|
|
|
|
← USA Crypto FILL NSA STU-III →
The image on the right shows a typical KSD-64 key,
which looks like a plastic toy key. Hidden inside the device,
is a custom-made parallel EEPROM with 64 Kbits of storage capacity.
The 28 contacts of the EEPROM are located between the plastic
teeth at either side of the key shaft.
Devices supporting the KSD, have a so-called
keyceptacle ® in which the
key can be inserted. Once inserted, the key is activated by rotating it
(90°) like a domestic key, until it clicks. In that position, the 28 contacts
along the key shaft are connected to 28 contacts inside the
keyceptacle.
|
|
|
When used as CIK, the key contains a random number (generated internally
by the phone when the keys are loaded) that is used for encryption of
the actual cryptographic keys stored inside the phone. This way, a phone
without the CIK, or a lost CIK alone, are unclassified and will
not reveal any information about the cryptographic keys whatsoever.
Only when the CIK is entered into the telephone it is paired with,
can the original keys be recovered and can the phone be operated.
|
The KSD-64 was used for many years with the
STU-III range of secure telephones,
and survived at least five US Presidents. A famous example
of the use of the KSD-64 is a photograph of US President George W. Bush
making a secure call during the attacks on 11 September 2001.
The image on the right shows a close-up from that image, in which he
uses a Motorola SECTEL STU-III
phone, with a KSD-64 installed in the
phone. The white label indicates that this KSD-64
is used as a Crypto Ignition Key (CIK).
Click the image for the complete picture.
➤ More
|
|
|
Over the years, more than one million KSD-64A keys were manufactured [4].
With the STU-III telephones phased-out,
the KSD-64 is no longer in production and is replaced by the compatible
PK-64KC
which has meanwhile also been phased-out (2015) [3].
Other types of Key Storage Devices — also manufactured by
Datakey —
are used with later encryption devices, such as the
KIV-7. Such KSDs generally contain a serial
EEPROM and in some cases additional intelligence.
|
All KSD-64A versions are suitable for the following applications:
- Crypto Ignition Key (CIK)
- Fill Key (FK)
- Terminal Activation Key (TAK)
- Security Activation Key (SAK)
- Traffic Activation Key (TAK)
- Master CIK
- Simple firmware updates and patches
- Data logging
|
|
|
- KSD-64A
- PK-64KA
- PK-64KB
- PK-64KC
- PK-256KB 1
|
-
256KB version of the parallel key.
|
The following US Presidents are known to have used the KSD-64A:
|
- Ronald Reagan
- Bush
- Bill Clinton
- Gearge W. Bush
- Barack Obama
|
The x-ray image 1 below shows what is inside the
KSD-64. At the centre
is the actual EEPROM chip, which is directly
wire-bonded to the tracks of a
Printed Circuit Board (PCB) with gold-plated contacts along both
of its long sides. These contacts mate with the contacts in the
keyceptacle.
The complete assembly (chip, wiring and PCB) are cast in a
durable chemical-resistant plastic key-shaped body, which can be
carried on a keychain, just like a regular key. The structures of
the silicon EEPROM chip itself are not visible, as the x-rays
are absorbed by the rectangular part of the frame, onto which
the chip is glued. In the close-up, the
bonded wiring is clearly
visible however. Further x-ray images, including images of the
replacing PK-64KC, are available below.
|
-
Images made with Creative Electron TruView Prime.
➤ More
|
The KSD-64 has been superceeded by the compatible PK-64KC,
that is shown here, and more recently by the PKA-64KC.
These devices have the same storage capacity as the
earlier KSD-64 and fit the same keyceptacle.
The only visible difference is the smaller grip.
The replacement keys are also manufactured by
Datakey Electronics
[A] and and are fully compatible with the old KSD-64A.
➤ Datasheet
|
|
|
The cryptographic key or other sensitive key material is loaded into
the KSD-64 and PK-64 by means of a PKS-703 keyloader, connected to
a PC with appropriate software. It can be used to clear a key, to
write new data into a key, and the read (or clone) an existing KSD-64 key.
|
The PKS-703 consists of a small plastic box with a
Keyceptacle for a KSD-64 key at the front.
An internal 8051 microcontroller, with a simple data protocol
allows the key to be accessed from any computer with the
appropriate software.
The image on the right shows a typical PKS-703 keyloader as part
of a key distribution system. It can be placed on a desktop, aside
or on top of a PC, connected to the standard COM-port (RS-232) by means
of a 9-pin sub-D plug (DE9).
An optional (heavy) metal cradle was available
to prevent the interface from slipping off the desk.
|
|
|
The PKS-703 can be used to write each individual byte of the 8KB EEPROM
inside the KSD-64 (64 Kbit) individually, or write the entire memory at
once. There is no intelligence inside the KSD-64; it is just a plain
Electrically Erasable Programmable Read-Only Memory (EEPROM). Creating
a valid cryptographic key for a certain purpose and/or security level,
is subject to the software driving it, which commonly takes the form of
some kind of Electronic Key Management System (EKMS).
|
 |
Other Key Storage Devices
|
 |
 |
The manufacturer of the KSD-64 – Datakey Electronics –
produces a wide range
of different key storage devices, ranging from simple unique identifiers,
to CryptoMemory storage devices.
Most keys are available in a variety of enclosures and
a choice of interfaces [1], such as the DK-series (seriak memory)
that was used with early versions of the KIV-7.
➤ Datakey product overview (2009)
➤ KIV-7 and DK-series key
|
|
|
In 2019 — being short of spare KSD-64 keys — US crypto collector John
McMaster started a project to duplicate the keys by means of 3D printing
and alternative hardware. On 3 August 2019 he presented the intermediate
results of his efforts in this 3½ minute video on YouTube:
|
Below, some expressions and acronyms related to the KSD-64 are explained.
For additional explanations, please refer to the
Crypto Glossary.
|
CIK
|
|
Crypto Ignition Key
A physical token (usually an electronic device) used to store, transport
and activate the cryptographic keys of electronic cipher machines.
(Wikipedia)
|
FK
|
|
Fill Key
|
KC
|
|
Keyceptacle
Registered trademark of Datakey for a
Key Receptacle.
|
SAK
|
|
Security Activation Key
|
TAK
|
|
Terminal Activation Key
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Friday 03 December 2010. Last changed: Thursday, 18 April 2024 - 08:54 CET.
|
 |
|
|
|