|
|
|
|
Rotor USA NSA NATO KW-7 → KW-9 →
Off-line rotor-based cipher machine
KL-7 was a non-reciprocal electro-mechanical rotor-based
off-line cipher machine,
developed in 1952 by the US
National Security Agency (NSA)
and manufactured by the Burroughs Corporation in Plymouth (MI, USA).
It was intended as a replacement for the wartime
SIGABA (ECM Mark II)
and in some countries, such as the UK and Canada,
also as a replacement for the CCM
and the Typex.
The machine was initially known as AFSAM-7, but was
renamed TSEC/KL-7 in the early 1960s.
|
The machine is also known by the codenames of the key procedures:
POLLUX for low-level traffic and ADONIS for high-level traffic.
Unlike its predecessors, the KL-7 has
8 electrical rotors, 7 of
which move in an irregular stepping pattern when enciphering.
The remaining rotor is static.
The rotors are held in a removable drum.
Each rotor has 36 contact points at either side,
which is more than
the 26 letters of the Latin alphabet that can be encrypted. The remaining
10 lines are looped back to the input, using a patented technique
known as re-entry or re-injection.
|
|
|
The KL-7 was used by the US Army, the US Navy, the US Air Force, NATO
and several others.
It was also used by the Foreign Office of several NATO countries,
including the US, for diplomatic traffic. It is known that it
was also used by the White House and aboard the Air Force One [20].
The price of a complete KL-7 with a full set of 8 rotors was US$1458 in 1958
[19]. 1
The machine was introduced in 1952 and remained in service well into
the 1970s, after which it was gradually phased out.
In some countries, KL-7 machines were kept for special purposes
and as backups for many years, until they finally were
officially withdrawn from service in 1983.
The last (unclassified) message was sent on 30 June 1983 by the Canadian Navy.
KL-7 was replaced by a range of electronic machines,
including the KW-26,
KW-37,
KL-51 (RACE) and
Aroflex.
The security of the KL-7 was compromised by several people,
the most notorious of which was probably John Walker, who suplied the key
lists of the KL-7 (and other machines) to the Russians for nearly 17 years.
Nevertheless, the machine remained classified for nearly 40 years after it
was decommissioned. Over time however, researchers were able to reconstruct
the machine, resulting in a several accurate computer simulations.
The machine was finally declassified in March 2009.
|
|
KL-7 with 12 cipher wheels donated by OVCISKLu. More...
|
|
|
-
Approx. EUR 1233 in 1958. Converted to the present (2021)
this would be approx. US$13.372.
|
The KL-7 is supplied in a green transit case from within which
it can be operated. It has a watertight lid that is held in place by six
strong snap locks. Once removed, the lid can be attached to the side of
the case with two twist locks, as shown in the image below. In this
position it can be used as a copy holder for a paper sheet and or a
paper strip. Power cable, work light
and a spare ink ribbon are stowed
inside the lid. Further tools and spare parts are supplied in a
separate box.
To operate the machine, it should be
pulled forward, so that the keyboard
sticks out somewhat. A wide metal locking spring at the bottom of the case,
prevents the machine from falling out. It can be removed from the
transit case, by pushing the locking spring down, and pulling the machine
out completely. This is necessary when the rotor drum
has to be removed and for maintenance.
The image below shows the bare machine after it has been removed from
the transit case. It is build on a metal chassis (KLB-7) and has two
frames at the sides that allow it to be moved in and out of the transit
case, like the drawer of a desk. At the front is the keyboard with the
4-position mode selector to its left. Immediately behind the
keyboard are the printer and the stepping unit.
The stepping unit acts as a bay for the rotor drum,
which is held in place by two locking levers.
This allows the rotor drum
to be swapped quickly when the cryptographic KEYs were changed at midnight.
At the front edge of the stepping unit are
7 push-buttons that allow
each of the seven movable rotors to be stepped to the desired position,
using the horizontal white line as an index.
The stepping unit and the drum
were the only KL-7 items that were classified until March 2021.
The complete timing of the machine is controlled by a gearbox that
is fitted at the left side, just behind the printer. It drives the
stepping unit, the printer and the electronic circuits, and is
also responsible for generating the 400V AC power for the valves (tubes).
The machine should be powered by an external 24V DC power supply, such as
the battery of a truck or a mains PSU.
|
The MODE-selector, fitted to the left of the keyboard, offers the following
settings:
|
O Off P Plain E Encrypt D Decrypt
|
In Plain-mode (P), all characters are printed directly to paper.
When encrypting (E), the keys for FIG, LET and SPACE
are mapped to J, V and Z respectively, whilst J is mapped to Y and
Z to X, as described further down this page.
When decrypting (D), the input and output contacts of the drum
are swapped, and the above described letter mapping is reversed
(with some restrictions).
|
The KL-7 was used with one of the following operating procedures:
|
- POLLUX
Under this regime, the KL-7 was supplied with 8 cipher rotors,
all of which were placed in the rotor basket.
Furthermore the message key was sent in clear at the
beginning of a message.
This was the least secure operating procedure.
- ADONIS
Under this regime, the KL-7 was used with 12 cipher rotors,
which were supplied in a grey metal container.
When the machine was unused, the rotors were stowed in the
metal container and kept under lock. The message key was
sent in encrypted form. ADONIS was significantly more secure
than POLLUX.
|
From its introduction, the KL-7 had reliability issues, which were
mainly caused by contact problems of the rotors. As the spring-loaded
contacts at one side of each rotor are made of beryllium-copper (BeCu),
they easily oxidise and become non-conducting. Cleaning the contacts
with alcohol does not help, but rubbing them with the tools supplied
in the maintenance kit does.
|
WARNING —
Although the percentage beryllium used in the contact is fairly low (0.5–3%),
you should be aware that it is a harmful carcinogen when inhaled or digested.
In general, dust containing beryllium – for example from sanding, grinding
or filing – should be avoided. In solid form, beryllium can safely be used [25].
Development of the machine started immediately after WWII, in 1945,
by the US Army Security Agency (ASA).
It was designated MX-507 and was
intended as a replacement for the high-level SIGABA
and the less secure M-209.
In 1949, development was handed over to the newly formed
Armed Forces Security Agency (AFSA) —
the forerunner of the NSA.
When the machine was ready, in 1952, it designator was changed to
AFSAM-7, which stands for Armed Forces Security Agency Machine No. 7.
It was the first American cipher machine to contain electronic circuits, 1
and also the first to be commonly used by all parts of the US armed forces:
Army, Air Force and Navy.
After the AFSA had been dissolved into the newly formed
National Security Agency (NSA) in 1952,
the machine was also introduced at NATO, the North Atlantic Treaty
Organisation, that had been founded in 1949 by 12 North American and
European countries.
In the early 1960s, following a new crypto nomenclature,
the machine was renamed TSEC/KL-7.
During the 1960s and 70s, the KL-7
was one of the most important cipher machines used by NATO, until it
was replaced by modern – more secure – alternatives like the
KW-26,
KW-37,
KL-51 (RACE) and
Aroflex.
|
|
-
After the British Rockex and
5-UCO machines,
which were developed during WWII. Like these machines, the KL-7 uses
thermionic valves (vacuum tubes) at the heart of its electronic circuits.
|
Each wheel has 36 contacts at either side, but only 26 of them are used for
the encryption of the 26 letters of the Latin alphabet. The remaining 10
contacts are looped back from the rightmost end-plate to the leftmost one,
causing some kind of re-encipherement.
This principle is known as re-entry, and was discovered during WWII by
Albert W. Small whilst working for the US Army Signal Intelligence Service (ASIS),
trying to solve the high-level Japanese diplomatic Purple cipher.
It is first mentioned in a meeting of the US
Signal Corps Patent Board
on 22 November 1940 [21].
|
The invention was covered by Patent 2,984,700
that was filed by Small on 22 September 1944. As the information was
considered classified by the US Army, it was filed as a SECRET patent,
that was kept under wraps until 16 May 1961.
