Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA's History of Communications Security — For Your Eyes, Too

Posted by timothy on from the as-long-as-it-passes-through-ft-meade dept.

Phil Sp. writes "Government Attic, those fine investigative pack rats, have outdone themselves this time. Just posted: a declassified NSA document entitled A History of Communications Security, Volumes I and II: The David G. Boak Lectures [PDF] from 1973 and 1981. This is an absolutely fascinating look into how the NSA viewed (views?) communications security and touches on all sorts of topics, including public key crypto, economics, DES, tamper-resistance, etc. It was seemingly from a collection of lectures to new employees. The first 85 pages are heavily redacted but the remaining 80 or so are largely intact. It even concludes with a cryptogram puzzle for the reader!"

52 comments

  1. What I heard a while back by Anonymous Coward · · Score: 4, Funny

    The NSA uses ---------- to monitor ------------- by ----------- and ------------ through a network of ------------. It was really pretty interesting.

    1. Re:What I heard a while back by mbstone · · Score: 1

      Lawbreakers, citizens, hook, by crook, stupid and/or corrupt Congresscritters.

  2. The solution: by Tubal-Cain · · Score: 4, Funny

    It even concludes with a cryptogram puzzle for the reader

    The answer?
    FRANK SHOEMAKER WOULD CALL THIS NOISE.

    1. Re:The solution: by Darth_brooks · · Score: 4, Funny

      Wrong answer, Hans. Care to try for double jeopardy?

      It reads: ALWAYS DRINK YOUR OVALTINE

      Duh.

      --
      There are some people that if they don't know, you can't tell 'em.
    2. Re:The solution: by Anonymous Coward · · Score: 0

      Amateurs... The answer is always...
      TOO MANY SECRETS ...or 42 in short (of course!)

      RERMY RISTCSHAM

    3. Re:The solution: by Anonymous Coward · · Score: 0

      Don't forget to drink your Ovaltine :P

  3. USA's history of communication secrecy/deception? by Anonymous Coward · · Score: 0

    that's our worst problem now, other than the 'weather'. better days ahead.

  4. Their "FLOP" section was blanked out. :( by gurps_npc · · Score: 5, Insightful

    I was so hoping that they turned honest and revealed some errors. Never trust someone that refuses to admit they were wrong. If you can't recognize when you are wrong, you don't know when you are right.

    --
    excitingthingstodo.blogspot.com
  5. Re:Their "FLOP" section was blanked out. :( by Anonymous Coward · · Score: 2, Interesting

    The fact that the section exists kinda already shows they recognize their mistake(s). The fact that its blanked out only means they don't want certain people to know the specifics.

  6. Redacted, huh? by CyberLord+Seven · · Score: 2, Insightful

    Hmmmm. I will have to see if they screwed the pooch and made a mistake that has been so common lately with .PDF redactions.

    --
    We have always been at war with Eurasia!
    1. Re:Redacted, huh? by Anonymous Coward · · Score: 2, Informative

      No way! This is the NSA. Looks like they took scissors to it before photocopying.

      There is one little bit on page 12 where it looks like the bottom row of "pixels" of maybe one word can be seen. I wonder if David Naccache and Claire Whelan could figure out the word.

    2. Re:Redacted, huh? by Kadin2048 · · Score: 2, Informative

      They did not screw up this time around, at least as far as I can tell.

      It looks like the page was scanned, and then areas were redacted by pasting white over them. They look too neat to have been done with scissors and paper, but that's the general look of them: white polygons pasted over various areas on the page. The edges aren't quite square so it's like someone clicked with a mouse to define the vertices, rather than selecting lines. (I.e., they were doing it after rasterization and not before, most likely.)

      Then at some point after this, the document was OCRed. Hence, no redacted material in the text layer of the PDF.

      You can make out, at least in a few cases, the gist of what was blanked out from context. One of the first big redactions obviously describes the sigint capabilities of the Soviets at the time. Interesting to imagine why they're still concerned about that; someone must think that by knowing what we knew about them at a particular time, you could infer something that would be advantageous...

