Tuesday, December 18, 2018

CSE decryption aid

The History page on CSE's website contains a photo of this intriguing device, described as a poly-alphabetic cipher decryption aid made by an analyst in 1974 using cardboard tubing and graph paper.

The page explains that the device was "created to add another facet to an encryption slide rule," although it leaves us guessing as to what exactly that means.

I don't have an answer to that question, but I do have some thoughts about the object's purpose.

1. The device was used to analyze teleprinter traffic.

Teleprinters are electromechanical or electronic devices for transmitting text by cable or radio. Prior to the Internet, teleprinters were the primary means used to transmit government and corporate communications, sometimes in encrypted form, often en clair. In North America, the best-known teleprinters were those produced by the Teletype Corporation, and as a result the name Teletype was often used to refer to all teleprinters.

Close examination of CSE's decryption aid shows characters specific to teleprinter operation, including C/R (carriage return), L/F (line feed), characters to switch the output between alphabetic characters and numbers or symbols, and a bell symbol that is used not to print, but to ring the signal bell on the teleprinter.

2. The target was not Soviet.

The Soviets were big users of teleprinters, and CSE, which focused primarily on Soviet targets during much of the Cold War, collected and processed a lot of Soviet teleprinter traffic. But Soviet traffic it will come as no surprise to anyone to discover was mostly in Russian, and it used the Cyrillic alphabet.

CSE's device utilizes the English alphabet and thus was almost certainly used for traffic in English or other languages with essentially the same alphabet.

3. The device was used to help the analyst add teleprinter characters to one another.

Teleprinter characters are transmitted as a series of impulses of two different frequencies (or, in cable systems, voltages of opposite polarity) called marks and spaces, using in this case five marks or spaces per character. The letters A and B, for example, are typically encoded as mark-mark-space-space-space and mark-space-space-mark-mark, respectively. You can also think of this coding in terms of binary numbers, where A = 11000 and B = 10011.

Additional characters are used to shift between letters and other meanings (numbers/symbols) for each five-element code. The graphic below shows one version of this system (source).

This coding translates the text into a form suitable for machine transmission, but it doesn't provide any security for the message. Any teleprinter machine can interpret it.

To encrypt the text, typically a separate stream of characters equal in length to the original text is added to it, one character at a time.

These key stream characters are added using the equivalent of non-carrying binary addition, which is to say if you add key character B (10011) to plaintext character A (11000) you get 01011, which is the coding for character G. In this example, the enciphered text character that is sent is G.

To get the plaintext message, the intended recipient, who also possesses the key stream, adds it to the enciphered text again. (In non-carrying binary, addition and subtraction are functionally the same thing.) In the example, B (10011) is added to G (01011), producing 11000, which is the original plaintext character A.

CSE's decryption device appears to have been designed to help the analyst add teleprinter characters in this way.

To use it, you slip the cylinder with the multiple alphabets into the cover with the slot, select the first character you wish to combine from the column on the far left of the cylinder, rotate it so the character appears in the slot, find the location of the second character to be combined on the cover (letters below the slot, symbols above), and read off the character inside the slot (i.e., on the cylinder) directly above or below that second character.

To add A and B, for example, you find the letter A in the left-hand column, look two places to the right (corresponding to the letter B on the cover—this would be easier if the device were assembled), and read off the letter in that position (G).

4. The device was probably used for depth reading.

If CSE somehow obtained the key stream for an encrypted teleprinter message, this device would certainly have helped a cryptanalyst asked to manually decrypt it. Except for very short messages, however, it would probably have been simpler to set up the key stream on one teleprinter tape and the enciphered text on another and run them through a Rockex or similar cipher machine, which would automate the decryption process.

The more likely use of this device, I suspect, was to assist the analyst in depth reading.

Sometimes more than one message is encrypted in whole or in part with the same key stream, usually as a result of error, incompetence, or equipment malfunction. When such messages are found, they are said to be in "depth".

In systems like this, if you combine two encrypted messages that are in depth, an interesting thing happens. Since each of the enciphered texts was already a combination of the key stream and a plaintext, when the two enciphered texts are combined the two identical key streams cancel out, and the resulting text is a combination of just the two plaintexts.

For a cryptologic agency, this is a sitting duck. A cryptanalyst can test words that are likely to be found in one of the plaintexts against the combined text to see if a coherent version of the other plaintext emerges. By working back and forth between the two, it is possible to recover both plaintexts, although often with some unrecoverable or ambiguous parts.

In the days before desktop computers, the CSE device would have been very handy for this process, enabling a cryptanalyst to quickly check guessed characters for one plaintext against the combined text to determine the characters that would appear in the other plaintext if the guess were correct.

