Schneier on Security

Clive Robinson • March 16, 2012 8:29 AM

@ David,

re – “Over-The-Air Rekeying”… …I’m just a little confused. Isn’t this exactly one of the main downfalls of the Enigma system(the fact that new encryption codes were transmitted using old [expired] keys.

Yes and no, and it’s just one tiny reason why key managment is so hard.

As I’m not sure as to if you are interested in the general “in the field” re-keying or the specific Enigma issues I’ll try to cover both.

The Enigma system was used in many ways one of which was with the broken “Dockyard cipher” and likewise the “weather code” systems. It was also used on U-Boats where incremental changes took it from weak through very strong to eventually unreadable with the technology of the era shortly before the U-Boats ceased to be an issue to the alied shipping.

There is nothing inherantly wrong with the idea of “over the air” or “in field” re-keying, the issues as always in security arise from the implementation details, (as it’s where the Devil hides” 😉

Firstly though you need to understand one security issue that’s a real fly in the ointment of all over the air or field re-keying systems and it’s an operational not crypto security proviso,

You only ever issue an “out-station to home-station key” not a “general net key” for re-keying over the air, in case the out-station has been over-run and is now under enemy influance. It is this “turned” issue that was behined the reason the Russians only issued out to home keys not net keys to agents and only in person never over the air. Where the Russian’s mucked up was to re-use One Time Pad (OTP) KeyMat, see Project VERONA for more details.

Any way with that proviso out of the way back to how to do over the air re-keying…

I can for instance issue one half of a unique genuinely random OTP to each out-station, to use specifically for emergancy re-keying, provided only the two copies of the pad exist (at the home and out stations) then it’s perfectly safe to do. This system is still in operational use at many out-station ComCens in Diplomatic and other “missions” that might reasonably be expected to get cut off or even over-run due to being in the middle of a conflict zone and without physical access.

Replacing such OTP systems due to ID Smart Cards a slightly weaker system is if you use an appropriate PKI then you can send an asymetric key under the PK of the out-station or operator signed by the home-station PK. Which if you think about it is essentialy how PKI communications between two entities works, re-keying on a message by message basis.

You can also use multiple symetric keys, for instance you have the general “traffic key” used by the radio-net etc and each out-station has one or more “unique to it” master keys by which it individually can be re-keyed (the actual details are more complicated to prevent replay attacks etc). This sort of system has often been used by “TV Set-top decoders” be they for cable or satellite broadcasting.

Where it all goes wrong (as it did with some Enigma nets) is where you either use a general “command&control key” or a current or previous “traffic key” (as some set-top box designers have found the hard way).

The reason is twofold, firstly cryptoanalysis “in depth” that is the more traffic sent under a given key the more likely it is to be broken, secondly the more copies of the key the more likley it is to become known to the enemy.

Thus the solutions to cryptanalysis are either reduce the traffic under a given key to a minimum or have a sufficiently large key space such that the in-dept issue does not arise. And the solution to the number of copies of the key is the more preferable “do it another way”.

The problem the Enigma had was that although in theory it’s key space was very very large in practice it was split into five parts. The first was the individual rotor wiring, second the position of the alphabetic slip ring on the rotor, third the number of rotors in use, fourth the order the rotors were in and fith the plug board.

Originaly in use the only thing that changed on a message by message basis within a given radio net was the start position of the rotors selected by the operator (supposadly at random).

In reality this ment the number of message keys were a lot less than 26^3 wrapped in a simple simple substitution cipher from the other parts that provided the large key space.

A further issue was the way the random rotor start position was sent in a message. It made identifing messages sent under the same key relativly easy, and a lot worse due to repeating the “identifier” enabled the rotor wiring to by crypto analysed by three Poles, and a simple system of perforated sheets of card to be used to find the actual rotor positions.

By the end of the war the Enigma had been technicaly enhanced with a larger choice of rotors, the addition of a fourth “shim” rotor on the U-Boat version of the Enigma and an “Uhr-Box” that was used in the leads of the plugboard to provide sixty different daily plugboard settings simply by rotating the knob on the Uhr-Box every hour or less. Various changes in the operating proceadure such as setting the “ground settings” daily not every three month and not repeating key identifiers removed most of the entry points used by the Poles and later the code breakers at Bletchly.

Admiral Karl Donnitz who commanded the U-Boat fleet repeatedly had doubts about the security of the Enigma but the security service always pointed to informants/agents. Towards the end he decreed that each U-Boat would have it’s own unique key schedual. But even this was occasionaly broken due to “Known plain text” attacks on amongst other things the dockyard and weather codes. And the allies going “gardening” by dropping mines etc near ports and knowing that the plain text used for the easily broken dockyard system for merchant and other ships would also be used to warn the U-Boats.

Modern codes such as AES usually don’t have the issues to do with a small keyspace (though technology caught up with the small DES key space in about a quater of a century). Thus provided the user does not use simplistic cipher modes (such as Electronic Code Book) and does not use a rigidly stylised message format the cryptanalysis used against Enigma won’t work.

Thus if the final Enigma system had been fielded from day one it is likely that there would not have been an “Ultra Secret” and WWII would have lasted by many estimates probably atleast another two years.

However I personaly feel that is an optomistic view point, if you consider the losses to merchant shipping to the UK and later Russia, without Ultra it would have been very very much larger and increased with time (attacks only get better). The losses would probably have resulted in the UK being starved of resources into surrender, long before the US or Russia became involved.

At the end of the day what actually won the war was not the code breaking but the US manufacturing base and access to plentiful raw resources against which neither Germany or Japan could compete. And what stopped the destroyed Europe re-arming and entering into another war within a generation was the Marshal plan which helped bring economic stability.

Both my parents were veterans of WWII and I later served alongside others who had lived through it. I found that there are a lot of odd notions people have about WWII and got taught in history lessons, sadly they get worse with time. For instance there was little or nothing of the “were all in it together” and such like the truth is very very much less rosy not just at street crook level but all the way up to the most senior levels of government. War is not glamorous in any way at home or on the battle field and brother hood is rare except on the front line. The only result is generaly bankruptcy for the nations involved and oddly improved social conditions for those at the bottom of the social pile and fairly rapid scientiffic and technical development.

I wish people especialy Politicos would learn and understand the longterm leasons before we enter into another conflict in Places like Iran or North Korea.