The Electronic Key Management System (EKMS) system is a United States National Security Agency led program responsible for Communications Security (COMSEC) key management, accounting and distribution. Specifically, EKMS generates and distributes electronic key material for all NSA encryption systems whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key material. Additionally, EKMS performs account registration, privilege management, ordering, distribution and accounting to direct the management and distribution of physical COMSEC material for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.

Why was EKMS developed?

The primary reason for the development of EKMS centers on the security and logistics problems that plagued the COMSEC Material Control System (CMCS), which replaced the Registered Publications System (RPS) in the 1970s. The CMCS was a very labor-intensive operation that had been stretched to capacity. The most serious, immediate concern was the human threat associated with access to and exploitation of paper key throughout its life cycle. The disclosure of the Walker spy ring was clear justification of this concern. Although eliminating the majority of paper key will greatly reduce this human threat, the long-term goal of EKMS to minimize human access to key will not be realized until benign fill key is fully implemented. Benign fill permits the encrypted distribution of electronic keying material directly to the COMSEC device without human access to the key itself.

The need for joint interoperability led to the Defense Reorganization Act of 1986, under which the Joint Chiefs of Staff (JCS) tasked NSA, the Defense Information Systems Agency (DISA), and the Joint Tactical Command, Control and Communications Agency (JTC3A) to develop a Key Management Goal Architecture (KMGA). Subsequent difficulties in coordinating COMSEC distribution and support during joint military operations, e.g., Desert Storm, Urgent Fury, and Operation Just Cause, have further emphasized the need for a system capable of interoperability between the Services.

Central Facility

EKMS starts with the Central Facility (CF), run by NSA, which provides a broad range of capabilities to the Services and other government agencies. The CF, also referred to as Tier 0, is the foundation of EKMS. Traditional paper-based key, and key for Secure Telephone Unit - Third Generation (STU-III), STE, FNBDT, Iridium, Secure Data Network System (SDNS), and other electronic key are managed from an underground building in Finksburg, Maryland which is capable of the following:
* processing orders for both physical and electronic key
*electronically generating and distributing key
*generating key material for FIREFLY (an NSA algorithm based on public key cryptography)
* performing seed conversion and rekey
*maintaining compromise recovery and management of FIREFLY material
*support for over-the-air rekeying (OTAR) The CF talks to other EKMS elements through a variety of media, communication devices, and networks, either through direct distance dialing using STU-III (data mode) or dedicated link access using KG-84s. During the transition to full electronic key, the 3.5-inch floppy disk and 9-track magnetic tape are also supported. A common user interface, the TCP/IP-based message service, is the primary method of communication with the CF. The message service permits EKMS elements to store EKMS messages that include electronic key for later retrieval by another EKMS element.

Tier 1

Under CMCS, each service maintained a central office of record (COR) that performed basic key and COMSEC management functions, such as key ordering, distribution, inventory control, etc. Under EKMS, each service operates its own key management system using EKMS Tier 1 software that supports physical and electronic key distribution, traditional electronic key generation, management of material distribution, ordering, and other related accounting and COR functions. Common Tier 1 is based on the U.S. Navy's key distribution system (NKDS) software developed by the Naval Research Laboratory and further developed by SAIC in San Diego.

Tier 2

EKMS Tier 2, the Local Management Device (LMD), is composed of a commercial off-the-shelf (COTS) personal computer (PC) running the Santa Cruz Operation's SCO UNIX operating system, and an NSA KOK-22A Key Processor (KP). The KP is a trusted component of EKMS. It performs cryptographic functions, including encryption and decryption functions for the account, as well as key generation, and electronic signature operations. The KP is capable of secure field generation of traditional key. Locally generated key can be employed in cryptonet communications, transmission security (TRANSEC) applications, point-to-point circuits, and virtually anywhere that paper-based keys were used. Electronic keys can be downloaded directly to a fill device, such as the KYK-13, KYX-15, or the more modern AN/CYZ-10 Data Transfer Device (DTD) for further transfer (or fill) into the end cryptographic unit.

"Condensed from http://infosec.navy.mil and other US Government sites."

External links

* [http://www.keysupport.net/ Central Facility web site]

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • EKMS — Electronic Key Management System (Computing » Security) …   Abbreviations dictionary

  • EKMS — abbr. Electronic Key Management System (Verschluesselung) …   United dictionary of abbreviations and acronyms

  • Communications security — Not to be confused with Commonwealth Securities. Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended… …   Wikipedia

  • COMSEC — Definition The compound word COMSEC is prevalent in the DoD culture with hundreds of secondary and tertiary words. Historically, it is originated from COMmunications SECurity Communications security; however, in the 21st century, the compound… …   Wikipedia

  • Eesti Kirjameeste Selts — Der Estnische Literatenverein (estnisch Eesti Kirjameeste Selts EKmS) war von 1871 bis 1893 ein einflussreicher Verband estnischer Intellektueller mit Sitz in Tartu. Inhaltsverzeichnis 1 Geschichte 2 Präsidenten des EKmS 3 Literatur …   Deutsch Wikipedia

  • Estnischer Literatenverein — Der Estnische Literatenverein (estnisch Eesti Kirjameeste Selts EKmS) war von 1871 bis 1893 ein einflussreicher Verband estnischer Intellektueller mit Sitz in Tartu. Inhaltsverzeichnis 1 Geschichte 2 Präsidenten des EKmS 3 Literatur 4 Weblinks …   Deutsch Wikipedia

  • STU-III — is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU III desk units look much like typical office telephones, plug into a standard telephone wall jack and can …   Wikipedia

  • National Security Agency — NSA redirects here. For other uses, see NSA (disambiguation). For the Bahraini intelligence agency, see National Security Agency (Bahrain). National Security Agency Agency overview …   Wikipedia

  • Punched tape — Five hole and eight hole punched paper tape Punched tape or paper tape is an obsolete form of data storage, consisting of a long strip of paper in which holes are punched to store data. It was widely used during much of the twentieth century for… …   Wikipedia

  • Key (cryptography) — In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the… …   Wikipedia