Tuesday, February 10, 2015

BAPCO 's Use of One Time Pad During WWII

Mounted camel guard at the refinery.
Source: BAPCO
The Bahrain Petroleum Company (BAPCO) was a Canadian subsidiary, founded in 1929 by the American Standard Oil of California (Socal) to run its operations at the Awali oil fields on Bahrain Island at the inlet of the Persian Gulf. BAPCO was one of the companies that became a possible target of Axis forces when Britain declared war on Germany. In 1940, the Bahrain oil refinery was targeted by Italian bombers, forcing the Allies to strengthen Bahrain's defense. Bahrain, in 1943 still a British Protectorate, decided to implement a censorship on messages that were sent over commercial cable and wireless, to prevent disclosure of information that might be useful to the enemy.

This censorship, however, greatly restricted the communications and operations of BAPCO. The majority of their messages contained information about oil production, shipping, personnel and food supply. Those messages fell into three main categories: a) cables that could be sent in plain text without objection, b) security cables that contained information that, in conjunction with other information, might indirectly be useful to the enemy, and c) secret cables that would be of direct use to the enemy if intercepted, such as ship movements, especially oil tankers.

On April 4, 1943, Ward P. Anderson, the chief local representative of BAPCO, asked E. B. Wakefield, the British Political Agent in Bahrain, permission to encrypted their cables between the local branch and their New York office. This would allow them to send security related cables, at the same time respecting Bahrain's censorship. Anderson proposed a secret company code, superimposed (enciphered a second time) with a transposition cipher for added security.

The Political Resident of the Persian Gulf in Camp Bahrain forwarded the request on April 8 to the Secretary of State for India in London, who approved the use of a secret code, provided that censorship received a plain text version of all messages, sent in that code, BAPCO should continue to send messages through the Navy if they contained vital information that would be of direct use to the enemy, and messages regarding political matters were to be sent through the Political Agent. After consulting the New York office, Ward Anderson agreed to these conditions.

P.A.I.C. in Baghdad asked whether the code had already been vetted for security. As this was not the case, the British Political Resident forwarded the request to SNOPG (Senior Naval Officer in the Persian Gulf) in Basra but they had no officer qualified to vet the code. Therefore, PAIFORCE suggested to vet the code.

The new code, proposed by the California Texas Oil Company, arrived from New York on October 24, and Bahrain forwarded the code on November 10 by courier for examination to the Cipher Security Officer of P.A.I.C. in Baghdad. After reviewing the code, the Security Officer responded that the code offered little resistance against cryptanalysis and provided no security whatsoever.

Note: P.A.I.C. (Persia and Iraq Command) in Baghdad was the headquarters of PAIFORCE (Persia and Iraq Force), the British and Commonwealth military formation in the Middle East from 1942 to 1943.

Surprised by this answer, Ward Anderson explained that the code was allocated by the U.S. Navy Department and considered the most secure known, used for the most secret messages. He clarified that "each page of the pad of sheets is used only once and destroyed after use". He continues, "In fact, the code changes with each succeeding letter of the message. When the pad is exhausted, a new set of pads is produced".

To Anderson, it seemed unlikely that British military authorities would be unfamiliar with the proper use of this type of code, so he asked to verify whether the code was indeed insecure, adding that U.S. authorities would be most interested if the British claims proved correct.

This was probably his polite way to hint the Political Agency and the PAIFORCE Security Officer that they were going to embarrass themselves. To their defense, it might be possible that the code was not accompanied with the complete and proper coding instructions, thus failing to show that the code was for one-time use.

Soon after, the Secretary of State for India in London informed the Political Resident in Bushire, Iran, that the U.S. Chief of Cable Censorship urgently requested permission to use the code, adding that it was a one-time pad, similar to the one used by the Ministry of War Transport in London. P.A.I.C. also received note of this. Apparently, someone pulled some strings.

Subsequently, the Political Resident confirmed to its agency in Bahrain that the code was indeed a one time pad from the U.S. Navy Department. Eventually, the agent informed the BAPCO representative that objection to the code had been withdrawn and that "the one time pad can be used on the understanding that the pad is not worked through more than once".

