DOCSLIB.ORG

A History of U.S. Communications Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A History of U.S. Communications Security -- ~ A HISTORY or U.S. COMMUNICATIONS SECURITY (U) (The DaYid G. Boak Lectures) BAl\"DLING INSTRUCI'IO~S ------ 1. This publication consists ol coven and numbered pages 1 to 101 inclusive. Verify presence ol each page upon receipt. 2. Fo.rmal authorization for access to SECRET material is :required for personnel to have access to this publication. ------ E:::== 3. This publication will not be released outside government channels without approval of the Di­ §= rector, National Security Agency. ----- 4. Extracts from this publication may be made for classroom or individual instruction purposes only. Such utracts will be classified SECRET NOFOR..""'l and accounted for locally until de­ stroyed. 5. This publication will not be carried in aircraft for use therein. - --------- ,__-·---·------·.. _.. __ ==-.:. ~-····-r..... ..: ... ::::7:~ ------·-·­____ ,, .. NATIONAL SECURITY IXFORMATIO~ Unauthorized Disclosure Subject to Criminal Sanctions ~ .------­ NATIONAL SECURITY AGE."lCY FORT GEORGE G. MEADE. MARYLA.~D 20755 Revised July 19i3 a..iled bJ Direaor, NSA., panaa•t ID SSA.. ~u.I 123-Z. llelQt ,,_ C--1 l\eele-iftalioa Scbedale el l.uatne Orcler 111SZ Ellempt CateprJ 2.. Deduli...._ da&e cu..c be determiaed. ORIGINAL 1: Reverse (Page 2) Blank .................... _....... ---······-··-----.. .... --·· l .. ..:~·-· -: - . · . ~: .,,.. -,-- ...... '.= ._.. ~ ..· .•. ·. ·..· .._ .... -~.· .. ~'.· · ....· : ..... ~: ': ·.··· ... ·. ·•.. • • . • ' • •• , • •.•• -~~!' .- .!":.· . • :-~ ........ · .. .. .... .. ._. .... .. :· .... : 8E€RB'f N9P9RN INTRODUCTIOS This publication consists of a series of lectures prepared and given to interns and other employees --·- by Mr. David G. Boak in 1966. Mr. Boak is uniquely qualified to discuss the history of U.S. COM­ -- SEC because he bas participated significantly in most aspects of its modem development over the past twenty years. The purpose of these lectures was to present in an informal yet informative manner the funda­ -- mental concepts of Communications Security and to provide an insight into the strenghts and -- weaknesses of selected manual systems, electro-mechanical and electronic crypto-equipments.. ------- --------·,___.. -·---·---·· --· ---.. --··· ---........ -----·· --·--·-· --·---·~----·· -·--·-···.. ·-··· i:::::=.:::: ~: ~ -·-·E.:::::::=::.:: -----·····~--···--·· ORIGINAL 3 Reverse (Page 4) Blank ~~=~~~; =------=.:.=.-:;-...-_:;;._· -··----~--_...;;..:.-__,,_,~...... ""' ... "'...'= ... =....::: ... :::: ...:::: ...:::: ...:::: ....:::: ...:::: ...:::: ...:::: ... ::::_..:::: ...::-:::.-==·=-·=···::::···=-···························- .. ·········--·---···--·-··---··-·····--· - .· I • •• , •, ·., "' • • ' ' ..... .......... .. .. ·.. .. SECRE'f NOPOR:l'i RECORD OF AMENDMENTS i-,.. Identification of By Whom Entered Amendment and Date Entered (Signature; Rank or No. (if any) Rate; Name of Command) -- ' . RECORD OF PAGE CHECKS By Whom Checked By Whom Checked Date Date (Signature; Rank or Rate; (Signature; Rank or Rate; Checked Checked Name of Command) Name of Command) : I . SEeKET ORIGINAL 5 ·~ r SECREI '.N('Jf('JltN I~~ RECORD OF PAGE CHECKS l By Whom Checked By Whom Checked Date Date (Signature; Rank or Rate; (Signature; Rank or Rate; Checked Checked Name of Command) Name of Command) \ I Subject f1RSTLE SECON!: THIRD 1 yoURTl FIFTH: ---- sIXTH sEVEl' EIGH'l NINT1 I I TEN1 .. , 6 SECRET ORIGINAL ----·----- ---- ---·- • TABLE OF C01'"TENTS ---------· ----~: Subj.ct --x;= FIRSTLECTURE.-The Need ror Communications Security -----·--------·---·-·· 'I'lllRI>SECONI> LECTURE.-'l'SECIJCL-7 ~--Codes------·----------------······------------------------------------------------- _________________________________________________________________________ _ 21 ·----·: 33 ----------·-·· -··=--===:---·· FOURTH LECTURE.