In the meantime, Swedish/Swiss inventor
Boris Hagelin
had come up with a
similar idea, for which he filed a patent on 16 October 1953. Although the
existence of Small's secret patent should have raised a
declaration of interference, it somehow didn't, and Hagelin
was granted Patent 2,802,047
in the US on 6 August 1957.
|
|
|
It was Hagelin's intention to use the re-entry principle for his forthcoming
HX cipher machine.
He had filed the patent in the US in 1953, and it was
granted on 6 August 1957. To his surprise, the same patent was refused
in Japan. When Hagelin was
visited by NSA cryptographer William (Bill) Friedman
on 22 September 1957, the latter was shocked when Hagelin showed
him the re-entry patent. Friedman was aware of Small's secret 1940
US patent, but did not tell that to Hagelin [17].
Although Hagelin claimed that it was entirely his idea, it is quite possible
(if not likely) that he got the idea after seing a KL-7 machine in action
during the early 1950s, and discussing some of its properties with German
chief cryptographer Dr. Erich Huttenhain in Bonn in 1952. The principle
of re-entry (re-injection) was also used in 1965, in the
Russian M-125-3 (Fialka) cipher machine.
|
The KL-7 is normally stowed in the green fibre transit case 1 shown
in the image on the right, which is known as the
Carrying Case Assembly. It can be operated from within this case.
After removing the lid (held in place by 6 strong snap locks)
the front of the machine becomes visible.
After pulling the machine half-way out,
it can be operated from within the carrying case. Power must
be supplied to the short flying lead to the right of the keyboard.
When unused, the power connector is stowed in a dummy socket.
|
|
|
-
There was a similar fibre case in which the accessories, the
maintenance kit and the AC mains power supply unit
were stowed. For office use, the machine was generally supplied in
a non-waterproof aluminium case with a hinged cover that doubles
as a copy holder.
|
The base unit of the machine is shown in the image on the right. It is known
as KLB-7 and consists of a metal base on which the keyboard, the printer,
the motor, the gearbox and the valve-based electronics are fitted permanently.
At the side are two frames that allow it
to be fitted inside the transit case, sliding in and out like the
drawer of a desk.
➤ More information
|
|
|
The KLA-7 stepping unit – shown in the image on the right – is fitted in
the rear right corner of the KL-7, and connects to the KLB-7 base unit
by means of a series of spring loaded contacts. It is held in place by two
metal clamps at the rear and two hand-operable screws at the front.
The stepping unit acts as a bay for the rotor drum and is responsible
for the stepping motion of the seven movable rotors. In February 2011, Crypto
Museum revealed the operating principle of the stepping unit.
Until March 2021, the KLA-7 stepping unit was a classified item.
➤ Technical details
|
|
|
-
A total set of 11 movable rotors (A-K) was supplied, 7 of which
were placed in the machine.
|
Each KL-7 came with a metal container with 12 cipher rotors,
identified as A-L. Eight of these rotors were placed in the machine, as per
keylist. Rotor 'L' was always present in the 4th position.
The remaining 7 positions are taken by any combination of rotors A-K.
When the machine was unused, the rotors had to be stowed in the container
and kept under lock.
➤ More information
|
|
|
Inside the rotor drum are eight electrical cipher wheels,
or rotors, seven of which are movable. Each rotor has 36 flat-faced
contacts at its left side, and 36 spring-loaded contacts at its
right side. The contacts at the left are wired to the contacts
at the right in a secret scrambled order.
The movable rotors are marked A to K 1 and have a white index ring
with notches and lugs, that can be pressed and turned. The wiring
of these wheels was different for each group of users, and was
changed regularly.
➤ More information
|
|
|
-
A total set of 11 movable rotors (A-K) was supplied, 7 of which
were placed in the machine.
|
In addition to the seven movable rotors, there was one fixed rotor
that was installed in the drum in position four (between rotors
three and five). It has two differently sized
keying lugs at its circumference, to ensure
that it could only be
installed in one orientation.
This rotor is also known as the stationary wide rotor.
Any movable rotor can be converted into a stationary wide rotor, by
removing the white notched ring and replacing it by the wide metal one.
In the setup shown here, the fixed rotor is marked with the letter 'L',
and was rewrired by the NSA only; never by the using organisation.
➤ More information
|
|
|
The KL-7 should be powered by an external 24V DC source,
such as the battery of a (military) vehicle or a truck.
For this purpose, the rubber power cable shown in the image
on the right was supplied with the machine. When unused it
was stowed inside the case lid.
When used in an office environment, an external
mains power supply unit (PSU) was used.
➤ Plug wiring
|
|
|
For regular maintenance, the small metal case shown in the image
on the right was available. It has a hinged lid and contains a
selection of tools, spare parts (tubes), contact cleaning aids
and a water dispenser for gummed paper tape.
The box has two slots at the bottom rear corners, and two hand-operable
screws in the front corners, so that it could be mounted onto a
maintenance frame, together with the PSU. This frame had roughly
the same size as a KL-7, so that it could be stowed in a
KL-7 transit case.
➤ More information
|
|
|
When used in a stationary environment, such as an office, the KL-7
was usually powered by the external power supply unit (PSU) shown
here. If necessary it could be bolted to the
table using the four threaded holes at the corners.
The PSU is suitable for connection to the 110V or 220V AC
50 or 60 Hz mains network, selectable with the voltage selector
at the top. The example at the right is configured for
220-250V AC as used throughout Europe.
The device does not have an ON/OFF switch.
➤ More information
|
|
|
In the default configuration, text can only be entered via the keyboard.
In order to read (encrypted) text directly from a punched
paper tape, the KLX-7 interface was available as an option.
It was installed in between the base and the keyboard assembly,
and allowed an external HL-1 tape reader to be connected to it.
In the image on the right, the KLX-7 keyboard adapter is visible between
the keyboard and the base unit. Not te be confused with the expansion unit
that is fitted in front of the keyboard.
➤ More information
|
|
|
The KL-7 had many problems with its spring-loaded contacts,
that had to be cleaned regularly with prescribed materials
only. The German Army (Bundeswehr)
found it so unreliable, that they developed the EZ-KL7 tandem unit.
This unit allows two indentically configured KL-7 machines
to be operated in parallel (tandem), and compare their outputs,
so that errors could be detected immediately.
It is fitted at the rear of the machine, behind the rotor basket.
➤ More information
|
|
|
The KL-7 is an electromechanical
rotor-based cipher machine driven by
electronic circuits with thermionic valves (vacuum tubes).
The machine is powered by an external 24V DC source, such as the
battery of a truck or a mains PSU.
The complex timing of the machine is controlled by a gear box
in which several rotating parts are coupled to a common axle.
The block diagram below shows how the various parts interact.
The unit is driven by a 24V motor that runs at 6600 RPM.
It drives the mechanics as well a 400 Hz AC generator
that provides the 220V DC for the valves. 1
Pressing a key on the keyboard, grounds one of 26 lines,
which is then is routed via the mode-selector,
through the coding wheels,
to one of the 37 coils of the pulse generator.
These pulses are used to drive the printer.
The rotating parts — DC motor, AC generator, pulse generator,
printer and timing unit — are shown in red in the diagram above.
As these parts are all axis-coupled, system timing is guaranteed.
The single-stepping parts are shown in purple.
➤ Full circuit diagram
➤ Repair and maintenance instructions
|
|
-
The AC generator delivers between 150 and 180V AC RMS.
After rectifying, this produces a HT voltage of approx.
220V DC for the anodes of the valves.
|
The rotors of the KL-7 resemble those of the
Enigma and other
rotor-based cipher machines.
Each rotor has 36 flat-faced contacts on its left side,
that are connected to 36 spring-loaded contacts on the right
side, in a secret scrambled order. It also has an adjustable
letter ring.
There are some significant differences with the Enigma however.
First of all, a KL-7 rotor has 36 contacts, whereas an Enigma wheel has 26
contacts. Of the 36 contacts, 26 are used for the encryption of the 26 letters
of the alphabet. The remaining 10 contacts are looped back to the
input (see below). This results in a re-encipherment of part of the text,
which is covered in US Patent 2,984,700
filed by Albert W. Small on 22 September 1944.
