|
|
|
|
Data Telex USA NSA NATO KL-7 →
Electronic cipher machine
KW-7 was a highly secure on-line
cipher machine,
developed by the US
National Security Agency (NSA) around 1960,
and built by Honeywell in Tampa (Florida, USA).
The device was used for low-level tactical offline
teleprinter
traffic and was the main cipher machine of the US Navy until the 1990s.
It is officially known as TSEC/KW-7 and also as ORESTES
and NSN 5810-12-149-8282. It was also used aboard aircraft,
and by the Foreign Office (FO) of several European countries.
|
The KW-7 was housed in a rather heavy cubical metal enclosure,
with all connections at the rear, and all controls at the front.
The cryptographic key has to be set by wiring a plugboard that
is located behind the bulged door at the front.
In the early 1960s, the machine was one of the first fully-electronic
cipher machines that were used by NATO. Although it was cryptographically
more secure than the earlier wheel-based KL-7,
the latter remained in service with many army units and with NATO.
Despite its better security, the KW-7 was
compromised for many years.
|
|
|
The machine was part of a new generation of machines, consisting
of the KW-26,
that was used for high-speed point-to-point traffic
at the higher echelons, the KW-37
for broadcast traffic, and
the KW-7 for multi-holder tactical operations. Within the navy,
the machine was used for ship-to-shore, shore-to-ship and
ship-to-ship traffic. It was also used by other NATO countries
and by Australia and New-Zealand, for military and governmental
teleprinter communications [8].
Aboard US Navy ships, the KW-7 was generally connected to a Teletype Model 28
teleprinter, or to a tape reader (T-D) to send a pre-recorded message.
When using a KW-7 over radio, the KW-7 was usually connected to a UHF
radio transmitting in AM. The KW-7 was also used aboard aircraft such as
the EC/RC-135, in which case the red and yellow push-buttons at the front
panel were sometimes modified to prevent them from being pressed accidently.
The KW-7 does not provide traffic flow security (TFS), meaning
that it didn't send data when there was no message.
The KW-7 was introduced in the early 1960s at a unit price of
US$ 4500. Over the next 20 years, an estimated 38,000 units were built [12].
During its operational life, the machine was modified and upgraded several times.
The machine was in service until the early 1990s, with some
units still being in service as late as 1992 [16]. They were largely replaced
by the smaller KG-84, which in turn was replaced in the
mid-1990s by the much smaller and backwards compatible KIV-7.
|
All controls of the KW-7 are at the lower edge of the
front of the machine,
below the large metal door. At the left is the MODE selector that has to be
pushed-in before its setting can be changed. Next is a red indicator that
is lit when the machine is in PLAINTEXT mode. Towards the centre is the POWER
switch that is used to select between AC (mains) and DC (24V battery) operation.
When the machine is ON, a green indicator will be lit.
The large selector at the right is for testing.
In some situations, the KW-7 was not installed close to the teleprinter unit,
but in a separate CRYPTO room, sometimes mounted in a 19" rack. In that case,
an external remote control unit (RCU)
could be connected at the rear of the
machine, to allow it to be controlled from the position of the teleprinter.
When the RCU is connected, the MODE selector should be set to REMOTE.
The KW-7 was suitable for half-duplex traffic only.
Before sending a message, the operator had to press the SEND button and keep
it depressed for a few seconds, until the machine at the other end was
synchronised. During this time the P&I lamp at the front panel was lit.
Once the unit was 'in sync', the SEND button was released
and the machine was ready to send a teleprinter message.
When the operator at the other end wanted to answer the message, he too had
to press the SEND button in order to send a random stream of synchronisation
characters, before sending the actual message. A 'glitch' on the line or
interference on the radio channel could cause the machines to lose synchronisation. The KW-7 does not provide Traffic Flow Security (TFS),
which means that no characters are sent between messages. This means that
an eavesdropper can detect the start and end of a message and derive
traffic analysis from that.
Some operators reportedly solved this by putting a rubber band over the SEND
button, to keep it depressed when the machine was in rest.
At the Air Force, the front panel of the machine was modified shortly after its
introduction in airborne command post aircraft. As the machines were mounted
close to the floor, the SEND and BREAK buttons were sometimes accidently 'pressed'
by the boots of the person sitting at the desk. To avoid this, a
'collar' was mounted around the buttons.
As the aircraft personnel had a hard time keeping
the KW-7 in sync whilst airborne, some of them jammed the cap of a BIC
ballpoint between the SEND button and its collar,
to keep it resyncing when not in use [16].
|
The following versions of the KW-7 are known:
|
- Wire-cord version
The original version of the KW-7 had a plugboard behind the door at
the front. Each day, the key had to be set by patching the plugboard
according to the daily keylist. This was a tedious job, as the machine
had to be taken out-of-service for several minutes whilst a new
key was being 'programmed', and even longer if the operator had made
a mistake. This version had a 'flat' front door.
- Plug-block version
At some point the KW-7 was modified with a removable plug-block at
the front. The plug-block assembly was constructed in such a manner,
that it could be slotted into the existing patch sockets, e.g. as
a field-upgrade.
The advantage of a removable plug-block is that several blocks can
be prepared (i.e. wired) well in advance of changing the key.
This version can be recognized by a front door which
has a small square bulge at the center.
The machine featured on this page is of that type.
NSN 5810-12-149-8282.
- Card-reader version
Between 1977 and 1979, the machine was improved by adding
a card reader, which
replaced the plug-block mentioned above. This version has a front
door with a wide rectangular bulge. The advantage of using punched cards
is that it avoids mistakes when wiring the plug-blocks.
This version is also known as NSN 5810-00-998-5760.
Note that the card-reader version is not compatible with the
other two versions.
|
The diagram above shows the various features of the plug-block variant
of the KW-7.
