Table of Contents
Advertisement
MPM-1000A Operator Manual
1000-7075 Rev E
15.12 Alternate Recovery Procedures
The compromise recovery procedure outlined above produces a fairly rapid transition to
a new base of network keying material without the loss of network connectivity. System
managers
may
take
advantage
of
the
split-knowledge
key
establishment
implementation to execute variations of this procedure to adapt to varying deployment
situations.
In the scenario above, a new TRANSEC Passphrase is distributed to the friendly nodes
remaining in the network. In deployment situations where there are remote, unmanned,
nodes this may not be possible. In such situations, the existing (current) TRANSEC
Passphrase can be left in place through the MSK changeover. The newly distributed
MSK will produce new MEK operational keys despite the fact that the TRANSEC
Passphrase did not change. Since the compromised Terminal(s) are forced out of the
network by repetitive OTAZ commands during the distribution of the new MSK, only
friendly Terminals will receive it. This modified recovery procedure does not require
operator intervention at remote nodes.
In situations where a new (recovery) MSK is not available, there are two (2) methods of
recovery. If even a short-term loss of network connectivity cannot be afforded, the
recovery procedure outlined above can be modified by distributing a new TRANSEC
Passphrase, but redistributing the existing (current) MSK (OTAR). The new TRANSEC
Passphrase will result in new MEK operational keys being produced from the old MSK.
Since only friendly nodes will receive the new passphrase, the compromised
Terminal(s) will not be able to produce the new operational keys.
If a short-term loss of network connectivity can be afforded, an effective recovery
procedure is to simply distribute a new TRANSEC Passphrase, then instruct all
Terminals to logout and restart the network using the new passphrase to initialize the
Terminals. Again, the old MSK will be used to produce the MEKs, but they will be
different from the old MEKs due to the changed TRANSEC Passphrase. "Recovery
MSKs" pre-positioned at each network node may also be used to overwrite the existing
current MSK before re-establishing the network. If recovery MSKs are available, the
existing TRANSEC Passphrase need not be changed. It is important to note that a pre-
positioned recovery MSK is likely to be compromised along with a compromised
Terminal.
15.13 Key Usage
Because the TRANSEC encryption process is a Time-of-Day based system, it is
important that the input to the key generation process not repeat within a given
operational key crypto period (not repeat using the current TRANSEC key).
With a TDMA frame length of 400 milliseconds and Frame Number field width of 27 bits,
unique keys could be generated for approximately 621 days using the same TRANSEC
key. The system design limits the crypto period of operational TRANSEC keys to 1
week. At the end of each TRANSEC week (Frame Number 1,512,000), the network
automatically rolls over to a fresh TRANSEC key.
15-7
Advertisement
Table of Contents
Troubleshooting
