Army signals security & "Clansmen" series radios

Owen Lewis ukcrypto at maillist.ox.ac.uk
Wed, 6 Sep 2000 11:50:49 +0100 

----- Original Message -----
From: "David Hansen" <davidh@spidacom.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 05 September 2000 12:37
Subject: Re: Army signals security & "Clansmen" series radios


> On 5 Sep 00, at 10:27, Owen Lewis wrote:
>
> > Your view is one widely if mistakenly held in the UK and also in the
> > US. This is not happenstance but results from biased reporting.
>
> By your own posting my view was correct between the 1960s and the
> 1980s, but is now perhaps 10 years out of date.

Not quite.

Would you suppose that diplomats in an international organisation work
without the benefit of ciphers shared across all the organisation? Would you
suppose that the French armed forces, in what was still into the 80's the
French zone of the FRG and in Berlin (both originally the Zone of French
Occupation), have ever been without codes and ciphers shared between all the
NATO
allies for the purposes of  co-ordination, co-operation and liaison?

In sum, your view (which is a natural corollary to the popular misconception
of France's (non)participation in NATO) is entirely mistaken.

The discussion of this is not without merit.The various national sources
will say little or nothing about their use of modern codes and ciphers yet,
if the structure of the national forces and the requirements of joint
service operations, allied operations and allied liaison are understood,
that a fair amount of the basics can be worked out from first principles.

In a world now seeking increasingly to use ciphers not only within an
organisation but between organisations in shifting patterns and with
differing levels of access to information, a study of the principles that
must apply within more rigid military structures, both international and
national, offers to be rewarding. The diplomats and the military have
generations of experience of the management and use of codes and
ciphers. The lessons learned in the process are valuable and can be
usefully employed in a variety of civil organisations who are latterly
creating secure architectures for not entirely dissimilar purposes.

One of the interesting points to ponder is whether - and if not why not -
the
diplomats and military have not seized upon the invention of public key
ciphers, now 30 years old, as the single, simple and secure solution to
replace other more complex and expensive cipher systems.

It could be interesting to compile, co-operatively, a list here of all the
various reasons why this might not have happened.

As a first contribution to this 'stone soup', I offer:

    1. That the use of any system for information security where the
strength of the security is predicated to the certain  recognition of
parties unknown to and remote from each other is prone to spoofing. Where
the means of identification are organised at the personal level, the risk
from spoofing must rise.

Owen