Click for homepage
Data
USA
NSA
  
KG-84 →
  
KIV-7
Embeddable KG-84 COMSEC Module

KIV-7 is a compact miniaturized embeddable version of the American military KG-84 encryption device, developed in the mid-1990s by AlliedSignal Corporation (USA), to meet the growing demand for secure data communication links [1]. The device was manufactured by Mykotronx (later: SafeNet) in the USA, and was supplied as a commercial-off-the-shelf (COTS) product.

The image on the right shows a typical KIV-7HS unit. It has the same form-factor as a 5¼" CD- ROM player, allowing it to be built into a free expansion bay of a standard personal computer.

The initial KIV-7 unit was suitable for use on digital serial lines with data rates between 50 b/s and 288 kb/s in asynchronous mode, and 0.5 Mb/s in synchronous mode. The KIV-7HS (high speed) is even capable of 1.544 Mb/s in synchronous mode. The unit is interoperable with the earlier (and much slower) KG-84, KG-84A and KG-84C military encryption devices.
  

Due to miniaturisation of the KG-84, the KIV-7 is suitable for a wide variety of applications, ranging from modern PCs to submarines. Although the unit does not come in a ruggedised housing, it is very small and is fully complient with NSA TEMPEST requirements. This makes it ideal for space and load constraint environments. It only needs a single 5V power supply.

Rack mount expansion assemblies were also available for the KIV-7, allowing 2, 4 or 8 units to share a single frame. Such rack mount solutions were supplied by both Mykotronx and Pulse Engineering. Over time, the KIV-7 has been improved several times and the latest version, the KIV-7MiP, is still in use with the Army today (2011) as a network link encryptor.

The KIV-7 unit has the form-factor of a standard 5 1/4 drive.
The KIV-7 with CIK
The KIV-7 with CIK
Inserting the Crypto Ignition Key (CIK)
The complete package
Fill connection
Front view
Connections at the rear
A
×
A
1 / 8
The KIV-7 unit has the form-factor of a standard 5 1/4 drive.
A
2 / 8
The KIV-7 with CIK
A
3 / 8
The KIV-7 with CIK
A
4 / 8
Inserting the Crypto Ignition Key (CIK)
A
5 / 8
The complete package
A
6 / 8
Fill connection
A
7 / 8
Front view
A
8 / 8
Connections at the rear

Versions
  • KIV-7
    This was the first version of the KIV-7. It is a modern miniaturised enhanced version of the KG-84, allowing interoperability at data rates up to 9600 bps (async) and 32 kbps (sync). On its own, it can be used at speeds up to 288 kbps (async) or 512 kbps (sync).

  • KIV-7HS
    This is a high-speed version of the KIV-7, built around 1998 for US$ 3355. It was suitable for speeds up to 1.544 Mbps (sync). When this model was introduced, the KIV-7 was discontinued. Due to a few anomalies in its first generation Windster processor chip, there are some limitations when communicating with KG-84 units.

  • KIV-7HSA
    Improved version of the KIV-7HS introduced around 2000. The Windster processor chip has been replaced by the Presidio chip and the maximum speed is raised to 2.048 Mbps (sync). In 2001, the price of a KIV-7HSA unit was US$ 3900.

  • KIV-7HSB
    This version can be used with Globalstar satellite telephone handsets and provides Type 1 encryption at speeds up to 2.048 Mbps. It was introduced around 2003 and is backwards compatible with the KIV-7, KIV-7HA and KIV-7HSA units, and is therefore also fully interoperable with the KG-84.

  • KIV-7M (Link Encryptor)
    This version was introduced in 2006 and adds network functionality to the list of features [2]. It supports synchronous data rates up to 50 Mbps and is backwards compatible with all previous models. It is interoperable with the KG-84 but also with the KG-194/A and the KIV-19. In 2009 it was still available for sale from SafeNet Government Solutions, LLC.

  • KIV-7MiP
    Similar to the KIV-7M, but with the addition of a Type 1 Network-to-Link HAIPE® Channel. Used for highly secure interoperable data networks. Still in use today (2011).
Suitable key loaders
AN/KYK-13 Key Transfer Device
KYX-15 (currently no additional information available)
AN/KOI-18 Key Tape Reader
AN/CYZ-10 Data Transfer Device
Philips DS-102 compatible key loader
ANT/Siemens/R&S DS-102 key tape reader
Crypto Ignition Key   CIK
The KIV-7 can only be operated when a suitable Crypto Ignition Key (CIK) is present in the CIK slot at the right of the front panel. It is a standard NSA-approved physical - plastic - key that can be inserted either way around and is activated by turning it 90° clockwise, just like a normal key.

The CIK, shown in the image on the right, contains a 1Kb flash memory device that is used for protection of the keys stored inside the KIV-7. When the CIK is removed, transmission is no longer possible. The combination of KIV-7 and CIK should be treated as classified and should never be left together unattended.

