Page 1

SPECIAL REPORT

Advances in Encryption Systems for Modern Military Operations Advances in Encryption Systems for Modern Military Operations The Importance of Military Encryption That Works The Complexity of Arguments for Encryption Based on Pure Random Numbers The Threat to Email, Data and Network Encryption Systems The Future of Encryption

Sponsored by

Published by Global Business Media


Safeguarding your future with outstanding security solutions. Exceptional innovations are the result of commitment, experience and foresight. Welcome to the world of Mils. Leading the international field in secure encryption technology since 1947.

mils electronic gesmbh & cokg · 6068 mils · austria · t +43 52 23 577 10-0 · info@mils.com · www.mils.com


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

SPECIAL REPORT

Advances in Encryption Systems for Modern Military Operations Advances in Encryption Systems for Modern Military Operations

Contents

The Importance of Military Encryption That Works The Complexity of Arguments for Encryption Based on Pure Random Numbers The Threat to Email, Data and Network Encryption Systems

Foreword

The Future of Encryption

2

Mary Dub, Editor

Advances in Encryption Systems for Modern Military Operations

3

mils electronic gesmbh & cokg

Sponsored by

Published by Global Business Media

Published by Global Business Media Global Business Media Limited 62 The Street Ashtead Surrey KT21 1AT United Kingdom Switchboard: +44 (0)1737 850 939 Fax: +44 (0)1737 851 952 Email: info@globalbusinessmedia.org Website: www.globalbusinessmedia.org Publisher Kevin Bell Business Development Director Marie-Anne Brooks Editor John Hancock Senior Project Manager Steve Banks Advertising Executives Michael McCarthy Abigail Coombes Production Manager Paul Davies For further information visit: www.globalbusinessmedia.org The opinions and views expressed in the editorial content in this publication are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this publication do not necessarily express the views of the Publishers or the Editor. While every care has been taken in the preparation of this publication, neither the Publishers nor the Editor are responsible for such opinions and views or for any inaccuracies in the articles. © 2014. The entire contents of this publication are protected by copyright. Full details are available from the Publishers. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner.

Communication Challenges of the 21st Century Technology Built to Withstand the Ravages of Time Simple and Reliable Solutions That Cover Every Angle MilsOne: Unified Military Communication in 2014 MilsVPN Go: Securing the Armed Forces’ Backbone Specialized Solutions Meeting Specific Requirements No Shareholders. No Alliances. No Compromises An Independent Partner for Uncompromising Data Security

The Importance of Military Encryption That Works 7 Mary Dub, Editor

The Implications of Edward Snowden’s Revelations for Encryption Systems The Impact of Snowden’s Revelations Weaknesses of Deterministic Algorithms Random Number Generators and Pseudo-Random Number Generators The Back Door Problem

The Complexity of Arguments for Encryption Based on Pure Random Numbers

9

Don McBarnet, Staff Writer

Sources of Strong Pure Random Sequences of Numbers Problems with Strong Pure Random Sequences of Numbers Drawn From Nature The Predictability of Numbers and Entropy The Problems of Pseudo-Random Numbers The Development of Pure Random Number Generators and PseudoRandom Number Generators

The Threat to Email, Data and Network Encryption Systems

11

Mary Dub, Editor

21st Century Internet Security as Seen in the Crimea – March 2014 The United States Government Response to the Physical and Cyber Attack on Crimea An Independent Commercial Analysis of the Impact of Russian Action

The Future of Encryption

13

Don McBarnet, Staff Writer

A New Approach Suite B Cryptography Self-Encrypting Drives The Tweakable Block Cipher DARPA and the Search for Autonomous Self-Healing Encryption Systems

References 15 WWW.DEFENCEINDUSTRYREPORTS.COM | 1


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

Foreword W

RITING ABOUT modern military encryption

by mils is a top-secure unified communication and

systems is a challenging task. The writer

collaboration solution, MilsOne, which provides a

is hampered intentionally by every government

universe of communication modes – messaging,

that has set up a system of encryption by the local

chat, file transfer and voice conversations, without

equivalent of the Official Secrets Act. Corporations,

any security trade-offs.

like search engines and banks, guard their data

The second article in this Report deals with the

and communication security systems with

importance of working encryption and the problems

equal vigilance. Whether the organisation is a

associated with types of algorithm used to generate

government, multinational corporation or supra

that encryption. Written for the general reader who is

national entity like Google or Yahoo there is no

not a mathematician or computer scientist, the editor

intention anywhere of describing what system is

has tried to provide an overview and discussion of

in use. Indeed, to state the obvious, the reverse

some of the critical arguments rather than a specialist

is true. The government or organisation wants no

assessment of the mathematics.

discussion or questioning of its system. Indeed,

The critical importance of pure random number

last year when Edward Snowden, an employee of

sequences is addressed in the third piece, again

the US government, decided to release information

written from a consumer perspective.

about the extent of encryption and the scale of

The conflict in Crimea, between Russian and the

counter encryption within the US National Security

Ukraine and the use of counter-encryption action

Administration (NSA) and the UK’s GCHQ, he had

against cell phones, and the use of some websites

to seek political asylum in Russia.

