JP 2069
Headline: Defence upgrades its Cryptographic capabilities
Frederick Haddock / Canberra
This non-technical article briefly looks at the history of cryptography through the ages and up to the present explosive growth of communications technology and the battle for cyber security. An overview of JP2069 is included.
Origins of Cryptography.
The origin of cryptography as it is known today is as old as man’s capability to write using an established language. But this capability was predated by earlier cipher methods used by the Egyptians when they left symbolic messages carved in stone on the walls of the tombs of kings.
The advent of spoken and written languages introduced cryptographic processes when messages deemed to be of strategic, economic or political importance had to be sent from one person to another. This involved the use of ciphers and typically was implemented by using an Additive/ Substitution method where a simple rule (an elementary algorithm) required character substitution such as: A =D and C= F and so on. Such a method was reportedly used by Caesar. The method was tedious and not difficult to break.
The Substitution method was superceded by a Transposition method used by the Spartans about 5 B.C. who reportedly developed the Scytale. This device involved using a smooth cylinder on which was wound a narrow spiral “Tape” and the message was written on that material. When unwound the message was not decipherable and required a second identical Scytale and winding the tape on it to decipher the message. This method prevailed and evolved for many centuries.
In 1466 the Italian Leon Battista wrote a paper describing the construction of a cypher disk, thus founding the concept of Poly Alphabetic cyphers. However, Battista did not further develop the concept, leaving that task to others.
Some five hundred years later the French cryptologist Vigenere developed a practical Poly Alphabetic system which bears his name, the Vigenere Square. At that time, and for a considerable period afterwards, this technique was believed to be unbreakable. But there was weakness in this encryption method waiting to be exploited because the cypher text produced by this system was vulnerable to the yet undiscovered Statistical Attack cypher.
Around 1854, Englishman Charles Babbage, developed the use of Statistical Attack analysis and successfully decrypted messages encrypted by the Vigenere Square method. Babbage’s method was re-discovered in 1863 by the Prussian Kasiski who was wrongly awarded the honour of this invention.
At about this time technology had progressed to the use of simple analogue technology machines and mathematics for encoding and decoding of messages. The onset of World War One marked the wide use of cryptology and the techniques made valuable contributions to the Allies’ success. The advent of radio and Morse Code made Cryptotechnology an international tool in the conduct of war.
Many crypto machines were developed during the period between the First and Second World Wars, but all were analogue devices that generally used code wheels to provide random letter substitution. These machines were extensively developed to improve their usability. The German ENIGMA was a major multiple code-wheel machine used in World War 2, whose capability was broken, in the first “chapter”, by French espionage obtaining photographs of the Enigma manuals and in the second ”chapter” the eventual acquisition of one by Poland. The subsequent superb analysis of the device by a Polish mathematician using the Enigma manuals and the construction of six duplicate machines helped prove that encoded messages could be read. The third “chapter” was the gift of the Polish work to the British and its use by the huge British cryptoanalysis team at Blechley Park who regularly read Enigma encoded messages – unknown by the Germans – throughout the war. The German Navy that was headquartered in Germany was so sure of the security provided by Enigma that their naval radio communications were “always on”. This practice allowed the Royal Navy’s shipborne HFDF to accurately locate and destroy German Navy assets, particularly U-boats. The German Lorenz machine was similar to Enigma and was used by the German High Command because of its complex coding capability.
Almost at the end of the conflict US Major Mauborgne established the concept of a code based on truly random keys using two identical pads printed with lines of randomly generated letters. Using a One-Time Letter Pad (OTLP) and the Vigenere technique, each page was used to encrypt and decrypt ONE message and then destroyed. OTLP is still in use today, as it is still the only ‘admitted’ system to provide the ‘holy grail’ of cryptography – perfect secrecy, but tedious.
Post World War 2 developments in Cryptography
WW2 clearly demonstrated that a new element of warfare had emerged – and that was the secure transmission of data using Cryptography. Very clearly secure transmissions in military engagements would be key to future successes. The evolution of cryptography has been described as being achieved in “five generations” that emerged progressively as technology permitted.
First generation systems were developments of the WW2 systems and were electro-mechanical in operation. Second generation systems, using vacuum tubes followed, but generally along the lines of earlier designs . Third and fourth generations followed the development of the transistor, rapidly followed by the Integrated Circuit (fourth Generation) introduced major advances in cryptographic, particularly software generated encoding and decoding as well as contributing to the size, reliability and diversity of machines.
The evolution of the current “fifth generation” methods using 21st Century technology is aimed at solving the rapidly evolving requirements of network-centric systems that are now intrinsic to almost all communications systems. A major issue for such systems is the design and application of cryptographic standards to match evolving digital communications and their usage. Since WW2 the US National Security Agency (NSA) has been the major organisation involved in the evolution and control of standards for cryptology – particularly for military systems – but also for critically important commercial systems. The NSA was responsible for the generation of many specifications including Encryption- Interoperability Specification (HAIPE) for computer networking and Suite B encryption algorithms. Other agencies, such as the National Institute of Standards and Technology (NIST an agent of the US Department of Commerce) have taken on the role of supporting security for commercial and sensitive, but unclassified, applications.
But there is evidence that the NSA’s role may be changing from that of the authority to that of an adviser to the extremely large US communications industry and to allies who design and produce an incredibly diverse range of communications products for military use. In this respect the NSA Information Assurance Directorate is leading the Department of Defense Cryptographic Modernization Program to transform and modernize Information Assurance capabilities for the 21st century. The Program has three phases:
• Replacement- All “at risk” devices to be replaced.
