A fill device or key loader is a module used to load

cryptographic keys A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key c ...

into electronic

encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...

machines. Fill devices are usually hand held and electronic ones are battery operated. Older mechanical encryption systems, such as

rotor machine In cryptography, a rotor machine is an electro-mechanical stream cipher device used for encrypting and decrypting messages. Rotor machines were the cryptographic state-of-the-art for much of the 20th century; they were in widespread use from ...

s, were keyed by setting the positions of wheels and plugs from a printed keying list. Electronic systems required some way to load the necessary cryptovariable data. In the 1950s and 1960s, systems such as the

U.S. The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 states and a federal capital district, Washington, D.C. The 48 contiguous ...

National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...

KW-26 The TSEC/KW-26, code named ROMULUS, was an encryption system used by the U.S. Government and, later, by NATO countries. It was developed in the 1950s by the National Security Agency (NSA) to secure fixed teleprinter circuits that operated 24 ho ...

and the

Soviet Union The Union of Soviet Socialist Republics. (USSR), commonly known as the Soviet Union, was a List of former transcontinental countries#Since 1700, transcontinental country that spanned much of Eurasia from 1922 until Dissolution of the Soviet ...

Fialka In cryptography, Fialka (M-125) is the name of a Cold War-era Soviet cipher machine. A rotor machine, the device uses 10 rotors, each with 30 contacts along with mechanical pins to control stepping. It also makes use of a punched card mechanism. ...

used

punched card A punched card (also punch card or punched-card) is a stiff paper-based medium used to store digital information via the presence or absence of holes in predefined positions. Developed over the 18th to 20th centuries, punched cards were widel ...

s for this purpose. Later

NSA encryption systems The National Security Agency took over responsibility for all US government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still Classified information in the United States, classified, but m ...

incorporated a

serial port A serial port is a serial communication Interface (computing), interface through which information transfers in or out sequentially one bit at a time. This is in contrast to a parallel port, which communicates multiple bits simultaneously in Pa ...

fill connector and developed several common fill devices (CFDs) that could be used with multiple systems. A CFD was plugged in when new keys were to be loaded. Newer

NSA The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...

systems allow "

over the air rekeying Over-the-air rekeying (OTAR) refers to transmitting or updating encryption keys (rekeying) in secure information systems by conveying the keys via encrypted electronic communication channels ("over the air"). It is also referred to as over-the-ai ...

" (OTAR), but a master key often must still be loaded using a fill device. NSA uses two serial protocols for key fill, DS-101 and DS-102. Both employ the same U-229 6-pin connector type used for U.S. military audio

handset A handset is a component of a telephone that a user holds to the ear and mouth to receive audio through the receiver and speak to the remote party using the built-in transmitter. In earlier telephones, the transmitter was mounted directly on ...

s, with the DS-101 being the newer of the two serial fill protocols. The DS-101 protocol can also be used to load cryptographic algorithms and software updates for crypto modules. Besides encryption devices, systems that can require key fill include

IFF In logic and related fields such as mathematics and philosophy, "if and only if" (often shortened as "iff") is paraphrased by the biconditional, a logical connective between statements. The biconditional is true in two cases, where either both ...

GPS The Global Positioning System (GPS) is a satellite-based hyperbolic navigation system owned by the United States Space Force and operated by Mission Delta 31. It is one of the global navigation satellite systems (GNSS) that provide geol ...

and

frequency hopping Frequency-hopping spread spectrum (FHSS) is a method of transmitting radio signals by rapidly changing the carrier frequency among many frequencies occupying a large spectral band. The changes are controlled by a code known to both transmitter ...

radios such as Have Quick and

SINCGARS Single Channel Ground and Airborne Radio System (SINCGARS) is a VHF combat network radio (CNR) used by U.S. and allied military forces. In the CNR network, the SINCGARS’ primary role is voice transmission between surface and airborne comman ...

. Common fill devices employed by NSA include: * Next Generation Load Device-Medium (NGLD-M) - replacement for the Simple Key Loader. *

AN/PYQ-10 The AN/PYQ-10 Simple Key Loader (SKL) is a ruggedized, portable, hand-held fill device, for securely receiving, storing, and transferring data between compatible cryptographic and communications equipment. The SKL was designed and built by Ralph ...

Simple Key Loader (SKL) - originated in 2006 as a replacement for the DTD. *

KIK-30 The KIK-30 "Really Simple Key loader" (RASKL) is a fill device made by Sypris Electronics and approved by the US National Security Agency for the distribution of NSA Type 1 cryptographic keys. It can also store and transfer related communications ...

, a more recent fill device, is trademarked as the "Really Simple Key Loader" (RASKL) with "single button key-squirt." It supports a wide variety of devices and keys. *KYK-28 pin gun used with the

NESTOR (encryption) NESTOR was a family of compatible, tactical, wideband secure voice systems developed by the U.S. National Security Agency and widely deployed during the Vietnam War (1955–1975) through the late Cold War period (1980s–1990s). NESTOR cons ...

system *

KYK-13 The KYK-13 Electronic Transfer Device is a common fill device designed by the United States National Security Agency for the transfer and loading of cryptographic keys with their corresponding check word. The KYK-13 is battery powered and uses the ...

Electronic Transfer Device *KYX-15 Net Control Device *MX-10579 ECCM Fill Device (

) *KOI-18

paper tape Five- and eight-hole wide punched paper tape Paper tape reader on the Harwell computer with a small piece of five-hole tape connected in a circle – creating a physical program loop Punched tape or perforated paper tape is a form of data st ...

reader. Can read 8-level paper or

PET A pet, or companion animal, is an animal kept primarily for a person's company or entertainment rather than as a working animal, livestock, or a laboratory animal. Popular pets are often considered to have attractive/ cute appearances, inte ...

tape, which is manually pulled through the reader slot by the operator. It is battery powered and has no internal storage, so it can load keys of different lengths, including the 128-bit keys used by more modern systems. The KOI-18 can also be used to load keys into other fill devices that do have internal storage, such as the

and AN/CYZ-10. The KOI-18 only supports the DS-102 interface. *AN/CYZ-10 Data Transfer Device (DTD) - a small PDA-like unit that can store up to 1000 keys, maintains an automatic internal

audit trail An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific ...

of all security-relevant events that can be uploaded to the LMD/KP, encrypts key for storage, and is programmable. It is capable of keying multiple information systems security (

INFOSEC Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...

) devices and is compatible with such

COMSEC Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. In the North Atlantic Treaty Organization c ...

equipment as

radios, KY-57 VINSON,

KG-84 The KG-84A and KG-84C are encryption devices developed by the U.S. National Security Agency (NSA) to ensure secure transmission of digital data. The KG-84C is a Dedicated Loop Encryption Device (DLED), and both devices are General-Purpose Telegra ...

, and others that are keyed by common fill devices (CFDs). The AN/CYZ-10 supports both the DS-101 and DS-102 interfaces. It was developed in the early 1990s, weighs about 4 lb (1.8 kg), and was designed to be fully compatible with future INFOSEC equipment meeting DS-101 signaling and benign fill standards. It will eventually replace the legacy family of CFDs, including the

, KYX-15 electronic storage devices, and the KOI-18

reader. Only the DTD and the KOI-18 support newer, 128-bit keys. * Secure DTD2000 System (SDS) - Named KIK-20, this was the next generation common fill device replacement for the DTD when it started production in 2006. It employs the

Windows CE Windows CE, later known as Windows Embedded CE and Windows Embedded Compact, is a discontinued operating system developed by Microsoft for mobile and embedded devices. It was part of the Windows Embedded family and served as the software foun ...

operating system. *

KSD-64 The KSD-64 Crypto Ignition Key (CIK) is an NSA-developed EEPROM chip packed in a plastic case that looks like a toy key. The model number is due to its storage capacity — 64 kibibits (65,536bits, or 8KiB), enough to store multiple e ...

Crypto ignition key (CIK) The older KYK-13, KYX-15 and MX-10579 are limited to certain key types.

References

External links

Fill devices

{{commonscat, Fill devices in the National Cryptologic Museum Key management Encryption device accessories National Security Agency encryption devices Military electronics of the United States

See also

References

External links