and the internet within the Ukraine are the case study

The opening article in this Special report examines

of the third piece. They offer news-based evidence of

the vital importance of efficient, reliable and secure

how 21st century counter-encryption can and is being

communication for modern military forces. It goes on

used today.

to describe the only cipher method that will continue

And what of the future? The disruptive nature of rapid

to be effective for all time – One Time Pad encryption.

change in the internet is the source of some of the

The sole provider worldwide of this method is mils

ideas discussed in the final piece.

electronic who offer modern communication solutions that incorporate True Random Noise Sources for One Time encryption – essential for top secret data that needs permanent protection. Another development

Mary Dub Editor

Mary Dub is the editor of this Special Report. She has covered the defence field in the United States and the UK as a television broadcaster, journalist and conference manager.

2 | WWW.DEFENCEINDUSTRYREPORTS.COM


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

Advances in Encryption Systems for Modern Military Operations

Your needs are individual, our solutions unique.

mils electronic gesmbh & cokg

Efficient, reliable and, above all, secure communication has been and still is one of the most vital challenges for modern military forces. In order to share real-time situational data and to guarantee the reliable flow of command and control traffic, modern military operations need robust, easy-to-use and secure communication equipment. Deciding on an appropriate solution requires a holistic approach, covering every possible angle of storage, transmission and protection of sensitive information.

Communication Challenges of the 21st Century For a long time, it seemed like standardized commercial solutions could provide sufficient security, even for military organizations. But recent revelations have unveiled a nightmare of security breaches in those systems, some of them even implemented in bad faith. The list of threats is long, including weak key generators, forged certificates and installed backdoors. Combined with the vast interception and data mining capabilities of the NSA and other highly developed secret services, it feels like we are living in a totally open and transparent world where secrets cannot be kept by anyone. Indeed, there are numerous threats that can lead to critical data being disclosed. The pressure of keeping pace with the fast evolving communication technology on the one hand and coping with restraints in defence budgets on the other makes it very difficult for military organizations to provide appropriate communication solution for their units. This is where mils electronic steps in. We enable military entities to safely take advantage of the latest innovations in secure communication technology at an early stage by providing immediate access to our products and services.

Our technology is one-ofa-kind, yet designed to be adaptable. Carefully constructed to meet your exact requirements, our exclusive solutions provide maximum security, tailor-made.

all days: One Time Pad encryption. Why is One Time Pad the only truly unbreakable encryption method in the world? Because it uses an essential element that has been available for millions of years, and will continue to exist far into the future: coincidence, or, scientifically stated, true randomness – unpredictable and incomputable. Every other encryption method relies on a mathematical formula, an algorithm, to create pseudo-randomness in its key strings and cipher texts, but these can never be truly random. Real unpredictability cannot stem from a software computation but has to be provided by a hardware element manifesting a truly random phenomenon, such as the jittering of oscillator rings, atmospheric noise or radioactive decay. As the only provider worldwide, mils electronic offers modern communication solutions that incorporate True Random Noise Sources for One Time Pad encryption, an absolute must for top secret data that needs to be protected for all eternity. Other information that requires strong protection for the foreseeable future can be encrypted by applying an algorithm. Unfortunately,

Technology Built to Withstand the Ravages of Time When it comes to security technology, modern military agencies are not looking for flashy trends that come and go, but are rightfully demanding stability and long-term protection. Luckily, in the field of encryption, there is one cipher method that will withstand all ravages of time until the end of

PROTECTING CRYPTOGRAPHIC ENVIRONMENTS

www.mils.com

THROUGH HARDWARE DEVICES

WWW.DEFENCEINDUSTRYREPORTS.COM | 3


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

When it comes to security technology, modern military agencies are not looking for flashy trends that come and go, but are rightfully demanding stability and long-term protection

the strength of standard encryption algorithms, such as the AES (Advanced Encryption Standard), is beginning to be questioned, as last year’s revelations hinted at possible backdoors. That is why modern armed forces need a security-enhanced alternative. At mils, in addition to One Time Pad encryption, we offer a proprietary block cipher algorithm (Mils Block Cipher) which can be customized and modified by our customers whenever and as often as they desire, thereby enabling them to keep complete control over their entire secure communication network at all times. Another important security issue is the storage of cryptographic data. The best encryption process is useless if you cannot keep the cryptographic elements unharmed and free from tampering. That is why top secret communication solutions combine dedicated hardware tokens with software appliances. Numerous protection mechanisms make sure that nobody gets access to this delicate data.

Simple and Reliable No matter how complex the technology behind a communication security solution is, its use must be easy and intuitive. Otherwise, operators won’t be willing to interact with it in their daily routines and even less when under pressure, as is often the case in modern military operations.

WITHSTANDING THE HARDSHIPS OF MILITARY OPERATIONS

Harsh environments call for sturdy equipment that withstands the challenging conditions at sea, in the air or on the battlefield. Products by mils can be acquired as toughened and ruggedized hardware devices, so that communication will not fail when it is most needed. High availability and redundancy are further key elements to make sure that a secure communication solution stays operative all the time. Nobody wants their data transfer to be interrupted right in the heat of battle.

Solutions That Cover Every Angle HIGH AVAILABILITY AND REDUNDANCY ARE PARAMOUNT

confidentiality in order to respond to the existing threats in an appropriate way. Commonly, two kinds of protection scales can be distinguished: • End-to-end protection: the information is ciphered at the sender’s working station, remains protected during its entire journey through diverse data transfer channels and is decrypted at the receiver’s computer. • Site-to-site protection: the data is ciphered right before it crosses the threshold to the public network and decrypted when entering the receiver’s local network. Inside the private networks, the data is transmitted in plain. mils has developed strong solutions for both requirements.

When data security is your concern, you cannot afford to leave any loopholes in your defences. You need to consider all aspects of privacy and

4 | WWW.DEFENCEINDUSTRYREPORTS.COM

EQUIPMENT TO SECURELY CONNECT TWO SITES

MilsOne: Unified Military Communication in 2014 For many military organizations, modern communication technology means a huge challenge, especially when it comes to security. As a rule, many different applications for communication and collaboration are used, including email, chat, file exchange and voice over IP programs. This mishmash of applications has many disadvantages: frequent operator errors, lack of consistent databases, multiple purchase and maintenance fees, high training costs, little control over who participates in communication networks, etc. Considering all these inconveniences, mils has developed a top-secure unified communication and collaboration solution which eliminates these problems in one go by bringing all modes of communication under one roof: MilsOne. MilsOne offers a universe of communication modes – messaging, chat, file transfer and voice conversations – without any security trade-offs. The carefully selected group of trusted users can seamlessly transition between all communication modes on the go, making interacting with the application intuitive, flexible and efficient. MilsOne uses existing communication infrastructures and can therefore be used wherever the communicators are: in the office, in the car, at the airport, in open terrain, at land or at sea… MilsOne’s real-time presence interface allows military officials to view the availability of their


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

Advanced products, clear objectives: unbreakable encryption technology. Designed to employ the power of pure coincidence, our One Time Pad Technology is guaranteed unbreakable, now and forever.

MILSONE WORKS WHEREVER YOU ARE

SECRETS STAY WITHIN A PROTECTED ENVIRONMENT

colleagues and their communication preferences. The immediate exchange of sensitive information with other high rank personnel supports your staff in making the right decisions at the right time, thus increasing the success of military operations. Exhaustive monitoring and supervision capabilities further increase the control over the secure communication network. Yet, the real strength of MilsOne lies in its security architecture. When working with MilsOne, users will never leave a protected, secure environment, because only encrypted communication is supported. And although MilsOne represents a unique combination of unified communication and top level security, it does not bother staff members with any cryptographic details. All security related functions are hidden from the

users and are delegated to the MilsQube, a purpose-built hardware security module that creates the safe environment needed for such delicate cryptographic information.

MilsVPN Go: Securing the Armed Forces’ Backbone To securely connect remote sites and mobile users to an organization’s headquarters via potentially hostile public networks, a site-to-site protection solution is needed. mils decided to develop its own network security solutions tailored to governmental and military clients: MilsVPN Go. MilsVPN Go focusses on highest data security, transparent implementation and ease of use. Integrated into military organizations’ existing IT infrastructures, it guarantees the privacy,

www.mils.com

WWW.DEFENCEINDUSTRYREPORTS.COM | 5


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

It is comforting to know that mils is a free agent which, since its foundation in 1947, has achieved a solid reputation in the field of data security

integrity and authenticity of the entire IP data traffic, regardless of whether email, file, voice, video or any other type of data transmission is involved. To this end, MilsVPN Go establishes encrypted data connections – so called ‘VPN Tunnels’ – between headquarters, remote sites and users. Using MilsVPN Go does not involve any third party. Instead, it is exclusively under the customer’s control, works with unique cryptographic keys and individual cryptographic algorithms, all sealed in a purpose-built hardware security token. The correct implementation of the applied security features can be verified at any time – even without the assistance of mils.

For further information, please don’t hesitate to refer to our website at www.mils.com or contact us directly at info@mils.com.

Contact mils electronic gesmbh & cokg Leopold-Wedl-Strasse 16 6068 Mils Austria t +43 52 23 577 10-0 f +43 52 23 577 10-110 info@mils.com www.mils.com

Specialized Solutions Meeting Specific Requirements Some organizations and objectives need 100% end-to-end-security but can do without all the luxuries of multiple communication modes. mils offers dedicated solutions for specific purposes: •M  ilsMessage: an email client with archiving options which permits the creation of completely secure messaging networks for closed groups of trusted staff members. •M  ilsCourier: a file transfer application which enables the exchange of top secret files between authorized users via multiple transmission paths (radio, satellite, UMTS etc.).

