|
|
|
|
|
|
Key Storage Device
The KSD-64 is a so-called Key Storage Device (KSD)
developed by the
American NSA for use with electronic cryptographic
equipment like the STU-III
series of secure telephones.
It was made by Datakey Electronics in Savage (Minnesota,
USA). It is typically used as a Crypto Ignition Key (CIK) in key-splitting
applications, but it can also be used for other purposes, such as a
key filler.
|
The image on the right shows a typical KSD-64 key,
which looks like a plastic toy key. Hidden inside the device,
is a custom-made parallel EEPROM with 64 Kbits of storage capacity.
The 28 contacts of the EEPROM are situated in between the plastic
teeth of the key.
Devices supporting the KSD, have a so-called keyceptacle in which the
key can be inserted. Once inserted, the key is activated by rotating it
(90°) like a domestic key, until it clicks. In that position, the 28 contacts of the key
are connected to 28 contacts inside the keyceptacle.
|
|
|
When used as CIK, the key contains a random number (generated internally
by the phone when the keys are loaded) that is used for encryption of
the actual cryptographic keys stored inside the phone. This way, a phone
without the CIK, or a lost CIK alone, have no meaning whatsoever and will
not reveal any information about the cryptographic keys. Only when the
CIK is entered into the phone it is paired to, can the original keys
be recovered and can the phone be operated.
|
The KSD-64 was used for many years with the STU-III range of secure
telephones and survived at least four US Presidents. One famous example
of the use of a KSD-64 is a photograph of US President George W. Bush
who makes a secure call immediately after the first attack on 911.
The image on the right shows a close-up from that image, in which he
uses a Motorola SECTEL STU-III
unit, with a KSD-64 installed in the
phone. The white label indicates that this KSD-64
is used as a Crypto Ignition Key (CIK).
Click the image for the complete picture.
More...
|
|
|
With the STU-III telephones phased-out,
the KSD-64 is no longer in production and is replaced by the compatible
PK-64KC (see below)
which is also available from Datakey Electronics.
The images below show a typical KSD-64A key being used with a
Motorola SECTEL 2500 secure telephone.
Other types of Key Storage Device, also manufactured by Datakey,
are used with later encryption devices, such as the
KIV-7. Such KSD's generally contain a serial
EEPROM with some intelligence.
|
The KSD-64A can be used for the following applications:
|
- CIK - Crypto Ignition Key
- FK - Fill Key
- TAK - Terminal Activation Key
- SAK - Security Activation Key
- TAK - Traffic Activation Key
- Master CIK
- Simple firmware updates and patches
|
The KSD-64 has been superceeded by the compatible PK-64KC,
that is shown here, and more recently by the PKA-64KC.
These devices have the same storage capacity as the
earlier KSD-64 and fit the same keyceptacle.
The only visible difference is the smaller grip.
The replacement keys are also manufactured by Datakey Electronics
[1] and and are fully compatible with the old KSD-64A.
 Datasheet
|
|
|
|
The cryptographic key or other sensitive key material is loaded into
the KSD-64 and PK-64 by means of a PKS-703 keyloader, connected to
a PC with appropriate software. It can be used to clear a key, to
write new data into a key, and the read (or clone) an existing KSD-64 key.
|
The PKS-703 consists of a small plastic box with a
Keyceptacle for a KSD-64 key at the front.
An internal 8051 microcontroller, with a simple data protocol
allows the key to be accessed from any computer with the
appropriate software.
The image on the right shows a typical PKS-703 keyloader as part
of a key distribution system. It can be placed on a desktop, aside
or on top of a PC, connectes to the standard COM-port (RS-232) by means
of a 9-pin sub-D plug (DB9). An optional (heavy) metal cradle was available
to prevent the interface from slipping of the desk.
|
|
|
The PKS-703 can be used to write each individual byte of the 8KB EEPROM
inside the KSD-64 (64 Kbit) individually, or write the entire memory at
once. There is no intelligence inside the KSD-64; it is just a plain
Electrically Erasable Programmable Read Only Memory (EEPROM). Creating
a valid cryptographic key for a certain purpose and/or security level,
is subject to the software driving it, which commonly takes the form of
some kind of Electronic Key Management System (EKMS).
|
|
|
Other Key Storage Devices
|
 |
|
|
The manufacturer of the KSD-64, Datakey Electronics, produces a wide range
of different key storage devices, ranging from simple unique identifiers,
to CryptoMemory storage devices.
Most keys are available in a variety of different enclosures and
a choice of interfaces [2], such as the DK-series that was used with
early versions of the KIV-7.
Datakey product overview
KIV-7 and DK-series key
|
|
|
|
Below, some expressions and acronyms related to the KSD-64 are explained.
For additional explanations, please refer to the
Crypto Glossary.
|
|
CIK
|
|
Crypto Ignition Key
A physical token (usually an electronic device) used to store, transport
and activate the cryptographic keys of electronic cipher machines.
(Wikipedia)
|
|
FK
|
|
Fill Key
|
|
Keyceptacle
|
|
Key-Receptacle
Registered trademark of Datakey for a
Key Receptacle.
|
|
SAK
|
|
Security Activation Key
|
|
TAK
|
|
Terminal Activation Key
|
|
|
|
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Sunday, 21 April 2013 - 14:39 CET
|
 |
|
|