-One-'Iime Tape Systems -----------------------------------------------------------­ 39 E=? FIF'l'FI LEC'I'l1Rl!:..-IC\1V-26; ICVV-37; CltIB; ICVV-7 ----------------------·---------------------------------- P::------ E:. .: . .-:::f. SIXTH LECTURE.-Multi-Purpose Equipment 53 :=:::::==..:::: SEVENTH ~-Ciphoay Equipment and Other Specialized Systems ------· --------------------------- 57 --.====----··- 73 ----· J!:I(;Jrrll LECTUR.E.-Flops -----------------------------------------------------------------------------­ ---·-··-·------·-· NINm LECTURE.-Scrmgtbsand VVeakneases -------------------·---------------------------------------- 81 -----·-·----·· 89 TEN'I'li LECTURE.-'Tl!:tl4PES'I' -------------------------------------------------------------------------- ----· ----·----·· ----·-----··· ---·-·--·---·----· ..........----··--··-····· ---··· ----·····--···········---·-· -----··-·····;:=:;:=: E:::::=.-:::~==-=-~.. -. =!:=::.=.:: =::..:-::::..::.-·-----····· ----··-----···-----· --·------·----···----·--···· ---------· -----·-·---· ----·----··· ----·---··----·· ----·-----·------·· -------------------·---·_____ ... ---·-·----·· -·-----·--·····-·--·-·-·· ----··········-----··-·· I::--r:======:··:::.'"::. =--===...:::::......._ ____ _ t:::=::::-.:: =:···-·····-·· =---·~ ~ ------·· -----·----··c:::-=:: ----··:---:==.- -----·-----··---·-· 1-~ SECRET ORIGINAL 7 Reverse (Page 8) Blank ···--···----·-·······--····· ·----·---.. -·-··· :::~.-....:::=:::~---==::::::: ... :.':f:.::-:=:::_.-;....::.:=--=:==--=====··...:;=::===---====·-·_:___ __..;., .. --··- ·-····.:..·--······-,··--···-··--··-·--·--···--=--.--.-..------------- '• .··: •... ,; .... .·· •. ··• . -------··----· SBGRR :N9P9B:N EO 1. 4. ( c) -·--- ---···-··-­ -·=== --- FIRST LECTURE: Tbe Need for Communications Security --- -----~ I will spend most of this first period belaboring some seemingly obvious points on the need for -- communications security; why we're in this business, and what our objectives really are. It seems =-- obvious that we need to protect our communications because they consistently reveal. our strengths, ---~· weaknesses, disposition, plans, and intentions and if the opposition intercepts them he can exploit -·:=..1'-..= that information by attacking our weak points, avoiding our strengths, countering our plans, and ---------- frustrating our intentions... something he can only do if he has advance knowledge of our.situation. -··--·~:::::::=:.· But there's more to it than that. E"::-=: First, you'll note I said the opposition can do these things if he can intercept our communica­ !:::-::::::::::: tions. Let me first give you some facts about that supposition. You've all seen the security caveats ~====~; asserting that ..the enemy is listening", .. the walls have ears", and the like. One of my irrev~rent ..---- friends, knowing where I work, insists on refening to me as "an electronic spy", and popular pa~r­ ----·...---·--------- __ _. back literature is full of lurid stories about code-breakers and thieves in the night careening to Bu•. -·------·-·--· dapest on the Orient Express with stolen ci hers tattooed somewhere unmentionable. What is the --·.---· actual situatfon? ----= t eir co ection facilities in­ ---· "'"'=cr::u=-=e~::r=ge::--r~n=":l"""'C":a=~s~1~tes=-=--, ~m~o~1.,.,e,,....,,,p~""o""rm,.....,.,s,....,.a_,1,...r-a-n........ -se-a ...... , -a-n....... sa__..,..tellite surveillance; and that --·--·-·-·---· they have an extensive covert collection operation. All in alJ, a truly formidable opponent. So the --· first "if" underlying our argument for the need for COMSEC (Communications Security) is more -··-·--······-· .. -·····-·· than a postulate-a deliberate, large, competent force has been identified whose mission is the exploitation of U.S. communications through their interception and analysis. It is important to understand at the outset why the Soviet Union (as well as all other major countries) is willing to make