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    3. Re:Redacted, huh? by Anonymous Coward · · Score: 0

      You're all damn terrorists!! :)

    4. Re:Redacted, huh? by TempeTerra · · Score: 1

      One of the first big redactions obviously describes the sigint capabilities of the Soviets at the time. Interesting to imagine why they're still concerned about that; someone must think that by knowing what we knew about them at a particular time, you could infer something that would be advantageous...

      Or someone thinks that someone knowing what we knew at a particular time might let them infer something... or someone A thinks that making someone B think that A thinks that B could infer something about what A knew about B at a particular time will in fact make B infer something else...

      NSA is the home of dizzying intellects.

      --
      .evom ton seod gis eht
    5. Re:Redacted, huh? by ion.simon.c · · Score: 1

      Maybe they could infer the placement of moles and spies in certain research facilities? :)

  7. Dan Brown by Arancaytar · · Score: 3, Funny

    It even concludes with a cryptogram puzzle for the reader!"

    Are you sure you didn't pick up Digital Fortress by mistake? :P

  8. Why was it classified by Techmeology · · Score: 4, Interesting

    Why was it classified? Given that all good security must be based on rigorous unbreakability, not secrecy, the analytical powers of many eyes would have been useful. Also, I'm opposed to governmental secrecy.

    --
    Excuse for why is your room always messy?
    1. Re:Why was it classified by FishWithAHammer · · Score: 3, Interesting

      Security through obscurity isn't security, but security plus obscurity is better security so long as the obscurity holds.

      --
      "You can either have software quality or you can have pointer arithmetic, but you cannot have both at the same time."
    2. Re:Why was it classified by QuantumRiff · · Score: 4, Insightful

      You are correct, however, sometimes you don't want to know about bad algorithms.. or more accurately, you don't want your enemies to know that you've cracked their codes.

      Sometimes, things are just politically sensitive.. ie, We cracked the code, realized that country X placed a spy into country Y, we notified country Y, and the spy for country X had a tragic accident...

      --

      What are we going to do tonight Brain?
    3. Re:Why was it classified by freddy_dreddy · · Score: 1

      security without obscurity implies that you're willing to sacrifice temporary loss of security whenever a backdoor or exploit is discovered. The security we (as a geek community) are dealing with is not the same as government security. The first generally deals with security of infrastructure that houses the information, the second deals with the security of information.

      Whenever an infrastructure security is compromised, we can restore the information from backups after the security hole has been fixed. Whenever information security is compromised it pretty much looses its reason to exist.

      --
      "Violence is the last refuge of the competent, and, generally, the first refuge of the incompetent" - Thing_1
    4. Re:Why was it classified by c4str4t0 · · Score: 1

      In the interest of a good argument, I will assert that all that have replied to this post are not entirely correct. The idea of "rigorous unbreakability" is correct. This is what gives a cryptographic algorithm strength (or reliability). No one should trust the security of a crypto algorithm without its creators first explaining the details of how it works. If it is truly a strong algorithm, then it won't matter that the masses understand the process in its entirety (AES, for instance). Further, security through obscurity is nonsense, unless I'm an immature script kiddie that only looks for ports on which a known service is running (i.e. ssh=TCP22). For realistic security implementations, one should always assume protection against the most aggressive techniques of penetration. Hence, that is why obscuring ports is worthless. Finally, the priorities of an attacker once they have gained access will more than likely not be data destruction. The point of the attack will likely be to remain undetected so they can gather as much information from a victim's infrastructure or data as possible. If I'm a bad guy, the last thing that I want you to know is that I've gained access to your system. Then you'll only patch the hole I used and make it more difficult for me to get back in.

    5. Re:Why was it classified by DerekLyons · · Score: 4, Insightful

      Given that all good security must be based on rigorous unbreakability, not secrecy

      That's commonly held belief of security amateurs. In reality, obscurity is a valuable tool in the arsenal of the security professional - because an attacker cannot be prepared to address a measure that he does know the existence of beforehand. For example - a visible set of VCR's in a place equipped with visible cameras... but they are dummies with the real ones (or a backup set) behind a nondescript door.
       
