Red/black concept

Red/black box

The red/black concept, sometimes called the red–black architecture[1] or red/black engineering,[2][3] refers to the careful segregation in cryptographic systems of signals that contain sensitive or classified plaintext information (red signals) from those that carry encrypted information, or ciphertext (black signals). Therefore, the red side is usually considered the internal side, and the black side the more public side, with often some sort of guard, firewall or data-diode between the two.

In NSA jargon, encryption devices are often called blackers, because they convert red signals to black. TEMPEST standards spelled out in Tempest/2-95 specify shielding or a minimum physical distance between wires or equipment carrying or processing red and black signals.[4]

Different organizations have differing requirements for the separation of red and black fiber-optic cables.

Red/black terminology is also applied to cryptographic keys. Black keys have themselves been encrypted with a "key encryption key" (KEK) and are therefore benign. Red keys are not encrypted and must be treated as highly sensitive material.[5]

  1. ^ David Kleidermacher (2010). "Bringing Android to military communications devices".
  2. ^ "MIL-HDBK-232A: Red/black engineering -- installation guidelines" (PDF). 1988. Archived from the original (PDF) on 2007-07-14.
  3. ^ "Cabling for Secure Government Networks" (PDF). Archived from the original (PDF) on 2012-05-19.
  4. ^ McConnell, J. M. (12 December 1995). "NSTISSAM TEMPEST/2-95". Archived from the original on 2007-04-08. Retrieved 2007-12-02.
  5. ^ Clark, Tom (2003). Designing Storage Area Networks. Addison-Wesley Professional. ISBN 0-321-13650-0.