It has a protective door at the front that is locked with a physical key.
It is bulged to accomodate the plug-block, and is sealed with a metal
gasket for TEMPEST reasons. The door should be locked.
|
At the centre is the plug-block
which is used for setting the cryptographic key.
It consists of 30 patch cables, each with two wires and a
two-pin plug at either
end. One end of each patch cable is hidden behind a metal panel at the lower
half, lined up in sequential order (1-30) as engraved.
The other end of each patch cable is wired to the top half, spread over three
rows. The plugs are numbered 1-30, and the sockets 1-31.
Note that socket 31 should be left empty.
Three metal rods
are shifted down in order to keep the plugs in place.
The plug-block is now ready for use.
|
|
|
The plug-block is then installed into the
large socket at the center of
the front panel, and is kept in place by a
metal bracket with a
lock.
The daily key is now loaded and the TEMPEST door can be closed again.
The machine is now ready for use. Whilst the machine is in use, a second
(spare) plug-block can be wired up for the next day's key, so it can
be swapped in just a few seconds.
Note that the patch cables are wired straight through (i.e. 1-to-1
and not cross-connected like on the
Enigma-I).
This version of the machine is compatible with the earlier
wire-cord version.
When the machine was installed nearby the teleprinter, the
black control panel
at the lower edge of the front was used to control its operation.
In some cases, when the machine was installed in another room or in a
19" rack, the external
KWX-7 Remote Control Unit (RCU) was used.
|
This was the initial version of the KW-7, which can be recognised by a flat
(i.e. non-bulged) front door. In principle, the later
plug-block and card-reader
versions are identical, but are extended with the extra facilities that are
plugged straight into the existing sockets. If you look closely at the
plug-block version above, you will see that the
plug-block assembly is
actually a separate metal panel that is bolted onto the front of the machine,
mounted over the existing plug sockets.
|
The plug-block assembly can easily be removed by taking out five bolts
along the edges. The assembly can now be tilted forward as shown
in the image, exposing the
original plug sockets.
The are four groups of sockets: two at the upper half and two at the lower
half. The upper two sections are marked 1-31, whilst the lower two sections
are marked 1-30. Short patch cables were then connected between the lower
sockets (1-30) and the upper sockets (1-30) as per key list.
Each patch cable had two wires and was
terminated with a coaxial plug at either end.
|
|
|
Once all 30 patch cables had been installed
according to the daily key, the machine was ready for use and the front door
had to be closed again, which could be quite cumbersome with all the patch
cables being strangled, which is why setting the key was also known as
basket weaving.
Note that socket 31, at the upper half, remained unsused.
The machine was compatible with the later plug-block version.
According to some former users, there might have been two variants:
one with plugs at either end of each patch cable, and
one where the patch cables were fitted permanently at the lower half [11].
It is believed that most wire-cord machines were eventually
converted to plug-block versions, by mounting the
plug-board assembly and fitting a new door.
|
|
Card-reader version
KWX-10
|
|
|
Although the plug-block had great advantages over the original plug board,
and allowed quick swapping of the keys at midnight, it was still prone to
mistakes. According to some users, wiring errors frequently caused the
key to be wrong, causing long delays before getting it going again.
|
For this reason, a third variant was introduced, that had a card-reader
at the front instead of the plug-block.
A date-coded card was installed into the card-reader
and the machine was ready to go. As the cards were supplied readily punched,
this ruled out any operator mistakes.
The reader was known as the KWX-10 extension
and the complete machine was identified as the KW-7/TSEC with TSEC/KWX-10.
Like with the plug-block version, existing machines could be converted by
swapping the assembly and replacing the door by one with a larger bulge. 1
|
|
|
The holes in the card reader were read by means of a soft silicone pad infused
with ferrite [20].
The exact operation of the card reader is currently unknown, but according
to some reports the card reader allowed more permutations than the plug-block,
making it potentially more secure, but incompatible with the earlier
versions of the machine [11]. Can someone confirm this?
|
-
Although the card-reader had many advantages over the plug-block,
not all machines were converted. Within NATO, many customers kept
using the plug-block version.
|
CORRECTION, 28 July 2022 —
In an earlier version of this page, it was stated that the card was cut in half
as soon as the door was closed, so that it could not be resused.
This was based on the recollections of a former user.
Another user has meanwhile pointed out that this is not correct, and
that he was probably confusing the KW-7 with the KW-26 (used at the same time)
of which the card was cut in half when the door was closed [20].
Although generally speaking only a couple of KW-7 machines would be installed
on a single ship, the naval communications centers that were responsible for
the ship-to-shore traffic, had large rooms full of them, all linked to
teleprinters, punchers and readers elsewhere in the building.
|
As an example, the image on the right shows the CRYPTO room of
NAVCOMMSTA in Stockton (CA, USA). In the image we see at least fourty KW-7
machines of the plug-block variant, mounted in an array of
19" racks, each holding four of them.
NAVCOMMSTA Stockton was part of the
Naval Computer and Telecommunications System (NCTS)
and was responsible for maintaining communications for command, operational
control, and support of administrative functions within the Department
of the Navy (DoN). It was an active 3rd Echelon shore command unit [15].
|
|
|
When examining the above photograph more closely, it becomes evident that
there is another array of KW-7 machines at the right hand side of the room
as well. This means that the room probably accomodated 80 such machines,
or even more. Try to imagine how much power they must have used and how
much heat was produced by them. It required special air conditioning.
|
In the above image a vertical 2U-space is clearly visible between
each of the four machines in a single rack, to provide sufficient
ventilation.
The image on the right shows the rear side of the above array of KW-7 units.
In this case, each machine is fitted inside a KWX-11 rackmount slide frame,
that allows it to be pulled forward without breaking
any of the existing connections at the rear. The machine is wired to the
slide-out frame by means of flexible cables, whilst the KWX-11 frame is
permanently wired to the facility's red/black signal distribution frames.
|
|
|
The use of slide-out assemblies greatly improved the serviceability of
the machines, as they could be pulled forward, opened and repaired without
physically removing them from the rack.
|
An alternative to the KWX-11 rackmount slide-frame, was the KWF-1 which
had a similar function. The image on the right shows a KW-7 mounted inside
a KWF-1 frame at the top of the leftmost 19" rack. Click it for a better view.
|
|
|
When I was stationed at Kagnew station in 1968 and 1969, the card reader version
was already in use. Part of my job was to keep a good supply of cards on hand
as we had a number of them. To setup a connection, corresponding cards (i.e.
identical cards) had to be put in at both ends.
When the door was closed, it automatically cut the card in half, 1 so that it
could not be reused. If sync was lost, the next card in the series had to be
used at both ends, so we wound up going through quite a few cards.
I also remember a case of a guy who sent a machine back to the states with the
card still in it. This was an ASA facility, and we were also using the
card version in Korea in 1970.
|
-
He is probably confusing the KW-7 with the KW-26. Only the KW-26 had a
card cutter.
|
I was in the Air Force and was trained as a 306x0 Cryptographic and Electronic
Technician in 1985. The KW-7 card reader used a soft silicone pad infused with
ferrite to read the holes in the card, but the cards were not cut.
The only machine to use a card cutter was the KW-26, a much older and
tube driven teletype encryption machine.
I was stationed at Clark AB in the Philippines, where we had many KW-7's
and KW-26's that we maintained.
|
Part
|
Description
|
NSN
|
|
TSEC/KW-7
|
Main KW-7 cipher machine
|
?
|
KWK-7/TSEC
|
Plug-block
|
?
|
KWX-7/TSEC
|
Remote control unit
|
?
|
KWX-8/TSEC
|
Remote Phasing Unit
|
?
|
KWX-10/TSEC
|
Card reader
|
NSN 5810-00-998-5760
|
KWX-11/TSEC
|
Rackmount slide frame
|
?
|
KWF-1
|
Slide mount
|
?
|
KWL-4A
|
Loop adapter
|
?
|
KWQ-8
|
KW-7 spare parts for KW-7
|
?
|
ONO 8757
|
Stop switch
|
?
|
|
This section discusses the operating principle of the KW-7 and in
particular the key generator that drives its cryptographic algorithm.
Although the algorithm was initially classified, most of it can be
reconstructed from the description in the
Repair and Maintenance Instructions Volume I
that was declassified in 2009 and published in 2021 [C].
|
The KW-7 uses two cryptographic KEYs:
|
- Basic Key
This is the Basic Key that is set with the 30-patch cables
behind the front door of the machine, or with the punched card
in case a card reader is present. As it was usually changed only
once a day, the Basic Key is also known as the Daily Key.
- Message Key
This is a unique key for each message, that was randomly generated.
It is used to prevent multiple messages being sent on the same Basic Key
only, which would allow an eavesdropper to break the cipher more
easily. There are indications that the Message Key is generated by
means of a noisy diode, which means that it is truely random.
|
Some hints can be found in David Boak's internal NSA lectures of 1966,
that were declassified by NSA in 2015 [12 p.50].
According to Boak, the KW-7 uses the same Fibonacci principle as the
KW-26,
but that an extra random stream, created by a noisy diode,
was added to the key at the start of each message, thereby generating
a unique and truely random message key.
It is currently unknown how the other side was informed of the
message key, but this may have been done as part of the preamble
that was sent at the beginning of each message. It is also possible
however, that the system was self-synchronising (autoclave), which
would explain why some users have reported that they had to send
a synchronisation stream of arbitrary length.
In the latter case a random stream of characters of a certain
minimum length would be sent until the LFSRs at both sides were
in the same state (i.e. synchronised). Something like this:
In any case, the KW-7 did not have traffic flow security (TFS),
which means that it didn't send any data when there was no message to
be sent. Before sending out the next message, the user first had to send
out a synchronisation sequence, by pressing the SEND button 'for some time'.
Some former users have indicated the use of a rubber band [11],
or a BIC ballpoint cap [16],
to keep the SEND button depressed between two messages.
This kept the machines in-sync and also obscured the beginning and the end
of the actual message from a potential eavesdropper.
Again, this might indicate that the machine was a self-synchronising autoclave.
Although not intended, this is a way of adding
traffic flow security (TFS) to the system.
|
It is known that the KW-7 is a stream cipher and that it has to be synchronised
at the start of each message by means of a preamble.
Although its cryptographic algorithm has not been published as such,
there are a few hints that can be found
in declassified NSA material, such as the damage assessment
after the Pueblo incident [8],
where it is described on page 12 as:
|
...the tetrahedral key combining logic and Fibonacci shift register stages...
This indicates that the machine uses a Pseudo Random Number Generator (PRNG)
to generate the key stream, and that this PRNG consists of at least one
Fibonacci Linear Shift Register (LFSR) [13],
of which the behaviour can be controlled by key combining logic.
It is likely that some element of non-linearity was used,
as this would make the system more resistant to cryptanalytic attacks.
In this type of encryption system, the initial state of the LFSRs is
generally derived from the KEY.
|
Detailed information about the operation of the KW-7 and in particular
its key generator, can be found in the
Repair and Maintenance Instructions Volume I
that was declassified in 2009 and published in 2021 [C].
On page 163 of this manual is a barely readable block diagram of the
Key Generator, but based on the verbal description of the circuits
(page 155-165), John Savard was able to reconstruct the circuit diagram
with reasonable certainty [19]. The result is shown here:
At the top is the primary key generator which consists of an LFSR of
length 39, with an additional tap at position 35. The outputs of the first
31 stages are available on the patch panel. Also on the patch
panel are the 6 inputs of the 5 combining logic circuits (i.e. 30).
The patch panel is used to connect the 30 inputs of the combining logic
circuits to the 31 outputs of the LFSR in a scrambled order (leaving one
socket unpopulated), as per cipher instructions.
This is the basic key.
|
In the above diagram, the red blocks represent the five
combining logic sub-circuits, which are in fact 6-to-1 functions.
Each combining logic takes 6 lines from the patch panel and combines them
into a single line, of which the state depends on the states of the 6
individual inputs. There are two types, denoted A and B,
differing only in the placing of the inverters of the AND inputs:
In the above diagrams, six of the inputs of the triple-input AND-gates
are inverted. This is represented here by white circles. In reality,
these inputs are connected directly to the Q outputs of the
corresponding JK flip-flops inside the LFSR. This is possible because
each patch cable on the plugboard contains two wires: one for the Q and
one for the Q output of the LFSR-stage.
Note that the 4-input OR-gates (shown in blue) are not actually present.
In reality, the four outputs of the 3-input NAND gates are interconnected
to form a wired-OR. Move the mouse over the image to see how.
In the circuit digrams, this wired-OR occurs in many places [D].
|
At the bottom right of the Key Generator circuit
is the Auto Key circuit. It consists of a 5-stage LFSR and a Combining
Logic that is very similar (but not identical) to Combining Logic circuits
of the main LFSR (type A/B). The Auto Key LFSR steps under control
of the A Key Drive signal, and is only effective on the 5 data bits
of each character. This part forms a self-synchronising autoclave with
ciphertext feedback (CFB).
|
Also at the bottom right of the Key Generator
is the Mixer, which adds the current key stream bit to one bit of the
plaintext by means of a modulo-2 addition, also known as exclusive-OR,
or XOR. This results in one bit of ciphertext.
Several XOR circuits are used to combine the signals.
Note that the XOR and NXOR gates — there are quite a
few — are constructed from NOR-gates in varying arrangements, as a result of
which they may be difficult to recognise in the original circuit diagrams [D].
The different arangements are explained in
Volume I of the Repair and Maintenance Instructions
[C p. 221]. Note that NOR-gates are also used as
inverters (inputs interconnected), and that the outputs of some
NOR-gates are interconnected to form a wired-OR as shown here:
|
The device was designed for handling serial data in the 5-bit
ITA-2 (CCITT-2) telegraphy standard (TTY).
This means that each character is handled
one bit at a time, including the start and stop bits. The folowing clock
pulses play a major role in this circuit:
|
- KG DRIVE
Generated for all bits of a character, including the start and stop bits.
- A KEY DRIVE
Generated only for the 5 data bits of a character.
- F DRIVE
This clock signal is derived from the KG DRIVE in combination with
the outputs of the last two Combining Logic circuits
(the S and T signals).
It is used to clock the 39-stage LFSR.
|
During its lifetime, KW-7 was compromised several times.
Based on publicly available research [1],
it seems most probable that the Russians were able to break and read
messages encrypted with a number of high-level US cipher machines,
including the KL-7,
the KL-47
and the KW-7.
|
The most famous spying case
is that of John Anthony Walker, born 1937,
who worked for the US Navy and successfully spied for the
Russians for nearly 17 years [2].
Walker joined the US Navy in 1955 and started spying for the Soviets in
December 1967, when he had financial difficulties [3].
|
From that moment, until his retirement from the navy in 1983,
he supplied the Russians with the key lists and other critical cipher
material of the KL-47,
the KW-7 and other encryption systems.
For his information he received several thousand dollars from the Soviets
each month. In 1969 he began searching for assistance and befriended
Jerry Whitworth, a student who would become a Senior Petty Officer
in the US Navy.
In 1973, he was able to enlist Whitworth in his spy-ring.
In 1976, Walker left the Navy to become a Private Investigator (PI) but kept
spying for the Russians. By 1984, he had enlisted his son Michael and his
older brother Arthur, who kept the endless flow of classified documents going
for another year.
He also tried to recruit his youngest daughter who had started to work
for the US Army, but this attempt failed when she became pregnant and
abandoned her military career.
By that time, his wife Barbara had already left him after a
history of physical abuse and alcohol [3].
The two were divorced and he had to pay alimony.
|
|
|
When he refused to pay alimony in 1985, she tipped-off the FBI,
which eventually led to Walker's arrest.
After his arrest, Walker cooperated with the authorities
and made a plea bargain in order to lower the sentence of his son Michael.
Suffering from Diabetes and throat cancer,
Walker died in prison on 28 August 2014.
His son Michael was released on parole in February 2000.
According to Walker's KGB handler Boris Solomatin, John Walker and
Jerry Whitworth provided the KGB with the technical drawings that
allowed them to construct a working replica of the KW-7 and other
machines. Walker admitted to the FBI that they had done this [10].
There are also indications that Walker's spying activities induced
the capture of the USS Pueblo
(see below) [1].
|
Among the documents that John Walker
supplied to the Russians on his
first contact in December 1967, were detailed descriptions of the KW-7,
along with active key lists. According to former
KGB general
Oleg Kalugin, the Russians wanted to get access to the actual machine
and asked the North Koreans to capture the USS Pueblo; an American
intelligence gathering ship or spy ship [7].
|
At that time, the USS Pueblo was operating in the waters off the
North Korean coast, 1 disguised as an environmental research vessel.
The boat was captured by North Korean forces on 23 January 1968
along with its 83 crew members, one of whom, Duane Hodges,
was killed in the attack.
Aboard the spy ship was a wealth of operational cipher machines
and active crypto key material, some of which was destroyed by the crew
before they were boarded by the North Koreans. Of the two KW-7 machines
in the CRYPTO room, one was believed to be destroyed beyond repair.
|
|
|
From the other machine, the circuit boards had been removed and were
smashed against the far wall, but the crew doubted that this had damaged
them. As the ship was already being boarded by the North Koreans at
that time, there was no time to fully carry out the destruction orders.
In a damage assessment that was carried out in February 1969 [8],
the US Navy assumed that the North Koreans had been able to get the second
KW-7 working again, and that they had shared their knowledge with the USSR
(i.e. the Russians). This was thought not to be a COMSEC problem, as
the KW-7 was designed as a tactical forward cipher machine that could fall
into enemy hands. Although it would give the enemy a good insight of the
cryptographic abilities of the Americans, it could not be used to break
any messages as long as they did not have access to the keys [8].
Unknown to the Americans at the time however, John Walker
had been supplying KW-7 key lists to the Russians
and kept doing so until his retirement from the Navy in 1983,
after which the flow of classified material was kept
going by his son Michael and his brother Arthur. With the capture of
the actual machine and the continuing supply of
key material, the
Russians were able to read sensitive US traffic for many years.
It is believed that the intelligence derived from this was shared
with the North Koreans, which gave them advance warnings of any US B-52
bombing raids. 2
➤ More about the USS Pueblo
|
|
-
According to the North Koreans, the Pueblo had entered Korean waters
illegally several times, but the US maintains that the ship was
in international waters at the time of the incident.
-
This is contradicted by some sources that state that Walker only provided
the Russians with keys that were at least two months old and were supposed
to have been destroyed. Furthermore, intact KW-7 machines had been lost
before in Vietnam, and had almost certainly landed with the Russians [9].
|
US Embassies all over the world used KW-7 and other cipher machines
for secure communication with its Home Office. Cipher
personnel were trained in the operation of the KW-7, but also in its
demolition, should that ever be necessary. They were instructed not to
let any working machines fall into enemy hands, and had to destroy
all critical components in such an event.
Following the Iranian Revolution, after which Persia
became an Islamic Republic on 1 April 1979 [4],
a group of angry students supporting the revoluton,
raided the US Embassy in Tehran (Iran) on 4 November 1979,
taking 52 of the Embassy staff hostage for more than a year.
As the raid came rather unexpectedly, communications personnel
had to rush in order to get all crypto gear destroyed in time.
The image above shows part of the communications room in the embassy,
with a KW-7 unit clearly visible at the front. It has been pulled
out of the 19" rack, the top has been removed and the critical
cipher boards have been taken out and destroyed.
At the right, on the floor, are the destructed key card readers
of the KW-7.
In the same way, all technical documentation and key lists had to
be destroyed as well. In this case, no critical components fell into
enemy hands and the KW-7 was not compromised. Eventually, after
long negotiations, the hostages were released on 20 January 1981,
after being held for 444 days [5].
|
Although there is no direct proof that confirms that the Russians were
able to break the KW-7 cipher, there is sufficient circumstantial evidence
to suggest that they did. In her 2001 thesis, Major Laura Heath comes to
this conclusion after weighting all publicly available evidence [1].
The Russians got interested in the KW-7 after receiving valuable documents
from American spy John Walker in December 1967, and possibly some time
before that, after receiving documents from his brother Arthur [1].
Although Walker provided the Russians with service manuals and key
lists, he could not give them the actual machines. Eventually, they
obtained a working KW-7 after the North Korean forces had captured the
USS Pueblo, and were able to complete the puzzle.
In the beginning of his contacts with the Soviets in December 1967,
the Russians were pushing Walker to deliver key material to them on
a regular basis, which was probably every two or three months.
But that changed in 1970,
when his handlers began pushing him to hand off his material less frequently.
This could indicate that, after two years of studying the documents and
the captured KW-7 device(s) they were able to read (part of) the traffic
without having the keys, or that they had meanwhile found another source
for keys material.
Although the US probably modified the KW-7 after the Pueblo Incident,
and possibly also after other incidents, Walker would have received any
Modification Work Orders (MWO) and passed them on to the Soviets.
This enabled the Russians to reverse engineer any new KW-7 variant
that was release, and examine its design for possible – exploitable – flaws [1].
|
The KW-7 could be powered from any mains AC source with a voltage of
115 or 230V AC, 50/60Hz. A suitable cable for this was supplied with the
machine and should be connected at the rear to the 4-pin socket marked
AC POWER.
The image on the right shows an example of a suitable mains cable
that is fitted with a mains wall plug for continental Europe.
Note that the voltage selector at the rear panel has to be set
to the correct voltage.
|
|
|
The machine could also be powered by a 24V DC source, such as the battery
of a (military) vehicle, selectable by a switch at the front panel.
A suitable cable for this was supplied with the machine
and should be connected at the rear to the 4-pin socket marked 24 VDC.
The image on the right shows an example of such a cable, which ends in a
rather uncommon vehicle plug.
|
|
|
The KW-7 could also be powered directly from a car battery, by using the
adapter shown here. It consists of two clamps that should be mounted to the
(+) and (-) terminals of the battery, and a socket that accepts the 24V
cable shown above.
|
|
|
As the KW-7 was intended for the encryption and decription of teleprinter
signals, it was inserted between a regular teleprinter and the line to the
teleprinter exchange (i.e. telex line).
The cable shown here was used to connect the machine to the external telex
line. It is provided here with a 4-contact circular plug, known as a
Walzenstecker or ADoS ZB 27.
|
|
|
This small breakout box was usually connected to one pair of LOOP IN
and LOOP OUT sockets at the rear. It allows a teleprinter unit (telex)
with a Walzenstecker or an 8-pin ADo 8 plug,
to be connected directly to the KW-7.
The circular Walzenstecker was used in the early days of the telex,
whilst the 8-pin ADo 8 plug became the defacto standard in Europe in later
years. The box is suitable for both standards.
|
|
|
|
Remote Control Unit
KWX-7
|
|
|
Althoug the KW-7 can be controlled completely from its front panel,
the machine was often mounted in a 19" rack, together with other
equipment, or even in a different room. In order to control the
machine from the terminal (teletype), a separate remote control
box was used.
The image on the right shows a KWX-7/TSEC remote control panel.
It connects to the KW-7 by means of a thick 32-pin cable and has
the same controls and connections 1 as the device itself.
Note that this box can only be used when the MODE selector on the
control panel of the KW-7 itself is set to REMOTE.
|
|
|
-
All connections, with the exception of the power sockets,
are available on the remote control unit.
|
|
Remote phasing unit
KWX-8
|
|
|
When connecting two KW-7 units, they had to be synchronized prior to
transmission, using a so-called phasing signal, which could be enabled with
the KWX-8 phasing unit shown on the right.
The device looks similar to the KWX-7 – with fewer controls – and was usually
mounted above the teletype equipment, as shown in
this image.
➤ KWX-8 operating procedure
➤ Technical drawings
|
|
|
In Europe, Each KW-7 machine was supplied with a
small aluminium box with
spare parts and supplies, such as spare lamps, fuses, lamp caps,
dummy connectors,
spare wires
and tools.
Below is a complete list of the items that were present in the
European version of the spare parts box. Note the five sheets
of self-adhesives with the numbers 1 to 30 on them. They could
be used to mark one of the unnumbered patch cables when it was
used as a replacement for a broken one.
|
|
|
Qty
|
Description
|
Part No
|
|
1
|
Dummy, connector, plug (female)
|
0N008082
|
1
|
Dummy, connector, plug (male)
|
0N008083
|
2
|
Lamp type 345
|
0N008392
|
1
|
Lens, indicator light 'send'
|
0N008399-1
|
1
|
Lens, indicator light 'break'
|
0N008399-2
|
5
|
Markers (self-adhesive labels 1-30)
|
0N008736
|
5
|
Cable assembly (spare)
|
0N008739-31
|
1
|
Tine, expander
|
0N008811
|
1
|
Tool, maintenance
|
0N008820
|
20
|
Guide, contact
|
0N008842
|
20
|
Clip, retaining
|
0N008859
|
5
|
Fuse, 2A (30 mm)
|
MS 90078-11-1
|
5
|
Fuse, 5A (30 mm)
|
MS 90078-14-1
|
|
The KW-7 consists of two parts: a Power Supply Unit (PSU) at the rear right and
the actual cipher machine which is housed in an L-shaped body. The interior can
be accessed by removing the L-shaped top cover, after which 14 plug-in circuit
boards and the clock unit become visible.
The diagram above shows the interior of the KW-7 as seen from the top after
the top cover has been removed. At the rear right is the removable PSU that
can be swapped for an alternative one, allowing the machine to be used
virtually anywhere in the world. At the rear left is the connection panel,
with a small grey unit
(the temperature compensated 1 MHz clock)
mounted in front of it.
|
The rest of the space is taken by the 14 plug-in cards that hold the crypto
logic, the key stream generator and the combining logic. Some boards are marked
with red labels marked with the text:
CONFIDENTIAL - XGDS-2 COMSEC
These boards contain the secret crypto logic and are the first ones to be
removed and destroyed when security is compromised. Note that the
two frontmost boards can only be extracted after all plugs are removed
from the plugboard, which is also mandatory in case of a compromise.
|
|
|
All other boards have black labels. They hold the less secret logic.
These boards should also be destroyed when the machine is
compromised, but with a lower priority than the red ones.
Each board has 16 horizontally aligned test points that are accessible
from the top of the machine.
|
Each board holds a series of large integrated building blocks that can be
regarded as the forerunners of the Integrated Circuit (IC).
They are known as FLYBALL Modules, each of which
contains a digital function, such as an AND,
OR or XOR circuit, identified by a unique colour.
As an example, the image on the right shows the E-AJV board that is populated
with yellow, blue, orange, green and red LEGO-style circuit blocks.
The contents of the blocks is currently unknown and the ONO-numbers on their
body show that they are uncommon custom-built OEM-parts.
|
|
|
Some of the boards hold other parts as well, such as a relay, a diode
or a switch. The boards themselves are high-quality double-sided pre-tinned
epoxy PCBs, each of which is slotted into a socket at the bottom of the
machine and locked by two metal retaining brackets at the top.
|
In the late 1980s, the E-AJM board of the KW-7 machine shown here was replaced
by a modern alternative that was manufactured in Germany in December 1987.
Rather than the LEGO-style building blocks, it contains standard Motorola
CMOS ICs like the MC14015 and the MC14025, which provide a nearly identical
functionality.
Contrary to the earlier boards, the replacement PCB does not provide the
16 test points along the edge of the PCB (under the metal bracket).
Furthermore, its label is black, but is
marked COMSEC just like the boards with the red labels.
|
|
|
Apparently, the replacement boards were drop-in replacements for the existing
boards that were no longer available, as production of the brightly coloured
circuit blocks had meanswhile been discontinued.
It is also possible that the new board was issued as part of a field
upgrade as a result of a compromise.
The replacement boards effectively gave the machine an extended life.
|
Of the 14 plug-in cards, 12 can be extracted easily, simply moving the metal
levers at the top of each board sideways. The two cards at the front
are a little bit more difficult to remove as they hold the
plugboard sockets.
They can only be extracted after all plugs have been removed.
For the original plugboard version that was a simple job, for the two other
versions, which were far more common, this involved
removing the plug-block or card-reader sub-assembly and its cabling.