• Modernization- Integrate modular programmable/embedded crypto solutions.
• Transformation- Be compliant with Global Information Grid/NetCentric requirements.
NSA has also helped to develop several major standards for secure communication: the Future Narrow Band Digital Terminal (FNBDT) for voice communications, and High Assurance Internet Protocol Interoperability.
Australia’s Intelligence Agencies (AIC)
The AIC comprises six discrete but closely integrated agencies:
• Australian Intelligence Community comprising:
o Office of National Assessments (ONA)
o Australian Security and Intelligence Organisation (ASIO)
o Australian Secret Intelligence Service (ASIS)
• Defence Intelligence and Security Group comprising:
o Defence Intelligence Organisation (DIO)
o Defence Imagery and Geospatial Organisation (DIGO)
o Defence Signals Directorate (DSD)
A seventh unit has more recently been added, the Australian Transaction Reports and Analysis Centre (AUSTRAC).
DSD
“DSD is primarily responsible for the support of Australian Government agencies with high quality foreign signal intelligence products that are not available on open sources. DSD also directly contributes to the military effectiveness of the ADF and provides information security services to ensure that sensitive electronic information systems are not susceptible to unauthorised access, compromise or disruption.
DSD cooperates with counterpart signals intelligence organisations overseas under the UKUSA relationship for the establishment of a secure information capability in Australia that supports the needs of the Department of Defence (DOD)”.
(Extracts from Inspector-General of Intelligence and Security letter to Nine Network dated 16 March 1999).
The above activities address cryptographic systems, their architecture, associated hardware and interoperability, particularly as the DOD is itself going through a generational change in its communications architecture through the adoption of a Net-Centric System (also known as Network Centric Warfare) within the ADF that is interoperable with its declared Allies, largely through the very wide adoption of satellite-based communications systems.
A quick look at the current DCP provides some detail on seven publicly advised Communications programs, apart from an unknown number of classified programs and programs in being, in all of which DSD is likely to be heavily involved .
A short paragraph about Network Centric Warfare (NCW)
This still developing capability is also variously known as Network Centric Operations and Network Enabled Capability. The terms are effectively synonymous.
Objective : To obtain an information advantage , enabled in part by information technology , and develop a competitive advantage through the operational networking of geographically dispersed forces and the provision of real-time actionable intelligence, i.e integrated team warfare .
Tenets of NCW
• A robustly networked force improves information sharing
• Data sharing and collaboration enhance the quality of information, such as shared situational awareness
• Shared situational awareness facilitates the deployment and operation of the force that is net-centric, against a hostile force
• Properly executed, the above may significantly improve mission success
However NCW is not without its detractors. The loss of a critical resource, such as a communications satellite, severe EM disruption, (broad-band high power battlefield jamming) and confrontation with a hostile force that itself may be deploying an intelligent net-centric capability (Peer-to-Peer conflict) may lead to confusion and loss of NCW effectiveness in the field.
These factors dictate that to be continuously evolving superior communications system, with the highest data security, is also a vital prerequisite.
JP 2069. High Grade Cryptographic Equipment HGCE.
This Joint Project is based on a four-phase program, the first phase of which is complete as it concerned the organisation of the three follow-on phases, with recognition that the second and third phases might be combined.
The program is scheduled to yield a progressive Initial Operational Capability between FY 2012-2013 (Ph 2) and FY 2017-2018 (Ph 4).
The acquisition cost for each phase is published to be < $100m.
It appears likely, although it is not stated, that a single prime Contractor is sought for the three active phases.
The activities in each phase are:
Phase 2. Modernisation of serial and trunk components of HGCE to replace link encryption equipment. This is assessed to be a hardware purchase.
Phase 3 .Introduction of modern Key Management and Security Management Infrastructure and maintaining interoperability with Allies.
Phase 4. Upgrade Key Management and Security Management infrastructure and maintain interoperability with Allies.
Note: The extent to which a selected contractor might be responsible for maintaining interoperability with Allies is obscure.
Term Definitions:
Link Encryption:
Link encryption (sometimes called link level or link layer encryption) is the data security process of encrypting information at the data link level as it is transmitted between two points within a network. Data, which is plain text in the host server, is encrypted when it leaves the host, decrypted at the next link (which may be a host or a relay point), and then re-encrypted before it continues to the next link. Each link may use a different key, or even a different algorithm for data encryption. The process is repeated until the subject data has reached its addressee.
Key Management
Key management is the management of the usage of cryptographic keys in a cryptosystem. Management includes dealing with the generation, exchange, storage, use, and replacement of keys by users. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.
Successful key management is critical to the security of a cryptosystem. In practice it is arguably the most difficult aspect of cryptography because it involves system policy, user training, organizational and departmental interactions, and coordination between all of these elements
Security Management
The establishment of Security Management is a procedure. Security management applied to cryptographic modules, the application and environment in which the modules will be used and the security services that the modules will provide must be uniform and specific to the application and environment. The US National Institute of Standards and Technology (NIST) provides standards defining the methodology of applying Security Management.
Availability of expertise for the Project.
Companies who are acknowledged to be experts in the field of Cryptography are to be found in many countries, but for this project are likely to be found in the USA, UK and NATO countries. A number of companies that are expert are also usually expert in designing and manufacturing radio communications systems, both terrestrial and space-based, and taking responsibility for their installation and commissioning. There is one Australian Company that reports expertise in working for the DSD over a long period of time. Several companies are in the process of building up their Australian cyber security abilities including, but not limited to, Lockheed Martin, Boeing, Raytheon, Thales and last but not least BAE Systems.