- Fill device
Older mechanical encryption systems, such as rotor machines, were keyed by setting the positions of wheels and plugs from a printed keying list. Electronic systems required some way to load the necessary cryptovariable data. In the 1950s and 1960s, systems such as the U.S. National Security Agency KW-26 and the Soviet Union's Fialka used punched cards for this purpose. Later NSA encryption systems incorporated a serial port fill connector and developed several common fill devices (CFDs) that could be used with multiple systems. A CFD was plugged in when new keys were to be loaded. Newer NSA systems allow "over the air rekeying" (OTAR), but a master key often must still be loaded using a fill device.
NSA uses two serial protocols for key fill, DS-101 and DS-102. Both employ the same U-229 6-pin connector type used for U.S. military audio handsets, with the DS-101 being the newer of the two serial fill protocols. The DS-101 protocol can also be used to load cryptographic algorithms and software updates for crypto modules.
Common fill devices employed by NSA include:
- AN/CYZ-10 Data Transfer Device - a small PDA-like unit that can store up to 1000 keys.
- Secure DTD2000 System (SDS) - Named KIK-20, this is the next generation common fill device replacement for the DTD.
- AN/PYQ-10 Simple Key Loader (SKL) - a simpler replacement for the DTD.
- KOI-18 paper tape reader. The operator pulled 8-level tape through this unit by hand.
- KSD-64 Crypto ignition key (CIK)
- KYK-13 Electronic Transfer Device
- KYX-15 Net Control Device
- MX-10579 ECCM Fill Device (SINCGARS)
Only the KSD-64, CYZ-10, Secure DTD2000, PYQ-10 and KOI-18 can handle modern 128-bit keys. Older units are apparently limited to 90-bit keys. A newer fill device, the Secure DTD2000 System (or SDS), which employs the Windows CE operating system, began production in 2006.
Wikimedia Foundation. 2010.