manager directs it.

ALC-6 Reserved for Electronic Keys

Question 19

what is standard 701 form?

Answer 19

end of day checks

Question 20

what is standard form 153?

Answer 20

COMSEC Material Report is used to report Inventory changes, Transfers, Destruction, and Hand receipts.

Question 21

conditions of destruction of comsec material

Answer 21

there must be at least 2 people present + both need to sign standard form 153.

destroyed ASAP after aids have served their purpose

two types of unapproved destructions are
- premature: destruction occurs when material is destroyed without proper authority or is destroyed before the supersession date.
- Inadvertent : destruction occurs when material is destroyed by
accident.

Question 22

what are the 3 conditions of destruction?

Answer 22

• routine destruction
  is performed when classified material no longer serves a useful purpose (working files should be destroyed every 30 days)

3 most common methods used for destruction are burning, crosscut shredding, and pulverizing/pulping

• precautionary destruction
  performed any time there is imminent danger of classified material being compromised when attack by an enemy force is probable
• emergency destruction
  destruction is more urgent. In all probability, it would become necessary in the face of an enemy attack

Question 23

what are emergency action plans (EAPs)?

Answer 23

a plan for instances when rapid response or preventive compromise might be required.

classified ALC-1 or ALC-2 material must develop and maintain a current EAP to protect material during emergencies

consist of task cards only and must be coordinated with the base COMSEC manager

The commander must give the senior
person in the area the authority to activate the plan in case conditions prevent contact with the commander.

Question 24

what is Secure Internet Protocol Routing (SIPR)?

Answer 24

Signals identified as Red Data are information that contains unencrypted sensitive or classified plain text information

Question 25

what is Non secure Internet Protocol Routing (NIPR)?

Answer 25

Signals identified as Black Data are information that carry encrypted classified information, or cipher text.

Question 26

what is compromising emanations?

Answer 26

unintentional intelligence-bearing signals, which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment

the emissions could radiate information, which could lead to the reconstruction of key variables, and from a COMSEC viewpoint, that is absolutely the worst thing that can happen.

Question 27

what is red/black seperation?

Answer 27

requires that electrical and electronic components, equipment, and systems processing plain text be kept separate from those that process Cipher text to reduce the compromising emanations.

red = plaintext IIIII black = ciphertext

The DOD achieves RED/BLACK goals by using proper grounding, bonding, and shielding methods as well
as filtering and isolation techniques to create physical, electrical, and electromagnetic barriers around
equipment, aircraft, and facilities.

TEMPEST is interrelated with the RED/BLACK Separation concept

Question 28

the crypto-key is received through

Answer 28

the CRO, KOAM and the NSA and
inputted into the equipment by the COMSEC authorized user by using a common fill device

Question 29

what is symmetric (secret key)?

Answer 29

an identical copy of keys
is used in all encryption devices for the cryptography process.

One advantage = significantly faster than public-key systems.

Question 30

what are block ciphers?

Answer 30

operate by encrypting/decrypting one chunk of data at a time.

Block ciphers are the most common symmetric algorithms.

3 algorithms for block ciphers are typically used to encode data:

• Data Encryption Standard (DES)

converts plaintext into ciphertext using a key that consists of 64 binary digits. 56 bits are randomly
generated and used directly by the algorithm. The extra eight bits are used for error detection.

considered unsecure and insufficient for classified use.

• Triple Data Encryption Standard (3DES)

three-fold compound operation for encryption/decryption.

• Advanced Encryption Standard (AES).

it displayed consistently good
performance in both hardware and software, and its low memory requirements make it well suited across a wide range of computing environments.

ability to utilize 128 bit, 192 bit, and 256 bit key-lengths.

Confidential and Secret information requires AES of 128 bit key lengths or higher. Top Secret requires AES
192 or 256-bit key length.

RIJNDAEL is the most popular in both the commercial and government sectors

Problems : The secret-key system distributes copies of the same key to all devices to establish a mirror
image.

Question 31

what are stream ciphers?

Answer 31

Stream ciphers encrypt/decrypt each bit of data, one at a time in a continuous stream of encrypted data.

Question 32

what is asymmetric (public key systems)?

Answer 32

uses two different keys for each encryption device – a public-key and the private-key

these algorithms are used to achieve authentication, integrity, non-repudiation, and support confidentiality through key management.

private key cannot be determined from the public key.

