Army signals security & "Clansmen" series radios

[Owen Lewis]

----- Original Message -----
From: "Dave Howe" <DHowe@Hawkswing.demon.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 08 September 2000 00:52
Subject: Re: Army signals security & "Clansmen" series radios


> > All you need to know is that the party is indeed
> > authorised to provide you the requisite parameters. For the question of
> > trust is dealt with at some other level.
> That is basically the same thing. you have to evaluate the reliance you
> place in the above party to correctly supply you with the parameters; if
you
> evaluate that trust by saying "this person has been assigned to do this by
> my superior, and therefore is the correct person to do this" then you have
> still defined your trust relationship with this person, and hence to the
key
> material he supplies.

There is no process of evaluation, beyond a usually subliminal appreciation
as to
whether a command may appear unlawful (as very distinct from trustworthy). A
second possible contingency is
where conflicting lawful commands are received. Such conflicts are resolved
by the principle of observing the first order received unless and until it
is
rescinded by the person who issued it. The General's car arrives outside the
compound of his HQ. The guard asks to see the General's ID card. The General
(who has left it on his dressing table) tells the guard sharply not to waste
his time and open the b..... barrier. The barrier remains shut. The General
has only two options. 1. Go and get his ID card. Order the guard to summon
the Duty Officer, and *ask* him (because it cannot be a lawful order) to
have the guard let him into the compound without having his ID checked. If
the Duty Officer does not know the General well he should refuse the
request.

A simple example, but the principle translates exactly to the transfer of
information. There should be no process of evaluation, only a compliance
with instructions. This is actually one benefit arising from a mind set
sometimes described as 'khaki-brained'.
>
> > Not so. Orders - direction - if you prefer must always be communicated
> down
> > the hiearchical tree but the majority of communications - including
secure
> > communication is of a coordinating nature and is lateral or 'all
informed'
> > in movement rather than vertical within the organisation. In fact the
> > distinction in patterns and volumes of movement between 'command' and
> > control/coordinating communications is an important one.
> I can accept that, yes - but surely permission to join or leave such a
> secure comms group is itself assigned via the hiearchical tree?

Normally, such permission would never be given, since the authority to do so
is subsumed within the task requiring it, or more
likely within the role of the ungroup concerned. And the means to do so will
either
be already possessed or issued automatically on receipt of the tasking
order. Unless that is so and where permission is applied for, the response,
even if affirmative, is likely to take too long for such application to be
effective. One of the easiest paths to the ruin of a secure system is to
permit ad hoc variation to it.

> I was just
> asserting that the PGP-style mechanism could support, as a subset,
> hiearchical assignment of trust.

That is certainly true - and offers a reasonable security model. My concern
with WoT is its application to 'strong security for the masses'.

If I seem enamoured of hierarchical management of security, it is because I
have had many years to consider and appreciate the benefits of such systems.
In respect of cryptography, properly done, they offer easily evaluated
mechanisms which can shut out or at least greatly diminish the consequences
of all the system weaknesses except for any weaknesses in algorithms
themselves.
This is valuable because, as history shows, attempts to break well tested
algorithms are much less productive than the exploitation of holes in their
implementation. I do not claim that any non-hierarchical system must, de
facto, be weak.  Rather it is that I think it must be much harder to secure
a
non-hierarchical system and that, personally, I have not yet seen one as
good as the better hierarchical systems.

> [snip group interdependency stuff] But you knew that really, didn't you?
> no, I am sure it comes as no surprise to you that I didn't - but it makes
> sense.

I'm pleased you found it so. Unlike for quantum mechanics, most of us have
an instinctive grasp of the principles of human behaviour.which, doubtless
is
why first degree psychology is a soft option whilst maths and physics are
not.

> however, I am curious to know how far this extends up the tree, before a
> stricter chain-of-command based model (where my original semi-throwaway
> opinion was pointing) takes over.

Actually both live side by side all the way up. Nevertheless, the group
ethic does become harder to make effective the more senior the level. Much
or this has to do with ego. It is unusual (except in peacetime) for Generals
to be other than egoists. Indeed, egoism may well be one necessary mechanism
with which they can discharge successfully the awesome responsibilities
placed upon them .

In the developed nations, all officers are trained in the mechanics of group
interdependency and officer training is designed to assure that none can
become an officer without first amply demonstrating that the lessons have
been absorbed, that they can be used effectively. After commissioning, the
change slowly sets it over the years of promotion and with increases in the
sphere of responsiblity. For a study of the difficulties in
re-inculcating the subordination of ego to group interest, read almost any
account of Eisenhower's wartime problems as Allied Supreme Commander, '43 -
'45,  in effectively harnessing together his subordinate allied generals.
For
a study of what can be achieved by an able egoist, look at the exploits of
Von Manstein's relatively small armoured formations in the great tank
battles and envelopments in Russia up to '43. Or Rommel's conduct (then only
a two star General) at the crossing of the Meuse in '40. However, one may
need to be an soldier to truly appreciate the enormity of the latters'
successes against silly odds. Egoism may be an essential ingredient in great
leadership - though AFAIK, none of the books on leadership ever say so. An
interesting aside to this is how it can skew casualty statistics. For
example, if one visits both the German and the French war cemeteries from
the Battle of Sedan in '40 (another battle the Germans won against silly
odds). The German graves are mainly filled with junior leaders, Corporal to
Lieutenant. In the French graves, there are mainly private soldiers. A sad
measure of leadership that, again, the books manage to omit.

But we digress.

Owen