Crypto / COMSEC – Block 8 Unit 3 Vocabulary Review

Comprehensive vocabulary flashcards covering key COMSEC concepts, roles, forms, cryptographic principles, devices and security measures from Block 8 Unit 3.

Communication Security (COMSEC)

Measures and controls used to deny unauthorized access to national-security information and ensure its authenticity.

Cryptographic Security (CRYPTOSEC)

COMSEC component that provides technically sound cryptographic systems and their proper use to protect information.

Transmission Security (TRANSEC)

COMSEC component applying measures to transmissions to prevent interception or exploitation by means other than cryptanalysis.

TEMPEST / Emission Security (EMSEC)

Investigation, study and control of unintentional compromising emanations from telecom and information-systems equipment.

Physical Security (COMSEC context)

Physical measures, policies and procedures that safeguard COMSEC materials from natural hazards and unauthorized intrusion.

National Security Agency (NSA)

U.S. Intelligence Community member that approves all cryptographic systems protecting classified information and manages SIGINT & IA.

Central Security Service (CSS)

NSA component that coordinates cryptologic support and policy for U.S. military Service Cryptologic Components.

National Institute of Standards and Technology (NIST)

Non-regulatory agency that approves cryptographic techniques for UNCLASSIFIED sensitive information (e.g., CUI).

Cryptography

Science of converting plaintext to ciphertext and back using an algorithm and crypto-key.

Encryption

Cryptographic transformation of plaintext into ciphertext to conceal meaning.

Decryption

Process of converting ciphertext back into plaintext using an algorithm and key.

Algorithm

Clearly specified mathematical process that performs encryption or decryption.

Crypto-Key / Key Variable

Numeric value used with an algorithm; determines its operation (e.g., computes or verifies a digital signature).

Vulnerability

Weakness that could be exploited by a threat source to adversely affect an information system.

Threat

Circumstance or event with potential to adversely impact operations or assets via unauthorized access or damage.

Symmetric (Secret-Key) Cryptography

Encryption system that uses the same key for both encryption and decryption.

Block Cipher

Symmetric algorithm that encrypts fixed-size blocks of data (e.g., 64- or 128-bit).

Stream Cipher

Symmetric algorithm that encrypts data one bit/byte at a time in a continuous stream.

Data Encryption Standard (DES)

Legacy 56-bit block cipher; now considered insecure for classified use.

Triple DES (3DES)

Block cipher applying DES three times with three keys to increase security.

Advanced Encryption Standard (AES)

Current NIST-selected block cipher (Rijndael) supporting 128-, 192-, and 256-bit keys; required for classified data.

Asymmetric (Public-Key) Cryptography

System using mathematically related public and private keys; supports authentication, integrity and key exchange.

Public Key Infrastructure (PKI)

Framework that binds public keys to entities and manages keys/certificates across distributed systems.

Digital Signature

Electronic signature created with a sender’s private key; verifies origin, integrity and non-repudiation.

Common Access Card (CAC)

DoD smartcard providing two-factor authentication, digital signature and encryption certificates.

Common Fill Device (CFD)

Portable unit that receives, stores and transfers key variables to cryptographic equipment.

AN/PYQ-10 Simple Key Loader (SKL)

Hand-held NSA-approved CFD that can store up to 500,000 keys; classified up to TS when loaded.

Serial Encryption Device

Link encryptor operating at OSI Layer 2 for point-to-point or multipoint serial connections.

KIV-7M

Programmable Type-1 serial link encryptor with two independent channels; stores up to 10 TEKs.

IP Encryption Device (INE)

Type-1 encryptor operating at OSI Layer 3, protecting IP data-in-transit over networks.

KG-175D TACLANE-Micro

Ruggedized Type-1 in-line network encryptor certified TS/SCI and below; offers basic routing and optical/copper interfaces.

Traffic Encryption Key (TEK)

Key that encrypts user data traffic within a cryptographic device.

Key Encryption Key (KEK)

Key used to encrypt or decrypt other keys during distribution (e.g., OTAR).

Over-The-Air Rekeying (OTAR)

Secure remote distribution or update of keys via communications links.

Manual Rekey (MK)

Point-to-point OTAR method where a master station sends and installs a new key.

Automatic Rekey (AK)

Point-to-multipoint OTAR method used by a master station to update multiple subscribers.

Manual Cooperative Key Transfer (MK/RV)

OTAR method sending keys CFD-to-CFD for future storage at remote sites.

Pre-Placed Key (PPK)

Symmetric keys positioned in equipment in advance, often for long-term (e.g., one-year) use.

Firefly Vector Set (FFVS)

NSA Diffie-Hellman-based scheme for generating cooperative public-key pairs and shared TEKs.

Red/Black Concept

Engineering practice separating plaintext (RED) circuits from ciphertext/unclassified (BLACK) circuits to reduce compromising emanations.

Compromising Emanations (CE)

Unintentional intelligence-bearing signals that could disclose processed information if intercepted.

Two-Person Integrity (TPI)

Storage/handling system requiring two authorized individuals to prevent solitary access to TS key material.

Controlled Cryptographic Item (CCI)

Unclassified but sensitive crypto equipment; keyed CCI assumes classification of loaded key.

Key Management Infrastructure Operating Account Manager (KOAM)

Wing-level manager responsible for all KMI key distribution, accountability and COMSEC training.

COMSEC Responsible Officer (CRO)

Unit-level individual administering physical security and user training for a COMSEC sub-account.

COMSEC Authorized User

Person trained, cleared and designated to use COMSEC materials and equipment unescorted.

Controlled Area

Facility where entry is limited to protect resources vulnerable to theft, compromise or destruction.

Restricted Area

Military area employing special security measures; unauthorized entry may be met with lethal force.

Sensitive Compartmented Information Facility (SCIF)

Restricted area accredited for storing and processing SCI under stringent physical and technical controls.

Standard Form 702 (SF 702)

Security Container Check Sheet affixed to safes/vaults to record opening, closing and checks.

Standard Form 701 (SF 701)

Activity Security Checklist used to record end-of-day security checks of areas holding classified info.

Standard Form 153 (SF 153)

COMSEC Material Report documenting inventory, transfer, destruction or hand-receipt of COMSEC items.

AFCOMSEC Form 16

Inventory checklist used for daily/shift inventories of COMSEC material in each container.

AF Form 1109

Visitor Register Log for recording escorted visitors not on the access list.

Accounting Legend Code (ALC)-1

COMSEC items requiring continuous cradle-to-grave accountability; daily inventory by short title, edition, reg #, quantity.

Accounting Legend Code (ALC)-2

Cryptographic equipment inventoried by short title and quantity; continuous accountability required.

Accounting Legend Code (ALC)-4

Publications with limited accountability; inventory only when directed by COMSEC manager.

Accounting Legend Code (ALC)-6

Category reserved for electronic (modernized) keys.

Routine Destruction

Normal disposal of superseded or obsolete COMSEC material using approved methods (burn, crosscut shred, pulp).

Precautionary Destruction

Pre-emptive destruction when enemy attack is probable and compromise imminent.

Emergency Destruction

Rapid destruction of COMSEC material when capture or compromise is unavoidable.

Emergency Action Plan (EAP)

Task-card plan outlining steps to protect or destroy COMSEC material during emergencies.

Controlled Access Requirements

Need-to-know, proper security clearance and positive identification—all required for unescorted COMSEC access.

Lock Combination Classification

Combination is classified equal to highest material in container and changed bi-annually or upon compromise.

Cryptanalysis

Science of defeating cryptographic systems to reveal plaintext without prior knowledge of the key.