In addition, the KL-7 has eight wired rotors, whereas the Enigma had only
three or four. Seven rotors are movable; one is static.
Another difference, is the absence of a reflector
(Umkehrwalze or UKW).
When encrypting, one side of the rotor basket is the input and the other side
is the output. In decoding mode, all contacts are swapped, so that the output
becomes input and vice versa. This has the advantage that on the KL-7
a letter can encipher into itself, which was not the case with
Enigma.
Swapping of the input and ouput contacts is done by a
large double sided sliding panel
with silver-plated contacts, that is
integrated with the keyboard.
Its movement is controlled by the MODE-selector.
|
Each KL-7 came with 12 wired rotors 1 marked A to L. Subject to the current cipher
instructions, eight of these rotors were placed in the machine.
Of these eight rotors, seven were movable and one was static.
The unused rotors were stowed in a metal container. With the 12 wired rotors
came a set of 11 white plastic notch rings
(marked 1 to 11), plus a metal one without notches.
The notch rings control the irregular stepping of the rotors. Subject to the
cipher instructions, 7 of the notch rings were fitted to 7 of the selected
rotors. The remaining rotor was fitted with the wide metal ring and was
always used in position 4 of the drum. This rotor never moves (static).
As far as we know, the only rotor that was used with the (fixed) metal ring
was rotor 'L'.
|
-
The set was later expanded with a 13th rotor that was marked 'M',
and an extra notch ring marked '12'.
|
Each wheel has a letter ring with 36 positions, each separated by a
narrow gap. Only 26 of these positions are marked with one of the letters
of the Latin alphabet (A-Z) in white.
The remaining ten positions are unmarked (blank). At the side of the rotor,
these positions are marked in white with the numbers 1 to 36.
'A' corresponds to '1'.
When unfolded, the letter-ring looks like this:
The blanks are identified with a '+' sign. E.g.: the space
between 'G' and 'H' is identified as 'G+'.
The letter ring can be pressed down and rotated, so that the position of
the letters (and numbers) is changed relative to the rotor wiring.
The setting of the letter ring was part of the daily key.
The current position of the letter ring is identified by the number that
lines up with the white arrow at the left side of the rotor.
In this example
the letter ring is set to position '1' (i.e. the letter 'A').
|
Each set of 12 KL-7 rotors came with 11 white plastic notched rings
that could be fitted to any of the rotors. Together with the
stepping unit, these notch rings are responsible
for the irregular stepping of the rotors.
Each notch ring can be pressed down and rotated, so that its
position is changed relative to the rotor wiring, using the
arrow and the adjacent black line as index
marks. The key list specifies which letter of the letter-ring should
be embraced by these index marks [C].
Subject to the cipher instructions, 7 notch rings are fitted to
7 of the rotors that are placed in the drum.
The remaining rotor must be fitted with the wide metal ring
— so that it becomes static —
and must be placed in the 4th position of the drum.
This rotor never moves during encipherment.
The position of the wide metal ring can also be altered by pressing
it down and rotating it, until the desired number lines up with the
white arrow. In this example
it is set to position '18'.
|
The the KL-7 rotor drum – also known as the basket or
cage – consists of a
metal cylinder with a fixed spindle at the centre.
This assembly is known as KLK-7.
Eight of the available twelve rotors, are installed on the spindle, subject
to the current cipher instructions. The rotor in position 4 is static.
It never rotates and hence does not have a window to show its setting.
It is also known as the stationary wide rotor. 1
It is fitted with the wide metal ring instead of a
white notch ring.
In the rotor set shown here, the static rotor is marked with the letter 'L',
but in theory any rotor could be converted into a static one by swapping
its white notch ring for the wide metal one.
For each of the 7 movable rotors, a window is present through which
three successive positions of that rotor are visible.
The tick white line at the top, marks the current position of the rotors.
The blank positions are identified with
the previous letter suffixed by a '+' sign. In the example above,
the current setting of the movable rotors is identified as →
R R+ Z W+ O R+ Q .
The drum can be removed from the machine by releasing two
locking levers – one at either side of the drum –
after which the drum can be lifted out. Once removed, the rotors can be
accessed by removing the rightmost end-plate,
which is held in place by a sliding lock.
The individual rotors can then be removed from the spindle. The spindle
itself is a permanent part of the drum.
|
|
-
According to some former users, the static rotor was also known as the
NSA rotor, as only the NSA was allowed to alter its wiring.
This conflicts with the known key procedures however.
|
The rotors of the KL-7 are identical to those used with the
British Singlet (BID/60). It is quite possible
that the cipher wheels were a joint US/UK development, or that the Americans
allowed the British to use the KL-7 rotors in their own cipher machine.
The Singlet wheels were manufactured in the UK.
The British Singlet had 10 cipher wheels (rather than 8) but was reported
to be interoperable with the KL-7 by using the same eight wheels plus
two dummies (i.e. wired straight through).
➤ More about Singlet
|
|
|
Each KL-7 wheel contains 36 wires which connect the flat-faced contacts from
one side with the spring-loaded contacts at the other side, in a secret
scrambled order. The wiring of the KL-7 rotors has always been kept secret,
but whether or not this makes sense, remains to be seen.
For security reasons, it was forbidden to trace the wheel wiring
of the KL-7. Even technical repair personnel was not allowed to trace each
individual contact for a faulty connection. They were only allowed to place
the spring-loaded contacts on a conducting (metal) surface and test each
flat-faced contact for continuity only.
This way, the wiring would not be revealed.
Faulty rotors were never opened in the field, but
had to be returned to the NSA for repair [11].
If you would happen to find a KL-7 today and trace the rotor wiring, it would
not be of much use, as the rotor wiring was different for each group of users.
Furthermore, the wiring was changed frequently for safety reasons.
Nevertheless, the Russians managed to read a significant part of the US Navy
Submarine Command KL-7 and KL-47 traffic for nearly 17 years (see below).
|
Below is an example of a key list as it was used with the ADONIS operating
procedure [C]. The key – i.e. the machine configuration – was changed every
day and consists of a table with one line for each day of the month. The
columns show the configuration of rotor position from left to right.
Each column holds the information for one rotor, for example H 24 8-D
for position 1. In the example, wired rotor (core) 'H' will be used in the
first position. It's alphabet ring must be set to 24 (i.e. 'R'). It is fitted
with notch ring '8', of which the markings are lined up with the letter 'D'.
|
The KLB-7 — shown in the image above — is the actual chassis on which the
machine is built. It accomodates the electronic valve-based circuits and
a mechanical gearbox. It is responsible for the synchronisation of
the various parts and consists of a motor, a generator, a timing unit,
a printer etc. In the image above it is located at the left
side of the machine. The keyboard at the front is also part of
the base unit. Note that the KLB-7 never was a classified item.
Apparently, the electro-mechanical base unit was not considered to reveal
any cryptographic secrets.
|
The rotors are held in position by a locking lever (1).
This is a spring-loaded arm that reaches under the wheel from the rear.
At the end of the arm is a small sharp lug, that locks into a narrow rig
(gap) between the index letters on the circumference of the rotor.
Further towards the front, at the bottom of the drum,
is the transport lug (2).
These lugs are driven by the main gear and lock into the same
gaps on the index ring. They move forward,
which means that the front face of a rotor moves upwards
when the wheel makes a step, and that the letters pass by the window
in ascending order.
On each key-press a rotor can only make a single step
(or stay in position).
|
Whether or not a rotor moves when a key is pressed, depends on the presence
or absense of a lug on the stepping ring of one of the other rotors.
The stepping ring
of each rotor is sensed by a switch (3) towards the front of
the basket.
Please note that the switches sense the stepping ring 10 positions further
on the circumfere of the rotor. In other words: when the rotor is at
A (visible in the window at the white line), the lug of position
H is sensed.
The switch activates a solenoid (L1 thru L7) that allows the rotor
to be moved when the gearbox makes a single step.
|
|
|
When setting the daily key, the start position of the rotors can be
altered manually by pressing the keys (4). This can only be
done when the machine is in plain-text mode.
(P). Pressing the key briefly advances the rotor by one position.
