Wednesday, December 24, 2014

Cold War Nuclear Weapons Safety

The National Security Archive just released a documentary about the safety systems on nuclear weapons during the Cold War and beyond. At the beginning of the Cold War it became obvious that conventional forces would not be able to repel a Soviet attack in Western Europe. Nuclear deterrent, the capability to retaliate with massive nuclear power, became a primary tool of NATO to prevent war in Europe.

With so many U.S. nuclear weapons in the custody of both U.S. military and NATO partners across Europe, they had to find solutions to prevent unauthorised use or accidents. The concept called Always/Never: for an effective deterrent, you need nuclear weapons that are Always ready for use, but at the same time you need assurance that these weapons will Never be used unauthorised or accidentally.

Early Electromechanical PAL
The solution was the Permissive Action Link or PAL, a device inside the weapon that isolated the electronics from the detonation charge that triggers the nuclear reaction. The early PAL was a small electric motor attached to a combination lock, which in turn engaged the arming switch. The operator had to attach a control box by a cable to the weapon and enter the proper code to arm the weapon. Nowadays, they use encrypted detonation parameters, requiring the proper decryption codes to arm the warhead.

This not only prevented accidental detonation, but also shifted both decision and authority over each nuclear weapon from the military operator or commander to the U.S. President, who is the only person with the PAL codes and consequently the sole person who can initiate a nuclear war. Since then, the U.S. president is always accompanied by his military aid who carries the codes in the so-call Nuclear Football.

The system was not created overnight. It took years to develop the proper technology and procedures, but in the end it presented a major improvement of nuclear safety. The documentary Always Never, released by the Sandia National Laboratories, tells the story of the evolution of safe control over nuclear weapons. More information is found at the the Archive's Nuclear Vault.  Extensive information on Permissive Action Links is also available on Steven Bellovin's Columbia page and some photos of PALs are linked at Light Blue Touchpaper.

Wednesday, December 10, 2014

WPS - The secret Numbers in Letters

We all have secrets. Some we keep and some we share. The secrets we keep are generally easily managed. Our brain is an excellent safe that holds numerous secrets that no one will ever know. The secrets we share are harder to keep. If we want to send them to others then we need to encrypt them.

However, sometimes we don't want anyone to know that we share a secret. When the secret becomes a secret, we need more than cryptography to send it. We need steganography, the art of hiding messages.

By using steganography (lit. hidden writing) we can send a message through any open insecure channel without others even knowing that a message was sent. It doesn't draw attention or suspicion, as an encrypted e-mail or letter would, and the hidden message is deniable.

In this age of non-existing digital privacy there is still a method of processing and sending messages that resists even the best hackers and MIB companies: the pen and the paper. Just as there is unbreakable pen-and-paper encryption, there is also fully deniable steganography.

Many steganographic techniques were invented in past centuries. Drawings with embedded codes or signs, invisible ink, harmless looking text with minuscule typographic differences or grammatical alterations under control of some algorithm. Most of them, however, fail when it comes to hiding the fact that steganography has been used.

Typographic changes, how little they may be, are visible, since the receiver should be able to see them. Obviously, unusual font changes or extra spaces in digital text files are easily detected. Secret words, embedded at certain places, might be out of context. The required grammatical changes or rules, applied on cover text, often don't stand against the scrutiny of a human reader, as he can easily spot subtle but suspicious changes in natural language that don't fit in the content or style of the cover text.

Fully deniable steganography has some important requirements: it should be impossible to detect the use of steganography, as this would in essence be a failure. After all, its goal was to hide the fact that a message was sent. Also, any attempt to extract the hidden message should never reveal the message nor the use of steganography, even when the method is known. Therefore, the message should always be encrypted prior to hiding. Otherwise, any eavesdropper who knows the steganographic method could extract the plain message.

One method that meets these conditions is the Words-Per-Sentence system or WPS. It's a simple yet effective text-based method to conceal  a message without the use of complex mathematical or grammatical tricks and offers complete freedom of writing style and content. The system consist of three steps: converting text into digits, encrypt those digits and hide them in an innocent cover text.