One blank CIK is supplied with every KIV-7 unit. It can be initialised by a blank (zeroized) KIV-7 unit. Blank keys are supplied by Datakey in the USA, where it is known as the 1kB DK-series with Microwire interface and form factor A [7].
  

When crypto variables (i.e. the keys) are loaded into the KIV-7, the KIV-7 generates a random key that is used to encrypt the actual traffic encryption keys (TEKs). This random key is known as the Key Encryption Key (KEK) and is stored inside the CIK. For this reason, the CIK is said to be paired with the device. The keys can only be retrieved by the KIV-7 if the appropriate CIK is present.

A CIK that is paired with one KIV-7 unit, can not be used to activate another KIV-7 unit. A CIK by itself is not a classified item. When the operator had to leave a KIV-7 unit unattended, he had to take the CIK with him. A KIV-7 without the matching CIK has no function and can not be used to decode any traffic or retrieve the original keys. As an extra safety measure, all keys (i.e. they TEKs inside the KIV-7 and the KEK inside the CIK) can be cleared by pressing the INITIATE and ZEROIZE buttons simultaneously. This is known as ZEROIZING and even works when the device is off.

The Crypto Ignition Key (CIK)
The Crypto Ignition Key (CIK)
The Crypto Ignition Key (CIK)
The Crypto Ignition Key (CIK)
The Crypto Ignition Key (CIK)
The KIV-7 with CIK
Inserting the Crypto Ignition Key (CIK)
Activating the CIK
B
×
B
1 / 8
The Crypto Ignition Key (CIK)
B
2 / 8
The Crypto Ignition Key (CIK)
B
3 / 8
The Crypto Ignition Key (CIK)
B
4 / 8
The Crypto Ignition Key (CIK)
B
5 / 8
The Crypto Ignition Key (CIK)
B
6 / 8
The KIV-7 with CIK
B
7 / 8
Inserting the Crypto Ignition Key (CIK)
B
8 / 8
Activating the CIK

Cryptographic keys
In order to transmit encrypted data, the KIV-7 needs a Crypto Ignition Key (CIK, see above) and at least one Traffic Encryption Key (TEK). This is the minimum requirement for sending encrypted data. In addition to this, a Key Encryption Key (KEK) can be installed to allow new keys to be sent securely over a radio link. The latter is often referred to as Over-the-Air Rekeying (OTAR).

The TEKs and KEKs are loaded into the KIV-7 by means of a standard military key transfer device (a so-called filler or key fill device) with either the DS-101 or DS-102 protocol. The filler connects to the recessed standard 6-pin U-229 NATO-compatible fill connector on the left of the front panel. Up to 10 TEKs can be stored.

Suitable devices include the military DS-102 units KYK-13, KYX-15 and KOI-18. It can also be used with the more recent AN/CYZ-10 that also supports the later DS-101 protocol. Both standard and tagged key formats can be used.
  

The TEKs and KEKs are retained in the KIV-7s memory even when power is turned off or the CIK is removed. For this to work, a 3.6V Lithium battery should be present in a small compartment at the bottom. If security is compromised, the user has to press the INITIATE and ZEROIZE keys simultaneously in order to delete all keys from memory, rendering the device useless.

Keys can be loaded into the KIV-7 directly by means of a suitable key generator or, as described above, with a key transfer device. Alternatively, the KIV-7 keys can also be updated remotely, as the device supports Over The Air Rekeying (OTAR). The latter requires the use of a KEK.

Fill connection
The KIV-7 with CIK
Loading the keys
The Crypto Ignition Key (CIK)
C
×
C
1 / 4
Fill connection
C
2 / 4
The KIV-7 with CIK
C
3 / 4
Loading the keys
C
4 / 4
The Crypto Ignition Key (CIK)

WLA-7HS
WLA-7HS is a high-speed wire line adapter for the KIV-7. It has the same form factor as the KIV-7 and was also manufactured under the Mykotronx brand name. It allowed the KIV-7 to transmit data at speeds between 1200 baud and 2 Mb/s over standard field wire at distances up to 4 km.

The image on the right shows the front panel of a typical WLA-7HS unit. Like the KIV-7, its has the form-factor of a computer CD-ROM drive. The front panel of both units have a similar layout. THe WLA-7HS connects to the KIV-7HS by means of a multi-cable at the rear.

At the front of the unit are the wire line terminals. The WLA-7HS needs two separate pairs of wires: one for tranmission and one for reception. The pairs are connected to the spring-loaded terminals. An extra terminal is present for connection to the ground (earth).
  

Although the WLA-7HS was designed for use in combination with the KIV-7HS using the standard EIA-530 cipher text interface, it can also be used with other communications equipment requiring transmission over standard field wire (WF-16/U or equivalent) up to 4 km.

