Army advances new cryptographic technology, reducing burden on Soldiers
August 8, 2013
ABERDEEN PROVING GROUND, MD. (August 8, 2013) -- After successful evaluations of a new key management system used to support and manage encryption services, the U.S. Army is one step closer to establishing and fully integrating the framework for the next-generation Communications Security (COMSEC) infrastructure.
The Army Key Management Infrastructure (AKMI) System of Systems (SoS) replaces manual processes, stove-piped delivery and legacy equipment while offering key management modernization, interoperability and seamless delivery of secure information.
As Army modernization efforts continue to prepare the service for an uncertain and complex environment, KMI ensures mission command systems are secure by planning, distributing, managing and accounting for protected "keys" that are used in tactical and strategic communications.
KMI consists of core nodes that provide database storage, secure routing, key generation and management services centrally located at a National Security Agency (NSA) location. The nodes function in the background and the Army user has a single direct access point commonly called "the KMI Storefront" to simplify interface processes.
"KMI is meant to be a storefront, web-based delivery resulting in a more streamlined process, better performance and more efficient for the Soldier," said Eric Adair, the Army's Product Director for Key Management (PdD KM). "This is a much more dynamic system."
In cryptography, a "key" is a parameter that determines the functional output of a cryptographic algorithm or cipher. The algorithm would be useless without a key. In encryption, the key is the process of changing plaintext into cipher text, or vice versa during decryption.
Project Director (COMSEC), part of the Program Executive Office for Command, Control and Communications-Tactical (PEO C3T) and which PdD KM falls under, develops, manages and fields the hardware and software that secures the Army's tactical networks.
The overarching KMI program is led by the NSA with PdD KM procuring and fielding the capabilities for the Army. KMI is the first step in replacing the existing Electronic Key Management System (EKMS) with the more efficient KMI that will limit requirements for both physical products and manual delivery through user operated fill devices.
The AKMI SoS includes: the KMI Management Client (MGC) Node for COMSEC key accounting and distribution, the Joint Tactical Network Environment NetOps Toolkit (J-TNT) or Automated Communications Engineering Software (ACES) which provides the necessary Signal Operating Instructions (SOI) and radio planning data and the Simple Key Loader (SKL) fill device that delivers keys to the intended End Cryptographic Units (ECUs).
PdD KM recently conducted a successful demonstration for the Lab Based Risk Reduction (LBRR) as part of Network Integration Evaluation (NIE) 13.2. NIEs are a series of semi-annual evaluations designed to integrate and mature the Army's tactical network. As part of the NIE process, systems undergo intensive risk reduction and interoperability assessments in Army integration facilities at Aberdeen Proving Ground, Md.
The AKMI SoS demonstration during LBRR for NIE 13.2 included successfully generating the Adaptive Networking Wideband Waveform (ANW2) key and passing it from the KMI MGC Node through the J-TNT to a SKL and into multiple AN/PRC-117G radios to demonstrate secure communications. The demonstration showed the AN/PRC-117G could pass voice and data traffic back and forth, offering type 1 security. This end to end process, from the point of network planning through the generation and distribution process to the point of use, effectively demonstrated the fully integrated AKMI SoS concept and process.
This is an important step forward, Adair said, because the 117G is supporting Capability Set 13 (CS 13), which is being fielded to select Brigade Combat Teams (BCTs) and will provide mobile satellite and robust radio capability.
The successful LBRR demonstration moves the capability forward, with PdD KM implementing a pilot program to begin the training and fielding of AKMI MGC Node to validate implementation strategies and transition processes prior to full Army fielding.
"Because this is interoperable and is a system of systems, there's a lot to flesh out and the pilot program will ensure all our processes are good before we go live and field more than 425 accounts across the Army," said Adair.
The pilot program is planned to begin in February 2014 at seven U.S. locations.
Part of that process includes removing legacy equipment, equipping units with the latest mission/cryptonet planner for the system -- J-TNT or ACES - and ensuring the unit has the appropriate number and type of fill devices to support distribution operations and mission requirements. PdD KM will supply support representatives to assist the pilot sites through the process.
Next year, PdD KM will demonstrate that the AKMI SoS is able to provide "key" for additional radios and waveforms at NIE 14.2, with a full fielding of AKMI MGCs planned to begin in the fall of 2014.
"The evaluation, as a part of NIE 13.2, demonstrated that the NSA's KMI capability has been effectively implemented within the Army operational support structure," said Ralph Jordan, PdD KM Project Lead. "It was tested within our Capability Set design and tested down to the 117G radio."