Wednesday, February 25, 2009

US COMSEC History

The National Security Agency (NSA) recently released a 1973/1981 Lecture by David Boak under the Freedom of Information Act (FOIA). The document, titled A History of U.S. Communications Security, was released last December, but I only recently had the time to read the 158 page document thoroughly.

Volume I starts with the history of COMSEC and how awareness and research evolved into practical concepts and regulations. Also, the development and characteristics of some important cipher systems are described (p54). Another chapter describes the problems they faced in the field of TEMPEST and hostile Signal Intelligence (p85), with examples of how difficult it is to suppress unwanted signals, emitted by all kinds of communications devices.

Volume II (p95) includes Operations Security (OPSEC), the problems with Remote Keying, Programmable COMSEC Modules (PCSM), the issue of public use of cryptography (p127), the use of cryptography on general purpose computers and the lack of security knowledge by the public (p135). There's also a chapter on the use of the Nestor voice encryption system in Vietnam. Emergency destruction of equipment is another complex issue. Examples of how things can go wrong are the USS Pueblo incident and the 1979 takeover of the US embassy in Iran (p147). Finally, there's a chapter on Murphy's Law (p155), with some hilarious actual examples in the field of COMSEC.

Although some 30 years old, the lecture is even today pretty up-to-date. In particular, the public use of cryptography is still an issue of discussion, with NSA trying to protect the nations security and SIGINT capabilities, against the public, demanding its privacy. Also, the security problems that are related to the use of crypto applications on computers still aren't solved and, to be honest, I don't believe the Tempest and SIGINT problems of commercial PC's will ever be solved. The modern PC is just a very very bad concept. David Boak already in 1973 recognized the inevitable insecurity (read: leak as hell) of today's computer. I remember an NSA official saying "in 99 percent of the cases we don't have to break anything, we simply retrieve the plain version". I'm still waiting on the first secure PC. And yes, MAC users, you're just as leak, only less targeted. Keep on dreaming.

There are quite a few blanked pages, but still plenty of information available to discover. You can directly read the A History of U.S. Communications Security Volume I and Volume II or go to governmentattic.org and discover more documents that are released under the Freedom of Information Act (FOIA).

Update 23 Nov 2015: NSA release another version of the David Boak lectures which are less redacted and contains much more information about various crypto systems. Dowload via Governmentattic.org:
A History of U.S. Communications Security (Volumes I and II)


No comments: