TUCoPS :: Networks :: 69.txt

Improved Key Mgnt for DDN KG-84A Sec Circuits


********************************************************************** 
DDN MGT Bulletin 69              DCA DDN Defense Communications System   
16 Mar 90                        Published by: DDN Network Info Center
                                    (NIC@NIC.DDN.MIL)   (800) 235-3155


                        DEFENSE  DATA  NETWORK

                         MANAGEMENT  BULLETIN

The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network
Information Center under DCA contract as a means of communicating
official policy, procedures and other information of concern to
management personnel at DDN facilities.  Back issues may be read
through the TACNEWS server ("@n" command at the TAC) or may be
obtained by FTP (or Kermit) from the NIC.DDN.MIL host [26.0.0.73]
using login="anonymous" and password="guest".  The pathname for
bulletins is DDN-NEWS:DDN-MGT-BULLETIN-nn.TXT (where "nn" is the
bulletin number).
**********************************************************************

       Improved Key Management for DDN KG-84A Secured Circuits

1. The following information was transmitted to a wide variety of
addressees in a Military (AUTODIN) message form.  To ensure widest
possible dissemination of the information, it is being distributed
in this DDN Management Bulletin as well.

2. The Defense Communications Agency (DCA) is constantly looking
for ways to improve the Defense Data Network (DDN) and reduce any
burdens on the Node Site Coordinators (NSCs) and the Host
Administrators (HAs).  Since release of the Joint Staff mandate to
provide encryption devices on all our trunks and host access lines,
we have been extremely concerned with the current method of doing
daily crypto key changes or updates in the DDN networks.  The
existing procedures for changing or updating the communications
security (COMSEC) key are burdensome, time consuming, and manpower
intensive.  The whole process is underscored by the extensive
circuit downtimes that are attributed to key management.  However,
there are two relatively new ways of doing key changes or updates
that vastly improve on existing procedures.  One method uses
Over-the-Air Rekey (OTAR) and the other uses the DCA-procured
Enhanced Fixed Plant Adapter (EFPA).

3. The first method takes advantage of recent National Security
Agency (NSA) changes to COMSEC key management doctrine and policy.
These changes permit additional keying options and provide new
procedures for performing daily key changes or updates.  The
doctrinal changes take advantage of features in the KG-84A that
permit "Over-the-Air Rekey" or OTAR for short.  OTAR has been
applied in other networks and tested at selected sites in the DDN.
It has proven to be effective and efficient.  DCA supports and
encourages the use of OTAR on DDN circuits.

3.  The second method of doing key management requires the
DCA-procured EFPA.  DCA will select some Packet Switching Nodes
(PSNs) to install the DCA-procured EFPA in support of key update
functions.  PSNs selected for EFPA installation will be contacted
at a later date and provided all the particulars.  In the meantime,
DCA recommends OTAR implementation since it will not impact on site
selection for EFPA installation.

4.  DCA will be providing you additional guidance and information
describing OTAR and on how to apply it on your DDN circuit.  We must
emphasize the word "guidance" because COMSEC key management
responsibility and authority rests with the COMSEC Controlling
Authority (CCA) of the key.  It is for this reason that we strongly
encourage all NSCs, HAs, and Remote TAC Custodians to contact
their local COMSEC Custodian (or provider of the key) to discuss all
the guidance and information that we are going to provide you.  In
some instances, you will find that the COMSEC Custodian already
knows about OTAR.

5.  Agency and Service Points of Contact (POCs) are:

 A.  DCA - Mr. Carlos Castro, Code: DDOS, DSN: 356-5032, Comml: (703)
285-5032, email: CASTROC@IMO-UVAX.DCA.MIL;

 B.  NSA - Mr. Joseph W. Maguire, Code: S13T, DSN/STU-III: 235-6098,
Comml: (301) 688-6098;

 C.  Navy - Mr. Charles L. Latimer, Code: COMNAVTELCOM/N322C, DSN:
292-0400, Comml: (202) 282-0400;

 D.  Air Force - MSgt Gary H. Wigner, Code: AFCC/DSSC, DSN: 576-3451,
Comml: (618) 256-3451.

 E.  Army - CDRUSAISC/ASOP-OI, Fort Huachuca, AZ 85613-5300,
DSN: 879-8084.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH