The Electronic Key Management System (EKMS) system is an National Security Agency led program responsible for Communications Security ( COMSEC) key management, accounting and distribution. Specifically, EKMS generates and distributes electronic key materiel for all NSA encryption systems whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key materiel. Additionally, EKMS performs account registration, privilege management, ordering, distribution and accounting to direct the management and distribution of physical COMSEC materiel for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.1 Why was EKMS developed?
The primary reason for the development of EKMS centers on the security and logistics problems that plagued the COMSEC Materiel Control System (CMCS), which replaced the Registered Publications System (RPS) in the 1970s. The CMCS was a very labor-intensive operation that had been stretched to capacity. The most serious, immediate concern was the human threat associated with access to and exploitation of paper key throughout its life cycle. The disclosure of the Walker spy ring was clear justification of this concern. Although eliminating the majority of paper key will greatly reduce this human threat, the long-term goal of EKMS to minimize human access to key will not be realized until benign fill key is fully implemented. Benign fill permits the encrypted distribution of electronic keying material directly to the COMSEC device without human access to the key itself.
The need for joint interoperability led to the Defense Reorganization Act of 1986, under which the Joint Chiefs of Staff (JCS) tasked NSA, the Defense Information Systems Agency ( DISA), and the Joint Tactical Command, Control and Communications Agency (JTC3A) to develop a Key Management Goal Architecture (KMGA). Subsequent difficulties in coordinating COMSEC distribution and support during joint military operations, e.g., Desert Storm, Urgent Fury, and Operation Just Cause, have further emphasized the need for a system capable of interoperability between the Services.
2 Central Facility
EKMS starts with the Central Facility (CF), run by NSA, which provides a broad range of capabilities to the Services and other government agencies. The CF, also referred to as Tier 0, is the foundation of EKMS. Traditional paper-based key, and key for Secure Telephone Unit - Third Generation ( STU-III), STE, FNBDT, IridiumThe Iridium satellite constellation is a system of 66 active communication satellites and spares around the Earth. The system was originally to have 77 active satellites, and was named for the element iridium, which has atomic number 77. Iridium allows wo, Secure Data Network System (SDNS), and other electronic key are managed from an underground building in Finksburg, MarylandFinksburg is a small town in central Maryland. Trivia It is known to be the location of the NSAs EKMS Central Facility. which is capable of the following:
- processing orders for both physical and electronic key
- electronically generating and distributing key
- generating key material for FIREFLY (an NSA algorithm based on public key cryptography)
- performing seed conversion and rekey
- maintaining compromise recovery and management of FIREFLY material
- support for over-the-air rekeying (OTAR)
The CF talks to other EKMS elements through a variety of media, communication devices, and networks, either through direct distance dialing using STU-III (data mode) or dedicated link access using KG-84 s. During the transition to full electronic key, the 3.5-inch floppy disk and 9-track magnetic tape are also supported. A common user interface, the TCP/IP-based message service, is the primary method of communication with the CF. The message service permits EKMS elements to store EKMS messages that include electronic key for later retrieval by another EKMS element.
3 Tier 1
Under CMCS, each service maintained a central office of record (COR) that performed basic key and COMSEC management functions, such as key ordering, distribution, inventory control, etc. Under EKMS, each service operates its own key management system using EKMS Tier 1 software that supports physical and electronic key distribution, traditional electronic key generation, management of material distribution, ordering, and other related accounting and COR functions. Common Tier 1 is based on the U.S. Navy's key distribution system (NKDS) software developed by the Naval Research Laboratory and further developed by SAICScience Applications International Corporation (also known as SAIC) is the largest employee-owned research and engineering firm in the US. It was founded by Dr. Robert "Bob" Beyster in 1969 in La Jolla, California, as Science Applications Incorporated. in San Diego.
