Kahn, Diffie, Clark, and Me at Bletchley Park

Saturday, I visited Bletchley Park to speak at the Annual ACCU Security Fundraising Conference. They had a stellar line of speakers this year, and I was pleased to be a part of the day.

Talk #1: “The Art of Forensic Warfare,” Andy Clark. Riffing on Sun Tzu’s The Art of War, Clark discussed the war—the back and forth—between cyber attackers and cyber forensics. This isn’t to say that we’re at war, but today’s attacker tactics are increasingly sophisticated and warlike. Additionally, the pace is greater, the scale of impact is greater, and the subjects of attack are broader. To defend ourselves, we need to be equally sophisticated and—possibly—more warlike.

Clark drew parallels from some of the chapters of Sun Tzu’s book combined with examples of the work at Bletchley Park. Laying plans: when faced with an attacker—especially one of unknown capabilities, tactics, and motives—it’s important to both plan ahead and plan for the unexpected. Attack by stratagem: increasingly, attackers are employing complex and long-term strategies; defenders need to do the same. Energy: attacks increasingly start off simple and get more complex over time; while it’s easier to defect primary attacks, secondary techniques tend to be more subtle and harder to detect. Terrain: modern attacks take place across a very broad range of terrain, including hardware, OSs, networks, communication protocols, and applications. The business environment under attack is another example of terrain, equally complex. The use of spies: not only human spies, but also keyloggers and other embedded eavesdropping malware. There’s a great World War II double-agent story about Eddie Chapman, codenamed ZIGZAG.

Talk #2: “How the Allies Suppressed the Second Greatest Secret of World War II,” David Kahn. This talk is from Kahn’s article of the same name, published in the Oct 2010 issue of The Journal of Military History. The greatest secret of World War II was the atom bomb; the second greatest secret was that the Allies were reading the German codes. But while there was a lot of public information in the years after World War II about Japanese codebreaking and its value, there was almost nothing about German codebreaking. Kahn discussed how this information was suppressed, and how historians writing World War II histories never figured it out. No one imagined as large and complex an operation as Bletchley Park; it was the first time in history that something like this had ever happened. Most of Kahn’s time was spent in a very interesting Q&A about the history of Bletchley Park and World War II codebreaking.

Talk #3: “DNSSec, A System for Improving Security of the Internet Domain Name System,” Whitfield Diffie. Whit talked about three watersheds in modern communications security. The first was the invention of the radio. Pre-radio, the most common communications security device was the code book. This was no longer enough when radio caused the amount of communications to explode. In response, inventors took the research in Vigenère ciphers and automated them. This automation led to an explosion of designs and an enormous increase in complexity—and the rise of modern cryptography.

The second watershed was shared computing. Before the 1960s, the security of computers was the physical security of computer rooms. Timesharing changed that. The result was computer security, a much harder problem than cryptography. Computer security is primarily the problem of writing good code. But writing good code is hard and expensive, so functional computer security is primarily the problem of dealing with code that isn’t good. Networking—and the Internet—isn’t just an expansion of computing capacity. The real difference is how cheap it is to set up communications connections. Setting up these connections requires naming: both IP addresses and domain names. Security, of course, is essential for this all to work; DNSSec is a critical part of that.

The third watershed is cloud computing, or whatever you want to call the general trend of outsourcing computation. Google is a good example. Every organization uses Google search all the time, which probably makes it the most valuable intelligence stream on the planet. How can you protect yourself? You can’t, just as you can’t whenever you hand over your data for storage or processing—you just have to trust your outsourcer. There are two solutions. The first is legal: an enforceable contract that protects you and your data. The second is technical, but mostly theoretical: homomorphic encryption that allows you to outsource computation of data without having to trust that outsourcer.

Diffie’s final point is that we’re entering an era of unprecedented surveillance possibilities. It doesn’t matter if people encrypt their communications, or if they encrypt their data in storage. As long as they have to give their data to other people for processing, it will be possible to eavesdrop on. Of course the methods will change, but the result will be an enormous trove of information about everybody.

