KSD-64
The KSD-64[A] Crypto Ignition Key (CIK) is an NSA-developed EEPROM chip packed in a plastic case that looks like a toy key. The model number is due to its storage capacity — 64 kibibits (65,536 bits, or 8 KiB), enough to store multiple encryption keys. Most frequently it was used in key-splitting applications: either the encryption device or the KSD-64 alone is worthless, but together they can be used to make encrypted connections. It was also used alone as a fill device for transfer of key material, as for the initial seed key loading of an STU-III secure phone.
Newer systems, such as the Secure Terminal Equipment, use the Fortezza PC card as a security token instead of the KSD-64. The KSD-64 was withdrawn from the market in 2014. Over one million were produced in its 30-year life.[1]
Operation
The CIK is a small device which can be loaded with a 128·bit sequence which is different for each user. When the device is removed from the machine, that sequence is automatically added (mod 2) to the unique key in the machine, thus leaving it stored in encrypted form. When it is reattached, the unique key in the machine is decrypted, and it is now ready to operate in the normal way. The analogy with an automobile ignition key is close, thus the name. If the key is lost, the user is still safe unless the finder or thief can match it with the user's machine. In case of loss, the user gets a new CIK, effectively changing the lock in the cipher machine, and gets back in business.
The ignition key sequence can be provided in several ways. In the first crypto-equipment to use the idea (the KY-70), the CIK is loaded with its sequence at NSA and supplied to each user like any other item of keying material. Follow-on application (as in the STU-II) use an even more clever scheme. The CIK device is simply an empty register which can be supplied with its unique sequence from the randomizer function of the parent machine itself. Not only that, each time the device is removed and re-inserted, it gets a brand new sequence. The effect of this procedure is to provide high protection against the covert compromise of the CIK wherein a thief acquires the device, copies it, and replaces it unknown to its owner. The next morning (say), when the user inserts the device, it will receive a new sequence and the old copied one will be useless thereafter. If the thief has gotten to his machine during the night, he may be able to act into the net; but when the user attempts to start up in the morning the thief's device will no longer work, thus flagging the fact that penetration has occurred.
This concept appears particularly attractive in office environments where physical structures and guarding arrangements will not be sufficiently rigorous to assure that crypto-equipments cannot be accessed by unauthorized people.[2]
References
- A 30-Year Run for the Parallel Key Line, Datakey, December 4, 2014
- https://www.governmentattic.org/18docs/Hist_US_COMSEC_Boak_NSA_1973u.pdf A History of U.S. Communications Security; the David G. Boak Lectures, National Security Agency (NSA), Volumes II 1981, partially released 2008, additional portions declassified October 14, 2015, p.15