122:
The CIK device is simply an empty register which can be supplied with its unique sequence from the randomizer function of the parent machine itself. Not only that, each time the device is removed and re-inserted, it gets a brand new sequence. The effect of this procedure is to provide high protection against the covert compromise of the CIK wherein a thief acquires the device, copies it, and replaces it unknown to its owner. The next morning (say), when the user inserts the device, it will receive a new sequence and the old copied one will be useless thereafter. If the thief has gotten to his machine during the night, he may be able to act into the net; but when the user attempts to start up in the morning the user's device will no longer work, thus flagging the fact that penetration has occurred.
110:
102:
118:
unique key in the machine is decrypted, and it is now ready to operate in the normal way. The analogy with an automobile ignition key is close, thus the name. If the key is lost, the user is still safe unless the finder or thief can match it with the user's machine. In case of loss, the user gets a new CIK, effectively changing the lock in the cipher machine, and gets back in business.
190:
20:
121:
The ignition key sequence can be provided in several ways. In the first crypto-equipment to use the idea (the KY-70), the CIK is loaded with its sequence at NSA and supplied to each user like any other item of keying material. Follow-on application (as in the STU-II) use an even more clever scheme.
117:
The CIK is a small device which can be loaded with a 128·bit sequence which is different for each user. When the device is removed from the machine, that sequence is automatically added (mod 2) to the unique key in the machine, thus leaving it stored in encrypted form. When it is reattached, the
125:
This concept appears particularly attractive in office environments where physical structures and guarding arrangements will not be sufficiently rigorous to assure that crypto-equipments cannot be accessed by unauthorized people.
157:
A History of U.S. Communications
Security; the David G. Boak Lectures, National Security Agency (NSA), Volumes II 1981, partially released 2008, additional portions declassified October 14, 2015, p.15
256:
246:
227:
109:
93:
instead of the KSD-64. The KSD-64 was withdrawn from the market in 2014. Over one million were produced in its 30-year life.
261:
101:
24:
220:
82:
36:
70:
alone is worthless, but together they can be used to make encrypted connections. It was also used alone as a
251:
154:
213:
142:
59:
197:
175:
90:
240:
63:
47:. The model number is due to its storage capacity — 64 kibibits (65,536
71:
44:
189:
170:
86:
55:
155:
https://www.governmentattic.org/18docs/Hist_US_COMSEC_Boak_NSA_1973u.pdf
74:
for transfer of key material, as for the initial seed key loading of an
75:
40:
108:
100:
19:
201:
43:
chip packed in a plastic case that looks like a toy
66:applications: either the encryption device or the
23:KSD-64 "Crypto-ignition keys" on display at the
221:
8:
257:National Security Agency encryption devices
228:
214:
105:STU-III secure telephone with CIK inserted
171:Article on STU-III and CIK by Jerry Proc
18:
196:This cryptography-related article is a
143:A 30-Year Run for the Parallel Key Line
135:
7:
186:
184:
200:. You can help Knowledge (XXG) by
62:. Most frequently it was used in
14:
188:
33:KSD-64 Crypto Ignition Key (CIK)
1:
247:Encryption device accessories
58:), enough to store multiple
145:, Datakey, December 4, 2014
81:Newer systems, such as the
25:National Cryptologic Museum
278:
183:
83:Secure Terminal Equipment
176:KSD-64 at Crypto Museum
114:
106:
28:
112:
104:
22:
262:Cryptography stubs
115:
107:
29:
209:
208:
269:
230:
223:
216:
192:
185:
158:
152:
146:
140:
54:
50:
277:
276:
272:
271:
270:
268:
267:
266:
237:
236:
235:
234:
181:
167:
162:
161:
153:
149:
141:
137:
132:
99:
60:encryption keys
52:
48:
17:
12:
11:
5:
275:
273:
265:
264:
259:
254:
252:Key management
249:
239:
238:
233:
232:
225:
218:
210:
207:
206:
193:
179:
178:
173:
166:
165:External links
163:
160:
159:
147:
134:
133:
131:
128:
98:
95:
91:security token
78:secure phone.
15:
13:
10:
9:
6:
4:
3:
2:
274:
263:
260:
258:
255:
253:
250:
248:
245:
244:
242:
231:
226:
224:
219:
217:
212:
211:
205:
203:
199:
194:
191:
187:
182:
177:
174:
172:
169:
168:
164:
156:
151:
148:
144:
139:
136:
129:
127:
123:
119:
111:
103:
96:
94:
92:
89:PC card as a
88:
84:
79:
77:
73:
69:
65:
64:key-splitting
61:
57:
46:
42:
38:
34:
26:
21:
202:expanding it
195:
180:
150:
138:
124:
120:
116:
80:
67:
32:
30:
72:fill device
39:-developed
16:EEPROM chip
241:Categories
130:References
85:, use the
51:bits, or 8
97:Operation
87:Fortezza
113:KSD-64A
76:STU-III
27:in 2005
68:KSD-64
53:
49:
41:EEPROM
35:is an
198:stub
31:The
56:KiB
45:key
37:NSA
243::
229:e
222:t
215:v
204:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
