Crypto / COMSEC – Core Vocabulary

These flashcards present essential COMSEC, cryptographic, and physical-security vocabulary needed to understand Block 8 Unit 3 material and prepare for the quiz.

Communication Security (COMSEC)

Measures and controls taken to deny unauthorized access to national-security information and to ensure its authenticity.

National Security Agency (NSA)

U.S. Intelligence agency that approves all cryptographic systems for classified DoD use and manages SIGINT and IA missions.

Central Security Service (CSS)

Military component within NSA that coordinates cryptologic support to U.S. Armed Forces.

National Institute of Standards and Technology (NIST)

Non-regulatory agency that sets standards, including cryptographic techniques for protecting UNCLASSIFIED sensitive information.

Cryptographic Security (CRYPTOSEC)

COMSEC component that provides technically sound cryptographic systems and their proper use.

Transmission Security (TRANSEC)

COMSEC component that applies controls to prevent interception or exploitation of transmissions by means other than cryptanalysis.

TEMPEST

Study and control of unintentional compromising emanations from information-processing equipment.

RED/BLACK Separation

Design practice that physically and electrically isolates plaintext (RED) circuits from ciphertext or unclassified (BLACK) circuits.

Physical Security (COMSEC)

Physical measures used to safeguard COMSEC materials from unauthorized access.

Cryptanalysis

The science of breaking codes or ciphers without prior knowledge of the key.

Encryption

Conversion of plaintext into ciphertext to conceal meaning.

Decryption

Process of converting ciphertext back into plaintext using a key and algorithm.

Algorithm

Precisely defined mathematical procedure used in cryptography to encrypt or decrypt data.

Cryptographic (Crypto) Key

Numeric value that controls the operation of a cryptographic algorithm; also called key variable.

Vulnerability

Weakness that could be exploited by a threat to adversely affect an information system.

Threat

Any circumstance with potential to exploit a vulnerability and negatively impact operations or assets.

Need-to-Know

Authorized holder’s decision that a person requires access to information to perform official duties.

Security Clearance

Formal determination that an individual may access a specific level of classified information.

Controlled Area

Facility requiring limited entry to protect military resources from theft, compromise, or destruction.

Restricted Area

Area under military control employing special security measures to prevent unauthorized entry; often guards may use lethal force.

Sensitive Compartmented Information Facility (SCIF)

Restricted area where SCI may be stored, discussed, or processed with enhanced physical and technical protections.

GSA-Approved Class 5 Container

Safe certified for TOP SECRET storage; requires dual-combination lock and continuous guard or alarm.

Class A / Class B Vault

Hardened structures for storing TOP SECRET (Class A) or SECRET (Class B) materials.

Two-Person Integrity (TPI)

Requirement that two authorized individuals jointly handle TOP SECRET COMSEC material to prevent single-person access.

Controlled Cryptographic Item (CCI)

Unclassified but sensitive equipment containing or able to contain a classified cryptographic key.

Key Management Infrastructure Operating Account Manager (KOAM)

Wing-level manager responsible for operation and accountability of a COMSEC account.

COMSEC Responsible Officer (CRO)

Unit-level official who administers physical security and accountability for COMSEC sub-accounts.

COMSEC Authorized User

Individual trained, cleared, and with need-to-know who uses COMSEC materials and must safeguard them.

Standard Form 702

Security Container Check Sheet documenting opening, closing, and checks of safes or vaults.

Standard Form 701

Activity Security Checklist used to record end-of-day security checks.

AF Form 1109

Visitor Register Log for recording escorted visitors not on the access list.

AFCOMSEC Form 16

Inventory checklist used for daily or shift COMSEC material inventories.

Standard Form 153

COMSEC Material Report for transfers, destructions, inventories, or hand receipts.

Accounting Legend Code (ALC)

Code (e.g., ALC-1, 2, 4, 6) defining the required level and frequency of COMSEC accountability.