BAPCO started using the one-time pads as of January 15, 1944, more than eight months after their initial request. Yes, even during wartime, bureaucrats persist. Of course, we have to take in account that transportation and communication means in 1943 were quite different from today, and codes were always transferred safe-hand by courier.

Once the war had ended, BAPCO requested on August 22, 1945 permission from Bahrain to commence the use of the company's own cable code again, as used before the outbreak of hostilities in 1939.

Below one of the BAPCO coded messages from Bahrain to New York, with plain version included, submitted to Censorship as agreed with British authorities.

These archived conversations are a rare example of a commercial firm using the unbreakable one-time pad in the early 1940s. At that time, the use of such strong encryption was generally limited to governments, their military, intelligence agencies and diplomacy. BAPCO's use of one-time pads, allocated to them by the U.S. Navy Department, is a nice example of how government and commercial firms teamed up to ensure the highest level of communications security for those companies that were somehow important to the war effort.

All letters and cables regarding this request for using one-time pads are found in the British Library: India Office Records and Private Papers as File 10/5 BAPCO CODES, reference IOR/R/15/2/423. More examples of coded messages and their plain text version, submitted to censorship, are found in File 10/23 Code Messages - BAPCO, reference IOR/R/15/2/450. These records are archived in the Qatar Digital Library.

These documents are also unique as a reference, because the use of one-time pads is hardly mentioned in official documents from that era (for obvious security reasons) and they are, as far as I know, the earliest I came across. They confirm the use of one-time letter pads  by Political Residents of the British Imperial Civil Administration, the British Army, the Ministry of War Transport in London and the U.S. Navy, at least as early as 1943. Both British and U.S. authorities were quite familiar with the system and surprisingly even shared it with commercial firms. The archives also show that British Residents in the Middle East regularly received sets of two-way one-time pads. More on the 1940 bombing raid on Bahrain in the Qatar Library, and an account of the attack on the BAPCO refirey is available at the Saudi Aramco website.

More historical and technical information about one-time pad is available at my Cipher Machines and Cryptology website.

The Bahrain Petroleum Company (BAPCO), one of the oldest oil companies in the Middle East, was established in 1929 by Standard Oil Company of California. In 1930, BAPCO obtained the only oil concession in Bahrain. In 1936 they discovered the Awali oil field and opened a refinery with a capacity of 10,000 barrels per day. That same year, Standard Oil Company of California signed an agreement with Texaco, creating the joint venture California Texas Oil Company (Caltex). These companies are now known as Chevron and Texaco. The Bahrain government took over all BAPCO shares in 1980 and acquired full ownership in 1997.

Wednesday, December 24, 2014

Cold War Nuclear Weapons Safety

The National Security Archive just released a documentary about the safety systems on nuclear weapons during the Cold War and beyond. At the beginning of the Cold War it became obvious that conventional forces would not be able to repel a Soviet attack in Western Europe. Nuclear deterrent, the capability to retaliate with massive nuclear power, became a primary tool of NATO to prevent war in Europe.

With so many U.S. nuclear weapons in the custody of both U.S. military and NATO partners across Europe, they had to find solutions to prevent unauthorised use or accidents. The concept called Always/Never: for an effective deterrent, you need nuclear weapons that are Always ready for use, but at the same time you need assurance that these weapons will Never be used unauthorised or accidentally.

Early Electromechanical PAL
The solution was the Permissive Action Link or PAL, a device inside the weapon that isolated the electronics from the detonation charge that triggers the nuclear reaction. The early PAL was a small electric motor attached to a combination lock, which in turn engaged the arming switch. The operator had to attach a control box by a cable to the weapon and enter the proper code to arm the weapon. Nowadays, they use encrypted detonation parameters, requiring the proper decryption codes to arm the warhead.

This not only prevented accidental detonation, but also shifted both decision and authority over each nuclear weapon from the military operator or commander to the U.S. President, who is the only person with the PAL codes and consequently the sole person who can initiate a nuclear war. Since then, the U.S. president is always accompanied by his military aid who carries the codes in the so-call Nuclear Football.

