Electronic Key Management System (EKMS)

This Electronic Key Management special edition is the first step in educating the chain of command on plans for communications security (COMSEC) key management via the Electronic Key Management System (EKMS). The Space and Naval Warfare Systems Command (SPAWARSYSCOM), PMW 161 (Information Systems Security Program Office) is responsible for the development and fielding of an electronic key management system within the Department of the Navy (DON). The system, originally called the Navy Key Distribution System (NKDS), was divided into two phases in 1992.

Current System

NKDS Phase I, which automates the COMSEC inventory tracking and reporting system, is currently operational and fielded at the Director, COMSEC Material System (DCMS) and COMSEC Material Issuing Offices (CMIOs) San Diego and Norfolk. At the COMSEC Material System (CMS) account level, Local Management Device (LMD) computers, hosting the Automated Navy COMSEC Reporting System (ANCRS) software and the software to support the COMSEC Automated Reporting System (CARS), have been installed at each CMS account throughout the Navy COMSEC Material Control System (CMCS).

This special edition will provide background and some insight into the original NKDS program and the current national and jointly focused EKMS program being developed and deployed throughout the Federal Government under National Security Agency (NSA) guidance. Follow-on articles will appear in the CMS Update, which is published by DCMS.

The EKMS is a key management, COMSEC material distribution, and logistics support system consisting of interoperable Service and civil agency key management systems. NSA established the EKMS program to meet multiple objectives, which include supplying electronic key to COMSEC devices in a secure and timely manner and providing COMSEC managers with an automated system capable of ordering, generation, production, distribution, storage, security, accounting, and access control. Other features of EKMS will include automated auditing capabilities to monitor and record security-relevant events, account registration, and extensive system and operator privilege management techniques that will provide flexible access control to sensitive key, data, and functions within the system. The common EKMS components and standards will facilitate interoperability and commonality among the Services.

Why develop EKMS? The primary reason for the development of EKMS centers on the security and logistics problems that have plagued the current CMCS. The CMCS is a very labor-intensive operation that has been stretched to capacity. The CMCS will not be able to meet increased demands for keying material in a timely, secure manner as we enter the next century. The most serious, immediate concern to be addressed by the EKMS is the human threat associated with access to and exploitation of paper key throughout its life cycle. The disclosure of the Walker spy ring is clear justification of this concern.

Although eliminating the majority of paper key will greatly reduce this human threat, the long-term goal of EKMS to minimize human access to key will not be realized until benign fill key is implemented. Benign fill will permit the encrypted distribution of electronic keying material directly to the COMSEC device without human access to the key itself.

The need for joint interoperability led to the Defense Reorganization Act of 1986, under which the Joint Chiefs of Staff (JCS) chartered the Joint Key Management Working Group (JKMWG) and a year later tasked NSA, the Defense Information Systems Agency (DISA) (formerly the Defense Communications Agency [DCA]), and the Joint Tactical Command, Control and Communications Agency (JTC3A) to develop a Key Management Goal Architecture (KMGA) in conjunction with the Commanders in Chief (CINCs) and the Services. The JCS validated the resulting KMGA in 1988, allowing for Multicommand Required Operational Capability (MROC) 3-89, which is a compilation of documented JCS-specific requirements, to be staffed and approved by the CINCs and Services. The JCS tasked NSA, the Services, and DISA in December 1989 with implementing the MROC 3-89--the cornerstone of the EKMS initiative. Subsequent difficulties in coordinating COMSEC distribution and support during recent joint military operations, e.g., DESERT STORM, URGENT FURY, and JUST CAUSE, have further emphasized the need for a system capable of interoperability between the Services both in times of crisis and during joint exercises.

EKMS starts with the Central Facility (CF), run by NSA, which provides a broad range of capabilities to the Services and other government agencies. The CF, also referred to as Tier 0, is the foundation of EKMS. Development of the CF, like that of other components of EKMS, encompasses progressive releases of a software that integrate and automate the key and COMSEC management operations currently divided between the Ft. Meade, MD, and Finksburg, MD, facilities. Traditional paper-based key, Secure Telephone Unit - Third Generation (STU-III) key, Secure Data Network System (SDNS) key, and other electronic key will ultimately be managed from one CF located at Finksburg, MD. The CF will be capable of the following:

generating FIREFLY key material;
performing seed conversion and rekey;
maintaining compromise recovery and management of certain FIREFLY material;
processing orders for both physical and electronic key;
electronically generating and distributing key; and
performing seamless conversion of previous releases to the current release (i.e., being fully backward compatible).

The CF will interoperate with other EKMS elements through a variety of media, communication devices, and networks through direct distance dialing using STU-III (data mode) and/or dedicated link access using KG-84s. During the transition to full electronic key, the 3.5-inch floppy disk and 9-track magnetic tape will also be supported. Once fully operational, a common user interface, the TCP/IP-based message service, will be the primary method of communication with the CF. The message service will permit EKMS elements to store EKMS messages that include electronic key for later retrieval by another EKMS element.

