|
The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products. Rotor machines from the 1940s and 1950s were mechanical marvels. The first generation electronic systems were quirky devices with cantankerous punched card readers for loading keys and failure-prone, tricky-to-maintain vacuum tube circuitry. Late 20th century systems are just black boxes, often literally. In fact they are called ''blackers'' in NSA parlance because they convert plaintext classified signals (''red'') into encrypted unclassified ciphertext signals (''black''). They typically have electrical connectors for the red signals, the black signals, electrical power, and a port for loading keys. Controls can be limited to selecting between key fill, normal operation, and diagnostic modes and an all important ''zeroize'' button that erases classified information including keys and perhaps the encryption algorithms. 21st century systems often contain all the sensitive cryptographic functions on a single, tamper-resistant integrated circuit that supports multiple algorithms and allows over-the-air or network re keying, so that a single hand-held field radio can interoperate with most current NSA cryptosystems. AN/PRC-152 ==Security factors== NSA has to deal with many factors in ensuring the security of communication and information (COMSEC and INFOSEC in NSA jargon): *''Confidentiality'' and ''authentication'' - making sure messages cannot be read by unauthorized people and that they cannot be forged (nonrepudiation). Little is publicly known about the algorithms NSA has developed for protecting classified information, what NSA calls Type 1 algorithms. In 2003, for the first time in its history, NSA approved two published algorithms, Skipjack and AES for Type 1 use in NSA approved systems. *''Traffic flow security'' - making sure an adversary cannot obtain information from traffic analysis, often accomplished by link encryption. *''Key management'' - getting keys securely to thousands of crypto boxes in the field, perhaps the most challenging part of any encryption system. One NSA goal is benign fill (technology for distributing keys in a way that the humans never have access to plaintext key). *''Investigative access'' - making sure encrypted communications are accessible to the U.S. Government. While few would argue with the need for the government to access its own internal communications, the NSA Clipper chip proposal to extend this key escrow requirement to public use of cryptography was highly controversial. *''TEMPEST'' - protecting plaintext from compromise by electronic, acoustic or other emanations. *''Tamper resistance, tamper-evident, self-destruct'' - ensuring security even if encryption systems are physically accessed without authorization or are captured. *Meeting military specifications for size, weight, power consumption, MTBF and ruggedness to fit in mobile platforms. *''Electromagnetic pulse hardening'' - protecting against nuclear explosion effects, particularly electromagnetic pulse. *Ensuring compatibility with military and commercial communication standards. *Controlling cost - making sure encryption is affordable so units that need it have it. There are many costs beyond the initial purchase price, including the manpower to operate and maintain the systems and to ensure their security and the cost of key distribution. * Enabling secure communication with NATO, allied and coalition forces without compromising secret methods. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「NSA encryption systems」の詳細全文を読む スポンサード リンク
|