Talk #4: “Reconceptualizing Security,” me. It was similar to this essay and this video.

Posted on November 9, 2010 at 6:01 AM24 Comments


Imperfect Citizen November 9, 2010 7:17 AM

Great post. I really enjoyed reading about Kahn, I’ll get his book for sure. Interesting the behind the scenes business when he tried to publish it.

Diffie’s points were interesting to me. Trusting an outsourcer is tricky I would think. Especially when you are dealing with so many. And the enormous trove of information about everyone is still filtered through the hands of the ones gathering it. For example, I heard one observer say that they can’t audit my purchases remotely when I use a credit card. Another was complaining because the battery was dead on my cellphone so they couldn’t overhear my conversation with my doctor. So what do they report when they don’t have the primary data? If its a contractor prolonging a job and they don’t need evidence that someone needs to be watched do they sit down and make it up? The trove of information can be garbage data if the folks collecting it (the outsource point) are tied to profit margins and keeping jobs going. I think too the information trove is problematic in that NSA or whoever doesn’t have the time/energy to audit. So they probably outsource that too. They could have a trove of information that supports a contractors goal (to keep jobs/contracts coming in) rather than a national security goal.

will November 9, 2010 7:23 AM

did I miss you blogging that you were going?

Plugs for any events scheduled at Station X would pique the interest of your regular readers, Bruce!

Will November 9, 2010 7:30 AM

@Imperfect Citizen
“I think too the information trove is problematic in that NSA or whoever doesn’t have the time/energy to audit. So they probably outsource that too”

GCHQ are advertising right now for a map-reduce specialist. Don’t know if its a contractor, temp or permanent job though….

Alf November 9, 2010 7:41 AM

I attended the conference and it was real exciting and a real pleasure to visit Bletchley Park and see Khan, Diffie and Schneier together. All speakers where great, but Bruce’s was excellent.


Chris November 9, 2010 8:06 AM

I too was there and it was a great to see both Bletchley Park and all the speakers. Getting these great speakers at such a historic location must be another great secret!

Carlo Graziani November 9, 2010 8:30 AM

On talk #2, by Kahn: In my opinion, his title is backwards. The Enigma cracks were in fact a more important secret than the bomb, because:

(1) The bomb had no impact on the outcome of the war — Germany was never nuked, and Japan was already defeated by August 1945 — while the Enigma decrypts arguably were the essential ingredient without which Germany could probably not have been defeated in the West. Certainly the strategic deception campaign that proved crucial to the return of the Allies to Europe relied so completely on access to German command ciphers that it is hard to imagine the Normandy invasion succeeding if the Nazis had figured out that Enigma was compromised;

(2) The bomb “secret” was not much of the secret. The Soviets had the Manhattan Project thoroughly penetrated. Technical parameters, blueprints, manufacturing processes, test results, etc. arrived on Beria’s desk almost as soon as they arrived on Groves’. Admittedly the Germans were in the dark, though.

yibble November 9, 2010 9:12 AM

I was also at Bletchley Park on Saturday. It was a great day, amongst great company, and great history. Thanks very much for coming to speak to us.

Gutted. November 9, 2010 9:46 AM

Sounds great. I really wish I had gone. Some stellar names in a historically significant place.

Milan November 9, 2010 10:26 AM

For those interested in the history of British codebreaking, there is a good recent book out:

Richard Aldrich’s “GCHQ: The Uncensored Story Of Britain’s Most Secret Intelligence Agency”

There is a fair bit on keeping the Bletchley Park secret, as well as on the US-UK intelligence relationship.

Milan November 9, 2010 10:27 AM

Aldrich also describes the investigative journalism of people like Duncan Campbell and James Bamford – people who used open sources to reveal the true function of GCHQ for the first time. Aldrich claims that their actions “confirmed a fundamental truth: that there are no secrets, only lazy researchers”.

k November 9, 2010 10:44 AM

Re: Tzu’s book

pretty sure Sun is the surname, so as not to be confused with books by Laozi, Kongzi, Zhuangzi, Mozi, … 😉

Davi Ottenheimer November 9, 2010 12:03 PM

“As long as they have to give their data to other people for processing, it will be possible to eavesdrop on.”