Step 1 - Convert text into digits

This can be done by a straddling checkerboard. Such a table converts the high frequency letters into one-digit values and the other letters in two-digit values, producing a relatively economical conversion. Optionally, you can use three or four-digit codes (preceded by 0 - CODE) that represent common expressions or phrases, listed in a small code sheet or book, to compress the message considerably (more about code books in section VI of this paper).

Let's convert the phrase "meeting at 14 PM in NY." Note that we repeat figures three times to exclude errors.

M  E E T I N G     A T     1   4     P  M     I N    N Y  (.)
79 2 2 6 3 4 74 99 1 6 90 111 444 90 80 79 99 3 4 99 4 88 91

Step 2 - Encrypt the digits

The letter-to-digit conversion is no protection whatsoever! We could scramble the letters of the checkerboard, but this provides only very limited protection. So, we must encrypt the digits. There are various manual cipher systems, but the most secure one is the unbreakable one-time pad. More detailed info in this paper.

Suppose our one-time pad key starts with the following groups:

68496 47757 10126 36660 25066 07418 79781 48209 28600

The one-time pad key is written out underneath the plaintext digits. The first group of the pad serves as key indicator for the receiver and must be skipped in the encryption process. The key is subtracted from left to right from the plaintext without borrowing (a so-called modulo 10 subtraction):

Plain : KEYID 79226 34749 91690 11144 49080 79993 49948 89191
OTP(-): 68496 47757 10126 36660 25066 07418 79781 48209 28600
Cipher: 68496 32579 24623 65030 96188 42672 00212 01749 61591

Step 3 - Hide the encrypted digits

Now that we have a secure message we must hide the ciphertext digits in a text. For each digit, a sentence is composed with as many words as the digit + 5. Adding 5 to the total ensures that all sentences have at least five words. Words like “it’s”, “you’re” or “set-up” are regarded as one word. To avoid statistical bias, some sentences with less than 5 or more than 14 words should be added (these are later simply ignored). The first ciphertext group 68496 from our example message is hidden in the first part of a letter, shown here below:

Dear John,

I Hope everything is going well with you and the family. If possible, Katherine and I would love to visit you somewhere next month. We could make it a weekend at the lake. The next few weeks are rather quiet so any date is fine for us. What do you think? If you’re interested, just pick a date and I arrange everything.

To retrieve the original digits, the receiver simply subtracts 5 from the total number of words in each sentence, ignoring sentences with less than 5 or more than 14 words. He counts 11 words in the first sentence and thus knows that the first digit is 11 – 5 = 6, and so one. He writes the proper one-time pad key underneath the extracted digits (skipping the key indicator) and adds ciphertext and key together without carry (modulo 10 addition). Finally, he converts the plaintext digits back into readable text with his own checkerboard.

The advantages of WPS are an excellent literary freedom and the lack of complex calculations or algorithms. Always start by writing a meaningful text and then play with the words to obtain the required sentence length. Exclude the salutation in a letter from the system, as a nine-letter salutation would obviously arouse suspicion.

Thanks to WPS, the hidden message is fully deniable. There is no way to ever prove the existence of a message inside the innocent looking letter without having the proper one-time pad key. Even when the eavesdropper knows the method used, he can merely extract some meaningless digits, as he would retrieve from any other "clean" text. We now have a safe method to send encrypted messages openly by postal mail, e-mail or Internet forums.

Or how you can hide numbers in letters ;-)

This pen and paper WPS system is an important advantage in today's digital world where secure  personal computers, smartphones or tablets are a fairytale and virtually all means to communicate are prone to eavesdropping. Of course, the cover text itself can be read by anyone and you will need a good excuse for the nonsense you wrote and to whom you wrote it.

Further reading:

Tuesday, December 09, 2014

Professor Brailsford on Enigma

Computerphile just published two talks by Professor Brailsford about the WW2 German Enigma cipher machine (edit: the third and final part is now published). He explains in an excellent and entertaining way how Enigma works and how it was broken, first by the Polish en then the British codebreakers in Bletchley Park. I believe it's one of the best videos I've seen on making codebreaking understandable. A must see! The talks are  made on the occasion of the release of The Imitation Game, a new movie about Alan Turing's work on Enigma. More detailed info on Enigma at these webpages.

