What is a Secure Communication?
The goals of secure communications are the following. Some of these are surprisingly difficult to achieve:
- Make the content of a message unreadable to parties other than the intended one(s)
- Make the meaning of a message inaccessible to parties other than the intended one(s)
- Avoid traffic analysis — don’t let other parties know that a connection exists between the communicating parties
- Avoid knowledge of the communication — don’t let other parties know the communication channel or pathway exists
The first and second objectives can be accomplished using some combination of cryptography and coding. Unfortunately, this is the easy part. The more complicated and difficult component of a secure communications infrastructure is achieving the third and fourth objectives. For now, however, I will focus only on the first two issues: protecting content, and meaning.
First lets define our terms so we can discuss the subject with clarity:
- Cryptography systems that use transformation processes to turn signal into noise, by obscuring the symbols used for communication
- Coding systems that substitute or alter meaning, and thus hide the real message
The Eagle Has Landed
Codes are extremely useful mechanisms for sending small messages, although as they are plain text their hidden mean can be revealed once the key is cracked. Another issue with codes is that they are inflexible, compared to a cipher system. Coding requires pre-arranged mappings of meanings (what symbols or words translate to what), or at least pre-arranged mechanisms to derive the mappings (e.g., book codes).
To be effective, a code must maintain proper grammar, be consistent, and fit a plausible pretext. If it fits these requirements, and is used appropriately (briefly, consistently, with cover for action) then a code system is an excellent choice for simple signalling purposes.
Doing It Right
During World War II the BBC cooperated with the intelligence services to send open code signals to operatives in the occupied territories. These signals were prearranged with the operatives, and then sent out at two scheduled times. This signalling channel was used exclusively for indicating whether an operation was going to take place.
The BBC would broadcast the signal for the first time at 1930, and then confirm the signal at 2115. If the operation had been canceled before the second scheduled signal window, the code phrase would not be repeated.
During the early phase of the war, the code system was slightly more complex. There would be a positive code, and a negative code, for example: “Jeanne sends her greetings” might be a “go code”, and “Jeanne says hello” might be the “abort code”. Later this was simplified to just the positive code (a tradition that, apparently, the CIA still follows).
Doing It Wrong
There are problems when codes are used inconsistently. For example, some mafia codes used oblique references to the boss as “aunt”, or “Aunt Julia”. This was very ineffective when the mafioso suffered pronoun slippage and called their “aunt” “he”.
- “Ah, Aunt Julia said he wanted to help me out, too.”
Codes Gone Wild
I’ve collected some examples of real al Qaida codes that were used actively used prior to the 9/11 attacks. Other types of basic open code are “business code”, which is also used by some criminal groups, where the actors are refered to as business interests or rivals, and criminal activities are described as “projects” or other innocuous business terms.
A simple code that was used by two KGB operatives was the phrase “I think we should go fishing now”, which indicated that they should discuss business.
KGB Says What?
During the early stages of the KGB handling of their FBI penetration Hanssen, they had a mishap with locating and loading the deaddrop for his payment. To correct this error, they had to contact Hanssen by phone and use a code that was not pre-arranged (there was no contingency in place for “what happens if we cant find the dead drop”). The dead drop location was underneath a footbridge and the KGB operative had placed his load underneath the wrong corner.
Since they had used a pretext of purchasing a used car for their initial contact, the KGB continued to use that pretext for their “oops!” communique. The KGB operative prepared his telephone conversation thoroughly before hand so that it would sound natural and plausible:
KGB: The car is still available for you as we have agreed last time, I prepared all the papers and left them on the same table. You didn’t find them because I put them in another corner of the table.
Hanssen: I see
KGB: You shouldn’t worry, everything is okay. The papers are with me now.
KGB: I believe under these circumstances, its not necessary to make any changes concerning the place and time. Our company is reliable, and we are ready to give you a substantial discount which will be enclosed in the papers. Now, about the date of our meeting. I suggest that our meeting will take place without delay on Febuary 13, one, three, 1:00 PM. Okay? Feburary 13
Hanssen: …. Okay.
The conversations is clearly stilted and strange, but no so strange as to draw attention to itself. It also doesn’t reveal anything of the meaning that is being relayed.
When creating a signaling code, it is important that the pretext for the signal be broad and widely applicable. Generally it is better that the code be a specific subject, rather than a specific phrase. Phrases are easy to mixup, forget, or otherwise confuse. They are also more rigid and hard to work into a conversation. A subject, on the other hand, is very easy to raise and discuss in a plausible fashion without seeming forced or unnatural.
A final short code example. This is a signaling code, adapted from a novel, however it accurately conveys how simple these codes can be. This is phone call between two colleagues, where Alice has to signal an emergency has occured:
Alice: Hi, sorry to call so late
Bob: No problem
Alice: Is our meeting scheduled for tomorrow at 8:30, or at 9?
Bob: It is 8:30, bright and early.
Alice: Ok, right. Just checking. Thanks, bye
Open Codes Fail Open
When using a code to refer to a classified subject, even though unclassified terms are used, the subject is still classified. This is a breach of security. See the US Army handbook on COMSEC section dealing with ATTEMPTS TO DISGUISE INFORMATION (Section 8.4).
“Talking around” is a technique in which you try to get the information across to the recipient in a manner you believe will protect it. However, no matter how much you try to change words about a classified or sensitive subject, it is still classified or sensitive.
self-made reference system. This is an attempt to encipher your conversation by using your own system. This system rarely works because few people are clever enough to refer to an item of information without actually revealing names, subjects, or other pertinent information that would reveal the classified or sensitive meaning
These are concerns to keep in mind when developing a code system for discussing sensitive information.
Codes: keep them generic, keep them consistent, limit their use to simple signalling.