Hmm, where does the “have to give” come from? I can understand the Google reference, but even that’s a choice. Who is forced to outsource and take risk against their wishes?

Mo-tzu November 9, 2010 12:05 PM

@k (and Bruce too):

“Tzu” (in Wade-Giles romanization) or “Zi” (Pinyin romanization of the same word) is actually an honorific indicating a philosopher, not a part of the personal name.

JohnW November 9, 2010 1:10 PM

‘Deceiving Hitler’ and ‘Agent ZigZag’, two must read books on these subjects. Very useful for even info sec people.

yibble November 9, 2010 6:33 PM

@Steve Parker. There was a recording set-up there. But as of yet, I’m not sure what’s happening with the footage. Whilst it will be nice for prosperity, it might have had an impact on proceedings. Notably far fewer questions were posed when compared with last year’s conference.

Pat Galea November 10, 2010 12:59 AM

A great day indeed. Each talk was great in its own way.

I was also lucky enough to happen to be in the Colossus room when Tony Sale was demonstrating to you, Diffie and Clarke. It was interesting to hear the kinds of questions you had for him. Sale is such an amazing guy.

will November 10, 2010 5:00 AM

@Carlo Graziani

biggest secret perhaps in terms of impact if the secret was leaked:

1) leak the decrypting: the germans change their machine, we eventually have to drop a nuke

2) leak the nuke: enemy can make nukes

Clive Robinson November 10, 2010 7:20 AM

@ will,

“2) leak the nuke: enemy can make nukes”

Err No.

At the time the Russians knew just about everything of importance that was known in Los Alomos almost before many of the scientists.

The reason was German born theoretical physisist Klaus Emil Julius Fuchs who was convicted of spying for the Russians in 1950 who was sentanced to 14years.

Even with this information the Russians did not produce a nuclear weapon in any form for some considerable time.

The reason is the industrial technical difficulties of getting the required materials of sufficient purity. The easiest way is currently believed to be with cascades of centrifuges to seperate U235 from U238. There are a number of ways this can be achived the method used by the South Africans was with a vortex in a system that did not have moving parts (however it uses something like 50times the power of electromechanical centrifuges). The down side of the electromechanical methods with moving parts is the criticality

Howevere at Los Alomos at the time the initial favourd method was electromagnetic seperation via the likes of the calutron which was basically a souped up mass spectrometer.

The manufacture of the calutrons was initialy not possible because there was not enough copper available in the US. Eventually a deal was done and the US Silver Reserves where used instead.

uk visa November 11, 2010 6:47 AM

At 11am this morning on the 11th of the 11th I sat silent for two minutes and thought of the fallen.
Whilst doing so my mind wandered to Alan Turing and his part in saving so many allied lives.
That he should then be persecuted for his sexuality is a terrible shame.
Maybe one day the US may be enlightened enough to have a ‘tell and tolerate’ view of such matters.

Sturgeon November 14, 2010 11:34 PM

As for Talk #2: “How the Allies Suppressed the Second Greatest Secret of World War II,”:

It wasn’t only the Allies that were reading the German codes, and kept it secret. Yes, you know this, and Kahn does, but there is large group that only know about the “Enigma”. Yes, Bletchley Park was a great operation, and for a long time not known.

In 1940 the Swedes broke the cipher used by the GeheimSchreiber Siemens and Halske T52 A/B, and later on other models; as I understand a more complex cipher than for example the “Enigma”. In fact it was done single-handedly by professor of mathematics Arne Beurling. It took quite some time for this Secret of World War II to become known as well.

One of the results was that Operation Barbarossa, the German attack on the Soviet Union June 1941, was well known by the Swedish authorities before it occurred. Then of course, one can always discuss the value of the intelligence gained.

The Ultra (“Enigma” et al) intelligence did indeed contribute to many Allied successes.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.