Holding it down, advances the rotor repeatedly.
Rotor movement control is complex, but is fixed by the internal wiring.
Although details about the rotor stepping mechanism were not published
until March 2021, it appeared to be possible to deduce the wiring,
simply by observing the rotor movements whilst the machine is running.
In 2011, Crypto Museum was able to reconstruct
the circuit diagram below, based on observations. It has since been
enhanced with declassified information. Note that, depending on the
setting of the MODE-selector, The +24V power supply is applied to the upper
(E, D) or the lower section (P).
|
KLA-7/TSEC Circuit Diagram
|
Please note that the sensing switches at the top are in the sequential
order (1 to 7), but that the order of the manual stepping switches and
the solenoids is mixed. This is done to improve the redability of the
circuit diagram.
The stepping unit as presented here is implemented identically in
Dirk Rijmenants' KL-7 Simulator,
and has since been confirmed to be correct by former users.
It was also verified against the original circuit diagram when it was
released in March 2021 [E][F].
|
The keyboard of the KL-7 is part of the KLB-7 base unit.
It consists of 29 green keys and a black space bar.
It has the standard QWERTY layout divided over three rows.
The numbers (0-9) are shared with the top row.
At the bottom right are three special keys marked LET, FIG
and RPT.
|
Each key is in fact an electric switch, consisting of a contact and a spring,
mounted below the key cap. When a key is pressed, the contact is grounded
(i.e. connected to the 0V rail), which allows the pulse-generator
to issue a pulse.
The keyboard interior is visible in the images below.
When entering numbers, the user must first press the FIG-key (figures).
This acts like the shift-key on a modern computer.
As long as the machine is in
numbers-shift mode, a large neon lamp behind the keyboard is lit.
When reverting to letters, the LET-key has to be pressed first.
|
|
|
Some KL-7 machines have been upgraded with the
KLX-7 input/output interface.
This option consist of two parts: a contact unit that is mounted
between the keyboard and the base, and the actual KLX-7 interface that is
mounted behind the rotor basket. When the KLX-7 is fitted, the keyboard is
removed and the contact unit is mounted in its place. The keyboard is then
refitted on top of the contact unit. As a result, the keyboard will be
positioned slightly higher than before.
|
An encrypted KL-7 message consists only of the 26 letters of the Latin alphabet.
In order to allow the source text to contain letters, numbers and spaces,
special tricks are used.
This is done by surendering a couple of letters and using them for SPACE,
Letter-shift (LET) and Figures-shift (FIG). The surendered letters are then
no longer available and must be replaced by another one.
|
Furthermore, the operation has to be reversed when switching from encryption
to decryption. This is achieved by the MODE-selector, which is
hidden under the keyboard.
This MODE-selector consists of a large pertinax board
with contacts at either side,
much like a PCB (but thicker).
It is operated by the rotary knob to the left of the keyboard. The image
on the right shows the MODE-selector being operated. It has 4 settings:
Off (O), plaintext (P), encrypt (E) and decrypt (D). In the image, it is
in the encrypt (E) position. The MODE-selector also acts as the power switch (O).
|
|
|
The MODE-selector is basically a large slide-switch with multiple
contacts. When operating the knob, the large brown
pertinax board moves from right to left.
It has four possible positions, each of which corresponds with one
of the settings of the MODE-selector.
When pressing a key, a spring-loaded contact is
pushed down onto one of the oval contact on the
top side of the board.
The oval contacts at the top side are connected to a different set of
contacts at the bottom. The contacts at the bottom,
are sensed by a set of fixed spring-loaded contacts in the base unit.
The diagram below shows a simplified cross-section of the keyboard, the
sliding pertinax board – known as the permutor – and the fixed panel
with spring-loaded contacts at the bottom (base).
|
The diagram above shows what happens when a key is pressed whilst the
machine is in plaintext mode (P). The contact of the W-key touches the
top pf the T-shaped contact of the permutor, and is sensed by a spring-loaded
contact in the base unit, which passes it directly to the printer.
|
|
Move the mouse over the diagram to see when happens in decryption mode
|
When the machine is a encryption mode (E), the permutor is moved one position
to the left and the contact of the W-key is connected to the input of the
rotor drum. In the example, the wiring of the rotor drum converts the letter
'W' into the letter 'E', which is then sent to the printer.
Move the mouse over the image to see what happens when the letter 'E' is
pressed whilst the machine is in decryption mode (D). The complex double-side
permutor basically reverses the input and output contacts of the rotor drum,
and ensures that the machine is reciprocal.
|
The machine can handle 37 characters: the 26 letters of the Latin alphabet
(A-Z), the 10 digits (0-9) and SPACE. The ciphertext however, consists only
of the 26 letters of the alphabet (A-Z). This is achieved by switching
between letters (LET) and numbers (FIG) – similar to a teleprinter – at the
expense of three letters: J (FIG), V (LET) and Z (SPACE).
When encrypting, both the letters 'J' and 'Y' will be mapped onto 'Y',
whilst 'Z' and 'X' are both mapped to 'X'. This means that the decrypted text
will look slightly different from the original plaintext, but will
still be readable.
|
THE 236TH QUICK RED FOX JUMPED 780 TIMES OVER THE 1459 LAZY BROWN DOGS
THE 236 TH QUICK RED FOX YUMPED 780 TIMES OVER THE 1459 LAXY BROWN DOGS
|
The first line shows the entered plaintext¸ whilst the second line shows
the text after it has been encrypted and decrypted. Note the extra spaces
that are inserted when switching back from FIG-mode to LET-mode. Also note
that the letter 'J' has been replaced by 'Y' and that 'Z' has become 'X'.
The letter 'V' (used for switching to LET-mode) is not replaced by another
letter. In FIG-mode its function is to return to LET-mode (and insert a space),
and in LET-mode it simply acts as a 'V'.
|
Plaintext
|
J
|
V
|
X
|
Y
|
Z
|
FIG
|
LET
|
SPACE
|
Encryption
|
Y
|
V
|
X
|
Y
|
X
|
J
|
V
|
Z
|
Decryption
|
Y
|
LET/V
|
X
|
Y
|
X
|
FIG
|
LET/V
|
SPACE
|
|
At the heart of the KL-7 is a very compact, yet complex, mechanical unit.
It consists of a DC motor, and AC high-voltage generator, a printer,
a pulse generator and a timing unit. All components are driven by the
DC motor, either directly, or through a 3:1 cog-wheel reduction.
The motor and the generator are mounted on the same axle, and rotate at 6600
RPM (revolutions per minute). Through a 3:1 reduction unit, the pulse generator
and printer are driven at a spreed of 2200 RPM. This speed is further
reduced to drive the complex timing unit. This timing unit – mounted
below the other parts – is repsonsible for the single step operations
(shown in purple).
Unlike the other parts of the gearbox, the timing unit does not rotate
continuously. Instead, a cluch – driven by the electronic circuits – is
used to couple it to the main axle, after which it will complete a single
revolution during which a set of
4 cam-controlled switches
provide the
timing signals for the electronics.
The timing unit also drives the KLA-7 stepping unit
(and hence the rotors), and the paper feed.
On each revolution, the rotors can be advanced by one position.
|
The complex gearbox is located in the left half of the KL-7,
and is a fixed part of the KLB-7 base unit,
as shown in the image on the right.
The motor is at the rear of the unit (at the right in the image).
Imediately in front of the motor (the part with the two recessed screws)
is the high-voltage AC generator, or invertor.
It produces the anode voltage for the valves.
In front of the inverter is the
pulse generator, which is
further described below.
At the bottom – below the other parts – is the
timing unit
which is responsible for the overall system timing.
|
|
|
The printer is located at the front of the gearbox assembly.
This part is visible at the left in the above image, and can be
recognised by the black cap that covers the ink ribbon.
The printer is fed by a paper strip from the paper supply reel
that is mounted to the right side of the gearbox.
The paper leaves the printer at the left.
The print head rotates continuously, whilst the print hammer
and the paper transport are operated by the single step
mechanism of the timing unit.
|
The timing for the printer comes from a pulse generator that is coupled
to the axle of the gear box.