5. It may have been used on traffic collected at CSE's experimental collection operation in Montreal.

Canadian intercept stations focused overwhelmingly on Soviet targets at this time, but it is possible that some non-Soviet maritime traffic was being collected in the course of monitoring fishing fleets or other shipping off the coasts. Some of that traffic may have been encrypted and potentially been vulnerable to this cryptanalytic approach, although it's not obvious it would have been worth an analyst's time to recover it.

Another, perhaps more likely, possibility is diplomatic traffic to and from embassies in Ottawa. While many countries would certainly have known better than to permit key reuse, it's likely that some had lower standards of security, and accidents and errors do happen.

A third possibility is the traffic was collected at CSE's experimental collection operation at the Canadian Overseas Telecommunication Corporation (COTC) gateway in Montreal. I wrote about that little-known adventure here.

According to CSE, the device was made in 1974, which fits reasonably well with the COTC operation. Monitoring of teleprinter cable traffic was begun at the site on an experimental basis, to assess the value of the traffic that might be collected there, in or around 1971. The test was evidently a success, as CSE later sought funding to put the program into full operation. In mid-1974, however, the entry into force of the Protection of Privacy Act seems to have put the kibosh on the project.

Earlier in 1974, however, there may well have been an analyst working on ways to exploit this new source of traffic who decided it would be handy to have a quicker way to recover the texts of messages in depth.

At least, it seems possible to me.

Saturday, December 15, 2018

National Cyber Threat Assessment 2018 released

The Canadian Centre for Cyber Security released National Cyber Threat Assessment 2018, its first annual unclassified report on cyber threats to Canadian individuals, businesses, and critical infrastructure, on December 6th.

The intent of the assessment is "to ensure that as cyber threat actors pursue new ways to use the Internet and connected devices for malicious purposes, Canadians are well informed of the cyber threats facing our country."

"Key Judgements" reported in the document include:
  • "Cybercrime is the cyber threat most likely to affect Canadians and Canadian businesses in 2019."
  • "Cyber threat actors — of all sophistication levels — will increase the scale of their activities to steal large amounts of personal and commercial data."
  • "Canadians are very likely to encounter malicious online influence activity in 2019. In the coming year, we anticipate state-sponsored cyber threat actors will attempt to advance their national strategic objectives by targeting Canadians’ opinions through malicious online influence activity."
  • "State-sponsored cyber threat actors will continue to conduct cyber espionage against Canadian businesses and critical infrastructure to advance their national strategic objectives."
  • "It is very unlikely that, absent international hostilities, state-sponsored cyber threat actors would intentionally disrupt Canadian critical infrastructure. However, we also assess that as all manners of critical infrastructure providers connect more devices to the Internet, they become increasingly susceptible to less-sophisticated cyber threat actors, such as cybercriminals."
None of these judgements is likely to astound anyone who has been paying a modicum of attention to this stuff, but at least they confirm that Those-In-The-Know and the rest of us are all pretty much on the same page on these questions.

Aside from a few cases cited as examples, the document provides little information about past cybersecurity incidents.

This was deliberate. In a stakeholders teleconference held on the day of the release, CSE officials told me their intent was for the publication to be a "forward-looking" document rather than a report on past events or a source of statistical data. They did acknowledge that this may mean that future reports run the risk of being significantly repetitious. I guess we'll have to see how much the Key Judgements actually change from year to year.

One bit of new information that does seem to have slipped into this edition is that "In 2017, the Communications Security Establishment alerted partners in the United States to an energy sector [industrial control system] cyber compromise" (see p. 25). This compromise was made public earlier this year, but as far as I can tell this is the first time it has been suggested that CSE played a key role in uncovering it. (Please correct me if I've missed something.)

In addition to the assessment, the Centre also released a companion document on December 6th, An Introduction to the Cyber Threat Environment, intended to provide "baseline knowledge about the cyber threat environment, including cyber threat actors and their motivations, sophistication, techniques, tools, and the cyber threat surface".

News coverage:

Elizabeth Thompson, "Cyber crooks increasingly targeting home devices: report," CBC News, 6 December 2018.

Jim Bronskill, "Foreign countries will try to twist Canadian opinion online in 2019, feds warn," Canadian Press, 6 December 2018.

Howard Solomon, "Foreign countries ‘very likely’ to target Canada in election year, says Cyber Centre," IT World Canada, 6 December 2018.

"'Crazy' to expect consumers to guard against smart device hacks: cybersecurity expert," CBC Radio, 7 December 2018.

You can also watch Cyber Centre head Scott Jones's press conference here.

Update 16 December 2018:

The report is also discussed on A Podcast Called Intrepid episode 67, A Christmas Stocking of National Security Reports (15 December 2018).

Update 27 February 2019:

Also A Podcast Called Intrepid episode 77, Who Wants to Get into Your Data? (21 February 2019).