       

      the analytical powers of many eyes would have been useful

      The analytical power of many experienced and knowledgeable eyes - sure. But those eyes have clearances and access to the document. Just because the general public doesn't see it, doesn't mean that a lot of qualified people haven't.

    6. Re:Why was it classified by IonOtter · · Score: 1

      Security classifications are "all-inclusive" and "absorbent", in that if you have a document that has so much as a single "classified" word in it, then the entire document gains the classifcation level of that single word. This applies even if the material in question wouldn't be classified, but the footnotes reference a classified source.

      This policy applies to physical media as well. If a camera, floppy, USB stick, CD or other recording media is plugged or inserted into a classified computer, then that item becomes classified at the same level as the computer. Sometimes, even bringing the item into a physical space, such as a meeting room or NOC, can convey that classification. (Try walking into a SCIF with a thumbdrive and see what happens if they catch you with it.)

      This rule is absolute across the government, and is applied universally across the board. However, enforcement may or may not be lax depending upon the situation, and it may also be up to the discretion of the commanding officer to allow certain waivers.

      --
      [End Of Line]
    7. Re:Why was it classified by darkmeridian · · Score: 3, Interesting

      In the real world, knowing what people know is very important. Releasing what you know and what you know others to know would be a disastrous turn for a national security agency (NSA). Whether the bad guys fell for your double agent's lies, for instance, is a crucial fact. If the NSA has compromised a whole bunch of communications systems, we don't want the people using the systems to know that they're compromised!

      --
      A NYC lawyer blogs. http://www.chuangblog.com/
    8. Re:Why was it classified by Anonymous Coward · · Score: 1

      also, you know...other countries could use this to keep their secrets from the US...

    9. Re:Why was it classified by bhiestand · · Score: 1

      You missed the most important part of his post:

      Also, I'm opposed to governmental secrecy.

      That right there sums up what you need to know. The GP is an ideologue who opposes government secrecy. Because of this, he will ignore evidence that contradicts his pre-established conclusion. Let's both just be glad this man will never have the power to harm any of our valuable intelligence organizations.

      --
      SWM seeks new sig for a brief fling
    10. Re:Why was it classified by DerekLyons · · Score: 1

      Oh, I realized that. I just couldn't resist the chance to set the record straight.

    11. Re:Why was it classified by GWBasic · · Score: 1

      Given that all good security must be based on rigorous unbreakability, not secrecy

      Rigorous unbreakability implies secrecy; either or both the algorithm and the keys must be kept secret.

      --
      No, I will not work for your startup
    12. Re:Why was it classified by bhiestand · · Score: 1

      Fair enough. I'm glad the mods took notice.

      --
      SWM seeks new sig for a brief fling
  9. Nice addition by Anonymous Coward · · Score: 1, Interesting

    Nice addition to "Cryptology During the Cold War, 1945-1989"
    http://news.slashdot.org/article.pl?sid=08/11/14/1629239

  10. Re:Their "FLOP" section was blanked out. :( by Anonymous Coward · · Score: 0

    Just get rid of them entirely: Metagovernment

  11. Noone Read TFA by pacificleo · · Score: 0

    20+ comment with in 10 min of publication when TFA have 158 pages of gibberish . are you guys cyborg or people on /. have stopped Reading TFA .

    --
    somethings are best left unsaid , I am one of those things
    1. Re:Noone Read TFA by SpaceLifeForm · · Score: 2, Insightful

      Yes.

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
    2. Re:Noone Read TFA by AceofSpades19 · · Score: 1

      Are you new here?

  12. A good read. by Animats · · Score: 1

    That's a good read. Thanks.

  13. Quick posts ruin stories like these by wintermute1974 · · Score: 1

    Slashdot should have a delay of a few hours on stories like this, to allow people to RTFB before posting.
    (I promise not to post again until I've followed my own advice.)

  14. Irony by this+great+guy · · Score: 2, Informative

    The PDF file seems interesting at first but many pages are [CENSORED] and even [CENSORED] which leads me to doubt of the usefulness of [CENSORED] notwhistanding [CENSORED]. Does anyone [CENSORED]. Or [CENSORED] ?

