On Distributed Communications Series
IX. Security, Secrecy, and Tamper-Free Considerations
II. The Paradox of the Secrecy About Secrecy
The Assumption of A Clear Dichotomy Between Classified and Unclassified Subject Matter
Present-day security laws divide all military information into two non-intersecting categories: information is either classified, or it is not. If it is, we go to great extremes and much expense to keep it secret, while relatively little, if any, attempt is made to protect "unclas-sified" information from untoward disclosure. If, by an almost metaphysical process, a subject is deemed to be slightly to the non-applicable side of a fuzzy classification line, it is often made freely available to all.
It is interesting to note that private 11proprietary11 trade secrets are often better kept than are secrets affecting national security (if the time between first disclosure and open publication "leak" is used as a measure). Yet, the weight of stringent penalties (not to mention the pressures of patriotism) exists to protect government secrets. Furthermore, most companies allow their civilian secrets to be locked in thin wooden desk drawers, to be discussed with people whose backgrounds haven't been investigated, and even to be discussed over the civilian telephone networks. Perhaps the difficulty in preserving military secrets is caused, at least in part, by the high price and inflexibility of present-day cryptographic equipment, combined with the imposition of rules that in fact hamper expeditious handling of military communications.
Cost and Result of Present-Day Cryptographic Equipment
Present-day communications cryptographic equipment is very expensive; as a result, it is not economically feasible to provide all the cryptographically-secure channels which might be otherwise considered necessary. For example, it has been said that the cost of providing cryptographic security on every communication link carrying sensitive military traffic could exceed the total expenditure for the entire remainder of the system. Thus, our present, and not very satisfactory, response to this dilemma is to force large volumes of "unclassified" military traffic to be sent out over the communications networks in the clear, accessible to all.
The writer has heard military communicators comment that the higher the rank of an officer using.:an unclassified communication circuit, the greater the probability that highly classified information will be discussed in the clear. Further, the greater the military tension, the higher the probability. Again, the reasons appear quite valid and overriding--particularly in military crises (and in more remote countries) the commander is so grateful to have any communications resource, that he does not demand (and indeed, given the situation, such demand would probably be unreasonable) the non-crisis-period luxury of voice cryptography.
In present-day communication networks, a circuit carrying information between two stations is usually routed over the same links day in and day out. It is only slightly more difficult to eavesdrop on networks containing switching nodes, inasmuch as the number of alternate paths is highly proscribed. It appears to be a relatively easy task to predict which links will convey traffic between any given station and any end destination.
On Secrecy of Secrecy
Discussions of the problems of security and secrecy with regard to military electronics equipment are more often found only in highly classified documents. It should be noted that this Memorandum has been purposely written to be unclassified, for we feel that unless we can freely describe the detailed workings of a proposed military communications system in the open literature, the system hasn't successfully come to grips with the security problem. No violation of security can occur with this procedure because the only background information used is that found in the unclassified literature, including patents, hardware development progress reports, advertisements, newspaper and journal articles, etc. Therefore we assume we have available to us less information concerning U. S. communications security procedures than does our enemy counterpart, giving us freedom to talk without fear of saying anything not Qtherwise obvious. Further, this material was prepared without our holding a cryptographic clearance (which we do not want, in any case) and, therefore, without access to information thereby restricted. If we had such a clearance, we would be so constrained as to be unable to discuss this subject without fear of loss of the clearance.
Without the freedom to expose the system proposal to widespread scrutiny' by clever minds of diverse interests, is to increase the risk that significant points of potential weakness have been overlooked. A frank and open discussion here is to our advantage.
The overall problem here is highly reminiscent of the atomic energy discussions in the 1945-55 era--only those who were not cleared were able to talk about "classified" atomic weapons. This caused security officers to become highly discomfitured~by the ease with which unclassified clues were being combined to deduce highly accurate versions of material residing in the classified domain. This points up a commonly recurring difference of opinion (or philosophy) between the security officer and the technically trained observer. The more technical training an individual possesses, the less confidence he seems to have of the actual value of secrecy in protecting the spread of new developments in a ripe technology. True security does not always equate to blanket unthinking secrecy. While the security value of effective secrecy can be high, we must be realistic and acknowledge the constraints of living in a free society where effective secrecy in peacetime is almost impossible. Avoiding a touchy subject by falling back on edicts rather than rationality may automatically insure the continued existence of the touchy subject.
Secrecy of Cryptographic Design
If the distributed network described in this series is to be built, many people must become involved in its design, manufacture, maintenance, and operation. It would be foolhardy to think that we can actually withhold the hardware details from our enemies. The network would be essentially worthless unless it were so designed that its operations could be discussed openly without resorting to the make-believe game of security in which we all agree to avoid talking about weaknesses--even if these weaknesses are obvious to all. Secrecy of cryptographic design can be self-defeating if it is maintained by blanket edicts in lieu of judicious restraint. The more bright people we can get to review this system now- -particularly computer trained individuals--the less trouble we need expect in the future.
The Assumption of Almost-Infinite Effort in Code-Breaking
Part of the reason that current crypto systems are expensive is found in the requirement that they totally survive the efforts of a determined enemy, applying all his energies to break the code. The thought occurs that the money now being spent to insure a high degree of security in cryptographic devices might be better spent buying many more lower-quality cryptographic devices.
If it were not for the almost unyielding requirement for absolute security, we would be able to consider using many low-cost cryptographic schemes providing capability for handling all traffic. While these lower-protection-rate ciphers might yield to a determined enemy, extreme cipher-breaking activity could be made to extract such a high price, that in the long run, a lesser volume of really secret data would be lost. Such less-powerful crypto devices could help reduce the burden of the human classification decision and would speed communications.
Part of the delay in today's hard-copy communications system is the time spent in deciding whether text should be classified or not. Anything that reduces this inordinately heavy burden of deciding whether something is or is not classified, makes the goal of having all military traffic encrypted a highly desirable one in itself.
The proposed network is a universal high-secrecy system, made up of a hierarchy of less-secure sub-systems. It is proposed that the network intentionally treat all inputs as if they are classified, in order to raise the intercept price to the enemy to a value so high that interception would not be worth his effort. Of course, that extra layer of conventional cryptography would be maintained for use in those extremely sensitive cases where the proposed approach might seem risky.
Thus, fullest advantage is taken of the mechanism within the proposed system that takes a channel or a message and chops it into small pieces (like a fruit salad), transmitting it on as a series of message blocks, each using a different path. Additionally, much unclassified material is purposely transmitted cryptographically, and perhaps even a light dose of obsolete traffic is mixed in. Given a big enough bowl, it becomes very difficult to separate the garbage from the salad.