Cryptography and Cryptanalysis – Military Applications From the Cold War Through Today
Join our motivated more-or-less informed amateurs Hugo Tarrida and John Salomon for the latest in our State of (Cyber)War series, part of CyAN’s Secure in Mind video and podcast network. This is part two of a two-part series; part I discusses military crypto applications and techniques through the end of WWII.
Notes and Links:
As always, we haven’t read all of these in their entirety, and the Wikipedia links are provided as-is, and only meant as a starting point for someone interested in more than just casual information.
02:43 Despite a limited number of decryption based on a poor Soviet implementation of one-time pads created in 1941 (duplicate keys), the US gained significant intelligence in the 1940: https://en.wikipedia.org/wiki/Venona_project
For a hands-on example of what the ciphers involved actually looked like: https://www.smithsonianmag.com/history/how-cipher-like-soviet-180970032/
03:38 https://nsa.gov
04:00 https://en.wikipedia.org/wiki/One-time_pad
04:27 https://en.wikipedia.org/wiki/Moscow%E2%80%93Washington_hotline
05:44 https://en.wikipedia.org/wiki/KW-26
06:20 https://www.cia.gov/legacy/museum/exhibit/the-berlin-tunnel/
06:51 For an example of techniques used by the USSR for telecommunications encryption, here’s an article on the Soviet “Fialka” (violet) machine in use in the 1950s-1970s – https://www.washingtoninstitute.org/policy-analysis/soviets-unbreakable-code
07:19 https://en.wikipedia.org/wiki/USS_Pueblo_(AGER-2)
07:26 Cryptologic/Cryptographic Damage Assessment USS Pueblo – https://www.nsa.gov/portals/75/documents/news-features/declassified-documents/uss-pueblo/damage-assessments/Cryptologic-Cryptographic_Damage_Assessment.pdf (PDF)
07:55 Crypto AG – https://en.wikipedia.org/wiki/Crypto_AG – also, https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/
08:51 Oddly, the Swiss parliamentary commission only ended up formally looking into this case in 2020, and came up with some pretty pusillanimous conclusions. German language article: https://www.nzz.ch/schweiz/crypto-affaere-das-parlament-beginnt-eine-eigene-untersuchung-ld.1540399
09:17 Maskirovka: “deception”
09:25 Aka “The Thing”: https://en.wikipedia.org/wiki/The_Thing_(listening_device)
Also, let’s not forget the infamous US embassy in Moscow that was discovered to be so riddled with listening devices in its very structure that it took 27 years to complete: https://www.airandspaceforces.com/PDF/MagazineArchive/Documents/2012/September%202012/0912embassy.pdf (PDF)
11:10 Milstar: https://en.wikipedia.org/wiki/Milstar
11:20 https://en.wikipedia.org/wiki/ECHELON
12:15 https://cybersecurityadvisors.network/2023/11/23/the-growing-threat-of-quantum-supremacy-in-the-era-of-digital-civilization/
12:22 For example IRIS2: https://www.esa.int/Newsroom/Press_Releases/ESA_to_support_the_development_of_EU_s_secure_communication_satellites_system
The EU Agency for the Space Programme also has some interesting materials on this topic: https://www.euspa.europa.eu/eu-space-programme/secure-satcom
12:52 Project Pyramider is difficult to find good information on. We may have this one wrong, as the comments we’re able to find claim it was an abandoned attempt to build secure communications between US agents in the field and CIA headquarters.
13:39 TACLANE still exists as a product, but unfortunately we were only able to find its history back to 2000: https://gdmissionsystems.com/-/media/General-Dynamics/Cyber-and-Electronic-Warfare-Systems/PDF/Brochures/History-of-TACLANE-Timeline.ashx – in researching this, we also learned about the NSA’s HAIPE standard, which modern TACLANE devices apparently conform to: https://en.wikipedia.org/wiki/High_Assurance_Internet_Protocol_Encryptor
14:04 “Secure Telephone Unit” – https://en.wikipedia.org/wiki/STU-III
Related: the KY-57 voice encryption unit: https://cryptomuseum.com/crypto/usa/ky57/
17:20 E.g. the US military’s Ground Soldier Technology Workflow, Integration, and eXperience (GS-TWIX) project: https://soldiersystems.net/2022/08/15/ground-soldier-technology-workflow-integration-and-experience-gs-twix/
19:13 https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_(book)
19:46 https://kleinbottle.com – Cliff Stoll is a champ. Go buy one. <3
21:00 We couldn’t even find an image of a PDP-3 or old VMS login prompt. It’s all Windows frontends (Windows 95, natch)
22:02 https://www.cryptomuseum.com/crypto/usa/kg84/
Lots more info: http://www.jproc.ca/crypto/kg84.html
We appear to somehow have lost the link claiming Soviet compromise of the KG-84, and now we can’t find it, so please disregard that bit. Apologies.
Here is more info on the system: https://www.zsis.hr/UserDocsImages/Sigurnost/pdfs/KG-84A.pdf (PDF) – interestingly, it states that the device itself, when unkeyed, is unclassified, which would put it squarely in the evolutionary path we describe, i.e. the trend towards the keys being more relevant than the cryptosystem itself.
23:33 http://www.cypherspace.org/rsa/pureperl.html – best description of Perl ever: “it’s an explosion in a punctuation factory. Some more variants: http://www.cypherspace.org/rsa/
23:49 “International Traffic in Arms Regulation” – one of the reasons we’re having such a time getting our hands on an ATACMS here in Europe. One of.
24:07 The NSA weakening of the DES standard against brute force attacks is a frequently cited claim made by Bruce Schneier – as non-experts we are unable to verify it, but it seems credible, and Mr.. Schneier is really smart, so… https://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html
27:00 Also a spam filtering program https://en.wikipedia.org/wiki/CRM114_(program)
28:34 https://www.historyextra.com/period/cold-war/stanislav-petrov-soviet-soldier-saved-the-world/
32:34 https://en.wikipedia.org/wiki/PM_WIN-T
34:35 They appear to have figured it out. Only took them two and a half years. https://therecord.media/russia-mobile-phone-military-ban-ukraine
You can find CyAN’s Secure-in-Mind YouTube channel at https://youtube.com/@cybersecadvisors – and of course, our videos about cyber conflict on the State of (Cyber)War playlist here. All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn – links on our Media page.