This axle also drives the printer and the timing unit at 2200 rpm.
The pulse generator consists of 37 coils in a circular arrangement,
with a rotating armature at the centre.
Of these coils, 26 are used for the letters of the alphabet, 10 for
the numbers (0-9) and one for SPACE.
|
The image on the right shows the front side of the bare pulse generator.
The coils are divided over two rings: one at the front with 19 coils,
and one at the rear with 18 coils (plus a dummy).
The rotating armature has
two slightly displaced magnets;
one for each ring of coils.
Each of the coils is connected in series with one of the keys
of the keyboard. When the user presses a key, the corresponding coil is
connected to ground and produces a small electric pulse as soon as the
magnet on the rotating armature passes by.
The remaining coils do not produce a pulse.
|
|
|
As the two magnets are displaced by 9.47°, the coils in the rear ring are
activated slightly later than the coils in the front ring, so that one
complete revolution of the armature has 38 divisions or positions.
37 of these positions can produce a character.
The diagram below shows how this works for both rings, using the letters
'T' and 'Y' as an example.
Note that there are two different coil types: one that produces a 5V pulse
(shown below in blue) and one that produces a 10V pulse (shown below in red).
The coils for the numbers (shown in dark red) are all of the 10V type.
The pulse from the active coil is conditioned by means of a step-up
transformer (T101) and a pulse sharpener (V102), before it is passed
to the printer driver tube (V101). This pulse is critical, as it releases
the hammer that pushes the paper against the print head, which is mounted
to the same axle. The original pulse from the active coil is also passed
to a one-shot circuit (V104), that converts it into a pulse of uniform
height and length which is then used as a gate signal for V101.
The keys on the top row of the keyboard have a double function.
They are used for letters as well as numbers.
When pressed, each key activates two series-connected
coils: a 5V one for a letter and a 10V one for the corresponding number
(located two places further on the same ring). This is illustrated below
for the first two number keys: 1/Q and 2/W (key 2/W is pressed here).
All other keys have a single 10V coil. There is one exception though:
the letter 'V' has a 5V coil and is connected in series with the coil
for SPACE. The diagram below shows the various combinations.
When pressing a number key, there will be two pulses
in quick succession: a 5V one (letter), followed by a 10V one (number).
When the device is in letter-mode (LET), the start of the first
pulse triggers the print tube (V101) and releases the hammer.
In figure-shift (FIG) however, the threshold for V101
is raised, to that it will only be triggered by the second (10V) pulse.
|
The KL-7 has a built-in printer with a continuously rotating print head,
that prints its output onto a narrow 9.5mm (3/8") pre-gummed paper strip,
similar to
the American M-209
and the Russian Fialka.
It is located at left – just behind the keyboard –
and is the frontmost item of the gearbox.
|
The printer has an oval-shaped black cap, that covers the ink ribbon spools.
The image on the right shows the printer after this cap has been removed.
At the top are ink ribbon supply and pickup spools. Below the spools is the
circular print head. Paper is supplied by a circular metal cage that is
located to the right of the gearbox.
The print head contains 37 symbols (A-Z, 0-9 and space)
and runs continuously. When a letter is to be printed,
a hammer is released when that letter is opposite the paper strip, under
control of the pulse generator and the electronic circuit.
|
|
|
After each printed symbol, both the paper strip and the ink ribbon are
advanced by one position. The design of the printer is nearly identical
to that of the SIGABA; the wartime
predecessor of the KL-7. The ink ribbon spools are smaller than usual,
but a spare one is stowed inside the case lid.
|
In operation, the KL-7 was not one of the most reliable machines.
It fact, it was known for its many contact problems, some of which
were, no doubt, related to bad or improper maintenance. Many former
users recall their struggles with the KL-7 in order to properly
process a message.
The German Army (Bundeswehr) even developed an assembly known as the EZ-KL7,
that allowed two machines to run in tandem (i.e. in parallel)
so that errors could be detected.
The EZ-KL7 unit was mounted in the rear section of the machine.
It is visible in the image on the right, just behind the rotor basket.
By comparing the output from both KL-7 machines, an alarm could be
raised if they were different.
Note that EZ-KL7 is pronounced 'Easy KL-7'. Image via [13].
|
|
|
On its own, the KL-7 only accepts input from the built-in keyboard,
whilst the output is available only as printed text on a narrow
paper strip. In order to read (encrypted) text directly from a punched
paper tape, the KLX-7 interface was available as an option.
It was installed in between the base and the keyboard assembly,
and allowed an external HL-1 tape reader to be connected.
Installation of the KLX-7 requires the keyboard assembly to be removed.
In its place, the KLX-7 keyboard adapter is then mounted. Once this is
done, the original keyboard is refitted on top of the KLX-7. The HL-1
tape reader is connected to it via a special cable [E p.27][18].
|
During its lifetime, KL-7 was compromised on a number of occasions.
It is believed that the Russians were able to read (break) messages
encrypted with a number of high-level US cipher machines, including
the KW-7,
the KL-7
and the KL-47.
The latter is a variant of the KL-7, used by the US Navy's Command
Center for Atlantic submarine forces [5]. It is slightly bigger
than the KL-7 and features a paper tape reader, a tape puncher and
a different (teletype) keyboard.
|
Arguably the most 'famous' story of cipher compromise is that of John Anthony
Walker, born 1937, who worked for the US Navy and successfully spied for the
Russians for nearly 17 years [4].
|
Walker joined the US Navy in 1955 and started spying for the Soviets in
December 1967, when he had financial difficulties [6].
From that moment, until his retirement from the navy in 1983,
he supplied the Russians with the key lists and other critical cipher
material of the KL-47, the KW-7 and other cipher machines.
For his information he received several thousand dollars from the Soviets
each month. In 1969 he began searching for assistance and befriended
Jerry Whitworth, a student who would become a Navy Senior Petty Officer.
In 1973, he was able to enlist Whitworth in his spy-ring.
In 1976, Walker left the Navy to become a Private Investigator (PI) but kept
spying for the Russians. By 1984, he had enlisted his older brother Arthur
and his son Michael, who kept the endless flow of classified documents going
for another year.
He also tried to recruit his youngest daughter who had just started to work
for the US Army, but this attempt failed when she became pregnant and
abandoned her military career.
|
|
|
Earlier, around 1976, Walker and his wife Barbara divorced after a
history of physical and alcohol abuse [6].
When Walker refused to pay alimony in 1985, she tipped-off the FBI,
which eventually led to his arrest.
After his arrest, Walker cooperated with the authorities
and made a plea bargain in order to lower the sentence of his son Michael.
Suffering from Diabetes and throat cancer,
John Walker died in prison on 28 August 2014.
His son was released on parole in February 2000.
|
The information passed by John Walker and his spy ring,
allowed the Russians to build an analog of the KL-7
and to find ways to mount a cryptanalytical attack on the machine [5].
This allowed the Russians to decrypt at least one million sensitive
classified (TOP SECRET) messages [7].
|
The Russians even supplied Walker with a small device, known as
a rotor reader,
that allowed him to trace the internal wiring of each rotor [2].
The image on the right shows the device, as it was confiscated by the
FBI.
It was small enough to be carried inconspiciously, and could easily be
hidden in a pocket. When folded it measures approx. 7.5 x 10 cm
(about a pack of cigarettes).
The device consists of two halves that are kept together by springs and
hinges. Once opened, 36 flat-faced contacts become visible. They
mate with the 36 spring-loaded contacts of a KL-7 rotor
(photograph supplied by Keith Melton) [2].
|
|
|
A hand-operated slide contact, stowed inside a storage compartment at the
top left, was then inserted through the center hole of the rotor.
It kept the rotor in place, provided the correct pressure for the spring-loaded
contacts, and allowed the slide contact to 'brush' over each individual rotor
contact at the other side. The rotor would be placed with index arrow
opposite the position 0 index of the reader. The slide contact was then moved
over the individual contacts of the rotor, and each time one of 36 lamps on the
lamp panel (at the left) would be lit.
