Thursday, November 26, 2015

U.S. COMSEC History - Additional Releases

The National Security Agency (NSA) just published an update of the 2007 release of the David Boad lectures on communications security (see my old post). Many blank pages of the old version are now unredacted and show newly released information on various crypto systems, such as the TSEC/KL-7, KW-7, KW-26, KW-37 and one-time pad systems.

After the 2011 FOIA releases of the KL-7 operating instructions, I'm happy to see another bit of information on that pretty crypto machine ooze out of Fort Meade. More on the KL-7 at my website (including an accurate simulation). Of course there's much more to discover in the wonderful David Boak lectures.

The new almost unredacted version:

Friday, November 06, 2015

The Able Archer 1983 Source Book - Finally!

The Cold War was (and actually still is) often far from cold in many Asian, African, Middle Eastern and South American countries. At times, we were much closer to a nuclear war than many ever realised. Two events, however, really stand out if it comes to getting truly at the brink of Armageddon.

The first one was the Cuban missile crisis, caused by the Soviet preparations for installing nuclear missiles at a stone's throw from the United States. The second, lesser known crisis was the Soviet reaction to, or rather perception of, NATO exercise Able Archer. The purpose of Able Archer was to test NATO command level communications and the readiness of nuclear armament in Western Europe, with the exercise scenario ending in a fictitious DEFCON 1 alert. The Soviets believed this exercises to be a cover for an actual nuclear attack by NATO against the Soviet Block.

Today, the National Security Archive released over a thousand declassified pages with details on how the Soviets perceived Able Archer and how the exercise lead them to the idea that the Western Allies were about to launch an all-out war against them. The sources include KGB papers, reports from East Germany's STASI, various Warsaw Pact countries and Western intelligence services. They are a real treasure trove that gives you a front seat in the decision making process and the reactions of the various countries involved. More importantly, these documents finally end the speculations about how scary the 1983 War Scare actually was.

All documents are available at the Able Archer Source Book web page. Before submerging in this fascinating Cold War event, you might first want to read the short recap 1983 - The Brink Of Apocalypse that I wrote some years ago, just to get you in the picture, because exercise Able Archer was only the grand final of various events that culminated into tense nerves at the Kremlin.

The documentation of this 1983 War Scare for the National Security Archive was in large part Nate Jones' project. As FOIA coordinator, he succeeded in getting all these wonderful documents declassified and released. In the video below, Nate explains how the Able Archer Source Book was compiled.

I can highly recommend a visit to the Able Archer Source Book pages, the newest addition at the National Security Archive's Nuclear Vault!

Tuesday, April 07, 2015

Operation Tinker Bell - KGB On The Run Anniversary

I usually write about the real stuff, but I do enjoy creating a fun challenge once in a while. Exactly two years ago I published Operation Tinker Bell, a spy adventure about the hunt for a KGB defector, set at the height of the Cold War. Meanwhile, many participants have already taken up the challenge to unveil the secret behind the KGB defector and it continues to amaze me how many people are attracted to the combination of espionage & cryptology.

Although the story itself is fictional (or maybe not ;-) I took care to make it as realistic as possible, using actual modus operandi of intelligence organisations and their tricks of the trade. Accurate details about organisations, locations and historical facts are woven into the story, submerging the participant in a true Cold War espionage atmosphere. In contrast to my previous challenges, you don't need any cryptologic skills to crack messages. All required keys and tools are provided.

You love spy stories, liked watching The Americans or got fascinated by the news paper reports about ten Russian sleepers, caught by the FBI? Then rush to Operation Tinker Bell, visit the briefing, start the hunt and earn your stripes in the field!

Our friend here is on the run for two years now. Can you solve the case?

Tuesday, February 10, 2015

BAPCO 's Use of One Time Pads During WWII

Mounted camel guard at the refinery.
Source: BAPCO
The Bahrain Petroleum Company (BAPCO) was a Canadian subsidiary, founded in 1929 by the American Standard Oil of California (Socal) to run its operations at the Awali oil fields on Bahrain Island at the inlet of the Persian Gulf. BAPCO was one of the companies that became a possible target of Axis forces when Britain declared war on Germany. In 1940, the Bahrain oil refinery was targeted by Italian bombers, forcing the Allies to strengthen Bahrain's defense. Bahrain, in 1943 still a British Protectorate, decided to implement a censorship on messages that were sent over commercial cable and wireless, to prevent disclosure of information that might be useful to the enemy.

