mdr@reed.UUCP (Mike Rutenberg) (04/29/86)
The intention of my original posting was to ask what is *actually* done in the *real* world right *now*. How do Nigeria or Chile or Lower Slabovia protect their diplomatic communications? How about the Soviets? I realize that there are lots of interesting cryptographic tools that show promise for the future or for small volume communications, but currently lots of governments are doing *something* to protect their communications, and I'm wondering what. Does anyone here know what the real world is really like? Mike NB: My original posting has more detailed questions but maybe this is better
henry@utzoo.UUCP (Henry Spencer) (05/04/86)
> The intention of my original posting was to ask what is *actually* done > in the *real* world right *now*. How do Nigeria or Chile or Lower > Slabovia protect their diplomatic communications?... The smarter ones probably go to one of the companies that specializes in such things. (Nor is it just the smaller countries; the US used Hagelin cipher machines for some purposes in WW2, for example.) Of course, they have to wonder whether they can trust the company. Alternatively, if you're friends with one of the superpowers, you can ask them to help you out in the same way. Once again, you'll never be too sure whether your messages are secret from your big buddy. Actually, for *diplomatic* messages there is nothing much wrong with the one-time pad, or mechanized forms of it. Diplomatic pouches are a fairly secure and convenient way of shipping paper tape or whatever for key distribution. And the volume isn't high enough to cause really severe key-volume problems. Where one needs skilled help is for things like military field communications, where one-time pads are impractical. > How about the Soviets? They almost certainly use one-time encryption for diplomatic stuff. They have a long history of being fond of one-time pads for spies, despite the dangerous nuisance of keeping substantial volumes of key around. What they use for military operations, I don't know. -- Join STRAW: the Society To Henry Spencer @ U of Toronto Zoology Revile Ada Wholeheartedly {allegra,ihnp4,decvax,pyramid}!utzoo!henry
dick@ucsfcca.UUCP (Dick Karpinski) (05/08/86)
In article <6650@utzoo.UUCP> henry@utzoo.UUCP (Henry Spencer) writes: >key-volume problems. Where one needs skilled help is for things like >military field communications, where one-time pads are impractical. Why are one time pads impractical in military field communications? If a CD ROM holds 500 megabytes of key in a drive like the ones that joggers are happy to wear on their belts, I see no hard problems. Incidentally, I was definitely in error on the prices I quoted for write once drives from Optotech in Colorado Springs. The $2k figure is for large quantities. Onsies cost $5k. And the quoted capacity is only a mere 200 megabytes per side. Even so, aside from milspec engineering, this actual product would seem to suffice for many military field communications needs. Dick -- Dick Karpinski Manager of Unix Services, UCSF Computer Center UUCP: ...!ucbvax!ucsfcgl!cca.ucsf!dick (415) 476-4529 (12-7) BITNET: dick@ucsfcca Compuserve: 70215,1277 Telemail: RKarpinski USPS: U-76 UCSF, San Francisco, CA 94143
desj@brahms.BERKELEY.EDU (David desJardins) (05/10/86)
In article <507@ucsfcca.UUCP> dick@ucsfcca.UUCP (Dick Karpinski) writes: >Why are one time pads impractical in military field communications? >If a CD ROM holds 500 megabytes of key in a drive like the ones that >joggers are happy to wear on their belts, I see no hard problems. Well, the problem is that you have a network with 1e6 or so nodes, any subset of which should be able to communicate in a secure manner. If every user has the same key, then each must have enough for *all* of the messages, even ones in which they do not participate. Even 500 Mb would last about 1 minute. And if every user has a different one-time pad, then they cannot all communicate with one another. --- David desJardins
henry@utzoo.UUCP (Henry Spencer) (05/13/86)
> >key-volume problems. Where one needs skilled help is for things like > >military field communications, where one-time pads are impractical. > > Why are one time pads impractical in military field communications? > If a CD ROM holds 500 megabytes of key in a drive like the ones that > joggers are happy to wear on their belts, I see no hard problems. Because CD ROMs are the "leading edge" right now, i.e. they don't really quite exist yet. The military, like the phone company, has a lot of built-in inertia in getting new technologies into service: extensive testing, mil-speccing, etc. eat up a lot of time. There are also some other problems. The requirement that one-time key sequences never be re-used means you need a different key disk for each communications link. If you use different parts of the same disk, then your whole communications system is compromised if the enemy captures one of them -- something that must be assumed to happen occasionally. Similarly, you must be prepared to issue new key disks at once if one is captured. In addition, if more than two stations use a single key disk -- impossible to avoid, given the broadcast/multicast nature of a lot of field communications -- they must all be kept in sync so they do not re-use key text. There are formidable problems of organization and logistics here. The system must be robust, capable of providing useful communications despite chaos, confusion, repeated on-the-fly reorganization of communicating groups, and deliberate attempts at disruption by clever people on the other side. Finally, the bulk of field messages have a short useful lifetime; it really does not matter very much if the other side can read them a month later. One-time pads show fewer advantages here than in more normal environments. All this being true, it is nevertheless the case that my comments were written with current technologies in mind. Near-future technologies like CD ROMs (if you think they are current technology, try to find three companies that will sell compatible readers to you in quantity ten thousand, *today*) will change things. Personally I don't think that one-time pads will filter all the way down to the lower levels of field communication, but I would expect them to supersede a lot of the current higher-level military cryptosystems. -- Join STRAW: the Society To Henry Spencer @ U of Toronto Zoology Revile Ada Wholeheartedly {allegra,ihnp4,decvax,pyramid}!utzoo!henry
