FAS | Intelligence | Programs | Security |||| Index | Search |

FAS Project on Intelligence Reform


The BLACKER proof-of-concept demonstration using centralized key management and access control began in the late 1970's, with work done by SDC (software) and Burroughs (hardware). The subsequent production program was awarded to Unisys (merged SDC and Burroughs) in the early 1980s, with devices fielded in the late 1980s. The BLACKER was revolutionary in its use of a single processor design with the (custom) crypto as a peripheral on the internal bus.

The BLACKER project in the US Defense Data Network was the first secure system with Trusted End-to-End Encryption using government encryption. Cisco added support for encryption through the United States government Blacker Front End (BFE) program. The Defense Communications Agency (DCA) certified Cisco Systems' DDN X.25 standard service implementation for attachment to the Defense Data Network (DDN). Cisco's DDN implementation includes Blacker front-end encryption and Blacker emergency mode operation.

The Blacker front end (BFE) is a classified encryption device used by hosts that want to communicate across unsecured wide area networks. BFE devices are typically found in government networks (for example, DSNET), which handle sensitive data requiring a greater degree of security. Blacker front end support allows the router to connect to BFE devices. The BFE device, in turn, provides the router with encryption services while acting as the data communications equipment (DCE) end of the connection between the router and the X.25 network. Hosts using attached BFE devices can communicate with each other over an unsecured packet-switched network using data paths secured by the encryption services of the BFEs. These hosts are part of a Red virtual network. The packet-switched network that carries both the data secured by BFEs and any other unsecured data is known as the Black network.

BFE devices receive authorization and address translation services from an Access Control Center residing on the Black network. The ACC makes access control decisions that determine which hosts are allowed to communicate with each other. A Key Distribution Center (KDC) residing on the Black network provides encryption keys and key management services. A BFE device uses these encryption keys for encrypting traffic between itself and other BFE devices.

Sources and Methods

FAS | Intelligence | Programs| Security |||| Index | Search |

Created by John Pike
Maintained by Steven Aftergood

Updated Friday, February 11, 2000 6:01:37 AM