Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NSA's History of Communications Security — For Your Eyes, Too

timothy posted more than 5 years ago | from the as-long-as-it-passes-through-ft-meade dept.

Security 52

Phil Sp. writes "Government Attic, those fine investigative pack rats, have outdone themselves this time. Just posted: a declassified NSA document entitled A History of Communications Security, Volumes I and II: The David G. Boak Lectures [PDF] from 1973 and 1981. This is an absolutely fascinating look into how the NSA viewed (views?) communications security and touches on all sorts of topics, including public key crypto, economics, DES, tamper-resistance, etc. It was seemingly from a collection of lectures to new employees. The first 85 pages are heavily redacted but the remaining 80 or so are largely intact. It even concludes with a cryptogram puzzle for the reader!"

cancel ×

52 comments

Sorry! There are no comments related to the filter you selected.

What I heard a while back (4, Funny)

Anonymous Coward | more than 5 years ago | (#26225081)

The NSA uses ---------- to monitor ------------- by ----------- and ------------ through a network of ------------. It was really pretty interesting.

Re:What I heard a while back (1)

mbstone (457308) | more than 5 years ago | (#26233751)

Lawbreakers, citizens, hook, by crook, stupid and/or corrupt Congresscritters.

The solution: (4, Funny)

Tubal-Cain (1289912) | more than 5 years ago | (#26225085)

It even concludes with a cryptogram puzzle for the reader

The answer?
FRANK SHOEMAKER WOULD CALL THIS NOISE.

Re:The solution: (4, Funny)

Darth_brooks (180756) | more than 5 years ago | (#26225393)

Wrong answer, Hans. Care to try for double jeopardy?

It reads: ALWAYS DRINK YOUR OVALTINE

Duh.

Re:The solution: (0)

Anonymous Coward | more than 5 years ago | (#26226859)

Amateurs... The answer is always...
TOO MANY SECRETS ...or 42 in short (of course!)

RERMY RISTCSHAM

Re:The solution: (0)

Anonymous Coward | more than 5 years ago | (#26239213)

Don't forget to drink your Ovaltine :P

USA's history of communication secrecy/deception? (0)

Anonymous Coward | more than 5 years ago | (#26225087)

that's our worst problem now, other than the 'weather'. better days ahead.

Their "FLOP" section was blanked out. :( (5, Insightful)

gurps_npc (621217) | more than 5 years ago | (#26225257)

I was so hoping that they turned honest and revealed some errors. Never trust someone that refuses to admit they were wrong. If you can't recognize when you are wrong, you don't know when you are right.

Re:Their "FLOP" section was blanked out. :( (2, Interesting)

Anonymous Coward | more than 5 years ago | (#26225301)

The fact that the section exists kinda already shows they recognize their mistake(s). The fact that its blanked out only means they don't want certain people to know the specifics.

Re:Their "FLOP" section was blanked out. :( (0)

Anonymous Coward | more than 5 years ago | (#26225677)

Just get rid of them entirely: Metagovernment [metagovernment.org]

Redacted, huh? (2, Insightful)

CyberLord Seven (525173) | more than 5 years ago | (#26225315)

Hmmmm. I will have to see if they screwed the pooch and made a mistake that has been so common lately with .PDF redactions.

Re:Redacted, huh? (2, Informative)

Anonymous Coward | more than 5 years ago | (#26225413)

No way! This is the NSA. Looks like they took scissors to it before photocopying.

There is one little bit on page 12 where it looks like the bottom row of "pixels" of maybe one word can be seen. I wonder if David Naccache and Claire Whelan [nytimes.com] could figure out the word.

Re:Redacted, huh? (2, Informative)

Kadin2048 (468275) | more than 5 years ago | (#26227343)

They did not screw up this time around, at least as far as I can tell.

It looks like the page was scanned, and then areas were redacted by pasting white over them. They look too neat to have been done with scissors and paper, but that's the general look of them: white polygons pasted over various areas on the page. The edges aren't quite square so it's like someone clicked with a mouse to define the vertices, rather than selecting lines. (I.e., they were doing it after rasterization and not before, most likely.)