HEADQUARTERS OF MILS ELECTRONIC IN AUSTRIA

No Shareholders. No Alliances. No Compromises. When choosing a communication security provider, military organizations most probably are looking for a fully independent, privately-owned partner. Otherwise they would always have to be worrying about investors or governmental powers lurking in the background. It is comforting to know that mils is a free agent which, since its foundation in 1947, has achieved a solid reputation in the field of data security.

An Independent Partner for Uncompromising Data Security In the military line of work, there can be no room for mistakes: the improper use of information and data can be disastrous. It goes without saying that military entities need optimal solutions that they can depend upon entirely. mils electronic, an independent and privately-owned company with a solid reputation for over 65 years, has the solutions to meet military organizations’ demands – safe, reliable and uncomplicated. All mils products provide unbounded security and complete control combined with intelligent encryption technology.

6 | WWW.DEFENCEINDUSTRYREPORTS.COM

ALL REQUIREMENTS UNDER ONE ROOF – MILSONE


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

The Importance of Military Encryption That Works Mary Dub, Editor

T

HE WARTIME Prime Minister, Winston Churchill, told the United Kingdom’s King George VI after World War II: “It was thanks to Ultra that we won the war.” After World War II the strategic importance of British attempts to crack the Enigma encryption system of German military communications by using ‘Ultra’ are well recognised. Over the following 60 years, keeping military data and communications behind multiple layers of encryption has become routine. What’s more, only when an encryption system fails is there any open discussion of what was used. Since 1945 the “special relationship” Britain and America has allowed the exchange of intelligence and military secrets between the two countries. The richness of this special relationship in sharing intelligence was recently demonstrated by the on-going working collaboration between the USA’s NSA and the UK government’s GCHQ (Government Communications Head Quarters). Indeed, this special relationship should be noted for its uniqueness; the further export of American technology and cryptography is strictly limited by ITAR (International Traffic in Arms Regulations).

The Implications of Edward Snowden’s Revelations for Encryption Systems It was the revelations by US NSA official Edward Snowden through the New York Times, The Guardian and Pro Publica in 2013 that blew apart current ideas of working encryption methods, because of the failure of large organisations like Google, Yahoo and others with state of the art encryption to protect themselves from invasive surveillance by NSA and GCHQ. Worse, an allied NATO government, like the Federal Republic of Germany, found that their head of state had had her personal mobile phone data hacked by the ‘friendly forces’ of the United States and the United Kingdom. This failure of encryption by the German government and counter-encryption by the NSA resulted in Merkel’s spokesman confirming that she placed an angry call to United States President, Barack Obama to discuss the

suspicions. Later the German foreign minister called in the US Ambassador “in person”1. This is a serious diplomatic rebuke among allies.

The Impact of Snowden’s Revelations One of the many orthodoxies of encryption during the ‘70s and ‘80s was the Data Encryption Standard (DES). What was the DES? It was an algorithm developed at IBM from a design by Horst Feistel. The algorithm was submitted to the National Bureau of Standards (NBS) following the agency’s invitation to propose a candidate for the protection of sensitive, unclassified electronic government data. The NSA later adopted it. But the algorithm had a number of critical weaknesses. The intense academic scrutiny the algorithm received over time led to the modern understanding of block ciphers and their cryptanalysis. DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small. In January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes. There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are infeasible to mount in practice.2

Your future is secure. Come and see for yourself. We believe that successful partnerships are built upon transparency and trust. Which is why we provide our clients with a full and detailed insight into the technology behind our products.

Weaknesses of Deterministic Algorithms One of the key problems identified with DES was related to the algorithms deterministic state i.e. what they produce is predictable. This means that in many cases where an unpredictable outcome is wanted random number generators or pseudorandom number generators are better.

Random Number Generators and Pseudo-Random Number Generators As Sullivan writes in his blog, when building secure systems, having a source of random numbers is essential. Without it, most cryptographic systems break down and the privacy and authenticity of communications between two parties can be subverted.3 Random numbers are hard to come by on a computer. Internally, computers are

www.mils.com

WWW.DEFENCEINDUSTRYREPORTS.COM | 7


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

Internally, computers are deterministic machines that follow instructions and are required to do so in a predictable manner. Uncertainty and unpredictability are not built in: there is no easy

deterministic machines that follow instructions and are required to do so in a predictable manner. Uncertainty and unpredictability are not built in: there is no easy way to tell a computer to go flip a coin. Randomness inside a computer has to come from its interactions with the outside world. Sullivan enumerates sources of truly naturally random information. For example, consumer computers and mobile devices have a number of sensors that provide unpredictable input. The timing of keystrokes and mouse movements of a user will have some degree of randomness if measured closely enough. Noise from microphones and cameras can also provide a lot of randomness. Mobile devices have even more sources including fluctuating Wi-Fi signals, motion sensor and GPS information. One measure of predictability of a stream of numbers and therefore its randomness is entropy.

The Back Door Problem Further to the problem of ensuring sufficiently high levels of security of the software, there is

way to tell a computer to go flip a coin

WHERE WILL THE NEXT RAINDROP FALL?

