DAR Series Part 3: NSA Type 1 Encryption

DAR Series Part 3: NSA Type 1 Encryption
DAR Series Part 3: NSA Type 1 Encryption
White Paper
November 18, 2020

DAR Series Part 3: NSA Type 1 Encryption

 A Type 1 encryption product is a device or system certified by the NSA for use in cryptographically securing classified United States government (USG) information when appropriately keyed. The USG classified data may range from Confidential to Secret to Top Secret.

Why protect classified data?

Since 1952, the NSA has been responsible for all USG encryption systems. Over the intervening decades, the mission of protecting USG classified data has not changed. Methods and technology have certainly changed during that time, advancing from vacuum tubes to discreet transistors to integrated circuits to microprocessors and software. The threat landscape has constantly been evolving and becoming more sophisticated in recent years, so the protection response must also evolve.

The basic principle of encryption is to convert plain text data (also known as Red data) into ciphertext data (also known as Black data). Plain text data can be read by ordinary means and is not protected. Red data is vulnerable to exploitation by an adversary if obtained. In a deployed system, militaries may lose a vehicle such as a fighter, helicopter, or tank during a mission. As described in the first white paper in this series, many deployed vehicles have been lost over the last few decades. Indeed, militaries will lose more due to enemy action or accidents in the future.

Threats during and after missions

For deployed applications, data is likely to be transferred before and after missions. Before a mission, operators may load plans and maps (generated at a base or ground station) from the ground station onto the vehicles. After a mission, they may off-load sensor data from the vehicle to the ground station for post-mission analysis. This data is vulnerable to capture during transport to/from the deployed vehicle and must be protected with encryption and other means.

Data at the ground station is subject to attack by hackers, either nation-states or individuals. Networks and their data are being attacked continually from a variety of advanced persistent threats (APT). Internal bad actors are also a threat. These people have their agenda and are often team members that no one suspects. Adversaries are simply any individual, group, organization, or government that conducts or has the intent to conduct harmful activities. This threat landscape can be dissected into more minor elements, but suffice to say that the threats are increasing in number and sophistication.

Login and download the white paper to learn more about:

  • Why classified DAR should be encrypted
  • What constitutes a Type 1 device
  • Type 1 DAR product vendors
  • Considerations for Type 1
  • DAR applications
  • Type 1 certification process

This white paper is the third in four related white papers discussing data-at-rest (DAR). The first paper in the series, Data Threats and Protection, explores the reasons to protect DAR, encryption basics, and possible encryptor options. The second paper in this series, Commercial Solutions for Classified, focuses on Commercial Solutions for Classified (CSfC), an option offered by the National Security Agency (NSA) that uses two layers of commercial off-the-shelf (COTS) encryption to protect classified data. This third paper discusses the NSA program known as Type 1 encryption, a government off-the-shelf (GOTS) option. The fourth paper provides an objective, practical, and unbiased comparison between Type 1 encryption and Commercial Solutions for Classified (CSfC) encryption approaches used to encrypt data-at-rest (DAR).