    1. Re:Irony by quanticle · · Score: 1

      Indeed, that seems to be the case at first, but, in this case, first impressions are misleading. After page 80 or so (about half way) the number of redactions drops precipitously. Indeed, one of the most interesting sections (the one on Tempest) is notable for its lack of redaction. There's some fascinating stuff there about how the NSA discovered that EM leakage was an issue, and what they tried at first to contain such noise.

      --
      We all know what to do, but we don't know how to get re-elected once we have done it
  15. Page 106 by egcagrac0 · · Score: 1

    Glad to see I'm not the only one who does that when reading "This page is intentionally blank".

  16. Tagged "hotlink" by mr_stinky_britches · · Score: 1

    Tagged "hotlink".

    --
    Censorship is obscene. Patriotism is bigotry. Faith is a vice. Slashdot 2.0 sucks.
  17. So this is way below their lower limit by Vadim+Makarov · · Score: 2, Insightful

    Interesting reading. Probably beyond average slashdotter's patience, hence so few comments to the story. I've found the history of TEMPEST being the most fascinating... discovered, forgotten, rediscovered, never fully eliminated but considered adequately handled given the threat level assessment. It left me wondering what the status of TEMPEST is with current electronic computing devices?

    According to the book itself (see p. 128 bottom), this disclosure should not even come close to define the lower bound of NSA's today's capabilities. Umm, impressive then.

    --
    17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
    1. Re:So this is way below their lower limit by quanticle · · Score: 1

      Given that modern switches (transistors), operate at much smaller voltages than the old electromechanical relays and vacuum tubes of yore, I'd argue that Tempest related issues are becoming less of an issue as time goes on, rather than more.

      Indeed, with the number of transistors in modern electronics, there's probably a sort of "natural jamming" going on, where the sheer volume of radiated transmissions is sufficient to overwhelm any listener. Of course, signal processing equipment has also become more sophisticated in the meantime, so I might not be 100% on target in that assessment.

      --
      We all know what to do, but we don't know how to get re-elected once we have done it
  18. Frustrating item at the end by rfc1394 · · Score: 1

    The last thing the book talks about is how a man discovered a lot of partially processed secret materials and he had to find a way to get rid of all of it, a considerable pile, and discovered a useful way. Which it doesn't tell us, other than to say the explanation is hidden in the message, using an innocent intervention, or something like that.

    So, given that it has something to do with purloined letter methods, my guess is they took the lot of paper down to a processing center, where the paper absolutely has to be clean, and they ground up and processed it to make newsprint, where the formerly classified material has been so destroyed that it could be used to print the next day's newspapers. Would be sort of ironic that way, and would fit with his emphasis on 'innocent' information systems.

    --
    The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
    1. Re:Frustrating item at the end by Anonymous Coward · · Score: 0

      My reading makes me believe that the paper bits were mixed with ashes so it's useless for making new paper. But your hypothesis is interesting :-)

  19. PARKHILL by nsaspook · · Score: 2, Informative

    The info about PARKHILL is very interesting. That system was installed as a replacement for KG-13 and used for a very short time at our station. We had it for about a year before it was removed and replaced by something else. As noted on page 153 that system was not totally secure. The BLACK audio sounded like Donald Duck talking backward on acid. I suspect that someone found a way to break the code in near realtime. This was about 1982. No idea if it was fixed and rereleased for use.

    --
    In GOD we trust, all others we monitor.
  20. page 156 & murphy's law incidents by erbbysam · · Score: 1

    On page 155-156 there are a series of stories on possible accidental data leaks that could have occurred.
    My personal favorite is the one where two NSA sweep people get into a tug-of-war over a wire in a wall between floors :)

  21. Breaking the rules. Sea story by nsaspook · · Score: 2, Interesting

    AP/UPI/TAS transmitted the news via HF rtty links long ago. To receive up to date news for the crew the Radiomen on the ship would connect a TTY normally used for classifed traffic to a RTTY demodulator. The problem was that per "RED/BLACK" (page 90 on the NSA doc), the TTY was RED and the RTTY demod was BLACK. It was totally forbidden to interconnect the systems and patch panels had to be so many feet apart and in separate rooms. Only a NSA approved crypto device could be used in the middle.

