Over the Air Rekeying
Over the Air Rekeying (OTAR) is the common name for transmitting, or remotely transferring, changing or updating data signal encryption "code" keys in secure information systems by conveying the keys via encrypted electronic communication channels (“over the air”). It is also referred to as Over-the-Air Transfer (OTAT), or Over-the-Air-Distribution (OTAD) depending on the specific type, use, and transmission means of the key being changed. Although the acronym refers specifically to radio transmission means, the technology is also employed via land line and cable.
OTAR was operationally introduced to the US Department of Defense via the Navy beginning in 1988. Lieutenant Commander David Winters, an American naval officer in London and "code master" during the final years of the Cold War, was first to recognize the necessity and revolutionary security potential of OTAR and personally oversaw development and deployment of the innovative procedures required.
Due to the tremendous efficiency and cost savings inherent to OTAR, Commander Winters' methods were quickly adopted and spread Navy wide, following which Vice Admiral J.O Tuttle, Commander of the Navy Telecommunications Command, the Navy "J6", shortly influenced the Joint Chiefs of Staff to bring all the other military services into compliance.
This coincided with introduction of newer NSA cryptographic systems that use a 128-bit electronic key, such as the ANDVT, KY-58, KG-84A/C, and KY-75, capable of obtaining new or updated keys via the circuit they protect or other secure scommunications circuits. Adoption of OTAR drastically reduces requirements both for distribution of physical keying material and the physical process of loading cryptographic devices with key tapes.
OTAR essentially eliminates need for individual stations to be involved with tangible physical code key changeovers on a day-to-day updates. Instead, electronically transmitted keys would normally come from a Network Control Station (NCS). The OTAT feature permits key to be extracted from an OTAT-capable cryptographic system using a fill device, such as the KYK-13 or KYX-15/KYX-15A and then loaded ("squirted") into another cryptographic system as needed.
Alternatively, encryption systems may also be configured to automatically receive and update code keys with virtually no human intervention, as is the case for GPS (Geo-Positioning-System) navigation satellite signals.
Commander Winters' introduction of this technology revolutionized US and associated secure telecommunications by obviating many previous requirements for risky, expensive wide-spread distribution of paper code keys. It thereby extinguished vulnerability to physical theft and loss previously exploited by the infamous "Johnny Walker" spy ring.
Elimination of this vulnerability, although little appreciated outside the security community at the time, was an innovation of inestimable impact. Placing this technology in perspective, it comprised a transformation at the most basic foundations of communications security such that through the decades since introduction of OTAR, not a single new breach of US code systems has occurred. Recent declassification of the details relating to its introduction may be expected to now become the subject of more scholarly work.
OTAR applications have now been adapted for civilian emergency service providers and other users requiring enhanced communications security. Extensive parallel technology conversion and development have produced commercially viable systems that include end to end key generation, distribution, management, and control.
In example, one popular system permits network controllers to remotely, dependably, and securely, change encryption keys for an entire network at their discretion. This security enhancement greatly simplifies and streamlines operations while virtually eliminating risk of compromise. As a matter of normal routine, key updates can be sent to users, stations, or nodes remotely or “over the air.” In practical terms, this means users need not bring or return their units for manual updates, nor must technicians visit each user, station, or node to service their units in the field. This saves many man hours in addition to increasing security.
Further, in the unlikely event that a unit, station, or node is stolen, mimicked, or otherwise compromised, a network controller can:
- Remotely inhibit access of additional users, stations, or nodes to the network.
- Remotely and securely enable network access to additional users, stations, or nodes.
- Remotely “zeroize” or remove a user's, station's, or node's cryptographic key material.
- Remotely and securely change or update a user’s, station's, or node's cryptographic keys.
- Also see STU-III and John Anthony Walker
- See Jerry O. Tuttle
- (U) American Cryptology During the Cold War (1945-1989), (U) Book IV, Cryptologic Rebirth, 1981-1999, by Thomas R. Johnson, Center For Cryptologic History, National Security Agency, pp 40-41.
- See John Anthony Walker.
- OVER THE AIR REKEYING, A ROGUE SECURITY REVOLUTION, oral presentation by David Winters, Symposium for Cryptologic History, Applied Physics Laboratory, Johns Hopkins University, 19 October 2017, (referenced with permission of author).
- "Operation Provide Comfort, A Communications Perspective, published by the United States European Command Directorate of Command, Control, and Communications, June 4, 1993. Also see STU-III.
- Navy Award Citations for Lieutenant Commander David D. Winters, dtd. 15 May 1992, 03 August 1992, and 26 August 1994,