Question 33

what is public key infrastructure (PKI)?

Answer 33

(PKI) binds public keys to entities, enables other entities to verify public key bindings, and provides the services needed for ongoing management of keys in a distributed system.

PKI allows you to conduct business
electronically with the confidence that:

• The person or process identified as sending the transaction is actually the originator.
• The person or process receiving the transaction is the intended recipient.
• Data integrity has not been compromised.

Question 34

what is a common fill device (CFD)?

Answer 34

a device used to receive, store, and transfer key variables to End
Cryptographic Units (ECU).

The AN/PYQ-10 Simple Key Loader (SKL) is the NSA-approved, handle-held Personal Digital Assistant (PDA) we use in our career field.

• store 500,000 individual key variables.
• • AN/PYQ-10 SKL can store classified key data up to Top Secret

Each unit is paired with its own
Crypto Ignition Key (CIK) to lock and unlock access to the encrypted key database.

Question 35

what is serial encryption devices?

Answer 35

used to provide a secure link in serial applications between a host and remote user (point-to-point) or users (point-to-multipoint), and they operate at the layer 2 of the OSI model

serial connection to a Wide Area Network

KIV-7M = multi-purpose, Type 1 including TOP SECRET. COMSEC link encryptor.

can also interface with new Link Encryptor Family (LEF) devices

• KIV-7M has two independent link Configurable RED and BLACK input/output (I/O) ports enable the KIV-7M to interface with a wide array of communication and network equipment.
• utilizes a symmetric key system for encryption. Users must ensure the local end and distant end devices are utilizing the same TEK. The KIV-7M is capable of storing up to 10 TEKs.

Question 36

what are IP encryption devices?

Answer 36

protects classified data-in-transit over (IP) networks, thus operating at the layer 3 of the OSI model.

ensure secure network-centric connections over satellite, WANs, WiMax, Broadband, Dial-up, and Wireless networks.

An enclave can be a single computer or an entire routed SIPR network

Question 37

what is KG-175D (TACLANE)?

Answer 37

Encryptor—sometimes called a Type 1 In-Line Network Encryptor (INE)

• optimized for tactical and strategic environments.
• is high-speed, compact, and mobile, extreme temperatures and conditions.
• certified for TOP SECRET and below

is intended to secure (LANs), interconnected LANs, (WANs).

• provides message confidentiality, data integrity, authentication, and access control security services to protect data classified TOP SECRET/SENSITIVE COMPARTMENTED INFORMATION

Question 38

what is OVER THE AIR REKEYING (OTAR)?

Answer 38

two-way secure transmission used to update or distribute a key to remote locations.

three types of key transfers exist to change/rekey a device using the AN/PYQ-10 SKL, depending on the type and destination

• Manual Rekey (MK): point-to-point rekey. This can be used to update a remote station that has no users at the location. The main station uses its secure link to transmit and
  automatically install the proper key.
• Automatic Rekey(AK): point-to-multipoint rekey. This is used to update a network
  with multiple subscribers. Automatic rekey is primarily done from a master station or Communication Focal
  Point (CFP). The CFP can update a few or all users with an updated key.
• Manual Cooperative Key Transfer (MK/RV) : point-to-point, but is used for keys that may be stored for future use in a CFD.

A CFD can transmit a key through the secure connection to another CFD at a remote location. This can be useful if the area between the two locations is hostile.

to keep keys secure while in transit, a Key Encryption Key (KEK) is used to encrypt the Traffic Encryption Key (TEK)

Question 39

what is Pre-Placed Key (PPK)?

Answer 39

a key system that is symmetric meaning it uses only one key to encrypt/decrypt information.

can be designed to be installed in equipment for a year’s supply.

Classified as Traffic Encryption Keys (TEK) or Key Encryption Keys (KEK).

A TEK is a key that encrypts the data passing through the device,

KEK is used for the encryption or decryption of other keys.

Question 40

what is Firefly Vector Set (FFVS)?

Answer 40

used for exchanging asymmetrical key pairs.

unique third key= FIREFLY-Generated Traffic Encryption Key and used for encryption/decryption.

These TEKs are used to exchange data between the peer In-Line Network Encryptors, which are the two IP encryptors.