The red/black concept, sometimes called the red–black architecture[1] or red/black engineering,[2][3] refers to the careful segregation in cryptographic systems of signals that contain sensitive or classified plaintext information (red signals) from those that carry encrypted information, or ciphertext (black signals). Therefore, the red side is usually considered the internal side, and the black side the more public side, with often some sort of guard, firewall or data-diode between the two.

Red/black box

In NSA jargon, encryption devices are often called blackers, because they convert red signals to black. TEMPEST standards spelled out in Tempest/2-95 specify shielding or a minimum physical distance between wires or equipment carrying or processing red and black signals.[4]

Different organizations have differing requirements for the separation of red and black fiber-optic cables.

Red/black terminology is also applied to cryptographic keys. Black keys have themselves been encrypted with a "key encryption key" (KEK) and are therefore benign. Red keys are not encrypted and must be treated as highly sensitive material.[5]

Red/Gray/Black

edit
 
NSA Red-Gray-Black diagram

The NSA's Commercial Solutions for Classified (CSfC) program, which uses two layers of independent, commercial off-the-shelf cryptographic products to protect classified information, includes a red/gray/black concept. In this extension of the red/black concept, the separated gray compartment handles data that has been encrypted only once, which happens at the red/gray boundary. The gray/black interface adds or removes a second layer of encryption.[6]

See also

edit

References

edit
  1. ^ David Kleidermacher (2010). "Bringing Android to military communications devices".
  2. ^ "MIL-HDBK-232A: Red/black engineering -- installation guidelines" (PDF). 1988. Archived from the original (PDF) on 2007-07-14.
  3. ^ "Cabling for Secure Government Networks" (PDF). Archived from the original (PDF) on 2012-05-19.
  4. ^ McConnell, J. M. (12 December 1995). "NSTISSAM TEMPEST/2-95". Archived from the original on 2007-04-08. Retrieved 2007-12-02.
  5. ^ Clark, Tom (2003). Designing Storage Area Networks. Addison-Wesley Professional. ISBN 0-321-13650-0.
  6. ^ NSA Mobile Access Capability Package, Version 2.1, 26 June 2018, accessed 21 February 2021