        So every shop would make a 20foot long patch cable for the connection. Our approved patch cords were only about 2 feet. Every NSA audit they had to hid this cable or be hit for a major violation. Everbody knew it was happening but looked the other way because the CO of the ship wanted his news.

    http://www.virhistory.com/navy/rtty-demod.htm

    --
    In GOD we trust, all others we monitor.
  22. Do you mean "exceptionnal" ? by Anonymous Coward · · Score: 0

    It's an understatement. It's a really frank, useful and even illuminating document. It changed my perception of what NSA is and does, at least in the COMSEC branch. However, SIGNINT is completely ignored and you won't see a mention of ECHELON for example. It covers the period from 1940 to 1980 and deals mostly with antique machines...

    Anyway, it's a refreshing read, the insider view is very discerning and casts a light into the *practical* implications of sending 100.000 cryptomachines in the field...

    Also, it's a good antidote if you're bored by Schneier et al.
    For example, public key cryptogray is explained to be not practically useful (as of 1980), operational constraints dictate other solutions.

    I learnt many, many things and I wish that someone posts the solution to the puzzle :-) [i'm too tired now]

  23. Unsolvable puzzle ? by Anonymous Coward · · Score: 0

    Hello,

    This is really an excellent reading, well worth the time !

    The more I think about it and the more I believe that the "innocent text" has something to do with the letters at the beginning of each paragraph, inside "()"

    This seems to explain why they are marked with a pen. The previous owner tried to solve the puzzle with his copy of the book. I was curious at first, and thought that the letters were the initials of the author of the paragraph (as if several people contributed) but it would be weird...

    The problem : Many paragraphs have been edited out and with them, the "(letter)" have been lost.
    If my hypothesis is correct then there is no way to know for sure :-(

    OTOH if someone finds the answer to this 25 years old puzzle, don't hesitate to publish your findings :-)

    yg@ygdes

    1. Re:Unsolvable puzzle ? by Anonymous Coward · · Score: 0

      (U) = unclassified
      (C) = classified
      (S) = secret

      The first letter is the original classification of the paragraph.

      http://en.wikipedia.org/wiki/Classified_information

  24. I found some of the redacted text by Tracy+Reed · · Score: 3, Interesting

    So here I am reading the document linked in this story when I get to page 85 about tempest. I encounter the phrases "He sauntered past a kind of carport jutting out..." and "a carefully concealed dipole antenna, horizontally polarized." And I thought...I've heard these exact words somewhere else before. Where would I have encountered this exact wording from a document which has been declassified just in the past few days? I dumped the phrase into google and sure enough:

    http://www.nsa.gov/public/pdf/tempest.pdf

    Here it is in this document about tempest which was declassified 9-27-2007. It contains a lot more about the story in Japan and tempest etc.

    And I notice that this document contains what is certainly the redacted paragraph in the other document between the paragraph about the discovery of the antenna and the one that begins "Why, way back in 1954, when the Soviets published a rather comprehensive set of standards..."

    This paragraph is about how 40 microphones were found in the US embassy in Moscow and talks about a "large metal grid buried in the cement of the ceiling over the Department of State communications area" and that it had a wire leading off somewhere. Apparently such things were being found as far back as 1953 and the US did not know what their purpose was.

    The next paragraph puts the above into context when it says that in 1954 "the Soviets published a rather comprehensive set of standards for the suppression of radio frequency interference". So the previous paragraph reveals some details about what kinds of devices were found but the second paragraph goes on to imply that the Soviets may have been listening in on our unencrypted electronic communications for at least 10 years before the US figured out that it was possible to do so and took action.

    It's funny how something which would seem so obvious to us now in hindsight baffled the NSA for at least 10 years. It is also funny that it is possible to reconstruct redacted materials from declassified documents using Google due to the use of cut and paste from a document written back in 1973.