The system was not created overnight. It took years to develop the proper technology and procedures, but in the end it presented a major improvement of nuclear safety. The documentary Always Never, released by the Sandia National Laboratories, tells the story of the evolution of safe control over nuclear weapons. More information is found at the the Archive's Nuclear Vault.  Extensive information on Permissive Action Links is also available on Steven Bellovin's Columbia page and some photos of PALs are linked at Light Blue Touchpaper.

Wednesday, December 10, 2014

WPS - The secret Numbers in Letters

We all have secrets. Some we keep and some we share. The secrets we keep are generally easily managed. Our brain is an excellent safe that holds numerous secrets that no one will ever know. The secrets we share are harder to keep. If we want to send them to others then we need to encrypt them.

However, sometimes we don't want anyone to know that we share a secret. When the secret becomes a secret, we need more than cryptography to send it. We need steganography, the art of hiding messages.

By using steganography (lit. hidden writing) we can send a message through any open insecure channel without others even knowing that a message was sent. It doesn't draw attention or suspicion, as an encrypted e-mail or letter would, and the hidden message is deniable.

In this age of non-existing digital privacy there is still a method of processing and sending messages that resists even the best hackers and MIB companies: the pen and the paper. Just as there is unbreakable pen-and-paper encryption, there is also fully deniable steganography.

Many steganographic techniques were invented in past centuries. Drawings with embedded codes or signs, invisible ink, harmless looking text with minuscule typographic differences or grammatical alterations under control of some algorithm. Most of them, however, fail when it comes to hiding the fact that steganography has been used.

Typographic changes, how little they may be, are visible, since the receiver should be able to see them. Obviously, unusual font changes or extra spaces in digital text files are easily detected. Secret words, embedded at certain places, might be out of context. The required grammatical changes or rules, applied on cover text, often don't stand against the scrutiny of a human reader, as he can easily spot subtle but suspicious changes in natural language that don't fit in the content or style of the cover text.

Fully deniable steganography has some important requirements: it should be impossible to detect the use of steganography, as this would in essence be a failure. After all, its goal was to hide the fact that a message was sent. Also, any attempt to extract the hidden message should never reveal the message nor the use of steganography, even when the method is known. Therefore, the message should always be encrypted prior to hiding. Otherwise, any eavesdropper who knows the steganographic method could extract the plain message.

One method that meets these conditions is the Words-Per-Sentence system or WPS. It's a simple yet effective text-based method to conceal  a message without the use of complex mathematical or grammatical tricks and offers complete freedom of writing style and content. The system consist of three steps: converting text into digits, encrypt those digits and hide them in an innocent cover text.

Step 1 - Convert text into digits

This can be done by a straddling checkerboard. Such a table converts the high frequency letters into one-digit values and the other letters in two-digit values, producing a relatively economical conversion. Optionally, you can use three or four-digit codes (preceded by 0 - CODE) that represent common expressions or phrases, listed in a small code sheet or book, to compress the message considerably (more about code books in section VI of this paper).

Let's convert the phrase "meeting at 14 PM in NY." Note that we repeat figures three times to exclude errors.

M  E E T I N G     A T     1   4     P  M     I N    N Y  (.)
79 2 2 6 3 4 74 99 1 6 90 111 444 90 80 79 99 3 4 99 4 88 91

Step 2 - Encrypt the digits

The letter-to-digit conversion is no protection whatsoever! We could scramble the letters of the checkerboard, but this provides only very limited protection. So, we must encrypt the digits. There are various manual cipher systems, but the most secure one is the unbreakable one-time pad. More detailed info in this paper.

