NSA's History of Communications Security — For Your Eyes, Too

Phil Sp. writes "Government Attic, those fine investigative pack rats, have outdone themselves this time. Just posted: a declassified NSA document entitled A History of Communications Security, Volumes I and II: The David G. Boak Lectures [PDF] from 1973 and 1981. This is an absolutely fascinating look into how the NSA viewed (views?) communications security and touches on all sorts of topics, including public key crypto, economics, DES, tamper-resistance, etc. It was seemingly from a collection of lectures to new employees. The first 85 pages are heavily redacted but the remaining 80 or so are largely intact. It even concludes with a cryptogram puzzle for the reader!"

What I heard a while back

[Anonymous Coward]

The NSA uses ---------- to monitor ------------- by ----------- and ------------ through a network of ------------. It was really pretty interesting.

Re:

[mbstone]

Lawbreakers, citizens, hook, by crook, stupid and/or corrupt Congresscritters.

The solution:

[Tubal-Cain]

It even concludes with a cryptogram puzzle for the reader

The answer?
FRANK SHOEMAKER WOULD CALL THIS NOISE.

Re:The solution:

[Darth_brooks]

Wrong answer, Hans. Care to try for double jeopardy?

It reads: ALWAYS DRINK YOUR OVALTINE

Duh.

Their "FLOP" section was blanked out. :(

[gurps_npc]

I was so hoping that they turned honest and revealed some errors. Never trust someone that refuses to admit they were wrong. If you can't recognize when you are wrong, you don't know when you are right.

Re:

[Anonymous Coward]

The fact that the section exists kinda already shows they recognize their mistake(s). The fact that its blanked out only means they don't want certain people to know the specifics.

Redacted, huh?

[CyberLord Seven]

Hmmmm. I will have to see if they screwed the pooch and made a mistake that has been so common lately with .PDF redactions.

Re:

[Anonymous Coward]

No way! This is the NSA. Looks like they took scissors to it before photocopying.

There is one little bit on page 12 where it looks like the bottom row of "pixels" of maybe one word can be seen. I wonder if David Naccache and Claire Whelan [nytimes.com] could figure out the word.

Re:

[Kadin2048]

They did not screw up this time around, at least as far as I can tell.

It looks like the page was scanned, and then areas were redacted by pasting white over them. They look too neat to have been done with scissors and paper, but that's the general look of them: white polygons pasted over various areas on the page. The edges aren't quite square so it's like someone clicked with a mouse to define the vertices, rather than selecting lines. (I.e., they were doing it after rasterization and not before, most

Re:

[TempeTerra]

One of the first big redactions obviously describes the sigint capabilities of the Soviets at the time. Interesting to imagine why they're still concerned about that; someone must think that by knowing what we knew about them at a particular time, you could infer something that would be advantageous...

Or someone thinks that someone knowing what we knew at a particular time might let them infer something... or someone A thinks that making someone B think that A thinks that B could infer something about what

Re:

[ion.simon.c]

Maybe they could infer the placement of moles and spies in certain research facilities? :)

Dan Brown

[Arancaytar]

It even concludes with a cryptogram puzzle for the reader!"

Are you sure you didn't pick up Digital Fortress by mistake? :P

Why was it classified

[Techmeology]

Why was it classified? Given that all good security must be based on rigorous unbreakability, not secrecy, the analytical powers of many eyes would have been useful. Also, I'm opposed to governmental secrecy.

Re:Why was it classified

[FishWithAHammer]

Security through obscurity isn't security, but security plus obscurity is better security so long as the obscurity holds.

Re:Why was it classified

[QuantumRiff]

You are correct, however, sometimes you don't want to know about bad algorithms.. or more accurately, you don't want your enemies to know that you've cracked their codes.

Sometimes, things are just politically sensitive.. ie, We cracked the code, realized that country X placed a spy into country Y, we notified country Y, and the spy for country X had a tragic accident...

Re:

[freddy_dreddy]

security without obscurity implies that you're willing to sacrifice temporary loss of security whenever a backdoor or exploit is discovered. The security we (as a geek community) are dealing with is not the same as government security. The first generally deals with security of infrastructure that houses the information, the second deals with the security of information.

