Table of Contents
Advertisement
MPM-1000A Operator Manual
1000-7075 Rev E
Figure 15-2 SSH Network Connection
15.4 Distribution
Each Modem Terminal must manually load a current MSK and current TRANSEC
Passphrase to initially join or establish a network. Both parameters are sensitive but
unclassified and must not be disclosed to parties other than personnel responsible for
generating the keys, and authorized system managers and operators.
The Modem seed key must be provided by an authorized Government key generation
activity, such as the EKMS or AKMS. The EKMS Tier II equipment suite located at Army
AKMS accounts is capable of producing Modem seed keys.
MSKs may be provided in electronic or hardcopy form. Electronic form keys may be
provided on CD-ROM or USB flash device media. Electronic form keys may also be
delivered to Modem end users via a compatible key fill device.
The TRANSEC Passphrase may be an easily verbalized English phrase and voiced to
Modem operators over the Secure Voice Orderwire (SVOW). This assumes that the
SVOW is secured using a suitable external encryption device. The TRANSEC
Passphrase is typed into the keyboard at the Modem control computer during Terminal
initialization.
Once a Modem Terminal has successfully joined a network, future MSKs may be
received over-the-air as part of the MSK Changeover protocol.
15.5 MSK Changeover
The Modem uses each MSK to produce 32 operational TRANSEC keys. Each
operational key has a crypto period of one week, so the MSK produces enough
operational key material for 32 weeks of operation. The Key Management Plan sets the
MSK crypto period at 26 weeks (6 months). Since human operators control the timing of
15-3
Advertisement
Table of Contents
Troubleshooting
