For those with an interest in cryptography, and secure communication generally, a series of recently declassified lectures from the American National Security Agency are well worth reading. The moderately-to-heavily redacted documents from 1973 cover a number of engaging subjects. The first volume covers the importance and practicalities of secure communications, codes, one time pads, encryption systems for voice communication, various bits of specific American communication equipment, TEMPEST attacks (described as “the most serious technical security problem [the NSA] currently face[s] in the COMSEC world”), and more. The second volume includes lecture on operational security, issues around the number of sending and receiving stations, public (commercial) cryptography, the destruction of cryptographic equipment in emergency situations, and more. There are also some interesting tidbits on tropospheric and ionospheric scatter transmission systems, which bounce signals off of the upper atmosphere which are theoretically highly directional.
Originally classified Secret and ‘No Foreign,’ the lectures are well written, engaging, and illuminating. Some of it is overly technical and specific, but there is also some broadly applicable general information about cryptographic theory and practice, as well as the role of communications security organizations within governments and militaries.
Unfortunately, the PDF consists of non-searchable, and sometimes badly copied text. Still, the difficulties of reading it are minor. There are also some long gaps where entire sections have been redacted.
The area around PDF p.93 also has some interesting information on counterespionage and embassies.
It also features from rather transparent redactions.
PDF p.133 talks a bit about public key cryptography, such as that based on the asymmetric difficulty of multiplying versus factoring. It is presented as an “interesting mathematical puzzle” with practical problems and “no great incentives for its solution.” It also notes that public key cryptosystems may be vulnerable to man-in-the-middle attacks, as indeed they are.
The section on emergency destruction of crypto-equipment (PDF p.147) is very dramatic.
Apparently, in addition to pyrotechnic systems (thermite slabs and grenades, sodium nitrate barrels), ‘disintegrators’ were used to physically grind up cryptographic equipment. Imagine throwing an entire electromechanical cryptography device into a giant grinder for rapid reduction into meaningless pieces! Of course, the machines that did the destroying relied upon electrical power, which could plausibly be cut off in circumstances in which sensitive equipment might be captured, such as the storming of embassies.
The secton on Murphy’s Law (PDF p.155) is also amusing and informative.
There are documents sucked into air ducts, chads punched from cryptographic tapes given away for use as confetti, a tug-of-war incident with a mysterious wire, and even a message hidden in the document itself about how some mounds of imperfectly destroyed documents were dealt with.
April 7, 2009
Crypto Puzzle and NSA Problem
The NSA had an incinerator in their old Arlington Hall facility that was designed to reduce top secret crypto materials and such to ash. Someone discovered that it wasn’t in fact working. Contract disposal trucks had been disposing of this not-quite-sanitized rubish, and officers tracked down a huge pile in a field in Ft. Meyer.
How did they dispose of it? The answer is encrypted in the story’s text!
The story sounds like it’s from the early 1960s. The Arlington Hall incinerator contained a grating that was to keep the documents in the flames until reduced to ash. The grate failed, and “there was no telling how long the condition had persisted before discovery.”
History of NSA Computers
By Bruce Schneier
A recently declassified history through 1964.
Newly Released Papers from NSA Journals
Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field.