Then at some point after this, the document was OCRed. Hence, no redacted material in the text layer of the PDF.

You can make out, at least in a few cases, the gist of what was blanked out from context. One of the first big redactions obviously describes the sigint capabilities of the Soviets at the time. Interesting to imagine why they're still concerned about that; someone must think that by knowing what we knew about them at a particular time, you could infer something that would be advantageous...

Re:Redacted, huh? (0)

Anonymous Coward | more than 5 years ago | (#26229063)

You're all damn terrorists!! :)

Re:Redacted, huh? (1)

TempeTerra (83076) | more than 5 years ago | (#26232429)

One of the first big redactions obviously describes the sigint capabilities of the Soviets at the time. Interesting to imagine why they're still concerned about that; someone must think that by knowing what we knew about them at a particular time, you could infer something that would be advantageous...

Or someone thinks that someone knowing what we knew at a particular time might let them infer something... or someone A thinks that making someone B think that A thinks that B could infer something about what A knew about B at a particular time will in fact make B infer something else...

NSA is the home of dizzying intellects.

Re:Redacted, huh? (1)

ion.simon.c (1183967) | more than 5 years ago | (#26277367)

Maybe they could infer the placement of moles and spies in certain research facilities? :)

Dan Brown (3, Funny)

Arancaytar (966377) | more than 5 years ago | (#26225421)

It even concludes with a cryptogram puzzle for the reader!"

Are you sure you didn't pick up Digital Fortress by mistake? :P

Why was it classified (4, Interesting)

Techmeology (1426095) | more than 5 years ago | (#26225469)

Why was it classified? Given that all good security must be based on rigorous unbreakability, not secrecy, the analytical powers of many eyes would have been useful. Also, I'm opposed to governmental secrecy.

Re:Why was it classified (3, Interesting)

FishWithAHammer (957772) | more than 5 years ago | (#26225561)

Security through obscurity isn't security, but security plus obscurity is better security so long as the obscurity holds.

Re:Why was it classified (4, Insightful)

QuantumRiff (120817) | more than 5 years ago | (#26225603)

You are correct, however, sometimes you don't want to know about bad algorithms.. or more accurately, you don't want your enemies to know that you've cracked their codes.

Sometimes, things are just politically sensitive.. ie, We cracked the code, realized that country X placed a spy into country Y, we notified country Y, and the spy for country X had a tragic accident...

Re:Why was it classified (1)

freddy_dreddy (1321567) | more than 5 years ago | (#26225843)

security without obscurity implies that you're willing to sacrifice temporary loss of security whenever a backdoor or exploit is discovered. The security we (as a geek community) are dealing with is not the same as government security. The first generally deals with security of infrastructure that houses the information, the second deals with the security of information.

Whenever an infrastructure security is compromised, we can restore the information from backups after the security hole has been fixed. Whenever information security is compromised it pretty much looses its reason to exist.

Re:Why was it classified (1)

c4str4t0 (1415371) | more than 5 years ago | (#26226001)

In the interest of a good argument, I will assert that all that have replied to this post are not entirely correct. The idea of "rigorous unbreakability" is correct. This is what gives a cryptographic algorithm strength (or reliability). No one should trust the security of a crypto algorithm without its creators first explaining the details of how it works. If it is truly a strong algorithm, then it won't matter that the masses understand the process in its entirety (AES, for instance). Further, security through obscurity is nonsense, unless I'm an immature script kiddie that only looks for ports on which a known service is running (i.e. ssh=TCP22). For realistic security implementations, one should always assume protection against the most aggressive techniques of penetration. Hence, that is why obscuring ports is worthless. Finally, the priorities of an attacker once they have gained access will more than likely not be data destruction. The point of the attack will likely be to remain undetected so they can gather as much information from a victim's infrastructure or data as possible. If I'm a bad guy, the last thing that I want you to know is that I've gained access to your system. Then you'll only patch the hole I used and make it more difficult for me to get back in.