Routine Destruction

Normal disposal of superseded or obsolete COMSEC material using approved methods like burning or cross-cut shredding.

Precautionary Destruction

Pre-planned destruction when enemy attack is probable to prevent compromise.

Emergency Destruction

Rapid destruction during imminent capture or hostile action when time is limited.

Emergency Action Plan (EAP)

Locally developed task-card plan outlining protection or destruction of COMSEC during emergencies.

Compromising Emanations (CE)

Unintentional intelligence-bearing signals that may disclose information if intercepted and analyzed.

Common Fill Device (CFD)

Portable device used to receive, store, and load cryptographic keys into end equipment.

AN/PYQ-10 Simple Key Loader (SKL)

Ruggedized handheld CFD capable of storing up to 500,000 keys; classification equals highest key loaded.

Serial Encryption Device

Encryptor operating on serial links at OSI Layer 2; e.g., KIV-7M.

KIV-7M

Type 1 link encryptor with two channels; stores up to 10 TEKs and interoperates with many legacy devices.

IP Encryption Device (INE)

Encryptor operating at OSI Layer 3 to secure IP traffic; e.g., TACLANE family.

TACLANE-Micro KG-175D

Rugged Type 1 IP encryptor/router certified for TS/SCI and below; supports copper and fiber interfaces.

Peer Enclave Route

Static routing entry in a TACLANE pointing directly to another TACLANE’s protected network.

Gateway of Last Resort (TACLANE)

Fallback TACLANE route used when no peer enclave path exists to the destination network.

Over-the-Air Rekeying (OTAR)

Secure remote update or distribution of cryptographic keys via electronic transmission.

Manual Rekey (MK)

Point-to-point OTAR method where master station pushes a key directly into a single remote device.

Automatic Rekey (AK)

Point-to-multipoint OTAR allowing a master station to update many subscribers simultaneously.

Manual Cooperative Key Transfer (MK/RV)

Point-to-point OTAR that moves keys between two fill devices for future loading.

Traffic Encryption Key (TEK)

Key used to encrypt operational user data passing through an encryptor.

Key Encryption Key (KEK)

Key used to encrypt or decrypt other keys during distribution (e.g., OTAR).

Pre-Placed Key (PPK)

Symmetric keying material installed in equipment ahead of time, often for extended periods.

Firefly Vector Set (FFVS)

NSA asymmetric keying scheme based on Diffie-Hellman for exchanging key pairs between INEs.

Diffie-Hellman Key Exchange

Public-key protocol enabling two parties to create a shared secret over an insecure channel.

Symmetric (Secret-Key) Cryptography

Encryption where the same key is used for both encryption and decryption.

Block Cipher

Symmetric algorithm that encrypts fixed-size blocks of data (e.g., 64 or 128 bits).

Stream Cipher

Symmetric algorithm that encrypts data one bit or byte at a time in a continuous stream.

Data Encryption Standard (DES)

Original 56-bit block cipher now considered insecure for classified use.

Triple DES (3DES)

Block cipher applying DES three times with three keys for improved security.

Advanced Encryption Standard (AES)

Current NIST standard block cipher using 128-, 192-, or 256-bit keys; required for classified data.

One-Time Pad

Perfect-secrecy stream cipher using a truly random key equal in length to the message and used only once.

RC4

Widely used software stream cipher implemented in protocols like SSL (now largely deprecated).

Asymmetric (Public-Key) Cryptography

System using mathematically related public and private keys; data encrypted with one can be decrypted with the other.

Public Key Infrastructure (PKI)

Framework that binds public keys to identities and manages keys throughout their life cycle.

Digital Signature

Cryptographic value created with a private key to prove data origin and integrity; verified with the corresponding public key.

Common Access Card (CAC)

DoD smartcard providing two-factor authentication, digital signatures, and encryption certificates.

Cryptographic Modernization Initiative

DoD effort to replace or upgrade legacy cryptographic devices to modern standards such as KIV-7M and TACLANE.