Crypto Machines

PLGR AN/PSN-11 GPS Receiver

Q5200 GPS Receiver

Historical

Key Fill Devices (KFD)

KOI-18  5810-01-026-9620 Tape Reader General Purpose

DS-102 protocol.  The KOI-18 may be the oldest electrical key loader (the KY-38 used a mechanical key loader).  Used to load the Transmission Encryption Keys (TEK) into the KY-57 and  about anything that needs a key.  It uses a photo optical reader to read a paper tape that's pulled through the reader by hand.
Very versatile since what comes out depends on what is punched on the tape.  Other key loaders have electronic registers that can only hold keys in predetermined formats.

Manuals: TM 9-1425-429-12 or TM 9-1425-2586-10
TM 11-5810-292-13&P
Battery: 6.3 Volt BA-5372/U (used to be the 6.5 Volt Mercury BA-1572/U)
Supports 128 bit keys

TM 11-5810-292-13&P General Purpose Tape Reader, KOI-18; Elect Transfer Device, KYK-13; Net Control Device, KYX-15/15A

I've heard that it uses 8 level ASCII type tapes rather than the older 5 level Baudot tapes.  Note that the data holes are larger in diameter than the sprocket (clock) holes.  This is important since the leading edge of the sprocket hole can be used to latch the data bits and the trailing edge of the sprocket hole can be used to shift out the data bits.  This would not work if all the holes were the same diameter.

In the old mechanical tape readers, like on the Teletype Corp. Model ASR33 machine, there was a plastic wheel with pins that match the sprocket holes and it pulled the tape through a reader that worked using mechanical pins to sense each data hole.

Inside there's probably a parallel in - serial out shift register.  The parallel inputs are driven from the data holes. The shift register data is latched on the rising edge of the sprocket hole and on the falling edge a pulse generator sends 8 clock pulses which are used both to clock out the shift register data bits and to provide the clock signal to the device being loaded.  The clock rate needs to be fast enough to get all the bits sent before the next set of holes gets to the tape reader.

If the tape was pulled at 3 feet per second and the pitch of the data was 0.1" then there would be 360 words per second (8 bits per word) or an average rate of 2,880 bits per second, so the internal clock generator needs to run faster, say 5,000 bits per second.

If the operator pulls the tape too fast the bits will get corrupted.  To check for this the tape needs to be punched with parity, Cyclic Redundancy Check (CRC), check sum or some other data to be sure the correct key gets loaded.  This is not a part of the key loader, but instead is part of how the data is punched into the tape. This check can also be used by the the device holding the key to tell the difference between no key and a valid key.  The device being loaded should not function without a valid key and it's cold start state should be such that it is recognized as a no key state.  For this reason even parity is not a good way to go because a key of all zeros would have even parity.  If odd parity is used a key of all zeros fails a parity test.

Note that an asynchronous data system, like RS-232 that uses start and stop bits will not work with a hand pulled paper tape reader because the baud rate can vary over a huge range.  This is why a synchronous system is used that has data and clock channels.  Newer key loaders that are not paper tape based continue to use the data plus clock format for backward compatibility.

"COMSEC equipment description
General purpose tape reader, KOI-18/TSEC, controlled cryptographic item (CCI).
The National Security Agency (NSA) has directed that a fill cable be connected to the fill device when transferring a key.

KOI-18 tape reader, general purpose.
(a) Battery operated, hand-held device.
(b)Converts eight-level standard paper and mylar tape to serial electronic information.
(c) Loads keys from prepunched tape to other COMSEC equipment, KYK-13 or KYX-15.
(d) Has no storage capability.
(e) Tapes are normally generated ahead of time and stored for later use.  May be distributed by mail or courier."

There is no limit to the key size since it will just read whatever is on a tape.

KYK-13  5810-01-026-9618 Electronic Transfer Device

DS-102 protocol.  This electronic key device looks very similar to the MX-18290 and is designed to hold TEKs and so replace the KOI-18.
Uses the common crypto battery BA-5372/U.

Holds 6 TEK variables.

20 Aug 2004 - there is some confusion about what key size the KYK-13 can hold.  The PLGR can use the KYK-13 to load its GPS key which is 128 bits long.  But other references say the KYK-13 can only hold a 64 bit key.  I think it's 128 bit keys.

KYX-15     5810-00-026-9619 Net Control Device

DS-102 protocol.  Don't have much info in this Net Control Device, but it can load a TEK.
Powered from a BA-5372/U
Does support KY-57.  See
TM 11 5820-890-10-3 pg 102 (3-20).
TM 11-5810-292-13&P

KYX-15A  5810-01-095-1312 Net Control Device

TM 11-5810-292-13&P

Probably can hold different types of predefined variables and can load more than one variable because a switch allows selection of those that need to be loaded.  This would make loading all the different variables into a modern SINCGARS radio much easier that with the above key loaders.