Below is a 3-D drawing of the rotor reader. It gives a good idea of
how it was used. The manually operated slide contact is here taken out
of its storage compartment. It has a rectangular 'key' at the bottom
(left in the drawing) that is inserted in the rectangluar hole
at the center of the reader.
It is assumed that the rotor reader was not one-of-a-kind,
but that at least a modest quantity of them was built.
The Soviets supplied Walker with the device only three weeks after he
started spying for them in 1967. Furthermore, Walker was not the only
person who compromised the KL-7 and similar machines.
When Army Sergeant Joseph Helmich was caught spying in the mid-1970s,
an identical rotor reader was found on him [5].
|
Another example of compromised KL-7 security, is the loss of approx.
700 KL-7 (ADONIS) and KY-8 (NESTOR)
devices in Vietnam in February 1975
[14]. Earlier in the Vietnam War, in 1971, the Americans had decided
to provide the Republic of Vietnam (RVN) with limited quantities of
cryptographic equipment, such as the M-209
and KL-7 cipher machines,
various One-Time Pad (OTP)
systems, voice authentication codes
and some NESTOR (KY-8) voice encryption units.
After the withdrawal of American troops from Vietnam, the cryptographic
depot, known as Don Vi' 600, stayed in place, with American personnel
accounting for the crypographic items. In late 1974 and early 1975,
the situation worsened and the Americans began to withdraw some of the
equipment, with the intent of shipping it back to CONUS 1 or Hawaii.
When in January/Februari the situation became critical, priority was given
to removal of the equipment to Don Vi' 600 so that it could be moved to
CONUS immediately. In the last three weeks of the existence of the RVN,
some 700 pieces of ADONIS and NESTOR equipment had been gathered and
prepared for shipment to CONUS, but none of this equipment
was shipped or destroyed in time. Eventually the equipment fell into
North Vietnamese hands.
Whilst the M-209 was considered obsolete by the
Americans, the KL-7 and the NESTOR equipment certainly was not.
It is quite likely that the North Vietnamese eventually traded some of the
machines with the Russians and possibly also with the Chinese, along with
12 months worth of key material and one-time pads that had also been
captured at Don Vi' 600.
➤ More
|
|
-
CONUS = Continental US.
|
Dispute 30 April 2007
The above story is based on the claim of several writers — including
James Bamford in
Body of Secrets (2001) — that a significant amount of sensitive equipment
was lost to the North Vietnamese at the Fall of Saigon in April 1975 [14].
In 2007, NSA disputed this claim [22], which prompted
Bamford to quote from his original sources
the following day [23]. Below is Bamford's reaction to the dispute.
Update 25 September 2023
We now have the original NSA document on which
Bamford's claim was based. [15]. This confirms that sensitive equipment,
including a number of KL-7 machines and key lists, were indeed lost to
the North Vienamese. Below are some significant passages of the orignal
document.
Within a few hours, Saigon had been taken over and renamed Ho Chi Minh City.
But while the departing embassy employees left only ashes and smashed crypto
equipment for the incoming Communists, NSA had left the NVA a prize beyond
their wildest dreams. According to NSA documents obtained for Body of Secrets,
among the booty discovered by the North Vietnamese was an entire warehouse
overflowing with NSA's most important cryptographic machines and other
supersensitive code and cipher material, all in pristine condition -- and all
no doubt shared with the Russians and possibly also the Chinese.
Still not admitted by the NSA, this was the largest compromise of highly secret
coding equipment and materials in U.S. history.
(...)
But things went terribly wrong. "In the last three weeks of the existence
of the Republic of Vietnam," wrote the official, "some 700 pieces of ADONIS
and NESTOR [encryption] equipment had been gathered and prepared for shipment
to CONUS [Continental U.S.]. Unfortunately, none of this equipment was shipped
or destroyed. None of the facility or its contents were destroyed. It was estimated
that enough keying material and codes were abandoned for 12 months full operation
of the on-line, off-line and low-level codes in country".
Six years later, on 30 April 2007, these claims were disputed by NSA in
a reply to the online magazine Wired [22]:
|
Regarding the destruction of COMSEC and cryptological material and equipment,
certain writers, such as James Bamford in Body of Secrets, have claimed that
this loss constituted a major compromise. This simply was not true. All current
or sensitive equipment had been removed or destroyed by the Americans and South
Vietnamese.
However, a large amount of material, mostly South Vietnamese codes, ciphers, and
keying material was lost. Also, a substantial amount of crypto-equipment,
such as
M-209 cipher devices and tactical secure speech gear such as the KY-8 (Nestor),
was lost. However, an NSA survey correctly assessed the potential for compromise
as negligible as a result of these losses. The South Vietnamese crypto-material
had no cryptographic relationship to the U.S. systems. As for the equipment,
it was either vintage, and no longer used by the United States, as in the case
of the M-209, or, like the tactical secure speech equipment, many sets had
already been lost during the war.
A day later, on 1 May 2007, Bamford replied
in Wired magazine with the following [23]:
|
In response to your query, the material in Body of Secrets came from a five
page document entitled "DON Vi' 600". It was written by Gary Bright who was
the U.S. Army officer who developed the COMSEC accounting system for the
South Vietnamese armed forces. I obtained it from the NSA in 2000.
It is understandable that NSA, in its 50th Anniversary celebration publications,
would want to downplay its failures. NSA officials, however, told me it was one
of the worse security breaches in the agency's history -- loosing over 700
highly secret NSA crypto machines to the North Vietnamese -- who no doubt
shared, bartered or sold them to the Russians and possibly the Chinese. As the
NSA document below makes clear, the fact that the crypto equipment "was
considered obsolete by U.S. standards. This did not mean that the systems were
any less secure than more modern U.S. used materials."
Here are a few quotes from the original NSA documents:
|
Don Vi' 600 was the national cryptographic depot and maintenance facility for
the Republic of Vietnam (RVN) Army, Navy, and Air Force. From 1966 through 1973,
their facility was located adjacent to the U.S. Forces "Hotel 3" helicopter
landing area at Tan Son Nhut Air Base. In 1973, the facility was moved to the
area previously occupied by the Air Force Command Operations Center adjacent
to the Armed Forces Courier Service (ARFCOS) vault.
(...)
The COMSEC accounting system for RVN forces was developed in 1968 by three
U.S. Signal Corps Warrant Officers, CWO F. Portillo, CWO Figerora, and CWO Bright.
(...)
After the withdrawal of U.S. forces from Vietnam, support was provided by a
three-man team assigned to the MAC-V and located in the same compound as
previously housing the full blown MAC-V effort. This team consisted of two
civilians and one senior army warrant officer. The warrant officer from
1972-74 was CW4 F. Portillo. From 1974-final days it was CW4 M. Morgan.
Logistic support for equipment, repair parts, and even office supplies
was provided through Threater [sic] COMSEC Logistic Support Center-Pacific
(TCLSC-PAC) located at Fort Kamehameha, Hawaii. Funds for the project were
provided from the National Security Agency, to Dept. of Defense, to Dept. of Army,
to Army Communications Command, to 5th Signal Command, to the TCLSC-PAC.
The Chief, Inventory Control Center (ICC), CWO Bright, was the project
manager from 1973 until the project terminated.
(...)
In 1970, a decision was made to provide the RVN forces with limited
quantities of FM Secure Voice equipment (NESTOR, TSEC/KY-8). Only operator
maintenance was provided and strict warnings not to open the equipment
were given. It is felt though that the equipment was opened and examined
by the repair personnel. There is not any hard proof of this, however,
knowing the competence and curiosity of the repair persons, it is felt
that they probably did examine the interior of the machines.
In late 1974 and early 1975, the military situation in South Vietnam did
not look good. It was decided to slowly retrograde some of the equipments
used by the RVN forces back to CONUS or Hawaii. Delicate political moves
were made to keep from offending the RVN general staff and a slow movement
was begun. Then in January-February, it was determined that the situation
was becoming critical and a stepped up effort was begun to remove material
more rapidly to Don Vi' 600 for movement to CONUS. In the last three weeks
of the existence of the Republic of Vietnam, some 700 pieces of ADONIS and
NESTOR equipment had been gathered and prepared for shipment to CONUS.