8 | WWW.DEFENCEINDUSTRYREPORTS.COM

the problem of the hardware. Implicit trust in the hardware, it is argued, is misplaced, if the hardware contains a backdoor. A backdoor allows an attacker to gain total control of the machine, bypassing any security protections provided by the software. This is true even if the OS and application layers are free of bugs and vulnerabilities. Recent research has demonstrated how just such an attack could work and the media have started to report on the United States government’s concern about the possibility of these attacks occurring in the real world. There has been a variety of research on the problem of detecting malicious hardware. The authors of Unused Circuit Identification (UCI) propose an algorithm for identifying portions of a circuit that go unused during design-time testing. The idea is that an attacker inserting malicious code into an existing hardware design will work to ensure the malicious behavior is not activated during designtime testing. The assumption is that any circuitry inserted by the attacker will remain inactive during the entirety of the design-time testing process.


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

The Complexity of Arguments for Encryption Based on Pure Random Numbers

Topmost security deserves total control.

Don McBarnet, Staff Writer

T

HE TECHNOLOGY of encryption is complex as is the mathematics for a nonspecialist writer. So to aid comprehension it is useful to note some basic distinctions between types of random numbers. A pseudo-random number generator is a deterministic algorithm for producing a series of numbers that have many of the same properties as a series of purely random numbers. The sequences can mirror true random numbers in frequency distribution, clustering of runs, and the absence of readily discernible patterns. However, unlike a pure sequence, a pseudo-random sequence is 100% predictable when its algorithm and seed are known.4 A good pseudo-random sequence often works for applications such as statistical sampling or simulation models. The opposite is true in applications where the sequence is required to be unpredictable to an intelligent observer of previous elements of the sequence. For example, an electronic slot machine needs a sequence that is unpredictable to the left; the application would fail, if the gambler could determine the next spin based on a pattern analysis of previous spins. Unpredictability to the right is

‘UNPREDICTABLE AND INCOMPUTABLE – TRUE RANDOMNESS’

not required since it makes no difference if the gambler could infer an earlier sequence from a later sequence. Encryption is an application requiring unpredictability to the left and right; knowledge of a single declassified document should not enable a cryptanalyst to crack earlier or later messages.5

Our unique security solutions combine full protection with absolute freedom. Enjoy complete control over your entire communication system, fully independently, and at all times.

Sources of Strong Pure Random Sequences of Numbers Real random numbers are non-deterministic, that is they are unpredictable. A pure random number generator needs to collect data from natural stochastic processes. For example, an electronic geiger counter generates a pulse every time it detects a radioactive decay. The time between decays has a strong pure random component. To produce a usable pure random sequence, latent patterns must be removed. The known exponential distribution is easily removed mathematically; however, the mean time between decays in background radiation rises in the daytime and falls at night. There may also be other non-random patterns lying hidden in the data.

Problems with Strong Pure Random Sequences of Numbers Drawn From Nature An important issue is that underlying patterns plague almost any source of natural randomness. To the extent that the pattern is known, data compression tools can be used to reduce this risk, however in the process of reducing this risk they may introduce a new pattern. Some cryptographers argue that encryption tools are essentially sophisticated random number generators with patterns so complex that they are difficult to analyse. Other sources of partially random data are acknowledged to be the timing of radioactive decays, recording background noise into .wav files, live video files sessions, logs from chat lines and keystroke latencies for typed text.

www.mils.com

WWW.DEFENCEINDUSTRYREPORTS.COM | 9


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

Whereas some programmers or cryptographers attempt to refine pure random numbers for encryption, it is not uncommon to use pseudorandom numbers, which, unfortunately, are deterministic

The Predictability of Numbers and Entropy The predictability of numbers is quantified in a measure called entropy. A balanced coin toss provides one bit of entropy. An unbalanced coin toss provides less than one bit, since it’s much easier to guess when you know the bias. The reason entropy is important is that it adds to cryptographic strength. A 128-bit key created from a source with 20 bits of entropy is no more secure than a 20-bit key. A good source of entropy is necessary to create secure keys. One of the key advantages of randomness is that entropy can be increased by mixing in another string of numbers, so adding to the strength of the cryptographic key.

The Problems of Pseudo-Random Numbers Whereas some programmers or cryptographers attempt to refine pure random numbers for encryption, it is not uncommon to use pseudorandom numbers, which, unfortunately, are deterministic.6 The issue according to Viega is that randomness is not at all cut and dried – in fact it is very unclear. Some streams of numbers are more random than others. A number known as the “seed” is provided to a pseudo-random number generator as an initial integer to pass through the function. The seed starts the process. The output of a pseudo-random number generator contains nothing that is unpredictable. Each value returned by a pseudo-random number generator is completely determined by the previous value it returned (and ultimately, the seed that started it all). If we know the integer used to compute any one value, then we can figure out every subsequent value returned from the generator. In the end, a pseudo-random number generator is a deterministic program that produces a completely predictable series of numbers (called a stream). So a well-written PRNG (Pseudo- Random Number Generator) creates a sequence that shares many of the same properties as a sequence of real random numbers.