Tuesday, November 04, 2014

Arduino Enigma Simulator

The Arduino Enigma simulator is a fantastic new simulation, running on the popular open source Arduino UNO platform. The electronics, based on the ATmega168 micro-controller, simulate the WW2 Enigma I, the Kriegsmarine M3, M4 and even incorporates the so-called Uhr switch to modify the plugboard connections.

The interface uses the small Seeed 2.8 Studio touch screen, making it probably the tiniest practical digital Enigma simulation. The maker used an interface structure with top view for operation, open lid for configuration and front view plugboard that resembles the Enigma Sim, providing a realistic hands-on approach.

Complete Enigma simulator with UNO board, touch screen and 9 volt battery

The Arduino Enigma was tested against fully compatible Enigma version and thus offers correct encryption. Its truly a pocket-sized Enigma, running on a small 9 volt battery.

You can find the Arduino Enigma project on tindie and discover additional project details and the required software at the developer's Arduino Enigma Simulator weblog. He even made a wooden Enigma case for his simulator. More information about the Arduino electronics is found on the Arduino website. Since a video can tell more than a thousand words, do check out the Arduino Enigma Demo video:

Sunday, August 31, 2014

Cold War Spy John Walker Dies in Prison

John A. Walker
John Anthony Walker died last Thursday, August 28, at the age of 77 in a federal prison in North Carolina. He was one of the most damaging Cold War spies.

In 1968, the naval communications specialist walked into the Soviet Embassy in Washington and offered Navy secrets to the Russians in return for cash. It was the start of a 17 years spying career and probably the largest breach of U.S. military communications security in history. After Walker's apprehension in 1985, it became clear that he provided the Soviets for almost two decades with most sensitive information about cryptographic systems and communications security.

KW-7 Teletype Crypto
Thanks to his work as crypto supervisor he was able to pass the secret daily key sheets of machines such as the KW-7 on-line teletype cipher machine and the KL-47, the Navy version of the KL-7 off-line rotor cipher machine, both widely used in all U.S. armed forces. He also provided the Soviets with complete technical drawings and repair manuals of crypto equipment. During a search of his house after his arrest, the FBI discovered a special device, provide by the KGB, to read the internal wiring of KL-7 rotors (to obtain the highest level of security, the rotor wirings were changed on a regular basis). Together with the technical information and daily key sheets, the Soviets had all they needed to read U.S. communications. 

KL-7 Off-line Cipher Machine
The damage that Walker caused was enormous. All those years, Soviet Intelligence was able to intercept and decrypt the high-level U.S. Navy communications. Over the next years, John Walker created a spy ring by recruiting his son Michael, who was a seaman, his brother lieutenant commander Arthur Walker and communications specialist Jerry Whitworth. It was without doubt the biggest Soviet supervised SIGINT coup of the Cold War. His spy game ended in 1985 when his wife (who else, of course) tipped off the FBI. During a stake-out, the FBI observed Walker making a deaddrop to covertly exchange secret documents for cash.

The subsequent damage assessment by U.S. intelligence showed the devastating consequences of Walker's betrayal. The compromised communications channels provided the Soviets with invaluable information about the location of U.S. ships and submarines, running operations and exercises, naval tactics, operational procedures and war plans, the technical capabilities and specifications of various weapons systems, performance of satellite imagery and information about the technology and capabilities of anti-submarine warfare. A true treasure trove for the Red Army. John Walker paid for his treason with life imprisonment.

More information on John A Walker is found at Crime Library's Family of Spies. KGB General Boris Solomatin gave an interesting interview about supervising John Walker. I also wrote about another major SIGINT incident, the capture of USS Pueblo. There's an extensive paper showing how John Walker exploited weaknesses in U.S. naval communications systems, written by U.S. Major Laura Heat.

On my website you can find more detailed information about the famous Cold War TSEC/KL-7 cipher machine, compromised by John Walker, and a realistic software simulation of the KL-7. If you're interested in Cold War spy stories, then you should visit Operation Tinker Bell, a most realistic Cold War spy game where you can use crypto machines and spy techniques to decrypt messages and unveil the story of a KGB defector.