an investment of this kind. Because, of course, they find it worthwhile. f;;-···--·---· Sometimes, in the security business, you feel like a jackass having run around clutching defense secrets to your bosom only to find a detailed expose in Missiles and Rockets or the Washington Post or find it to be the subject of open conversations at a cocktail pany or a coffee bar. There are, in fact, so many things that we cannot hide in an open society-at least in peace time-that you will some­ times encouter quite serious and thoughtful skepticism on the value or practicability of trying to hide anything ... panicularly if the techniques you apply to hide information-like cryptography --entail money, loss of time, and constraints on action. --··---· What then, is unique about communications intelligence? What does it provide that our moun­ -····--·· tains of literature and news do not similarily reveal? How can it match the output of a bevy of ___ .. __ . professional spies or in-place defectors buying or stealing actual documents, blueprints, plans? ----··----····--··-·· ( ..In-place defector"-a guy with a bona fide job in some place like the Department of Defense, the ···---·-·---­-·--·········· Department of State, this Agency, or in the contractual world who feeds intelligence to a foreign ----··O•••••••H•-••• power.) It turns out that there is something special about communications intelligence, and it provides the justification for our own large espenditures as well as those of other countries: in a nutshell, its special value lies in the fact that this kind of intelligence is generally accurate, reliable, ........ ______ _ authentic, continuous, and most important of all, timely. The more deeply you become familiar :::::::::K:::: with classified governmental operations, the more aware you will become
Load more

Recommended publications
  • Steganography As a Means of Attacking Information Systems
    Scientific and Practical Cyber Security Journal (SPCSJ) 2(4): 75-80 ISSN 2587-4667 Scientific Cyber Security Association (SCSA) STEGANOGRAPHY AS A MEANS OF ATTACKING INFORMATION SYSTEMS Anna Romanova 1, Sergiy Toliupa 2 1Taras Shevchenko University of Kyiv, Faculty of Information Technology, 2 Taras Shevchenko University of Kyiv, Faculty of Information Technology ABSTRACT. An analysis of steganography methods that are can be potentially used as instruments in attacks on information and communication systems is presented. The possible solutions to ensure resilience to such attacks are presented. Keywords: steganography, TEMPEST, covert channel, information protection Cryptography is widely used as one of the most efficient and approbated methods of critical information resources protection. Nevertheless, in particular cases it might be more effective to hide the communication channel itself instead of making the information within it unreadable. Such a practice, namely concealing data within unsuspicious, innocent-looking containers, is called steganography. Any concept might have a double application. While being primarily considered a means of information protection, steganography can be used with ill intentions, as well. In fact, several high-tech attacks are based on the hidden data transmission, and contemporary methods of counteraction do not provide satisfactory level of resilience to those. These attacks are not always considered to be steganography-based, as they, for the most part, use a variety of features, characteristic for information and communication systems – physical effects, transmission protocols, communication infrastructure, specific features of software, cryptography etc. Nevertheless, the attack requires a classical statement of the task of steganography – how to transmit data so that a potential attacker could not acquire them due to not knowing about the presence of a transmission channel, even if he or she has a suspicion about one and the possible methods are known.
