KW-37

KW-37 transmitter on display at the Naval History museum at La Spezia, Italy
Remington Rand format punch card similar to the type used by NSA to distribute keys

The KW-37, code named JASON, was an encryption system developed In the 1950s by the U.S. National Security Agency to protect fleet broadcasts of the U.S. Navy. Naval doctrine calls for warships at sea to maintain radio silence to the maximum extent possible to prevent ships from being located by potential adversaries using radio direction finding. To allow ships to receive messages and orders, the navy broadcast a continuous stream of information, originally in Morse code and later using radioteletype. Messages were included in this stream as needed and could be for individual ships, battle groups or the fleet as a whole. Each ship's radio room would monitor the broadcast and decode and forward those messages directed at her to the appropriate officer. The KW-37 was designed to automate this process. It consisted of two major components, the KWR-37 receive unit and the KWT-37 transmit unit. Each ship had a complement of KWR-37 receivers (usually at least two) that decrypted the fleet broadcast and fed the output to teleprinter machines. KWT-37's were typically located at shore facilities, where high power transmitters were located.

The KWR-37 weighed 100 pounds (45 kg) and contained some 500 subminiature vacuum tubes, whose leads were soldered to printed circuit boards. Each flip-flop in the KW-37 required three tubes, placing an upper bound on the total number of stages in any shift registers used at 166. Squeezing so much logic in such a small and rugged package was quite a feat in the 1950s.

Each KWT-37 filled an entire relay rack with five stacked modules. A precision time reference occupied the bottom, three key generators (stream cyphers in civilian parlance) occupied the middle and an alarm panel occupied the top position. The outputs of the three key generators were combined in a voting circuit. If one of the units' output did not match the other two, an alarm was sounded and the output from the two units that did agree continued to be used.

Each KWR-37 and each key generator in the KWT-37 had a common fill device (CFD) for loading keys (or as NSA calls them cryptovariables). The CFDs were similar to that first used in the KW-26, accepting punched cards in Remington Rand format. The key was changed every day at 0000 hours GMT. The receivers were synchronized to the transmitter at that time. If a receiver ever got out of sync, say due to a power failure, an operator had to set the current hour and minute on dials on the front panel. The KWR-37 would then "fast forward" through its key stream sequence until synchronization was re-established.

Large numbers of fleet broadcast key cards had to be produced and distributed to every navy ship and many shore installations on a monthly basis, so many people had access to them. While the key cards were strictly accounted for, they were easy to copy. This proved to be a fatal weakness.

KWR-37s fell into North Korean hands when the USS Pueblo was captured in 1968. New keying material was issued to ships throughout the world to limit the ongoing damage. In 1985 it was revealed that the Walker spy ring had been selling key lists and cards to the Soviet Union for decades. KW-37 systems were taken out of service by the early 1990s.

The received input to the KW(R)-37 was in the form of a multiple broadcast (multicast) signal, consisting of many channels condensed into one tone pack which was deciphered at one stage by the KW(R)-37 and then the output was sent to several KG-14's which further deciphered the then split signals into each channel of the fleet broadcast. The KG-14 also received its timing signal from the KW(R)-37; if the 37 was out of sync, all the 14's were fall out of sync as well. Each KG-14 could process one channel of the tone pack; most fleet units had six KG-14's, larger units even more.

Experiences operating the KWR-37

TSEC KW-37 Receiver on display at the Naval History museum at La Spezia, Italy

Typically, fleet units utilizing the KWR-37 units were outfitted with two devices for redundancy. Should one unit fail, the other one would already be online and patches via a high level, 60-milliamp patch panel would quickly be changed around so that the current offline unit could be changed over to online status at a moment's notice, to ensure that there was no interruption of message traffic. Later in their life, when KWR-37 units were aged and worn, sometimes the circuit cards inside had to be reseated with a rubber mallet which helped ensure the cards were seated properly. Other problems with the KWR-37's were related to the startup times. Fleet radiomen, and those stationed in the shore transmitting stations, had to listen to an HF signal for coordinated universal time. Radiomen called this broadcast the "time tick," which gave them a sharp tone, signalling them to press the restart button so that the unit could then start up for "new day" or otherwise known as "HJ's" by the radiomen. This took place after the new day's crypto keylist card was properly inserted into the "crib" or the card reader by securing it onto pins and then firmly closing the card access door and then locking it with a key. Once the unit(s) were restarted, the key was placed back in the safe using two-person integrity (TPI) which was stringently enforced following the Walker spy investigation. In the early nineties when the KWR-37 units were retired from the navy and replaced by the more reliable and modern KWR-46's, fleet Radiomen breathed a sigh of relief because the KWR-37 units were often unreliable and would occasionally fall out of synchronization timing, resulting in a loss of broadcast messages from the various fleet channels.

Sources

Experiences operating the KWR-37 - a personal account from a retired US Navy fleet Radioman