Re:Why was it classified (4, Insightful)

DerekLyons (302214) | more than 5 years ago | (#26226553)

Given that all good security must be based on rigorous unbreakability, not secrecy

That's commonly held belief of security amateurs. In reality, obscurity is a valuable tool in the arsenal of the security professional - because an attacker cannot be prepared to address a measure that he does know the existence of beforehand. For example - a visible set of VCR's in a place equipped with visible cameras... but they are dummies with the real ones (or a backup set) behind a nondescript door.
 
 

the analytical powers of many eyes would have been useful

The analytical power of many experienced and knowledgeable eyes - sure. But those eyes have clearances and access to the document. Just because the general public doesn't see it, doesn't mean that a lot of qualified people haven't.

Re:Why was it classified (1)

bhiestand (157373) | more than 5 years ago | (#26228523)

You missed the most important part of his post:

Also, I'm opposed to governmental secrecy.

That right there sums up what you need to know. The GP is an ideologue who opposes government secrecy. Because of this, he will ignore evidence that contradicts his pre-established conclusion. Let's both just be glad this man will never have the power to harm any of our valuable intelligence organizations.

Re:Why was it classified (1)

DerekLyons (302214) | more than 5 years ago | (#26228785)

Oh, I realized that. I just couldn't resist the chance to set the record straight.

Re:Why was it classified (1)

bhiestand (157373) | more than 5 years ago | (#26234707)

Fair enough. I'm glad the mods took notice.

Re:Why was it classified (1)

IonOtter (629215) | more than 5 years ago | (#26226975)

Security classifications are "all-inclusive" and "absorbent", in that if you have a document that has so much as a single "classified" word in it, then the entire document gains the classifcation level of that single word. This applies even if the material in question wouldn't be classified, but the footnotes reference a classified source.

This policy applies to physical media as well. If a camera, floppy, USB stick, CD or other recording media is plugged or inserted into a classified computer, then that item becomes classified at the same level as the computer. Sometimes, even bringing the item into a physical space, such as a meeting room or NOC, can convey that classification. (Try walking into a SCIF with a thumbdrive and see what happens if they catch you with it.)

This rule is absolute across the government, and is applied universally across the board. However, enforcement may or may not be lax depending upon the situation, and it may also be up to the discretion of the commanding officer to allow certain waivers.

Re:Why was it classified (3, Interesting)

darkmeridian (119044) | more than 5 years ago | (#26227203)

In the real world, knowing what people know is very important. Releasing what you know and what you know others to know would be a disastrous turn for a national security agency (NSA). Whether the bad guys fell for your double agent's lies, for instance, is a crucial fact. If the NSA has compromised a whole bunch of communications systems, we don't want the people using the systems to know that they're compromised!

Re:Why was it classified (1)

Anonymous Coward | more than 5 years ago | (#26227731)

also, you know...other countries could use this to keep their secrets from the US...

Re:Why was it classified (1)

GWBasic (900357) | more than 5 years ago | (#26233055)

Given that all good security must be based on rigorous unbreakability, not secrecy

Rigorous unbreakability implies secrecy; either or both the algorithm and the keys must be kept secret.

Nice addition (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26225647)

Nice addition to "Cryptology During the Cold War, 1945-1989"
http://news.slashdot.org/article.pl?sid=08/11/14/1629239 [slashdot.org]

Noone Read TFA (1)

pacificleo (850029) | more than 5 years ago | (#26225695)

20+ comment with in 10 min of publication when TFA have 158 pages of gibberish . are you guys cyborg or people on /. have stopped Reading TFA .

Re:Noone Read TFA (2, Insightful)

SpaceLifeForm (228190) | more than 5 years ago | (#26225773)

Yes.

Re:Noone Read TFA (1)

AceofSpades19 (1107875) | more than 5 years ago | (#26226279)

Are you new here?

A good read. (1)

Animats (122034) | more than 5 years ago | (#26225731)

That's a good read. Thanks.

Do you mean "exceptionnal" ? (0)

Anonymous Coward | more than 5 years ago | (#26229779)

It's an understatement. It's a really frank, useful and even illuminating document. It changed my perception of what NSA is and does, at least in the COMSEC branch. However, SIGNINT is completely ignored and you won't see a mention of ECHELON for example. It covers the period from 1940 to 1980 and deals mostly with antique machines...