    [Show full text]
  • NSA's Efforts to Secure Private-Sector Telecommunications Infrastructure
    Under the Radar: NSA’s Efforts to Secure Private-Sector Telecommunications Infrastructure Susan Landau* INTRODUCTION When Google discovered that intruders were accessing certain Gmail ac- counts and stealing intellectual property,1 the company turned to the National Security Agency (NSA) for help in securing its systems. For a company that had faced accusations of violating user privacy, to ask for help from the agency that had been wiretapping Americans without warrants appeared decidedly odd, and Google came under a great deal of criticism. Google had approached a number of federal agencies for help on its problem; press reports focused on the company’s approach to the NSA. Google’s was the sensible approach. Not only was NSA the sole government agency with the necessary expertise to aid the company after its systems had been exploited, it was also the right agency to be doing so. That seems especially ironic in light of the recent revelations by Edward Snowden over the extent of NSA surveillance, including, apparently, Google inter-data-center communications.2 The NSA has always had two functions: the well-known one of signals intelligence, known in the trade as SIGINT, and the lesser known one of communications security or COMSEC. The former became the subject of novels, histories of the agency, and legend. The latter has garnered much less attention. One example of the myriad one could pick is David Kahn’s seminal book on cryptography, The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet.3 It devotes fifty pages to NSA and SIGINT and only ten pages to NSA and COMSEC.
    [Show full text]
  • Prism Vol. 9, No. 2 Prism About Vol
    2 021 PRISMVOL. 9, NO. 2 | 2021 PRISM VOL. 9, NO. 2 NO. 9, VOL. THE JOURNAL OF COMPLEX OPER ATIONS PRISM ABOUT VOL. 9, NO. 2, 2021 PRISM, the quarterly journal of complex operations published at National Defense University (NDU), aims to illuminate and provoke debate on whole-of-government EDITOR IN CHIEF efforts to conduct reconstruction, stabilization, counterinsurgency, and irregular Mr. Michael Miklaucic warfare operations. Since the inaugural issue of PRISM in 2010, our readership has expanded to include more than 10,000 officials, servicemen and women, and practi- tioners from across the diplomatic, defense, and development communities in more COPYEDITOR than 80 countries. Ms. Andrea L. Connell PRISM is published with support from NDU’s Institute for National Strategic Studies (INSS). In 1984, Secretary of Defense Casper Weinberger established INSS EDITORIAL ASSISTANTS within NDU as a focal point for analysis of critical national security policy and Ms. Taylor Buck defense strategy issues. Today INSS conducts research in support of academic and Ms. Amanda Dawkins leadership programs at NDU; provides strategic support to the Secretary of Defense, Chairman of the Joint Chiefs of Staff, combatant commands, and armed services; Ms. Alexandra Fabre de la Grange and engages with the broader national and international security communities. Ms. Julia Humphrey COMMUNICATIONS INTERNET PUBLICATIONS PRISM welcomes unsolicited manuscripts from policymakers, practitioners, and EDITOR scholars, particularly those that present emerging thought, best practices, or train- Ms. Joanna E. Seich ing and education innovations. Publication threshold for articles and critiques varies but is largely determined by topical relevance, continuing education for national and DESIGN international security professionals, scholarly standards of argumentation, quality of Mr.