Whenever an infrastructure security is compromised, we can restore the information from backups after the security hole has been fixed. Wh

Re:

[c4str4t0]

In the interest of a good argument, I will assert that all that have replied to this post are not entirely correct. The idea of "rigorous unbreakability" is correct. This is what gives a cryptographic algorithm strength (or reliability). No one should trust the security of a crypto algorithm without its creators first explaining the details of how it works. If it is truly a strong algorithm, then it won't matter that the masses understand the process in its entirety (AES, for instance). Further, securi

Re:Why was it classified

[DerekLyons]

Given that all good security must be based on rigorous unbreakability, not secrecy

That's commonly held belief of security amateurs. In reality, obscurity is a valuable tool in the arsenal of the security professional - because an attacker cannot be prepared to address a measure that he does know the existence of beforehand. For example - a visible set of VCR's in a place equipped with visible cameras... but they are dummies with the real ones (or a backup set) behind a nondescript door.
 
 

the analytical powers of many eyes would have been useful

The analytical power of many experienced and knowledgeable eyes - sure. But those eyes have clearances and access to the document. Just because the general public doesn't see it, doesn't mean that a lot of qualified people haven't.

Re:

[bhiestand]

You missed the most important part of his post:

Also, I'm opposed to governmental secrecy.

That right there sums up what you need to know. The GP is an ideologue who opposes government secrecy. Because of this, he will ignore evidence that contradicts his pre-established conclusion. Let's both just be glad this man will never have the power to harm any of our valuable intelligence organizations.

Re:

[DerekLyons]

Oh, I realized that. I just couldn't resist the chance to set the record straight.

Re:

[bhiestand]

Fair enough. I'm glad the mods took notice.

Re:

[IonOtter]

Security classifications are "all-inclusive" and "absorbent", in that if you have a document that has so much as a single "classified" word in it, then the entire document gains the classifcation level of that single word. This applies even if the material in question wouldn't be classified, but the footnotes reference a classified source.

This policy applies to physical media as well. If a camera, floppy, USB stick, CD or other recording media is plugged or inserted into a classified computer, then that i

Re:Why was it classified

[darkmeridian]

In the real world, knowing what people know is very important. Releasing what you know and what you know others to know would be a disastrous turn for a national security agency (NSA). Whether the bad guys fell for your double agent's lies, for instance, is a crucial fact. If the NSA has compromised a whole bunch of communications systems, we don't want the people using the systems to know that they're compromised!

Re:

[Anonymous Coward]

also, you know...other countries could use this to keep their secrets from the US...

Re:

[GWBasic]

Given that all good security must be based on rigorous unbreakability, not secrecy

Rigorous unbreakability implies secrecy; either or both the algorithm and the keys must be kept secret.

Nice addition

[Anonymous Coward]

Nice addition to "Cryptology During the Cold War, 1945-1989"
http://news.slashdot.org/article.pl?sid=08/11/14/1629239 [slashdot.org]

Re:

[SpaceLifeForm]

Yes.

Re:

[AceofSpades19]

Are you new here?

A good read.

[Animats]

That's a good read. Thanks.

Quick posts ruin stories like these

[wintermute1974]

Slashdot should have a delay of a few hours on stories like this, to allow people to RTFB before posting.
(I promise not to post again until I've followed my own advice.)

Irony

[this great guy]

The PDF file seems interesting at first but many pages are [CENSORED] and even [CENSORED] which leads me to doubt of the usefulness of [CENSORED] notwhistanding [CENSORED]. Does anyone [CENSORED]. Or [CENSORED] ?

Re:

[quanticle]

Indeed, that seems to be the case at first, but, in this case, first impressions are misleading. After page 80 or so (about half way) the number of redactions drops precipitously. Indeed, one of the most interesting sections (the one on Tempest) is notable for its lack of redaction. There's some fascinating stuff there about how the NSA discovered that EM leakage was an issue, and what they tried at first to contain such noise.

Page 106

[egcagrac0]

Glad to see I'm not the only one who does that when reading "This page is intentionally blank".

Tagged "hotlink"

[mr_stinky_britches]

Tagged "hotlink".

So this is way below their lower limit

[Vadim Makarov]

Interesting reading. Probably beyond average slashdotter's patience, hence so few comments to the story. I've found the history of TEMPEST being the most fascinating... discovered, forgotten, rediscovered, never fully eliminated but considered adequately handled given the threat level assessment. It left me wondering what the status of TEMPEST is with current electronic computing devices?

According to the book itself (see p. 128 bottom), this disclosure should not even come close to define the lower bound of NSA's today's capabilities. Umm, impressive then.

Re:

[quanticle]

Given that modern switches (transistors), operate at much smaller voltages than the old electromechanical relays and vacuum tubes of yore, I'd argue that Tempest related issues are becoming less of an issue as time goes on, rather than more.

Indeed, with the number of transistors in modern electronics, there's probably a sort of "natural jamming" going on, where the sheer volume of radiated transmissions is sufficient to overwhelm any listener. Of course, signal processing equipment has also become more sop

Frustrating item at the end

[rfc1394]

The last thing the book talks about is how a man discovered a lot of partially processed secret materials and he had to find a way to get rid of all of it, a considerable pile, and discovered a useful way. Which it doesn't tell us, other than to say the explanation is hidden in the message, using an innocent intervention, or something like that.

So, given that it has something to do with purloined letter methods, my guess is they took the lot of paper down to a processing center, where the paper absolutely

PARKHILL

[nsaspook]

The info about PARKHILL is very interesting. That system was installed as a replacement for KG-13 and used for a very short time at our station. We had it for about a year before it was removed and replaced by something else. As noted on page 153 that system was not totally secure. The BLACK audio sounded like Donald Duck talking backward on acid. I suspect that someone found a way to break the code in near realtime. This was about 1982. No idea if it was fixed and rereleased for use.

page 156 & murphy's law incidents

[erbbysam]

On page 155-156 there are a series of stories on possible accidental data leaks that could have occurred.
My personal favorite is the one where two NSA sweep people get into a tug-of-war over a wire in a wall between floors :)

Breaking the rules. Sea story

[nsaspook]

AP/UPI/TAS transmitted the news via HF rtty links long ago. To receive up to date news for the crew the Radiomen on the ship would connect a TTY normally used for classifed traffic to a RTTY demodulator. The problem was that per "RED/BLACK" (page 90 on the NSA doc), the TTY was RED and the RTTY demod was BLACK. It was totally forbidden to interconnect the systems and patch panels had to be so many feet apart and in separate rooms. Only a NSA approved crypto device could be used in the middle.

I found some of the redacted text

[Tracy Reed]

So here I am reading the document linked in this story when I get to page 85 about tempest. I encounter the phrases "He sauntered past a kind of carport jutting out..." and "a carefully concealed dipole antenna, horizontally polarized." And I thought...I've heard these exact words somewhere else before. Where would I have encountered this exact wording from a document which has been declassified just in the past few days? I dumped the phrase into google and sure enough:

http://www.nsa.gov/public/pdf/tempest.pdf [nsa.gov]

Here it is in this document about tempest which was declassified 9-27-2007. It contains a lot more about the story in Japan and tempest etc.

And I notice that this document contains what is certainly the redacted paragraph in the other document between the paragraph about the discovery of the antenna and the one that begins "Why, way back in 1954, when the Soviets published a rather comprehensive set of standards..."

This paragraph is about how 40 microphones were found in the US embassy in Moscow and talks about a "large metal grid buried in the cement of the ceiling over the Department of State communications area" and that it had a wire leading off somewhere. Apparently such things were being found as far back as 1953 and the US did not know what their purpose was.

The next paragraph puts the above into context when it says that in 1954 "the Soviets published a rather comprehensive set of standards for the suppression of radio frequency interference". So the previous paragraph reveals some details about what kinds of devices were found but the second paragraph goes on to imply that the Soviets may have been listening in on our unencrypted electronic communications for at least 10 years before the US figured out that it was possible to do so and took action.

It's funny how something which would seem so obvious to us now in hindsight baffled the NSA for at least 10 years. It is also funny that it is possible to reconstruct redacted materials from declassified documents using Google due to the use of cut and paste from a document written back in 1973.