abc@brl-smoke.ARPA (Brint Cooper ) (05/15/86)
But if contractors are charging the U.S. hundreds of dollars for a $15 tiolet seat, can you imagine what these ROM devices will actually cost us? Brint In article <507@ucsfcca.UUCP> dick@ucsfcca.UUCP (Dick Karpinski) writes: >In article <6650@utzoo.UUCP> henry@utzoo.UUCP (Henry Spencer) writes: >> Where one needs skilled help is for things like >>military field communications, where one-time pads are impractical. > >Why are one time pads impractical in military field communications? >If a CD ROM holds 500 megabytes of key in a drive like the ones that >joggers are happy to wear on their belts, I see no hard problems. > >Incidentally, I was definitely in error on the prices I quoted for >write once drives from Optotech in Colorado Springs. The $2k figure >is for large quantities. Onsies cost $5k. And the quoted capacity >is only a mere 200 megabytes per side. Even so, aside from milspec >engineering, this actual product would seem to suffice for many >military field communications needs. > -- Brint Cooper ARPA: abc@brl-bmd.arpa UUCP: ...{seismo,unc,decvax,cbosgd}!brl-bmd!abc
aglew@ccvaxa.UUCP (05/17/86)
>/* Written 4:42 pm May 12, 1986 by henry@utzoo.UUCP in ccvaxa:net.crypt */ >> Why are one time pads impractical in military field communications? >> If a CD ROM holds 500 megabytes of key in a drive like the ones that >> joggers are happy to wear on their belts, I see no hard problems. > >There are also some other problems. The requirement that one-time key >sequences never be re-used means you need a different key disk for each >communications link. If you use different parts of the same disk, then >your whole communications system is compromised if the enemy captures >one of them -- something that must be assumed to happen occasionally. Would a single CD ROM shared between several stations, plus a smaller ROM that generates a different probe sequence of the master CD ROM for each station make the keys sufficiently different for the CD ROM one time pad to be useful (apart from size of data flow)? Ie. if you have a key of 4E9 bits, and you know S, exactly how many 1s there are (due to having captured a disk), how much does this help you find an arbitrary key pattern formed by permuting those bits in some way? It certainly drastically reduces the space spanned by the key, from 2^4E9 to something like 4E9!/(2E9!)^2, assuming S ~= 2E9. And, of course, the probe sequences would be quite restricted (do I hear anybody say `quadratic residue' out there?) If you have (largekey,smallkey), and largekey is captured, you've only really got a smallkey system. When the enemy has captured the CD ROM key, randomized probing is susceptyible to the same sort of attacks that catch people using every 105th word of the King James' Bible. Would it be so difficult, however, to manufacture a large number of different CD ROMS? You certainly couldn't make a master and press from it, but if you have a laser writing to two WORM disks at once you could randomize the signal controlling the laser and produce pairs of keys automatically. I wouldn't use a pseudo-random number generator for the randomization, though, since finding out that algorithm and a serial number would tell the enemy all your keys. Andy "Krazy" Glew. Gould CSD-Urbana. USEnet: ihnp4!uiucdcs!ccvaxa!aglew 1101 E. University, Urbana, IL 61801 ARPAnet: aglew@gswd-vms
root@ucsfcca.UUCP (Computer Center) (05/17/86)
Devices like the CD-Rom with their large data capacity might be used to hold substantial quantities of non-algorithmically derived data which could be used in as a super-encryption based on a key driven selection algorithm to conceal the mathematical regularities of an underlying algorithmic transformation. Even without applying transpositions we have >10**8 encryption sequences in hand. It could complicate things a bit. Another possibility is to use a large part of this capacity to hold parametrized forms of, say, 10**5 distinct encryption algorithms whose selection could be key driven along with 10**8 bytes of the above data. Thos Sumner (...ucbvax!ucsfcgl!ucsfcca.UCSF!thos)
/a/paul@proper.UUCP (05/22/86)
This brings up an interesting point about cryptography in the real world: if you want to mess up an adversary, making their cryptographic system hard to use may be almost as good as breaking their codes. I imagine that the NSA has a good handle on this concept. In the method discussed in this thread (CD-ROM readers with one-time pads), if someone wanted to mess up our system, they could determine some way of making an established cryptosystem unreliable or hard to use. The likely result would be that many communications that use that system would switch to another system, causing confusion and fragmentation.It could also cause some administrator to decide to start sending certain classes of communications without encryption. So, to start a new subject, which current systems are most vulnerable to frobbing? This could be done with jamming, spoofing, or overloading, and I'm sure that there are many other ways I haven't thought of. Does this sort of action compromise US security more than USSR security?
henry@utzoo.UUCP (Henry Spencer) (05/27/86)
> Would it be so difficult, however, to manufacture a large number of different > CD ROMS?... [using write-once disks] Don't forget that you also have to distribute them to the stations in the field, making sure that each station has a disk for each communications link it's got. You also have to synchronize changes to new disks, e.g. because one was captured, to occur simultaneously among all members of a particular communications link. This is not a disadvantage of the one-time-CD-ROM scheme, since this sort of thing has to be done for any cryptosystem, but it does reduce the advantages of the one-time scheme. -- Usenet(n): AT&T scheme to earn revenue from otherwise-unused Henry Spencer @ U of Toronto Zoology late-night phone capacity. {allegra,ihnp4,decvax,pyramid}!utzoo!henry