    [Show full text]
  • Operations Security for Patriot Units to Successfully Accomplish Their
    CHAPTER 8 Operations Security For Patriot units to successfully accomplish their mission on the air-land battlefield, information about friendly unit activities, plans, and operations must be denied to enemy forces until it is too late for these forces to effectively react. Operations security (OPSEC) and ADA survivability are synonymous for all practical purposes. Generally, OPSEC includes the coordinated application of a wide range of techniques and procedures to deny information to an enemy. It is primarily common sense systematically applied to a unit's situation and mission. Coun- tersuppression actions are taken to protect friendly operations from attack. OPSEC and countersuppression actions and procedures fall into four catego- ries, the first three of which are OPSEC areas: * Countersurveillance - action to protect the true status of friendly operations. * Countermeasures -actions to remove or reduce the enemy intelligence and electronic warfare threat. * Deception - actions to create a false picture of friendly activities and operations. * Countersuppression - actions taken to directly defend or enhance the defensive capability of the unit. CONTENTS page page Section I - COUNTERSURVEILLANCE Section III - DECEPTION AREAS OF COUNTERSURVEILLANCE ..... 8-2 DECEPTION OPERATIONS ............... 8-10 8-10 STANDINGOPERATING PROCEDURES ... 8-6 DUMMY POSITIONS...................... DECOYS ... ... ....................... 8-11 Section II - COUNTERMEASURES Section IV - COUNTERSUPPRESSION MOVEMENT..8-9STINGER AND SMALL ARMS FIRES...... 8-11 RADAR EMISSION CONTROL ............. 8-9 NBC DEFENSE TECHNIQUES.............8-12 8-1 FM 44-15 Section I - COUNTERSURVEILLANCE AREAS OF COUNTERSURVEILLANCE Measures and actions in this subcate- the KG-27 used with the AN/GRC-103 UHF gory are those takei to prevent location of the radio, and the VINSON family of speech unit by visual, electronic, or photographic secure devices.
    [Show full text]
  • Canada's Communications Security Establishment: from Cold War to Globalization
    CANADA’S COMMUNICATIONS SECURITY ESTABLISHMENT: FROM COLD WAR TO GLOBALISATION Martin Rudner OCCASIONAL PAPER No 22 – 2000 CANADA’S COMMUNICATION SECURITY ESTABLISHMENT: FROM COLD WAR TO GLOBALISATION Martin Rudner OCCASIONAL PAPER No 22 – 2000 The Norman Paterson School of International Affairs Carleton University 1125 Colonel By Drive Ottawa, Ontario K1S 5B6 Telephone: 613-520-6655 Fax: 613-520-2889 www.carleton.ca/npsia This series is published by the Centre for Security and Defence Studies at the School and supported by a grant from the Security Defence Forum of the Department of National Defence. The views expressed in this paper do not necessarily represent the views of the School or the Department of National Defence. TABLE OF CONTENTS Abstract ii Abbreviations iv INTRODUCTION 1 THE BEGINNINGS OF CANADIAN SIGINT 2 CANADA’S SIGINT COLLECTION EFFORT 6 COLD WAR SIGINT OPERATIONS 8 CANADA AND THE UKUSA AGREEMENT 11 SATELLITE COMMUNICATIONS AND ECHELON 13 SIGINT TECHNOLOGY ACCESS AND SHARING 16 CANADA’S POST-COLD WAR SIGINT AGENDA 18 THE ECONOMIC INTELLIGENCE CONUNDRUM 22 FUTURE CHALLENGES 25 Notes 34 About the Author 41 LIST OF OCCASIONAL PAPERS 42 i ABSTRACT The Communications Security Establishment (CSE) is Canada’s largest, best funded and most highly secretive intelligence agency, and is the main provider of foreign intelligence to the Canadian government. CSE collects, analyses and reports on signals intelligence (SIGINT) derived from interceptions of foreign electronic communications, radio, radar, telemetry, and other electromagnetic emissions. In fulfilment of its foreign intelligence function, CSE collaborates closely in a special SIGINT sharing arrangement with the United States, United Kingdom, Australia and New Zealand known as UKUSA.