EXAMPLES OF RANDOMNESS OF NATURE

10 | WWW.DEFENCEINDUSTRYREPORTS.COM

The Development of Pure Random Number Generators and Pseudo-Random Number Generators The pLab project at the Department of Mathematics at Salzburg University discusses various cryptographic softwares which use these random number streams. The Lab explores HAVEGE – a new and fast unpredictable random number generator based on efficient entropy gathering and expansion. HAVEGE is the work of Andre Seznec and Nicolas Sendrier from IRISA (Institut de Recherche en Informatique et Systèmes Aléatoires). The speed of HAVEGE is an interesting feature for those who find the Entropy Gathering Daemon too slow. There is also UNURAN. This is a library of C functions to generate non-uniform random numbers. It contains state-of-the-art algorithms. The authors are Josef Leydold and Wolfgang Hoermann of the University of Economics Vienna.

SOME NATURAL PHENOMENA SHOW TRUE RANDOMNESS


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

The Threat to Email, Data and Network Encryption Systems

One concept, one product, one result: maximum security.

Mary Dub, Editor

I

N THE light of the Edward Snowden revelations, it is almost impossible to predict what kinds of encryption will work to block access to surveillance by America’s N.S.A. and UK’s GCHQ. Why? Just looking at a summary of the extent of N.S.A. intrusion published in the New York Times7, reveals the extent of fully functioning encryption systems that governments and supra national internet organisations had set up to block surveillance. The agency broke into the communications links of major data centers around the world, allowing it to spy on hundreds of millions of user accounts and infuriating the Internet companies that own the centers. Many of those companies are now scrambling to install systems that the N.S.A. cannot yet penetrate. The N.S.A. systematically undermined the basic encryption systems of the Internet, making it impossible to know if sensitive banking and medical data is truly private, damaging businesses that depended on this trust. The Foreign

Intelligence Surveillance Court rebuked the N.S.A. for repeatedly providing misleading information about its surveillance practices, according to a ruling made public because of the Snowden documents. One of the practices violated the Constitution, according to the chief judge of the court. A federal district judge ruled earlier this month (January 2014) that the phone-records-collection program probably violated the Fourth Amendment of the Constitution. He called the program “almost Orwellian” and said there was no evidence that it stopped any imminent act of terror.

With our MilsOne unified communication technology, secure data transfer has never been easier. Complete protection is guaranteed, no matter how or when you choose to communicate.

21st Century Internet Security as Seen in the Crimea – March 2014 The current crisis in Russia and the Ukraine over Crimea illustrates the way that encryption is being used and then cast aside by opposing forces. Russian activities in Crimea demonstrate how modern war is fought. Since the beginning of the crisis the Internet and mobile phones,

www.mils.com EAVSDROPPING AND INTERCEPTION ARE COMMON PRACTICE

WWW.DEFENCEINDUSTRYREPORTS.COM | 11


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

The N.S.A. systematically undermined the basic encryption systems of the Internet, making it impossible to know if sensitive banking and medical data is truly private, damaging businesses that depended on this trust

telephones and power lines have been the first victim of conflict. The authoritative American defense journal Foreign Policy reported earlier this month that the Russian forces occupying Crimea were jamming cell phones and severing Internet connections between the peninsula and the rest of Ukraine. Moscow did not succeed in imposing an information blackout, but the attacks were seen as a sign that Russia was looking to escalate its military operations against the new government in Kiev without firing a shot. Although the efforts in Crimea so far have failed to choke the region’s communications lines, experts are concerned that the strikes could be a precursor to damaging Russian cyber attacks on communications infrastructure elsewhere in Ukraine, particularly if tensions escalate or Russian military forces push beyond Crimea. Disrupting Internet service or knocking out Ukrainian government websites would allow Russia to flex its muscles without necessarily drawing a military response from Kiev or its Western allies. Reuters reported that Russian military forces were blocking mobile telephone services in some parts of Crimea. Russian naval vessels were seen moving into and around the port at Sevastopol. Russian navy ships are known to carry jamming equipment that can block phone and radio signals. Two Crimean government web portals were also offline – it was unclear whether they’d been taken down by government officials or had been hit with a malicious cyber attack. The attacks had been escalating for days. Four days later, Ukrtelecom, the state-owned telecommunications service provider, reported that several of its offices in Crimea had been seized by unidentified individuals who cut phone and Internet cables. As a result, customers across nearly the entire region lost phone and Internet service, and the company said it was no longer able to provide a link between the peninsula and the rest of Ukraine.