The VG switch position may mean Crypto Net Variable Generation, so this device actually generates a key.  Used to load all the KY-57's on a SINCGARS radio net. 

It must support 128 bit keys.

Local Key Generation

Note that local key generation is a revolutionary concept.  All prior keying methods depended on distribution of keys that were centrally generated.  The problem with that is a spy (Walker Family for example) that gains access to the unused keys can comprise the whole system.  In order to generate local keys requires a high quality hardware random number generator based on a noise diode or some other physical noise mechanism, not on any software algorithm.  When a network of SINCGARS radios have their keys loaded using Over The Air Rekeying (OTAR) from the KYX-15() you know that the keys have not been compromised.

9 Switch positions:

• SEL-Z to zero selected slots
  
• OFF/CK for power OFF and for ChecKing a slot to see if it holds a valid key,
  
• LD for LoaDing a key into the KYK-15 or from the KYK-15, which direction depends on which device has it's initiate "load me" button pressed,
  
• VG for Variable Generation,
  
• AK for Auto Keying of a remote variable slot that holds a valid key,
  
• MK for Manual Keying a remote variable slot that is either empty or holds an obsolete key,
  
• RV for Remote Variable for filling the KYK-15 from a remote source over a radio, (same as RV on KY-57)
  
• VU for ?
  
• ALL for zeroizing all slots (with manual lock button)

Nice Photos of a KYX-15

AN/CYZ-10  5810-01-343-1194 Data Transfer Device

DS-101 Protocol.  Data Transfer Device (aka ANCD, aka "Crazy 10") that holds all the keys needed for the SINCGARS and also holds Standard Operation Instructions (SOI).
Battery:  DL123A, U9VL EMER ONLY, BA-3090/U - this is the very common 3 volt 123 photo battery.
Supports 128 bit keys.

This is the newest variable loader and it can hold all the different key formats now used and other stuff.  It's internal clock is not good enough to set the time in a frequency hopping radio like the SINCGARS or Have Quick radios, not because of dropping battery voltage, but because it uses a crystal oscillator.  All crystal oscillators change frequency with aging, temperature, power supply voltage, and other factors.

SINCGARS Fill cable is CX-13467, NSN 5995-01-379-9689.  Note that the SINCGARS needs a number of different fills for both frequency hopping and for transmission security.

It's not clear if the Crazy 10 supports key generation.  If not it needs a modification to support key generation.

The Crazy 10 uses 3 each common 123 photo batteries (aka BA-5123/U) in a battery adapter (NSN 5810-01-348-3147) that has standard "9 Volt" battery snaps.  This way a common 9 Volt battery can be used if the 123 batteries are not available.  But the common 9 Volt battery has only 0.6 AH compared to the 1.4 AH of the 123 battery.  Also the cold temperature performance of common 9 volt batteries is very poor at and below freezing where the 123 battery is still going strong.
PS Magazine #571 pgs 48-51 - Beating the Battery Blues.
TB 11-5810-394-12  Generic Equipment Information and Instructions for the AN/CYZ-10 V3 (NSN 5810-01-393-1973) Data Transfer Device (DTD)
TM 5820-890-20-2 Chapter 6 Fill Devices
TB 5820-890-12 Operator and Unit Maintenance for AN/CYZ-10 Automated Net Control Device (ANCD) NSN: 5810-01-343-1194 (EIC: QSU) with the Single Channel Ground and Airborne Radio Systems (SINCGARS)

AN/PYQ-10

This is the replacement for the CYZ-10.  Looks sort of like a hand held PDA.  It would be interesting to learn how good it's internal clock is.  i.e. can it be used to set the date and time or is a seperate GPS still needed? Ans: the PYQ-10 clock is the same as the Crazy-10 clock.  Too bad they didn't improve it.  I think I know how to make a 1,000 times improvement for a small amount of money.

Key Length

 from a now turned off Navy web page.

The KG-40A is a mandatory modified version of the older KG-40, which incorporates variable fill capability. The modification entails replacement of a printed circuit board (motherboard) and the front panel assembly. The KG-40A provides enhanced security using an improved cryptographic algorithm and electronic key capability. Because the KG-40A key is a standard 128-bit key, it can only be keyed by the AN/CYZ-10 Data Transfer Device (DTD) or a KOI-18 Common Fill Device (CFD). It cannot accept key from the KYK-13 Electronic Transfer Device (ETD) or from the KYX-15 Net Control Device (NCD). The KG-40A is an UNCLASSIFIED controlled cryptographic item (CCI) when unkeyed and is interoperable with the KG-40. When the KG-40A is keyed, classification equals that of the key installed.
(BC - note the KYX-15 above is the no change version, probably the KYX-15A does support 128 bit keys.)

Over The Air Re-keying (OTAR)

USM-481 VINSON Interconnect Test Set

 F91120 BER Test Set

Hardware Random Number Generator