    [Show full text]
  • Harris Sierra II, Programmable Cryptographic
    TYPE 1 PROGRAMMABLE ENCRYPTION Harris Sierra™ II Programmable Cryptographic ASIC KEY BENEFITS When embedded in radios and other voice and data communications equipment, > Legacy algorithm support the Harris Sierra II Programmable Cryptographic ASIC encrypts classified > Low power consumption information prior to transmission and storage. NSA-certified, it is the foundation > JTRS compliant for the Harris Sierra II family of products—which includes two package options for the ASIC and supporting software. > Compliant with NSA’s Crypto Modernization Program The Sierra II ASIC offers a broad range of functionality, with data rates greater than 300 Mbps, > Compact form factor legacy algorithm support, advanced programmability and low power consumption. Its software programmability provides a low-cost migration path for future upgrades to embedded communications equipment—without the logistics and cost burden normally associated with upgrading hardware. Plus, it’s totally compliant with all Joint Tactical Radio System (JTRS) and Crypto Modernization Program requirements. The Sierra II ASIC’s small size, low power requirements, and high data rates make it an ideal choice for battery-powered applications, including military radios, wireless LANs, remote sensors, guided munitions, UAVs and any other devices that require a low-power, programmable solution for encryption. Specifications for: Harris SIERRA II™ Programmable Cryptographic ASIC GENERAL BATON/MEDLEY SAVILLE/PADSTONE KEESEE/CRAYON/WALBURN Type 1 – Cryptographic GOODSPEED Algorithms* ACCORDION FIREFLY/Enhanced FIREFLY JOSEKI Decrypt High Assurance AES DES, Triple DES Type 3 – Cryptographic AES Algorithms* Digital Signature Standard (DSS) Secure Hash Algorithm (SHA) Type 4 – Cryptographic CITADEL® Algorithms* SARK/PARK (KY-57, KYV-5 and KG-84A/C OTAR) DS-101 and DS-102 Key Fill Key Management SINCGARS Mode 2/3 Fill Benign Key/Benign Fill *Other algorithms can be added later.
    [Show full text]
  • KY-58 (Vinson)
    KY-58 (Vinson) The KY-57/58 is a member of the VINSON family. The VINSON family consists of wideband secure voice (WBSV) units developed by the National Security Agency to provide line of sight half-duplex voice and data encryption at 16 Kbps. The KY-57/58 provides security for AM/FM, VHF, UHF, half-duplex PTT combat net radios and tactical wireline systems when used with the HYX-57. Also used by non-tactical users for high-level communications in the local wideband telephone networks and wideband satellite terminals. The KY-57 is the manpack/vehicular model and the KY-58 is the airborne/shipborne version. The KY-57/58 is certified to pass data up to TOP SECRET and accepts key from the family of Common Fill Devices and also incorporates remote keying. KY-57/58 production was completed in 1993. No further production is planned. KY-58 photo by Tim Tyler Tim Tyler comments."The photo above depicts the KY-58 unit inside a USCG HH-65C 'Dolphin' helicopter taken in September 2008. It is currently configured just for use on their 225-400MHz aircraft band radio. Supposedly, they're in the process of upgrading the HH-65 helos into an MH-65 (Special Ops capable) configuration which will have APCO P-25 compliant radios (with AES crypto, for talking to other DHS agencies) as well as ANDVT / KY-100 type crypto for communicating with the military-side of USCG ops". The photo above depicts a KY-58 RCU installation in an A-10 attack aircraft.