THE MILSCARD KEEPS CRYPTOGRAPHIC DATA SAFE

12 | WWW.DEFENCEINDUSTRYREPORTS.COM

The United States Government Response to the Physical and Cyber Attack on Crimea Some commentators see clear parallels between the Russian attacks in Crimea and those in Georgia and Estonia in 2007, which were widely attributed to hackers working at the unofficial behest of the Russian government. Those attacks knocked government and media websites offline, blocked Internet access, and in Estonia disabled ATMs. “Russia wants to degrade the ability of Ukraine to communicate inside and outside the country,” said Adam Segal, a senior fellow at the Council on Foreign Relations who tracks countries offensive cyber capabilities. “If there is military conflict, cyber attacks will be used to degrade the ability of conventional forces to operate,” Segal said. If history is a guide, any cyber attacks from Russia might not come directly from military or intelligence services, but through mercenaries or so-called “patriotic hackers” that Moscow quietly encouraged to strike Estonia and Georgia. This would give the Russian government the ability to deny that it was behind any offensive.8

An Independent Commercial Analysis of the Impact of Russian Action “Ukraine has a strong and diverse Internet frontier,” according to a recent analysis by Renesys, a computer intelligence company that monitors Internet service around the world. “The roads and railways of Ukraine are densely threaded with tens of thousands of miles of fibre optic cable, connecting their neighbors to the south and east (including Russia) and with European Internet markets. The country has a well-developed set of at least eight regional Internet exchanges, as well as direct connections over diverse physical paths to the major Western European exchanges. At this level of maturity, our model predicts that the chances of a successful single-event Internet shutdown are extremely low.”9 For the moment, the defenses seem to be holding, with the attacks on communications lines and mobile phone networks in Crimea causing only limited damage. Ukrtelecom reported that it was able to restore service five hours after the intruders cut its lines. Renesys reported subsequently that traffic routes in Crimea appeared to be functioning normally.


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

The Future of Encryption By Don McBarnet, Staff Writer

T

HE REQUIREMENTS of any military system of encryption must essentially be practical. In a perfect world this system would be available for use at the highest level of command down to the mobile soldier on the ground. It should be secure no matter how much traffic is generated and it should be easy to use. It should be rugged enough to use in all weather conditions and in the dark. It should be capable of capture by the enemy without risk of rendering information vulnerable. But unfortunately such a system does not exist. What is being developed by cyber and communications security companies hopes to go some way to meeting these needs. The US publishes Common Criteria, which demonstrated how well set standards had been tested. The guidelines and standards outline which algorithms may be used for classified and non-classified information. The Federal Information Processing Standard FIPS 140-2 published by the National Institute of Standards and Technology (NIST) outlines the cryptography requirements for all devices used on a National Security System. Government and military agencies use the Common Criteria (CC) for Information Technology Security Evaluation to an international standard when they specify security requirements. Using a Common Criteria rating scale ranging from Evaluation Assurance Level (EAL) 1 through 7, the government can compare how rigorously particular devices have been tested to meet their security requirements. Implementing standard cryptographic algorithms and key exchange is not authorized on a National Security System until they have been tested and certified.10

A New Approach Some say the future of military encryption is growing less cryptic. Encryption technology is advancing at a steady pace and becoming an essential element in a rapidly expanding number of systems, from portable storage devices to the cloud. “From a defense perspective, proprietary encryption algorithms are being replaced with open, standards-based algorithms that promote interoperability and are less cumbersome to manage in terms of physical

controls,” said Eric Warden, vice president of national security solutions for Accenture Federal Services, a management consulting firm based in Arlington, Va. “This has opened the door for commercial solutions to replace government-developed solutions, creating cost savings for the federal government moving forward.”

Suite B Cryptography Karl Fuchs, vice president of technology at iDirect Government Technologies, a military communications technology provider located in Herndon, VA. says that his company’s most promising new encryption technology is “Suite B cryptography.” “Suite B is a suite of cryptography protocols that the National Security Agency is working very diligently with international standards organizations to have adopted.” Suite B provides protection for data classifications ranging from “For Official Use Only” (FOUO) to “Top Secret” and can be quickly adjusted to meet different security parameters. It is hoped such a system would allow great flexibility in the exchange of information between the Department of Defense, first responders, NGOs (non-government organizations) and coalition partners. The NSA and the Defense Department are defining mobility strategies centered around strong commercial encryption, said Ray Potter, CEO of SafeLogic, an encryption technology developer. “Suite B algorithms are protecting incredibly sensitive data, which historically fell to uber-secret algorithms that aren’t known outside the intelligence world.”11

Virtual Private Networks for flawless system security Network communication systems can open the door to danger. Our VPN technology provides maximum protection for your data transfer, no matter where your connections take you.

Self-Encrypting Drives One product on the market is the SelfEncrypting Drive. These are a new generation of hard disk and solid-state drives featuring built-in cryptographic engines. The units are designed for easy installation inside mobile systems, desktop computers and servers. The idea behind the product is that cryptographic keys never leave the drive, so they require minimal management. The built-in crypto engine also means little performance degradation compared to a standard drive. The aim is for SEDs to outperform drives utilizing software-based fulldisk encryption.

www.mils.com

WWW.DEFENCEINDUSTRYREPORTS.COM | 13


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

Encryption technology is advancing at a steady pace and becoming an essential element in a rapidly expanding number of systems, from portable storage devices to the cloud