The image on the right shows the
first two cards, A1 and A2, still in place.
|
|
|
In practice, these two board were often left behind
in the machine after a security compromise, simply because it took to much
time. Nevertheless, the boards are marked CONFIDENTIAL,
as they contain the secret tetrahedral key combining logic
and the Fibonacci shift register stages [8].
|
At the bottom of the machine is the backplane, its wiring and a removable
teletype interface (TTY). The bottom can be accessed by removing all screws
from the bottom panel and taking it away.
This exposes the wiring
of the front panel and the wiring of the remote panel connector.
At the center of the bottom section
is the sub-assembly that holds
the TTY interface. It is held in place by five recessed screws and
connects to the wiring of the machine via a
25-way D-sub connector at its
rear right. The image on the right shows the
partly removed TTY interface.
|
|
|
The fact that the TTY interface is easily removable, make the machine more
service friendly. Note the
two cylindrical teleprinter relays at the left.
They are the only mechanical parts in the machine and may have to be serviced
or replaced at some point. This was done, either by replacing the entire
TTY interface, or by opening the individual relays and cleaning its contacts.
Once the TTY interface is removed, the bottom side
of the backplane is exposed
along with its wiring.
➤ More about the FLYBALL modules
|
According to former users, the KW-7 was a reliable machine with very few
electronic problems, and an extremely robust power supply unit (PSU).
The only 'problems' that were frequently faced were broken contacts and wires
on the plug-block, generally caused by (mis)handling them.
|
The other problem was caused by the only two (electro)mechanical components
in the machine: the TTY relays.
These relays are responsible for switching the line current ON and OFF
in order to send digital data as a stream of 1s and 0s.
The relays are part of the TTY interface at the bottom of the machine.
Getting access to them was quite a bit of work, as it involved removing
the bottom panel, removing the TTY interface and finally
removing the two relays.
The image on the right shows the two relays mounted in a bracket that is
part of the TTY sub-assembly.
|
|
|
Although the relays were not easily accessible, and were not supposed to
be dismantled, it would pay off to clean their contacts regularly in order
to avoid data loss. At some point, a small device with a cathode ray
tube (CRT) was introduced to test the relays. Whilst driving the relays
with a multivibrator, the CRT was used to check the quality of the signal.
Dirty contacts would appear on the screen as 'noise', indicating that the
contact had to be cleaned. This was generally done with a piece of
perforated tape, sprayed with contact cleaner, that was moved between
the contacts.
On machines where the SEND button was permanently engaged by means of
a rubber band
or a BIC ballpoint cap, in order to keep it synchronised
between data sessions, the problem of the relay contacts would appear more
often, as these machines were continuously sending data.
|
The KW-7 has 14 circuit boards or plug-in cards
that are slotted from the top of the machine into a so-called
backplane at the bottom. Each card is
composed from a different arrangement of the FLYBALL modules
shown above. Although the function of each board is currently unknown,
there are unique markings on each of them, which we have listed in the
table below. Any help with the identification of the cards and
their function would be much appreciated. → contact us
The two cards that are closest to the front of the machine are the
1A1 and 1A2 boards. They are marked as confidential and should be
removed in case of a compromised, but as the plugs of the plugboard are
slotted directly into these cards they are difficult to remove.
In the Pueblo Incident, these cards were left behind
in the machine. According to the damage assessment, these
boards contain the tetrahedral key combining logic and the Fibonacci
shift register stages [8].
|
ID 1
|
PCB 2
|
Part No
|
Cnf 3
|
Description
|
|
E-AJJ
|
A2
|
0N007901
|
✔
|
Plugboard, key combining logic, Fibonacci shift registers
|
E-AJK
|
A1
|
0N007902
|
✔
|
Plugboard, key combining logic, Fibonacci shift registers
|
E-AJL
|
A4
|
0N007903
|
✔
|
?
|
E-AKM
|
A3
|
0N007904
|
✔
|
?
|
E-AJN
|
A6
|
0N007905
|
-
|
?
|
E-AJO
|
A5
|
0N007906
|
✔
|
Board with relay and diode
|
E-AJP
|
A8
|
0N007907
|
-
|
?
|
E-AJQ
|
A7
|
0N007908
|
-
|
?
|
E-AJR
|
A10
|
0N007909
|
-
|
?
|
E-AJS
|
A9
|
0N007910
|
-
|
?
|
E-AJT
|
A12
|
0N007911
|
-
|
?
|
E-AJU
|
A11
|
0N007912
|
-
|
?
|
E-AJV
|
A14
|
0N007913
|
✔
|
Board with 20/60 switch and 2 metal modules
|
E-AJW
|
A13
|
0N007914
|
-
|
?
|
-
|
A15
|
0N040927
|
-
|
Backplane (bottom)
|
E-AJX
|
-
|
?
|
-
|
PSU, 115/230V AC
|
E-AJY
|
-
|
?
|
-
|
1 MHz clock oscillator with oven
|
E-BAT
|
-
|
0N142777
|
-
|
TTY board (bottom)
|
|
-
This is the ID number printed on the label, and aside the card slot.
-
The is the number printed on the underside of the PCB.
-
When ticked, this board is marked as CONFIDENTIAL.
|
The KW-7 can be powered from a 24V DC source, such as the battery of
a vehicle, or directly from the AC mains. In order to be able to use the
machine anywhere in the world, the Power Supply Unit (PSU) is a separate
block that is installed in a cut-out space at the rear right.
Initially, the KW-7 was supplied with a 110V/60Hz AC PSU that was suitable
for use in the USA and other countries with 110V mains. When the machine
was also used in Europe, as one of the main NATO cipher machines, it was
usually supplied with an external step-down transformer, that converted
220V to 110V. The PSU was later replaced by a universal one that was
suitable for both 115V and 230V. A switch at the rear panel of the KW-7
allows selection between the two.