The WLA-7HS can be used with 4 wires (balanced) or 3 wires (unbalanced) in full-duplex or simplex mode. When used in simplex-mode, it is also possible to use just 2 wires (i.e. transmit only or receive only). The unit has its own built-in synthesizer-based clock, which can generate any baud rate between 1200 b/s and 2 Mb/s. It uses Conditioned Biphase modulation. [9].

WLA-7HS
WLA-7HS front panel
WLA-7HS front panel
WLA-7HS rear connections
Wire interface terminals
KIV-7HS and WLA-7HS
Front panels of the KIV-7HS and the WLA-7HS
Entering the CIK
D
×
D
1 / 8
WLA-7HS
D
2 / 8
WLA-7HS front panel
D
3 / 8
WLA-7HS front panel
D
4 / 8
WLA-7HS rear connections
D
5 / 8
Wire interface terminals
D
6 / 8
KIV-7HS and WLA-7HS
D
7 / 8
Front panels of the KIV-7HS and the WLA-7HS
D
8 / 8
Entering the CIK

Glossary
Below, some of the expressions and abbreviations used on this page are further explained. More keywords are explained on our global Crypto Glossary.

CIK   Crypto Ignition Key
A physical token (usually an electronic device) used to store, transport and activate the cryptographic keys of electronic cipher machines. (Wikipedia)
COMSEC   Communications Security
(Wikipedia)
COTS   Commercial off the shelf
HAIPE   High Assurance Internet Protocol Encryptor
A Type 1 encryption device that complies with the NSA's HAIPE IS (High Assurance Internet Protocol Encryptor Interoperability Specification). (Wikipedia)
INFOSEC   Information Security
(Wikipedia)
KEK   Key Encryption Key
Special cryptographic key used to send new keys over-the-air (OTAR).
NRO   National Reconnaissance Office
Responsible for the design, building and operation of the spy satellites of the US government. Based in Chantilly, Virginia (USA). (Wikipedia)
NSA   National Security Agency
America's national cryptologic organisation, responsible for US information security. Home of the American codemakers and codebreakers. (Wikipedia) (Website)
OTAR   Over-The-Air Rekeying
Common expression for the method of updating encryption keys 'over the air' in a two-way radio system. It is sometimes called Over-The-Air Transfer (OTAT). (Wikipedia)
TEK   Traffic Encryption Key
Cryptographic key used the encryption of messages (traffic).
ZEROIZE   General expression for deleting the cryptographic keys from an encryption device in case of a compromise or seizure.
Known manufacturers
  • AlliedSignal
  • Mykotronx
  • SafeNet
Specifications
  • Device
    Embeddable COMSEC module
  • Model
    KIV-7
  • Vendor
    Allied Signal Aerospace Company
  • Predecessor
    KG-84, KG-84A, KG-84C
  • Algorithm
    SAVILLE
  • Cost
    USD 3960
Documentation
  1. KIV-7, KG-84 COMSEC Module User's Manual
    Mykotronx, Inc., August 1988. Rev. A.

  2. KIV-7/KIV-7HS release notes
    Mykotronx, Inc., February 1996.

  3. KIV-7HSB advert
    Globalstar, undated.

  4. KIV-7M leaflet
    SafeNet, June 2009. Rev. 2.2.

  5. KIV-7MiP leaflet
    SafeNet, February 2009. Rev. 2.2.
References
  1. Mykotronx, Inc., KIV-7, KG-84 COMSEC Module User's Manual
    Rev. A, August 1988. With release notes of February 1996.

  2. The Free Library, KIV-7M
    Article: SafeNet Mykotronx Opens Registration for Upcoming KIV-7M Users Group Conference to Support First Cryptographic Modernization Product. Torrence Marriot Hotel, June 27-28, 2006, Torrence, California. Via WayBack Machine.

  3. Wikipedia, Rainbow Technologies
    Visited August 2010.

  4. Wikipedia, SafeNet
    Visited August 2010.

  5. Los Angeles Times, Rainbow Technologies to Acquire Mykotronx
    28 Janury 1995.

  6. Federation of American Scientists (FAS), KIV-7 Family 1
    Description of the functionality of the KIV-7 product range. Approx. 2001.

  7. Datakey Electronics, Memory Availability
    Info Sheet about the various crypto keys (CIK) produced by the company.
    Datakey Inc., July 2009. Downloaded 25 August 2010.

  8. KIV-7 Embeddable KG-84 COMSEC Module
    CJCSM 6231.05a Manual for Employing Joint Tactical Communications - Joint Communications Security, 2 November 1998. Appendix A.
    Obtained via Cryptome.org.

  9. SafeNet Inc., WLA-7HS, Interfacing Communications Equipment for Field Wire Applications
    Retrieved from the SafeNet website on 12 October 2011.

  10. Wikipedia, KIV-7
    Visited August 2022.
  1. Page no longer available in 2022 and not archived by WayBack Machine.

Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Tuesday 24 August 2010. Last changed: Saturday, 09 November 2024 - 09:13 CET.
Click for homepage