Suppose our one-time pad key starts with the following groups:

68496 47757 10126 36660 25066 07418 79781 48209 28600

The one-time pad key is written out underneath the plaintext digits. The first group of the pad serves as key indicator for the receiver and must be skipped in the encryption process. The key is subtracted from left to right from the plaintext without borrowing (a so-called modulo 10 subtraction):

Plain : KEYID 79226 34749 91690 11144 49080 79993 49948 89191
OTP(-): 68496 47757 10126 36660 25066 07418 79781 48209 28600
Cipher: 68496 32579 24623 65030 96188 42672 00212 01749 61591

Step 3 - Hide the encrypted digits

Now that we have a secure message we must hide the ciphertext digits in a text. For each digit, a sentence is composed with as many words as the digit + 5. Adding 5 to the total ensures that all sentences have at least five words. Words like “it’s”, “you’re” or “set-up” are regarded as one word. To avoid statistical bias, some sentences with less than 5 or more than 14 words should be added (these are later simply ignored). The first ciphertext group 68496 from our example message is hidden in the first part of a letter, shown here below:

Dear John,

I Hope everything is going well with you and the family. If possible, Katherine and I would love to visit you somewhere next month. We could make it a weekend at the lake. The next few weeks are rather quiet so any date is fine for us. What do you think? If you’re interested, just pick a date and I arrange everything.

To retrieve the original digits, the receiver simply subtracts 5 from the total number of words in each sentence, ignoring sentences with less than 5 or more than 14 words. He counts 11 words in the first sentence and thus knows that the first digit is 11 – 5 = 6, and so one. He writes the proper one-time pad key underneath the extracted digits (skipping the key indicator) and adds ciphertext and key together without carry (modulo 10 addition). Finally, he converts the plaintext digits back into readable text with his own checkerboard.

The advantages of WPS are an excellent literary freedom and the lack of complex calculations or algorithms. Always start by writing a meaningful text and then play with the words to obtain the required sentence length. Exclude the salutation in a letter from the system, as a nine-letter salutation would obviously arouse suspicion.

Thanks to WPS, the hidden message is fully deniable. There is no way to ever prove the existence of a message inside the innocent looking letter without having the proper one-time pad key. Even when the eavesdropper knows the method used, he can merely extract some meaningless digits, as he would retrieve from any other "clean" text. We now have a safe method to send encrypted messages openly by postal mail, e-mail or Internet forums.

Or how you can hide numbers in letters ;-)

This pen and paper WPS system is an important advantage in today's digital world where secure  personal computers, smartphones or tablets are a fairytale and virtually all means to communicate are prone to eavesdropping. Of course, the cover text itself can be read by anyone and you will need a good excuse for the nonsense you wrote and to whom you wrote it.

Further reading:

Tuesday, December 09, 2014

Professor Brailsford on Enigma

Computerphile just published two talks by Professor Brailsford about the WW2 German Enigma cipher machine (edit: the third and final part is now published). He explains in an excellent and entertaining way how Enigma works and how it was broken, first by the Polish en then the British codebreakers in Bletchley Park. I believe it's one of the best videos I've seen on making codebreaking understandable. A must see! The talks are  made on the occasion of the release of The Imitation Game, a new movie about Alan Turing's work on Enigma. More detailed info on Enigma at these webpages.

Tuesday, November 04, 2014

Arduino Enigma Simulator

The Arduino Enigma simulator is a fantastic new simulation, running on the popular open source Arduino UNO platform. The electronics, based on the ATmega168 micro-controller, simulate the WW2 Enigma I, the Kriegsmarine M3, M4 and even incorporates the so-called Uhr switch to modify the plugboard connections.

The interface uses the small Seeed 2.8 Studio touch screen, making it probably the tiniest practical digital Enigma simulation. The maker used an interface structure with top view for operation, open lid for configuration and front view plugboard that resembles the Enigma Sim, providing a realistic hands-on approach.

Complete Enigma simulator with UNO board, touch screen and 9 volt battery

The Arduino Enigma was tested against fully compatible Enigma version and thus offers correct encryption. Its truly a pocket-sized Enigma, running on a small 9 volt battery.

You can find the Arduino Enigma project on tindie and discover additional project details and the required software at the developer's Arduino Enigma Simulator weblog. He even made a wooden Enigma case for his simulator. More information about the Arduino electronics is found on the Arduino website. Since a video can tell more than a thousand words, do check out the Arduino Enigma Demo video: