(U//FOUO) NSA Field Generation and Over-the-Air Distribution of COMSEC Key Manual

The following manual was originally made available in August 2010 on the document sharing website Scribd.

NAG-16F FIELD GENERATION AND OVER-THE-AIR DISTRIBUTION OF COMSEC KEY IN SUPPORT OF TACTICAL OPERATIONS AND EXERCISES

99 pages
For Official Use Only
May 2001

1. (U//FOUO) Where Are We Heading? – A major evolution in communications security (COMSEC) keying technology has begun. Under the Electronic Key Management System (EKMS) program, standards, hardware, and applications are being developed to apply state of the art automation to generate, distribute, load, control, and account for COMSEC key. The program incorporates sufficient backward compatibility to assure that both future, automated key and existing, common electronic key can be handled. EKMS hardware is being fielded, but full development of tailored tactical key generation and distribution programs may take several more years.

2. (U//FOUO) Where Are We Now? – Until EKMS Key Processors (KPs) and local management devices (LMDs) are fully implemented throughout the tactical forces, military commanders must be able to establish secure communications, without needless and/or redundant prepositioning of key or last minute key tape distribution. This document prescribes pre-EKMS techniques to satisfy that requirement, but emphasizes use of available EKMS terminals and other key variable generators (KVGs) to generate tactical key.

3. (U//FOUO) Interoperability – Effective and timely creation of secure tactical nets and circuits requires that communications planners and operators have a common base of understanding regarding applicable COMSEC procedures and equipment operating instructions. This document fulfills that requirement for Joint commands and their Service components. It also has limited applicability in multi-national operations and exercises, when the Allied participants use COMSEC equipment that is capable of over-the-air key distribution (OTAD).

NOTE: (U//FOUO) ACP-132A, Field Generation and Over-the-Air Distribution of Key in Support of Tactical Operations and Exercises, is the equivalent of NAG-16F for use by the military forces of Australia, Canada, New Zealand, and the United Kingdom. U.S. tactical forces do not hold ACP-132A, because its provisions are similar to those of NAG-16F.

NOTE: (U//FOUO) NAG-22A, Over-the-Air Rekeying of Combined Tactical Nets and Circuits, is a partial equivalent of NAG-16F intended to explain over-the-air rekeying (OTAR) to Allied users of “S” nomenclatured (special purpose) COMSEC equipment. When Combined nets/circuits include terminals equipped with “S” equipment, a U.S. station equipped with “K” nomenclatured equipment must serve as the net control station (NCS). U.S. tactical forces do not hold nor need NAG-22A.

NOTE: (U//FOUO) SDIP-14, Operational Doctrine for TSEC/KW-46 Fleet Broadcast, includes doctrine for Over-The-Air Transfer (OTAT) of tactical key via the single-channel North Atlantic Treaty Organization (NATO) fleet broadcasts. U.S. Navy (USN) tactical forces having NATO missions should hold SDIP-14.

4. (U//FOUO) Implementation – The principal advantage of the key management procedures presented here is flexibility to create a continuing supply of tactical key for a variety of commonly held COMSEC equipment and to distribute it electronically to potential users. The key generation and distribution routines given are particularly suitable for support of Joint operations and exercises involving forces that do not routinely train together. However, they cannot be relied upon to contribute to joint mission accomplishment, unless required levels of user competency are maintained through incorporation into intra-Service operations and exercises.

…

b. (U) Purpose – This document is intended as the standard U.S. user’s manual for planning and conducting field key generation and OTAD in support of tactical activities. It is targeted primarily at Joint and Intra-Service Operations and Exercises, particularly those involving forces that do not routinely train or operate together. It also has limited application to Combined operations and exercises involving Allied forces that hold OTAR- and OTAT-capable COMSEC equipment.

…

1. (U) INTRODUCTION

a. (U//FOUO) Perspective – Field generation and Over-The-Air-Distribution (OTAD) of the COMSEC key needed to support tactical communications offers distinct operational advantages over dependence on centrally produced, physically distributed tape key. Communications efficiency and flexibility can be materially enhanced, if secure tactical nets and circuits are established and rekeyed with field-generated TEK that is distributed via Over-The-Air Rekeying (OTAR). Pending full implementation of the Electronic Key Management System (EKMS), operational flexibility can also be enhanced if TEK for other tactical applications is distributed via Over-the-Air Transfer (OTAT), between Data Transfer Device (DTDs), using STU-III, STU-IIIA, STU-IIB, STE, or KY-68 secured telephone circuits, KW-46 secured broadcasts, or nets/circuits secured by KG-84A/C and KIV-7/7HS equipment. Commanders who generate and electronically distribute needed key have maximum latitude to structure their communications to support mission requirements and to react quickly to fluid tactical situations and potentially serious key compromises.

b. (U) Purpose – This document is intended as the standard U.S. user’s manual for planning and conducting field key generation and OTAD in support of tactical activities. It is targeted primarily at Joint and Intra-Service Operations and Exercises, particularly those involving forces that do not routinely train or operate together. It also has limited application to Combined operations and exercises involving Allied forces that hold OTAR- and OTAT-capable COMSEC equipment.

c. (U) Definitions & Acronyms – Many of the specialized terms used in this document are defined in Annex A. Acronyms that appear in the document are also expanded in Annex A.

d. (U//FOUO) Activation – U.S. commanders at all echelons are authorized and encouraged to direct field generation and OTAD of keys needed to support tactical operations and exercises for which they are responsible.

NOTE: (U//FOUO) The procedures addressed herein are presented as routine communications practices for tactical forces, but exceptions to certain specified COMSEC procedural constraints are authorized during COMSEC emergencies, in which the only viable alternative available to the responsible commander is plain text communications. The distinction between routine communications and COMSEC emergencies must be recognized, so that the emergency easements do not become standard operating practices, when the risks they entail should not be accepted. It is also important to note that the security easements permitted by this manual apply only in tactical applications and may not be extended to fixed-facility or strategic communications.

e. (U//FOUO) Application to TRI-TAC & MSE – The TRI-TAC and Mobile Subscriber Equipment (MSE) tactical communications systems have internal procedures for generating and distributing the keys they use; the provisions of this manual do not apply to those keys. However, due to the vital function they can perform in the production of keys intended for other applications, TRI-TAC/MSE KG-83 and KGX-93/93A KVGs and the KT-83 test equipment used to certify them require special safeguards that do not apply to the other TRI-TAC/MSE COMSEC equipment. These are stated in the following subparagraphs.

(1) (U//FOUO) Using KVGs & Fill Devices – Any certified KVG having all of its tamper detection labels intact may generate 128-bit key at any classification level for any purpose, but fill devices into which KVGs load key must be safeguarded at the level of the most highly classified key they contain.

(2) (U//FOUO) Certifying KT-83s & KVGs – All KT-83s, KG-83s, and KGX-93/93As must be certified to the SECRET level at least every 24 months; none of these equipment need be certified to the TOP SECRET level. Each certification must be accomplished with a certified KT-83 and NSA-approved procedures and may be done by one qualified person who must be cleared at least SECRET. Any certified KT-83 with its tamper detection labels intact may be used to certify any other KT-83 or any KG-83 or KGX-93/93A. One result of this authorization is that any command that holds two or more KT-83s may stagger their certification dates and use one to certify the other, indefinitely. In COMSEC emergencies, responsible commanders are authorized to use KVGs with expired certifications, provided field certification is not feasible and certified replacements have been requisitioned.

(3) (U//FOUO) Storing KT-83s & KVGs – Tamper detection labels are required on all operational KVGs and KT-83s. After tamper detection labels have been applied to them, certified but uninstalled KG-83s, KGX-93/93As, and KT-83s may be stored and handled without Two-Person Integrity (TPI) controls. Installed KVGs may be stored in unmanned TRI-TAC and MSE shelters, if the following conditions are met:

(a) (U//FOUO) Physical Safeguards – Responsible commanders must ensure that adequate physical safeguards are provided for non-operational TRI-TAC/MSE shelters to minimize the risk of theft, tampering, or sabotage to all of the COMSEC equipment stored therein.

(b) (U//FOUO) Tamper Detection Labels – At the time of its last certification, NSA-furnished, coyote logo tamper detection labels must have been applied to each KT-83, KG-83, and KGX-93/93A, in accordance with NSA instructions. Certifying activities must record the serial numbers of the labels they apply to each KT-83 or KVG, so that this information may be made available to investigating elements, if tampering with a certified KVG is suspected. Recorded label serial numbers must also be compared with those removed from each KVG that is recertified at the same facility two or more consecutive times. Any unexplained serial number anomalies must be reported as COMSEC incidents.

NOTE: (U//FOUO) To increase the security of the coyote logo tamper detection labels, NSA has classified them SECRET prior to application; upon application, they are declassified. Any UNCLASSIFIED coyote logo labels on hand at using locations must be brought under SECRET protection. Pertinent questions may be referred to the NSA Protective Technologies Division at (301) 688-6816 of DSN 644-6816.