    [Show full text]
  • A History of U.S. Communications Security (U)
    A HISTORY OF U.S. COMMUNICATIONS SECURITY (U) THE DAVID G. BOAK LECTURES VOLUME II NATIONAL SECURITY AGENCY FORT GEORGE G. MEADE, MARYLAND 20755 The information contained in this publication will not be disclosed to foreign nationals or their representatives without express approval of the DIRECTOR, NATIONAL SECURITY AGENCY. Approval shall refer specifically to this publication or to specific information contained herein. JULY 1981 CLASSIFIED BY NSA/CSSM 123-2 REVIEW ON 1 JULY 2001 NOT RELEASABLE TO FOREI6N NATIONALS SECRET HA~mLE YIA COMINT CIIA~HJELS O~JLY ORIGINAL (Reverse Blank) ---------- • UNCLASSIFIED • TABLE OF CONTENTS SUBJECT PAGE NO INTRODUCTION _______ - ____ - __ -- ___ -- __ -- ___ -- __ -- ___ -- __ -- __ --- __ - - _ _ _ _ _ _ _ _ _ _ _ _ iii • POSTSCRIPT ON SURPRISE _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I OPSEC--------------------------------------------------------------------------- 3 ORGANIZATIONAL DYNAMICS ___ -------- --- ___ ---- _______________ ---- _ --- _ ----- _ 7 THREAT IN ASCENDANCY _________________________________ - ___ - - _ -- - _ _ _ _ _ _ _ _ _ _ _ _ 9 • LPI _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I I SARK-SOME CAUTIONARY HISTORY __ --- _____________ ---- ________ --- ____ ----- _ _ 13 THE CRYPTO-IGNITION KEY __________ --- __ -- _________ - ---- ___ -- ___ - ____ - __ -- _ _ _ 15 • PCSM _ _ _ _ _ _ _ _ _ _ _ _ _ _
    [Show full text]
  • Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations
    Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations Markus G. Kuhn? and Ross J. Anderson University of Cambridge, Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, United Kingdom {mgk25,rja14}@cl.cam.ac.uk Abstract. It is well known that eavesdroppers can reconstruct video screen content from radio frequency emanations. We discuss techniques that enable the software on a computer to control the electromagnetic radiation it transmits. This can be used for both attack and defence. To attack a system, malicious code can encode stolen information in the machine’s RF emissions and optimise them for some combination of reception range, receiver cost and covertness. To defend a system, a trusted screen driver can display sensitive information using fonts which minimise the energy of these emissions. There is also an interesting po- tential application to software copyright protection. 1 Introduction It has been known to military organizations since at least the early 1960s that computers generate electromagnetic radiation which not only interferes with ra- dio reception, but also leaks information about the data being processed. Known as compromising emanations or Tempest radiation, a code word for a U.S. gov- ernment programme aimed at attacking the problem, the electromagnetic broad- cast of data has been a significant concern in sensitive computer applications. In his book ‘Spycatcher’ [1], former MI5 scientist Peter Wright recounts the origin of Tempest attacks on cipher machines. In 1960, Britain was negotiating to join the European Economic Community, and the Prime Minister was worried that French president De Gaulle would block Britain’s entry.
    [Show full text]
  • The National Geospatial-Intelligence Agency (NGA) Is a Department of Defense Combat-Support Agency and a Member of the Intelligence Community (IC)
    Approved for public release, 19-380 MESSAGE FROM THE INSPECTOR GENERAL I am pleased to present this National Geospatial-Intelligence Agency (NGA) Office of Inspector General (OIG) report summarizing our work for the reporting period ending 31 March 2018. OIG conducted audit and inspection oversight, produced recommendations for improvements in a wide variety of agency programs , and pursued allegations of fraud, waste, and abuse. Working closely with the NGA directorates and offices, we closed 38 of 127 (30 percent) audit and inspection recommendations during this period. Under the Inspector General Empowerment Act of 2016, we will continue to expand our collection of metrics (see appendix A, page 22) resulting from our recommendations to the Agency. The Audit Division examined the NGA's oversight of the acquisition of a consolidated production environment. The division identified $46 million in questioned costs and $104.5 million in funds put to better use. The auditors made recommendations to improve compliance with laws and regulations related to contract and program requirements, and to enhance controls over acquisition strategy, development of program requirements, and contract oversight. The government auditors provided oversight of the independent auditors' work on the NGA financial statement audits and the annual evaluation of the NGA Information Security Program. The Inspections Division reviewed NGA's approach to capture, store, standardize, and serve GEOINT observations and determined that NGA did not adequately plan and establish sufficient governance for the program. The inspectors identified $26.6 million in questioned costs and offered recommendations to improve program implementation, focusing on oversight requirements; agency plans, goals, and milestones; and customer requirements.