Today each Service maintains a central office of record (COR) that performs basic key and COMSEC management functions, such as key ordering, distribution, inventory control, etc. Under EKMS, each Service began developing its own key management system to be compliant with EKMS standards and to meet the requirements of the respective Service. However, in 1994 it was determined that in the interests of interoperability and economy, the needs of all Services could be better served by building a Common Tier 1.

By an Assistant Secretary of Defense memorandum of May 1994, the Navy was designated as the lead Service for Common Tier 1 development, and SPAWARSYSCOM was subsequently chosen to lead the joint-Service program development effort. Tier 1 will be developed in accordance with NSA's published EKMS standards and will support physical and electronic key distribution, traditional electronic key generation, management of material distribution, ordering, and other related accounting and COR functions. Common Tier 1 is currently scheduled to achieve operational capability in the fourth quarter of FY99. Contract has been awarded to SAIC San Diego.

The Local Management Device (LMD), a Tier 2 element, is central to EKMS and is composed of a Service or agency supplied commercial off-the-shelf (COTS) personal computer (PC).

Due to significant changes in the EKMS program, the Microsoft Disk Operating System (MS-DOS)-based LMDs, fielded for NKDS Phase I, do not meet these specifications and will be either upgraded or replaced with platforms that can run the Santa Cruz Operations (SCO 5.0) UNIX operating system as part of the EKMS (formerly NKDS phase II) implementation.

The LMD platform hosts Local COMSEC Management Software (LCMS), which will provide the interface between the LMD, the Key Processor (KP), and other EKMS elements, will provide the COMSEC manager with many enhanced management capabilities. When the LMD and KP are used in tandem, the account manager will be able to order and account for all forms of COMSEC material, store key in encrypted form, perform key generation and automatic key distribution, perform COMSEC material accounting functions, and communicate directly with other EKMS elements. LCMS will replace ANCRS and CARS at the account level in the EKMS implementation.

The KP, also a Tier 2 element, is a trusted component of EKMS. It performs cryptographic functions, including encryption and decryption functions for the account, as well as key generation, and electronic signature operations. The KP is capable of secure field generation of traditional key. Locally generated key can be employed in cryptonet communications, transmission security (TRANSEC) applications, point-to-point circuits, and virtually anywhere that paper-based keys are used today. Electronic keys can be downloaded directly to a KYK-13, KYX-15, or Data Transfer Device (DTD) for further transfer or fill into the end cryptographic unit (ECU).

The DTD, or AN/CYZ-10, is an NSA-developed, portable, hand-held device capable of securely receiving, storing, and transferring data between compatible cryptographic and communications equipment. It is capable of storing 1,000 keys, maintains an automatic internal audit trail of all security-relevant events that can be uploaded to the LMD/KP, encrypts key for storage, and is programmable. It will eventually replace the current family of common fill devices (CFDs), including the KYK-13, KYX-15, and KOI-18. The DTD is capable of keying multiple information systems security (INFOSEC) devices and is compatible with such COMSEC equipment as Single Channel Ground and Airborne Radio System (SINCGARS) radios, VINSON, KG-84, and others that are keyed by CFDs.

The DTD meets today's COMSEC key requirements and is designed to be fully compatible with future INFOSEC equipment meeting DS-101 and benign fill standards.

The Navy Electronic Key Management System

Just as CMS replaced the Registered Publications System (RPS) in the 1970s, EKMS will replace CMS as we move into the next century with state-of-the-art technology and key management strategies that will ensure maximum interoperability and security and will meet the challenges of the future.

The EKMS is a total COMSEC management system that encompasses all aspects of the Navy's COMSEC key management architecture and meets the following NSA and joint requirements:

enhanced security through encrypted electronic key distribution;
increased responsiveness to operational requirements;
joint interoperability;
automation and simplification of COMSEC material control; and
elimination of physical key distribution and management of paper products.

EKMS makes use of COTS hardware and NSA-developed hardware and software to provide an automated responsive key management system that will satisfy operational requirements while conserving manpower and reducing operating costs. As mentioned earlier, originally the NKDS program was to provide full electronic key management capability for the DON; however, program restructuring led to a two-phased approach. NKDS Phase I, recently completed, accomplished the following:

streamlining COMSEC management procedures at DCMS and the CMIOs with the installation of the NKDS computer system;
integrating over-the-air rekeying (OTAR) into the key distribution plan; and
automating the accounting and reporting functions at the account level with the introduction of LMDs, ANCRS, and CARS.

In Phase II, now called EKMS, LMD platforms will either be upgraded or replaced to meet new LMD specifications required to support LCMS release 2.0 software. LCMS will replace ANCRS and CARS; interface with the CF, Tier 1, other LMD/KPs, and the DTD; and provide a Windows-like graphics user interface (GUI) to the user.

The Navy is playing a key role in the evolution of EKMS through development of the Tier 1 system and by conducting a full range of independent testing of all EKMS components. Naval Command, Control and Ocean Surveillance Center (NCCOSC) In-Service Engineering Center East Coast (NISE East), conducted extensive laboratory testing.