Saturday, January 10, 2015

Mark Haskell WB9UJS On Cryptography


Intelligence can make or break you on the battlefield, as well as in the boardroom. At one time the only option for front line leaders was to gather information, analyze it on the fly, and take their best shot. Over time, as intelligence gathering became more sophisticated, and analysis became more centralized, analysis was often made far from the front lines.  This necessitated that decisions, strategies, and plans be transmitted back to commanders in the field, securely and in a timely fashion.

Over the years there have been many ingenious ways of transmitting information securely, some better than others. One method known as steganography hides the message in plain sight. For example, if Cesar needed to get a message to field commanders he may have had it written on a soldiers belt that had first been wrapped about the standard staff, carried by all high ranking officers. A messenger wearing the belt would then travel to the front lines. On arrival his belt would be removed and re-wrapped around the proper diameter staff, revealing the message. If the belt fell into enemy hands, the inscriptions on it would appear to be nonsense. Not very secure, but better than nothing. As children, most of us experimented with invisible ink of one kind or another. In some cases, the misplacement of commas and periods in an otherwise innocent looking letter has been used to carry a coded message. All are ways of hiding a message in plain sight.

By the time of the Civil War the telegraph was used to convey information from central command to officers in the field. With the Great War came the use of wireless, and along with both, the need for some kind of encryption. Encryption methods vary in complexity from the simple shift codes to variations of the box code. Shift codes are implemented by shifting letters up a given number of characters. Shift-one would have you shift each letter up one character in the alphabet to encode, and down one to decode. Perhaps the most famous example of this, according to some, is the name of the computer in Space Odyssey 2001. Shift the letters for HAL up one letter to see what I mean. Box codes are arrays of letters, often five rows of five letters each. Messages are spelled out by giving the row and column of the letters in the box that form the message.

There is a downside to box and shift codes. Any one who has studied Morse code knows that some letters are used more than others. This is the reason the most used letter in the English language, e, is a single dot. The next most used letter is t, a single dash. More popular are the i’s and m’s followed by the s’s and o’s. Given this information, you can see how someone could decode a message using something like the shift or box codes, by replacing the most frequently occurring letter with an e, next most with a t, etc.

A more secure method might be something as simple as a copy of a novel that everyone who needs to code or decode messages has in their possession. This was the basis for the plot of the film “ Three Days of the Condor.” To send a message, randomly pick a page, that contains the first letter and code it with the page number, line number, and the number of characters from the beginning of the line.  Repeat for each letter in the message. Only those who know the procedure, and have a copy of the same edition of the novel will be able to decode the message. With this type of encryption, character frequency is not going to be of much help. Mechanical devices have been devised to do something similar. The famous Enigma machine is one example of this. Similar to a typewriter it could be made to scramble letters of a message, in random fashion, and more importantly, could be rewired on a regular basis to be extra sure that letter patterns were not detectable.

Codebooks and machines have the disadvantage that they may fall into the wrong hands. One way around this is a technique used in PGP, which stands for pretty good privacy. Here two keys are needed to unlock a message. One is public, the other private. This eliminates the need for everyone to have the same codebook. If it becomes known that one persons private code has been jeopardized, one simply needs to not send that person any information you would rather not fall into the wrong hands. The private key is only good for decoding messages sent to its holder.

In many instances it is not necessary to know the content of the message to gain intelligence. For example, if it is observed that several stations are all reporting to one station, it is a good bet that the station reported to is headquarters, and by using triangulation it is possible to locate it as well as all reporting to it. 

The evolution of encryption and intelligence gathering techniques continues to grow with new technologies, and ever improving methods of data collection and analysis, conducted by large government organizations like the NSA.