This censorship, however, greatly restricted the communications and operations of BAPCO. The majority of their messages contained information about oil production, shipping, personnel and food supply. Those messages fell into three main categories: a) cables that could be sent in plain text without objection, b) security cables that contained information that, in conjunction with other information, might indirectly be useful to the enemy, and c) secret cables that would be of direct use to the enemy if intercepted, such as ship movements, especially oil tankers.

On April 4, 1943, Ward P. Anderson, the general manager and chief local representative of BAPCO, asked E. B. Wakefield, the British Political Agent in Bahrain, permission to encrypted their cables between the local branch and their New York office. This would allow them to send security related cables, at the same time respecting Bahrain's censorship. Anderson proposed a secret company code, superimposed (enciphered a second time) with a transposition cipher for added security.

The Political Resident of the Persian Gulf in Camp Bahrain forwarded the request on April 8 to the Secretary of State for India in London, who approved the use of a secret code, provided that censorship received a plain text version of all messages, sent in that code, BAPCO should continue to send messages through the Navy if they contained vital information that would be of direct use to the enemy, and messages regarding political matters were to be sent through the Political Agent. After consulting the New York office, Ward Anderson agreed to these conditions.

P.A.I.C. in Baghdad asked whether the code had already been vetted for security. As this was not the case, the British Political Resident forwarded the request to SNOPG (Senior Naval Officer in the Persian Gulf) in Basra but they had no officer qualified to vet the code. Therefore, PAIFORCE suggested to vet the code.

The new code, proposed by the California Texas Oil Company, arrived from New York on October 24, and Bahrain forwarded the code on November 10 by courier for examination to the Cipher Security Officer of P.A.I.C. in Baghdad. After reviewing the code, the Security Officer responded that the code offered little resistance against cryptanalysis and provided no security whatsoever.

Note: P.A.I.C. (Persia and Iraq Command) in Baghdad was the headquarters of PAIFORCE (Persia and Iraq Force), the British and Commonwealth military formation in the Middle East from 1942 to 1943.

Surprised by this answer, Ward Anderson explained that the code was allocated by the U.S. Navy Department and considered the most secure known, used for the most secret messages. He clarified that "each page of the pad of sheets is used only once and destroyed after use". He continues, "In fact, the code changes with each succeeding letter of the message. When the pad is exhausted, a new set of pads is produced".

To Anderson, it seemed unlikely that British military authorities would be unfamiliar with the proper use of this type of code, so he asked to verify whether the code was indeed insecure, adding that U.S. authorities would be most interested if the British claims proved correct.

This was probably his polite way to hint the Political Agency and the PAIFORCE Security Officer that they were going to embarrass themselves. To their defense, it might be possible that the code was not accompanied with the complete and proper coding instructions, thus failing to show that the code was for one-time use.

Soon after, the Secretary of State for India in London informed the Political Resident in Bushire, Iran, that the U.S. Chief of Cable Censorship urgently requested permission to use the code, adding that it was a one-time pad, similar to the one used by the Ministry of War Transport in London. P.A.I.C. also received note of this. Apparently, someone pulled some strings.

Subsequently, the Political Resident confirmed to its agency in Bahrain that the code was indeed a one time pad from the U.S. Navy Department. Eventually, the agent informed the BAPCO representative that objection to the code had been withdrawn and that "the one time pad can be used on the understanding that the pad is not worked through more than once".

BAPCO started using the one-time pads as of January 15, 1944, more than eight months after their initial request. Yes, even during wartime, bureaucrats persist. Of course, we have to take in account that transportation and communication means in 1943 were quite different from today, and codes were always transferred safe-hand by courier.

Once the war had ended, BAPCO requested on August 22, 1945 permission from Bahrain to commence the use of the company's own cable code again, as used before the outbreak of hostilities in 1939.

Below one of the BAPCO coded messages from Bahrain to New York, with plain version included, submitted to Censorship as agreed with British authorities.

These archived conversations are a rare example of a commercial firm using the unbreakable one-time pad in the early 1940s. At that time, the use of such strong encryption was generally limited to governments, their military, intelligence agencies and diplomacy. BAPCO's use of one-time pads, allocated to them by the U.S. Navy Department, is a nice example of how government and commercial firms teamed up to ensure the highest level of communications security for those companies that were somehow important to the war effort.

All letters and cables regarding this request for using one-time pads are found in the British Library: India Office Records and Private Papers as File 10/5 BAPCO CODES, reference IOR/R/15/2/423. More examples of coded messages and their plain text version, submitted to censorship, are found in File 10/23 Code Messages - BAPCO, reference IOR/R/15/2/450. These records are archived in the Qatar Digital Library. More on the 1940 bombing raid on Bahrain in the Qatar Library, and an account of the attack on the BAPCO refirey is available at the Saudi Aramco website.

These documents are also unique as a reference, because the use of one-time pads is hardly mentioned in official documents from that era (for obvious security reasons) and they are, as far as I know, the earliest I came across. They confirm the use of one-time letter pads  by Political Residents of the British Imperial Civil Administration, the British Army, the Ministry of War Transport in London and the U.S. Navy, at least as early as 1943. Both British and U.S. authorities were quite familiar with the system and surprisingly even shared it with commercial firms. The archives also show that British Residents in the Middle East regularly received sets of two-way one-time pads.

More historical and technical information about one-time pad is available at my Cipher Machines and Cryptology website.

The Bahrain Petroleum Company (BAPCO), one of the oldest oil companies in the Middle East, was established in 1929 by Standard Oil Company of California. In 1930, BAPCO obtained the only oil concession in Bahrain. In 1936 they discovered the Awali oil field and opened a refinery with a capacity of 10,000 barrels per day. That same year, Standard Oil Company of California signed an agreement with Texaco, creating the joint venture California Texas Oil Company (Caltex). These companies are now known as Chevron and Texaco. The Bahrain government took over all BAPCO shares in 1980 and acquired full ownership in 1997.

Wednesday, December 24, 2014

Cold War Nuclear Weapons Safety

The National Security Archive just released a documentary about the safety systems on nuclear weapons during the Cold War and beyond. At the beginning of the Cold War it became obvious that conventional forces would not be able to repel a Soviet attack in Western Europe. Nuclear deterrent, the capability to retaliate with massive nuclear power, became a primary tool of NATO to prevent war in Europe.

With so many U.S. nuclear weapons in the custody of both U.S. military and NATO partners across Europe, they had to find solutions to prevent unauthorised use or accidents. The concept called Always/Never: for an effective deterrent, you need nuclear weapons that are Always ready for use, but at the same time you need assurance that these weapons will Never be used unauthorised or accidentally.

Early Electromechanical PAL
The solution was the Permissive Action Link or PAL, a device inside the weapon that isolated the electronics from the detonation charge that triggers the nuclear reaction. The early PAL was a small electric motor attached to a combination lock, which in turn engaged the arming switch. The operator had to attach a control box by a cable to the weapon and enter the proper code to arm the weapon. Nowadays, they use encrypted detonation parameters, requiring the proper decryption codes to arm the warhead.

This not only prevented accidental detonation, but also shifted both decision and authority over each nuclear weapon from the military operator or commander to the U.S. President, who is the only person with the PAL codes and consequently the sole person who can initiate a nuclear war. Since then, the U.S. president is always accompanied by his military aid who carries the codes in the so-call Nuclear Football.

The system was not created overnight. It took years to develop the proper technology and procedures, but in the end it presented a major improvement of nuclear safety. The documentary Always Never, released by the Sandia National Laboratories, tells the story of the evolution of safe control over nuclear weapons. More information is found at the the Archive's Nuclear Vault.  Extensive information on Permissive Action Links is also available on Steven Bellovin's Columbia page and some photos of PALs are linked at Light Blue Touchpaper.