Army signals security & "Clansmen" series radios
Owen Lewis
ukcrypto at maillist.ox.ac.uk
Thu, 7 Sep 2000 16:28:06 +0100
----- Original Message -----
From: "Dave Bird" <dave@xemu.demon.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 06 September 2000 18:57
Subject: Re: Army signals security & "Clansmen" series radios
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In article <200009061339.OAA17295@clw.cs.man.ac.uk>, Charles Lindsey
> <chl@clw.cs.man.ac.uk> writes
> > On Wed, 6 Sep 2000 11:50:49 +0100
> > "Owen Lewis" <oml@eloka.demon.co.uk> said...
> >
> >> One of the interesting points to ponder is whether - and if not why
> >> not - the diplomats and military have not seized upon the invention of
> >> public key ciphers, now 30 years old, as the single, simple and secure
> >> solution to replace other more complex and expensive cipher systems.
> >
> >I think the reason may be that public key systems are good for
> >one-to-one and one-to-few communications (and I would be surprised
> >if the military did not use them for that). But they are not a good
> >solution to communications that have to be broadcast to many recipients
> >(to all Her Majesty's ships, for example).
>
> That is almost a despair situation for security: there are so many
> message terminals that someone is bound to get careless through
> sheer numbers.
>
> Where the medium allows it, it is best to send individual variant
> messages to each local key.
Not even the US has that many ships. Also, there are very few occasions
indeed where, operationally, a message should
be sent to all ships. Rather messages will be sent to groups of ships
assigned to a specific duty. Then again, does one want such messages for be
received by all ships or just by the command vessel (and deputy) for the
group? Any such message is likely to be in the form of a general order.
Before it is of any use to unit (ship) commanders, it must considered on the
command ship and interpreted as a more detailed set of local orders to be
passed to the ships affected by it. Which ships these will be and the extent
to which and the manner in which they will act will be ordered by the
group's commander. Quite similarly, when the local order is disseminated to
the ships, the order is not passed to every member of the crew but is again
interpeted into perhaps as many as three or even more sets of orders, each
more limited in range but detailed in function.
In the case of a ship one might reason that there is no need to encipher the
flow of information below the ship's command level (Captain). This may not
be the case in a land force unit of equivalent size where small fighting
sub-units and elements of their logistical support will be dispersed over
many square kilometers.
On what basis would you propose that the variant messages be organised? It's
not feasible that they be tied to a person but ought rather to be tied to an
appointment. If tied to an appointment and the information is to be acted on
promptly at any time of the day and in face of battle casualties, a
*minimum* of three persons must be able to read it. Tied to an appointment,
in practical terms that means that once the system has been has been running
for while, in theory there will be many people running about who could read
it if the secret key is accessed by an unchanging pass phrase. But did you
have another method in mind?
>
>
> If they lose control of a receiving key then someone can receive as
> that node until you find out and kick them off, possibly because you
> marked the message with variant information --- where the content is
> unusable unless one can show an intact digital sig, it is a bit of a
> give-away that the signed text includes recipient name.
>
> Likewise a transmitting key, when they fail to give their confirmation
> phrase or something.
>
>
> The one thing you can't safeguard well is plaintext, since it relies
> on the INTERSECTION of their individual securities: for the time
> during which at least one node is compromised, plaintext leaks out.
>
> In short, confidence in the security of a broadcasted (narrowcasted?)
> message goes down rapidly as the number of recipients increases.
You are right, to the extent only that two persons can keep a secret if one
of them is dead :-) In the case of communications to globally deployed
nuclear strike forces, do you think your stricture will apply, universally
or only if PK cryptography is implemented?
It's almost axiomatic that a crypto managment should be organised so that
any single breach, nor series of individual breaches, can widely compromise
trafffic across the organisation. There are methods of achieving this,
including refinement of PK crypto management as discussed here. The question
remains whether the or not there is a balance of advantage in the use of PK
systems in the given framework.
Owen