Anyway, it's a refreshing read, the insider view is very discerning and casts a light into the *practical* implications of sending 100.000 cryptomachines in the field...

Also, it's a good antidote if you're bored by Schneier et al.
For example, public key cryptogray is explained to be not practically useful (as of 1980), operational constraints dictate other solutions.

I learnt many, many things and I wish that someone posts the solution to the puzzle :-) [i'm too tired now]

Quick posts ruin stories like these (1)

wintermute1974 (596184) | more than 5 years ago | (#26225919)

Slashdot should have a delay of a few hours on stories like this, to allow people to RTFB before posting.
(I promise not to post again until I've followed my own advice.)

Irony (2, Informative)

this great guy (922511) | more than 5 years ago | (#26226217)

The PDF file seems interesting at first but many pages are [CENSORED] and even [CENSORED] which leads me to doubt of the usefulness of [CENSORED] notwhistanding [CENSORED]. Does anyone [CENSORED]. Or [CENSORED] ?

Re:Irony (1)

quanticle (843097) | more than 5 years ago | (#26233197)

Indeed, that seems to be the case at first, but, in this case, first impressions are misleading. After page 80 or so (about half way) the number of redactions drops precipitously. Indeed, one of the most interesting sections (the one on Tempest) is notable for its lack of redaction. There's some fascinating stuff there about how the NSA discovered that EM leakage was an issue, and what they tried at first to contain such noise.

Page 106 (1)

egcagrac0 (1410377) | more than 5 years ago | (#26226239)

Glad to see I'm not the only one who does that when reading "This page is intentionally blank".

Tagged "hotlink" (1)

mr_stinky_britches (926212) | more than 5 years ago | (#26228327)

Tagged "hotlink".

So this is way below their lower limit (2, Insightful)

Vadim Makarov (529622) | more than 5 years ago | (#26228341)

Interesting reading. Probably beyond average slashdotter's patience, hence so few comments to the story. I've found the history of TEMPEST being the most fascinating... discovered, forgotten, rediscovered, never fully eliminated but considered adequately handled given the threat level assessment. It left me wondering what the status of TEMPEST is with current electronic computing devices?

According to the book itself (see p. 128 bottom), this disclosure should not even come close to define the lower bound of NSA's today's capabilities. Umm, impressive then.

Re:So this is way below their lower limit (1)

quanticle (843097) | more than 5 years ago | (#26233213)

Given that modern switches (transistors), operate at much smaller voltages than the old electromechanical relays and vacuum tubes of yore, I'd argue that Tempest related issues are becoming less of an issue as time goes on, rather than more.

Indeed, with the number of transistors in modern electronics, there's probably a sort of "natural jamming" going on, where the sheer volume of radiated transmissions is sufficient to overwhelm any listener. Of course, signal processing equipment has also become more sophisticated in the meantime, so I might not be 100% on target in that assessment.

Frustrating item at the end (1)

rfc1394 (155777) | more than 5 years ago | (#26228343)

The last thing the book talks about is how a man discovered a lot of partially processed secret materials and he had to find a way to get rid of all of it, a considerable pile, and discovered a useful way. Which it doesn't tell us, other than to say the explanation is hidden in the message, using an innocent intervention, or something like that.

So, given that it has something to do with purloined letter methods, my guess is they took the lot of paper down to a processing center, where the paper absolutely has to be clean, and they ground up and processed it to make newsprint, where the formerly classified material has been so destroyed that it could be used to print the next day's newspapers. Would be sort of ironic that way, and would fit with his emphasis on 'innocent' information systems.