    [Show full text]
  • AR 380-40 Safeguarding and Controlling Communications
    FOR OFFICIAL USE ONLY Army Regulation 380–40 Security Safeguarding and Controlling Communications Security Material Distribution Restriction Statement. This publication contains technical or operational information that is for official Government use only. Distribution is limited to Government agencies or their contractors. Requests from outside the Government for release of this publication under the Freedom of Information Act will be referred to the Commanding General, U.S. Army Intelligence and Security Command, (IACSF–FI), Fort George G. Meade, MD 20755–5995. Requests from outside of the Government for release of this publication under the Foreign Military Sales program must be made to the Deputy Chief of Staff, G–2 (DAMI–CDS), 1000 Army Pentagon, Washington, DC 20310–1000. Destruction Notice. Destroy by any method that will prevent disclosure of contents or reconstruction of the document. Rapid Action Revision (RAR) Issue Date: 24 April 2013 Headquarters Department of the Army Washington, DC 9 July 2012 FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY SUMMARY of CHANGE AR 380–40 Safeguarding and Controlling Communications Security Material This rapid action revision, dated 24 April 2013- o Updates responsibilities for Commanding General, U.S. Army Intelligence and Security Command; Commanders, Army commands, Army service component commands, and direct reporting units; command security officers; commanders at all levels; and individual users (paras 1-8, 1-11, 1-12, 1-13, and 1-16). o Provides expanded policy and guidance for administering the Counterintelligence Scope Polygraph Program in support of the Department of the Army Cryptographic Access Program (chap 7). o Requires use of the U.S.
    [Show full text]
  • Cryptologic Quarterly, 2019-01
    Cryptologic Quarterly NSA’s Friedman Conference Center PLUS: Vint Hill Farms Station • STONEHOUSE of East Africa The Evolution of Signals Security • Mysteries of Linguistics 2019-01 • Vol. 38 Center for Cryptologic History Cryptologic Quarterly Contacts. Please feel free to address questions or comments to Editor, CQ, at [email protected]. Disclaimer. All opinions expressed in Cryptologic PUBLISHER: Center for Cryptologic History Quarterly are those of the authors. Th ey do not neces- CHIEF: John A. Tokar sarily refl ect the offi cial views of the National Security EXECUTIVE EDITOR: Pamela F. Murray Agency/Central Security Service. MANAGING EDITOR: Laura Redcay Copies of Cryptologic Quarterly can be obtained by ASSOCIATE EDITOR: Jennie Reinhardt sending an email to [email protected]. Editorial Policy. Cryptologic Quarterly is the pro- fessional journal for the National Security Agency/ Central Security Service. Its mission is to advance knowledge of all aspects of cryptology by serving as a forum for issues related to cryptologic theory, doc- trine, operations, management, and history. Th e pri- mary audience for Cryptologic Quarterly is NSA/CSS professionals, but CQ is also distributed to personnel in other United States intelligence organizations as well as cleared personnel in other federal agencies and departments. Cryptologic Quarterly is published by the Center for Cryptologic History, NSA/CSS. Th e publication is de- signed as a working aid and is not subject to receipt, control, or accountability. Cover: “Father of American cryptology” William Friedman’s retirement ceremony in the Arlington Hall Post Theater, Arlington, VA, 1955. Lieutenant General Ralph Canine is at left, Solomon Kullback is seated left, Friedman is second from right, and Director of Central Intelligence Allen Dulles is at far right.
    [Show full text]