KW-7 units used by the US Air Force, were supplied with a 115V/400 Hz
AC PSU that could be connected directly of the 115V power network
aboard airplanes. For repair and serviceing, the Air Force workshops used
a motor-generator setup that provided the 115V at 400 Hz for work
on the KW-7 on the benchtop, without the need for an additional power
converter [21].
In operation, the machine could be powered either by the AC mains, or
by a 24V DC source, or both. The POWER switch at the
front panel is then
used to select between the two sources, with a green indicator lamp
being lit when the machine is operational. If only one power source
is connected, this switch acts as the ON/OFF switch.
According to most former users and service engineers, the PSU was of very
good quality. Most of them never had to replace a faulty one [11].
|
All connections to KW-7 are at the rear side of the machine.
At present, most of the connections are unknown, but we hope
to be able to complete the diagrams below in due course.
Any help would be much appreciated. If you have additional
information, please contact us.
The pin-out is given when looking into the sockets from
the rear of the machine.
|
Information about this socket is conflicting.
According to some documents [F], the current loop is at pins C and D
rather than pins B and C, but these documents show a different layout
of the rear panel of the KW-7.
|
- GND
- Current loop (a) - via 270 ohm
- Current loop (b)
- n.c.
- n.c.
- n.c.
|
|
In most installations, a loop wire is installed between B and C.
|
- GND
- Current loop (a) - via 270 ohm
- Current loop (b)
- n.c.
- n.c.
- n.c.
|
|
Information about this socket is conflicting.
According to some documents [F], the current loop is at pins C and D
rather than pins B and C, but these documents show a different layout
of the rear panel of the KW-7.
|
- GND
- Current loop (a)
- Current loop (b)
- n.c.
- n.c.
- n.c.
|
|
In most installations, a loop wire is installed between B and C.
|
- GND
- Current loop (a)
- Current loop (b)
- n.c.
- n.c.
- n.c.
|
|
- GND
- Step
- Step
- Bridge to E
- Bridge to D
- -
|
|
We are still looking for the following items:
|
- 32-wire cable for connection between KW-7 and the remote control unit (KWX-7).
- Any documentation for the KW-7, such as the manuals marked in red below.
- Stories about using the KW-7.
|
|
-
Document retrieved October 2016 via
Nick England [17].
Reproduced here by kind permission.
Note that this document shows the layout of the connectors on the
KWF-1, which are different from the KW-7.
-
Document declassified by NSA on 30 March 2009 (E.O. 12958, FOIA 47709).
Obtained via Bill Neill and
scanned by Nick England
in March 2021. [17]. Reproduced here by kind permission.
-
Document retrieved March 2023 via
Nick England [17].
Reproduced here by kind permission.
|
- Laura H. Heath, Analysis of Systematic Security Weaknesses of the US Navy...
M.S., Georgia Institute of Technology, 2001.
Fort Leavensworth, Kansas (USA), 2005.
Thesis of Major Laura Heath, detailing how John Walker exploited weaknesses
in the US Navy Broadcasting System between 1967 and 1974.
- Pete Earley, Family of Spies: The John Walker Jr. Spy Case
TruTV website, crime library. Date unknown.
- Wikipedia, John Anthony Walker
Retrieved November 2010.
- Wikipedia, Iranian Revolution
Retrieved October 2013.
- Wikipedia, Iran hostage crisis
Retrieved October 2013.
- Russ Kick, The Memory Hole (website)
Author unknown. Retrieved October 2013 via WayBack Machine. 1
- Oleg Kalugin, Spymaster
2008. ISBN 1-85685-101-X.
- NSA, USS Pueblo, AGER-2, Section V, Cryptographic Damage Assessment
28 February 1968. 106 pages. 2
- Commander Bucher, The KW-7 and John Walker
23 February 2001. Obtained from the USS Pueblo Veteran's Association.
- Pete Earley, Boris Solomatin Interview
1995. Obtained from the USS Pueblo Veteran's Association.
- Jerry Proc and contributors, KW-7 (Orestes)
Retrieved October 2013.
- David G. Boak, A History of U.S. Communications Security
Fifth Lecture - KW-26, KW-37, CRIB, KW7. p. 50.
Lectures, 1966. Revised July 1973. 3
- Wikipedia, Linear feedback shift register
Retrieved May 2016.
- Anonymouse contributor, Photograph of CRYPTO room at NAVCOMMSTA Stockton
Retrieved May 2016 via Nick England [17]. Reproduced here by kind permission.
- Global Security, Military Facility Stockton
Retrieved May 2016.
- Jerry Kemp, Use of KW-7 at HQ PACAF
US Pacific Air Force HQ 1990-1993. Personal correspondence.
- Nick England (K4NYW), US Navy Crypto Equipment - 1950's-60's
May 2016, July 2021, March 2023.
- Ken Pflanz, Personal correspondence
May 2021.
- John Savard, The KW-7
Graphical reconstruction of the circuit diagram of the KW-7 key generator.
March 2022.
- Michael Teagarden, Personal correspondence
July 2022.
- Gary Crowell, Personal correspondence
Former USAF 306x0 at Elisworth AFB in 1972.
August 2023.
|
|
-
Website with lost US Government files obtained via the FOIA.
Active from 10 July 2002 until June 2009.
On-line again since June 2016.
➤ Wikipedia
-
Released by NSA on 14 September 2012, FOIA case 40722.
-
Declassified by Interagency Security Classification Appeals Panel
14 October 2015.
EO 13526, section 5.3(b)(3).
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Monday 09 May 2016. Last changed: Wednesday, 25 September 2024 - 20:42 CET.
|
|
|
|
|
| | |