The Tweakable Block Cipher David Wagner, Professor of Computer Science at the University of California, Berkeley has advanced the idea of the tweakable block cipher. In his words, the notion of tweakable block ciphers allows one to “repartition” many cryptographic design problems into two parts: designing good tweakable block ciphers and designing good modes of operation based on tweakable block ciphers. He thinks this repartitioning is likely to be more useful and fruitful than the usual structure, since certain issues can be handled once at the lower level and can then be ignored at the higher levels, instead of having to be dealt with repeatedly at the higher levels. Wagner says that the notions of a tweakable block cipher and modes of operation based upon on tweakable block ciphers are interesting and worthy of further study. Wagner argues that one advantage of this framework is the new division of issues between design and analysis of the underlying primitive and the design and analysis of higher-level modes of operation.12

PLUG IN MILSVPN GO FOR STRONG PROTECTION

14 | WWW.DEFENCEINDUSTRYREPORTS.COM

DARPA and the Search for Autonomous Self-Healing Encryption Systems DARPA is looking to develop an autonomous self-healing security network. “DARPA’s series of vehicle Grand Challenges were the dawn of the self-driving car revolution,” Mike Walker, DARPA’s program manager said. “With the Cyber Grand Challenge, we intend a similar revolution for information security. Today, our time to patch a newly discovered security flaw is measured in days. Through automatic recognition and remediation of software flaws, the term for a new cyber attack may change from zero-day to zero-second.” “The growth trends we’ve seen in cyber attacks and malware point to a future where automation must be developed to assist IT security analysts,” said Dan Kaufman, director of DARPA’s Information Innovation Office.


SPECIAL REPORT: ADVANCES IN ENCRYPTION SYSTEMS FOR MODERN MILITARY OPERATIONS

References: 1

 http://www.spiegel.de/international/world/angry-european-and-german-reactions-to-merkel-us-phone-spying-scandal-a-929725.html

also http://www.theguardian.com/world/2013/dec/17/merkel-compares-nsa-stasi-obama

Ian Traynor in Brussels and Paul Lewis in Washington The Guardian, Tuesday 17 December 2013 18.23 GMT

2

IBM

3

Nick Sullivan Software Engineer and Security Architect, CloudFlare

4

How to Generate Pure Random Numbers: blog post

5

How to Generate Pure Random Numbers: blog post

6

http://www.ibm.com/developerworks/library/s-playing/#h4 Gary McGraw, Reliable Software Technologies
John Viega, Reliable Software

Technologies

04 Apr 2000

7

The New York Times: 01.01.2014

8

Foreign Policy:REPORT Hack Attack Russia’s first targets in Ukraine: its cell phones and Internet lines. BY SHANE HARRIS MARCH 3, 2014

9

http://www.renesys.com/2014/02/internetunderfire/

10

http://mil-embedded.com/articles/encryption-the-migration-cots-technologies/

Encryption and the migration to COTS technologies Rubin Dhillon GE Intelligent Platforms and Jim Kelly Juniper Networks - May 2, 2013Governments 11

12

http://defensesystems.com/articles/2013/01/15/cyber-defense-data-encryption.aspx?sc_lang=en Military encryption’s going open – Emerging technologies aim to secure data on a rapidly growing number of platforms. By John Edwards Jan 15, 2013 http://www.cs.berkeley.edu/~daw/

WWW.DEFENCEINDUSTRYREPORTS.COM | 15


Defence Industry Reports… the Defence Industry Reports….the leading specialist combined leading specialist online research andcombined networking online research and networking resource for senior military and resource for senior military and defence industry professionals. defence industry professionals.

• Up minute Industry News other content available • to Upthe to the minute Industryand and Technology Technology News andand other content available to to allallsite users on a free of charge, open access basis. site users on a free of charge, open access basis. • Qualified signed upupmembers abletoto access premium content • Qualified signed members are are able access premium content SpecialSpecial Reports andand interact with usinga variety a variety of advanced Reports interact withtheir their peers peers using of advanced onlineonline networking tools. networking tools. • Designed to help usersidentify identify new solutions, understand the the • Designed to help users newtechnical technical solutions, understand implications of differenttechnical technical choices select the the bestbest solutions implications of different choicesand and select solutions available. available. • Thought Leadership Advice and from internationally recognised • Thought Leadership – -Advice andguidance guidance from internationally recognised defence industry key opinion leaders. leaders defence industry key opinion • Peer Input - Contributions from senior military personnel and defence industry • Peer Input – Contributions from senior military personnel and defence professionals industry professionals. •

Independent Editorial Content - Expert and authoritative analysis from award

Unbiased Supplier Provided Content

Designed to facilitate debate

• Independent Editorial Content – Expert and authoritative analysis from winning journalists and leading industry commentators award winning journalists and leading industry commentators. •

Unbiased Supplier Provided Content.

Designed debate. • Writtento tofacilitate the highest professional standards

Written to the highest professional standards.

Visit: www.defenceindustryreports.com

Special Report – Advances in Encryption Systems for Modern Military Operations – mils ezine  

Defence Industry – Special Report on Advances in Encryption Systems for Modern Military Operations

Special Report – Advances in Encryption Systems for Modern Military Operations – mils ezine  

Defence Industry – Special Report on Advances in Encryption Systems for Modern Military Operations