[Cryptography] how to detect breakage -- lures etc.??

John Denker jsd at av8n.com
Sun Dec 29 03:44:16 EST 2019 

Question:
  What is "best practice" for detecting breakage
  of a supposedly-secure communication system?

One of my favorite proverbs says that the first step toward preventing
mistakes is to recognize that mistakes are possible.

If somebody breaks in once and trashes your system, that's bad ...
but it is very much worse if they are subtle about it, breaking in
again and again, living rent-free in your system.

  Tangential remark: About 5 years ago there was a very interesting
  discussion under the heading of "Can Enigma/Tunney be Fixed?"
  See e.g. the excellent post from Ray Dillinger on 1/13/15 2:28 PM.

  It seems to me that one of the reasons enigma never got fixed is
  that the Germans never realized it was broken!  The Brits read a
  ton of enigma traffic and the secret didn't leak out until YEARS
  later.

Returning to present day:  Suppose my phone were a wholly-pwned subsidiary
of (say) Unit 61398.  How would I know?  Would the NSA know?  Would they
tell me?

There is a vast literature bad-mouthing intrusion-detection systems in
general and honeypots in particular.  I reckon that's partly true, insofar
as such things are not particularly useful to Joe User.  However, large-
scale outfits such as MS and Google and various TLAs use them aggressively.
They just don't talk about it much.  Unlike Joe User, they are in a position
to maybe even *do* something about whatever intrusions get detected.

Returning to the WWII example:  Everybody likes to talk about how dumb
the Germans were ... but the story is not entirely one-sided.  The US
diplomatic "Black" code was stolen, and for most of 1942 the Nazis could
read US dispatches from Bonner Fellers and others, with very very serious
consequences.  This is maybe not as "elegant" as a cryptanalytic break,
but the consequences are the same ... and the consequences are what we
ought to be measuring.

On the other side, various Germans "suspected" something was amiss, but
they didn't try very hard to test their hypotheses.  My point is, there
were plenty of things they could have done.

You have to do a bit of differential diagnosis to differentiate between
 -- plain old treasonous espionage i.e. HUMINT, or
 -- low-tech COMINT such as prosaic high-frequency direction-finding, or
 -- high-tech COMINT such as codebreaking.

For example, consider this:  Arrange with the submarine captains a system
for sending fake messages, perhaps by using special "cancel" words:
  -- "immediately" is genuine
  -- "asap"        is genuine
  -- "forthwith"   means this entire message is fake.
  -- "discontinue" is genuine
  -- "break off"   means this entire message is fake.
  -- et cetera.

(Analogous sets of synonyms exist in other languages including German.)

Then send orders to several submarines directing them to "break off" and
proceed "forthwith" to rendezvous with a milchcow at such-and-such location.
This offers a highly tempting target to the opposition.  Obviously you do
not want your subs to go to the indicated location; instead send a long-range
patrol plane to see if ASW forces show up.  If they do, it is a strong
indication that your cipher is broken.

Similarly, send patrol planes to locate several convoys.  Track their
progress for a while.  Then send a fake message arranging for a wolfpack
to assemble at a particular location along one of the tracks.  If that
convoy suddenly diverts and the others do not, it is a strong indication
that your cipher is broken.

It is not easy to come up with lures like this, but not impossible.  I
reckon the folks on this list can come up with schemes far cleverer than
the examples I have given.

There are present-day examples I can think of that certain eavesdroppers
would find irresistible.  I hesitate to mention them, because I don't want
to invite trouble.  Maybe somebody with more resources would be interested.
Who knows, maybe Chris Hansen at NBC.

White-hat probing of your own systems is OK as a starting point, but not
nearly sufficient IMHO.  Cryptanalysis is fine as far as it goes, but it
will never detect theft of a codebook.

Bottom line:  What's best practice?  It seems kinda unprofessional to put
a system out there and not check whether it's working.

More information about the cryptography mailing list