Unfortunately, none of this equipment was shipped or destroyed.
None of the facility or its contents were destroyed. It was estimated that
enough keying material and codes were abandoned for 12 months full operation
of the on-line, off-line, and low-level codes in country.
The equipment, other than NESTOR, that was provided for use by the Vietnamese
was considered obsolete by U.S. standards. This did not mean that the systems
were any less secure than more modern U.S. used materials.
Machine off-line systems used were the ADONIS. TSEC/KL-7 with ancillary
HL-1B and the M-209 non-electrical mechanical system. On-line teletype systems
were PYTHON using the HW-10 and HW-19 provided through the USAF.
There were varying degrees of one-time pad, voice authentication and
low-level operations codes. One DIANA one-time pad system was used by the
ARVN general staff for privacy messages.
From the original NSA document [15] it is clear that the US did
indeed lose 700 pieces of ADONIS (KL-7) and NESTOR (KY-8)
equipment at the fall of Saigon on 30 April 1975. As the RVN had only been
given 200 NESTOR units [14], this means that more than 500 KL-7 units were lost.
The loss was confirmed by aerial photographs of Tan Son Nhut Air Base
taken two days after the fall of the RVN, in which the pallets with
the equipment and software could be identified [15 a].
The NSA's claim that the equipment was eiter
obsolete or no longer used by the US, is disputable.
The M-209 was of WWII vintage and was certainly
obsolete by 1975. The NESTOR equipment on the other hand,
had been introduced just a couple of years earlier, and was certainly not
obsolete. The document confirms this [15].
The same is partially true for the KL-7 (ADONIS). Although
it had been introduced in 1952 and was in the process of being phased out,
it was still in use with NATO (which includes the US),
and was therefore not yet obsolete.
At the same time, one has to consider that in a conflict, any equipment
is likely to fall into enemy hands sooner or later.
This is acknowledged by NSA, as in [15] they mention that during the
course of the conflict, many NESTOR units had already fallen into
enemy hands.
This should not be a
problem, as long as no current or future keys are lost as well.
According to Kerckhoffs's Principle – which was applied here –
a cryptosystem should be secure even if everything about the system,
except for the key, is public knowledge [24].
During the Fall of Saigon however, valid keys for 3 months up to one full year
were lost as well, which is a major security breach.
➤ Read the original DON Vi' 600 document
➤ Similar document with additional details
|
Apart from the compromises described above, KL-7 also emanated
compromising electromagnetic signals, that potentially allowed a
malicious party to reconstruct the plaintext of a message.
In the US, the study of compromising emanations is generally referred to
with the codename TEMPEST.
A survey by the NSA revealed in August 1955 [26 p. 9]:
|
The print magnet radiates a signal which is detectable approximately
25 feet from the equipment. Analysis of this signal, recorded during
encipherment, showed that the plaintext could be recovered.
When the shunt wound motor was used on the equipment approximately
30 hours were required to recover the plaintext byt hand methods.
When a governed motor was used only 2 hours were required to recover
the plaintext because of the regularity of the print-wheel speed.
In addition, another signal was emanated that allowed an eavesdropper
to determine the change in print-wheel speed between successive
print-outs:
|
Mr. Joseph Collins, BSA-311, indicated that available through
radiation, and detectable at the same distance as the print-magnet
signal, is information that would enable us to determine the change
in print-wheel speed between print-outs. With this information
available the analysis would be trivial.
This means that without appropriate countermeasures, KL-7 would not be
secure inside a 25 feet (7.62 m) circle, which is a realistic threat.
Appropriate countermeasures
could be the (electrical) shielding and/or filtering of the equipment,
or specifying a 25 feet security perimiter.
➤ More about TEMPEST
|
In 2009, Dirk Rijmenants managed to crack part of the KL-7 mystery.
From information received from researchers and former KL-7
users all over the world, combined with his own observations,
he managed to put together an attractive
KL-7 Simulator for Windows™ [18].
Since then, he received numerous e-mails with new information about the
working principle of the machine.
|
Version 5.0.1
- 27 May 2013
In February 2011, after we uncovered the secrets of the stepping unit
of the KL-7 (KLA-7/TSEC),
Dirk released a major update of his simulator,
which includes the new stepping unit plus a number of corrections to the
operation of the mode-selector below the keyboard.
It now also includes realistic sounds, sampled from a real KL-7 in operation.
This simulator has been verified against real KL-7 machines.
The image on the right shows a screenshot of the KL-7 Simulator running on
Windows XP.
➤ Download KL-7 for Windows (off-site)
|
|
|
In September 2012, we teamed up with some researchers of
the Cyber Systems and Technology
Department of the Lincoln Laboratory of the Massachusetts Institute of
Technology (MIT) in Lexington (MA, USA), to produce a Java version of
Dirk Rijmenants' KL-7 Simulator for Windows (see above). The main
advantage of using Java over Windows, is that the application
can run on any platform that supports the Java language,
including Windows, Mac (Apple), Unix and Linux.
|
Version 5.0.2
- 22 December 2013
In February 2013, Uri Blumenthal of MIT, released the first version of
the JAVA KL-7 Simulator. As it uses the graphics from Dirk Rijmenants'
KL-7 Simulator for Windows (above) and the sounds and other information
– provided by Crypto Museum – the two simulators have a very similar
appearance.
The software comes as a JAR archive and works 'out of the box'
on most platforms, including the Apple Macintosh. An extensive 30-page manual
is included with the software. Simply click the question mark (?) at
the top bar to read it. It even has a built-in codebook generator.
➤ Download JAVA KL-7 Simulator
|
|
|
Please note that the above KL-7 simulator requires the latest version
of JAVA (8) to be installed on your computer. For security reasons it is
always recommended to use the latest version of JAVA. To check your
current version and download the latest version of JAVA, click here.
If you are still using JAVA version 6 or 7 and do not want to upgrade yet,
you may download the JAVA-6 or 7 compatible version of the KL-7 simulator below.
There is no support for these versions.
➤ Download JAVA-7 compatible version of KL-7 Simulator
➤ Download JAVA-6 compatible version of KL-7 Simulator
|
A great 3D model with realistic shading, texture details and lighting,
was created in 2023 by Shashwat Patkar. Although it can't be operated like
the simulators listed above, it allows you to view the machine from all
sides and zoom in on any detail, with nothing more than your browser.
➤ Shashwat Patkar's page on ArtStation
➤ View 3D model on Sketchfab
|
The audio file below illustrates the use of the KL-7.
First, the machine is turned on.
Then 10 keys are typed in plain text mode. The unit is then switched to
encryption, after which 7 letters and 5 spaces are typed. It is then switched
to decryption, after which 8 letters are typed. We then switch to encryption
and then to plain text. Next, the rotor positions are changed.
Finally, the KL-7 is switched off again and you can hear the motor fading out.
|
The diagram below shows a timeline of KL7-related events, as compiled
by Dirk Rijmenants in 2023 [18].
KL-7 development started in 1945 under the name MX-507.
In 1949, the machine was later renamed AFSAM-7 and in 1955 TSEC/KL-7.
The first users in 1953 were the US Army and Air Force, followed in 1954 by
CIA and FBI. NATO used the KL-7 from 1955 onwards.
Other users were The White House, Air Force ONE, ASA itself,
and eventually also the NSA.
The Army Security Agency (ASA) was responsible for the development,
procurement and release of the machines. NSA was responsible for
communications security. KL-7 was initially issued with RED rotors,
which were replaced in 1956 by ORANGE rotors (codenames).
POLLUX and ADONIS were operating procedures
for low level (1950) and high level (1951) traffic respectively.
It is currently unknown when the KL-7 was phased-out with each of its
users, but it is known that the last message was sent by Canada in 1983.
|
The KL-7 must be powered by a 24V DC source, that should be connected
to the short piece of cable to the right of the keyboard. It has a 2-pin
Amphenol 97-series (male) plug at the end, that mates with the 2-pin
(female) socket on the power cable (stowed in the
case lid) and on the
external PSU. The required (female) socket has the following part
number: Amphenol 97-series MS3101A12S-3S (shell: AN3057-4).
Below is the pinout of when looking into the socket:
|
Device Cipher machine Class Rotors Model KL-7 Designator AFSAM-7, TSEC/KL-7 Country USA Developer NSA Manufacturer Burroughs, parts by others User(s) see below Introduced 1952 Last used 1983 Declassified 2009, 2021 1 Rotors 8 (from a set of 12) Contacts 36 Valves 3 × 2D21, 12AX7 Power 24V DC Weight 9.3 kg Price US$ 1458 (see below) 2 Quantity 21,000 3
|
KLB-7 Base US$ 814 KLA-7 Stepping unit US$ 328 KLK-7 Cipher unit US$ 80 CE87054 Carrying case US$ 161 CE87066 AC converter US$ 75 ? Rotor set US$ 100 TSEC/KL-7 Complete US$ 1458 2
|
-
The device was officially declassified by NSA in 2009, but the documentation,
circuit diagrams, etc. were first publicly released in 2021 [E].
-
Price in 1958, as specified in [19]. Equivalent to US$ 14,313 in 2022.
-
The estimates differ per publisher. The estimate of 21,000 was given by
David Boak in his lecture about the KL-7
in 1973 [28].
|
- US Navy
- US Army
- US Air Force
- Foreign Office
|
|
- Air Force One [20]
- Canadian Navy
|
- USA
- Australia
- Belgium
- Canada
- Denmark
- England
- France
|
- Germany (W)
- Greece
- Italy
- Luxemburg
- Netherlands
- Norway
- New Zealand
|
- Portugal
- South Korea
- South Vietnam
- Taiwan (ROC)
- Turkey
|
- Fort Meade (USA)
- Netherlands
HMS Belfast (London, UK)- Kingston (Ontario, Canada)
- Amersfoort (Netherlands)
- Den Helder (Netherlands)
- Yogyakarta (Indonesia)
- Nova Scotia (Canada)
Private collector Canada
|
-
This unit is known to have been de-militarised.
-
Formerly: Maritime Command Museum
-
This unit is no longer on public display. Its current whereabouts are unknown.
|
- KAO-83/TSEC — wanted
Official operator's manual for the KL-7.
- TSEC/KL-7 Canadian User Report After First Year of Operation
National Security Agency (NSA). CSEC 115. 1 May 1959, 15 pages. SECRET. 1
- Operating Instructions for TSEC/KL-7 ADONIS Operation
Department of Defense. National Security Agency (NSA). Washington, DC 20305.
KAO-41C/TSEC. September 1966, 28 pages, Confidential - Crypto. 1
- Interim Operating Instructions for Pollux Cryptosystems-Joint
Department of Defense. Armed Forces Security Agency. Washington 25, DC.
AFSAG 1236. January 1953, 45 pages, Confidential Security Information. 1
- Repair and Maintencance Instructions for TSEC/KL-7
NSA, AFSAM-7. KAM-1/TSEC, 1 May 1955. Last updated 3 February 1960. 2
- TSEC/KL7 Circuit Diagram
NATO, AMSP-519/A. NATO RESTRICTED. 3
|
|
-
NSA information declassified and approved for release on 21 April 2011.
FIOA Case # 64246.
CSEC information declassified and approved for release on 28 April 2011.
CSEC ATIP Case # A-2010-00015.
-
Document declassified by NSA on 30 March 2009 (E.O. 12958, FOIA 47709).
Obtained via Bill Neill and
scanned by Nick England
in March 2021 [16]. Reproduced here by kind permission.
-
Anonymous donor, March 2021.
|
- H. Keith Melton, Ultimate Spy
1996-2002. ISBN: 0-7513-4791-4. p. 54.
- H. Keith Melton, The Ultimate Spy Book
2009. ISBN: 07894074435.
- NSA, Cryptologic Almanac 50th Anniversary Series, AFSAM-7
Retrieved November 2010. Via WayBack Machine (April 2021).
- TruTV, Family of Spies: The John Walker Jr. Spy Case
Retrieved November 2010.
- Laura H. Heath, Analysis of Systematic Security Weaknesses of the US Navy...
M.S., Georgia Institute of Technology, 2001.
Fort Leavensworth, Kansas (USA), 2005.
Thesis of Major Laura Heath, detailing how John Walker exploited weaknesses
in the US Navy Broadcasting System between 1967 and 1974.
- Wikipedia, John Anthony Walker
Retrieved November 2010.
- FBI, The Year of the Spy
Famous Cases and Criminals. John Anthony Walter Jr.
Retrieved November 2010.
- NSA, TSEC/KL-7 Canadian User Report After First Year of Operation
National Security Agency. CSEC 115. 1 May 1959, 15 pages. SECRET. 1
- NSA, Operating Instructions for TSEC/KL-7 ADONIS Operation
Department of Defense. National Security Agency. Washington, DC 20305.
KAO-41C/TSEC. September 1966, 28 pages, Confidential - Crypto. 1
- NSA, Interim Operating Instructions for Pollux Cryptosystems-Joint
Department of Defense. Armed Forces Security Agency. Washington 25, DC.
AFSAG 1236. January 1953, 45 pages, Confidential Security Information. 1
- Chuck Aston, Former KL-7 maintenance engineer at USAF
Personal correspondence, Febrary 2015.
- CSP-6620A, TSEC/HL-1 and TSEC/HL-1B system block diagrams
4 June 1962. Unclassified.
- Klaus Schmeh, Die Welt der geheimen Zeichen
2004. ISBN 3-937137-90-4.
- James Bamford, Body of Secrets
May 2001. ISBN 1407009206. pp. 352-353.
➤ James Bamford
- Gary Bright, DON VI' 600
Undated. 5 pages. Released by NSA in 2000. 2
➤ (a) Later account about Don Vi' 600 (3 pages)
- Nick England, US Navy Crypto Equipment - 1950's-60's
Website, May 2016 — March 2021.
- Paul Reuvers and Marc Simons, The Gentleman's Agreement
Crypto Museum, 30 July 2015.
- Dirk Rijmenants, TSEC/KL-7 ADONIS & POLLUX
Cipher Machines & Cryptology (website), 2004-2021.
➤ See also [a].
- NATO, Cryptographic Equipment for Meteorological Use
Memorandum SGWM-208-58, 9 April 1958. 3
- Use of AFSAM-7 by the White House Signal Detachment and aboard the Air Force One
ASA History, 1954. Volume 1. Page 47.
- Signal Corps Patent Board, Meeting no. 30
22 November 1940.
- Kevin Poulsen, Formerly-Secret NSA Document Rewrites Vietnam War History
Wired, Security, 30 April 2007.
- Kevin Poulsen, Document Leak: NSA lost 700 Crypto Machines in 'Nam
Wired, Security, 1 May 2007.
- Wikipedia, Kerckhoffs's principle
Visited September 2023.
- Wikipedia, Beryllium copper
Visited 25 September 2023.
- Donald E. Schumacher, Plain Text Radiation Study of TSEC/KL-7 (AFSAM-7)
NSA-314. UKUSA-344. 2 August 1955. Library No. S-60,081. TOP SECRET. 4
2 pages, copy 19 or 40 copies.
- KL-7 cipher machine with 12 rotors in metal container donated by OVCISKLu - THANKS !
Crypto Museum, 29 March 2024.
- David Boak Lecture 3, TSEC/KL-7
NSA, 1973. SECRET NOFORN.
|
|
-
NSA information declassified and approved for release on 21 April 2011.
FIOA Case # 64246.
CSEC information declassified and approved for release on 28 April 2011.
CSEC ATIP Case # A-2010-00015.
-
Gary Bright was the US Army officer who developed the
COMSEC accounting system for the South Vietnamese armed forces.
This 5-page document was provided in 2000 by NSA to author
James Bamford.
The 3-page document listed under (a) provides additional details.
-
Documents retrieved from https://archives.nato.int.
-
Declassified and approved for release by NSA on 26 January 2019,
E.O. 13526.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Sunday 09 August 2009. Last changed: Sunday, 16 June 2024 - 05:25 CET.
|
|
|
|
|
| |