Re:Frustrating item at the end (0)

Anonymous Coward | more than 5 years ago | (#26229727)

My reading makes me believe that the paper bits were mixed with ashes so it's useless for making new paper. But your hypothesis is interesting :-)

PARKHILL (2, Informative)

nsaspook (20301) | more than 5 years ago | (#26228535)

The info about PARKHILL is very interesting. That system was installed as a replacement for KG-13 and used for a very short time at our station. We had it for about a year before it was removed and replaced by something else. As noted on page 153 that system was not totally secure. The BLACK audio sounded like Donald Duck talking backward on acid. I suspect that someone found a way to break the code in near realtime. This was about 1982. No idea if it was fixed and rereleased for use.

page 156 & murphy's law incidents (1)

erbbysam (964606) | more than 5 years ago | (#26228563)

On page 155-156 there are a series of stories on possible accidental data leaks that could have occurred.
My personal favorite is the one where two NSA sweep people get into a tug-of-war over a wire in a wall between floors :)

Breaking the rules. Sea story (2, Interesting)

nsaspook (20301) | more than 5 years ago | (#26228707)

AP/UPI/TAS transmitted the news via HF rtty links long ago. To receive up to date news for the crew the Radiomen on the ship would connect a TTY normally used for classifed traffic to a RTTY demodulator. The problem was that per "RED/BLACK" (page 90 on the NSA doc), the TTY was RED and the RTTY demod was BLACK. It was totally forbidden to interconnect the systems and patch panels had to be so many feet apart and in separate rooms. Only a NSA approved crypto device could be used in the middle.

    So every shop would make a 20foot long patch cable for the connection. Our approved patch cords were only about 2 feet. Every NSA audit they had to hid this cable or be hit for a major violation. Everbody knew it was happening but looked the other way because the CO of the ship wanted his news.

http://www.virhistory.com/navy/rtty-demod.htm [virhistory.com]

Unsolvable puzzle ? (0)

Anonymous Coward | more than 5 years ago | (#26229863)

Hello,

This is really an excellent reading, well worth the time !

The more I think about it and the more I believe that the "innocent text" has something to do with the letters at the beginning of each paragraph, inside "()"

This seems to explain why they are marked with a pen. The previous owner tried to solve the puzzle with his copy of the book. I was curious at first, and thought that the letters were the initials of the author of the paragraph (as if several people contributed) but it would be weird...

The problem : Many paragraphs have been edited out and with them, the "(letter)" have been lost.
If my hypothesis is correct then there is no way to know for sure :-(

OTOH if someone finds the answer to this 25 years old puzzle, don't hesitate to publish your findings :-)

yg@ygdes

Re:Unsolvable puzzle ? (0)

Anonymous Coward | more than 5 years ago | (#26229977)

(U) = unclassified
(C) = classified
(S) = secret

The first letter is the original classification of the paragraph.

http://en.wikipedia.org/wiki/Classified_information [wikipedia.org]

I found some of the redacted text (3, Interesting)

Tracy Reed (3563) | more than 5 years ago | (#26232885)

So here I am reading the document linked in this story when I get to page 85 about tempest. I encounter the phrases "He sauntered past a kind of carport jutting out..." and "a carefully concealed dipole antenna, horizontally polarized." And I thought...I've heard these exact words somewhere else before. Where would I have encountered this exact wording from a document which has been declassified just in the past few days? I dumped the phrase into google and sure enough:

http://www.nsa.gov/public/pdf/tempest.pdf [nsa.gov]

Here it is in this document about tempest which was declassified 9-27-2007. It contains a lot more about the story in Japan and tempest etc.

And I notice that this document contains what is certainly the redacted paragraph in the other document between the paragraph about the discovery of the antenna and the one that begins "Why, way back in 1954, when the Soviets published a rather comprehensive set of standards..."

This paragraph is about how 40 microphones were found in the US embassy in Moscow and talks about a "large metal grid buried in the cement of the ceiling over the Department of State communications area" and that it had a wire leading off somewhere. Apparently such things were being found as far back as 1953 and the US did not know what their purpose was.

The next paragraph puts the above into context when it says that in 1954 "the Soviets published a rather comprehensive set of standards for the suppression of radio frequency interference". So the previous paragraph reveals some details about what kinds of devices were found but the second paragraph goes on to imply that the Soviets may have been listening in on our unencrypted electronic communications for at least 10 years before the US figured out that it was possible to do so and took action.

It's funny how something which would seem so obvious to us now in hindsight baffled the NSA for at least 10 years. It is also funny that it is possible to reconstruct redacted materials from declassified documents using Google due to the use of cut and paste from a document written back in 1973.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>