Some comments from about a decade ago. The way it used to work in the Army (that I was in) within a battalion, is that there was a little code book, with a sheet for a 6 hour stretch. Each sheet has a simple matrix for encoding letters, etc. Everyone had the same sheet, and they were created centrally and distributed from there. If any sheets were lost, it was a major disaster.
All soldiers were taught to code up the messages, it was one of the more boring lessons. In practice, corporals and seargeants did most of the coding, but it was still a slow and cumbersome process. For most of the communications needs, soldiers talked in the clear, using a set of code words that never changed. For example, Sunray is the unit commander. This wasn't for the purposes of security, but for clarity. Only reports were encrypted. Radios were huge, heavy, and didn't have much facility. They were always giving problems, and soldiers for the most part didn't understand their purpose (in the way that they clearly understood what a weapon was). I wasn't so much into professional crypto back in those days, but thinking back, it would be a seriously hard task to put net-quality crypto into tactical comms. Consider these difficulties: it was *banned* to use any form of comsec that wasn't centrally approved. No personal code words, no CB radios, no knicknames, no nothing... (In practice there was some leakage, I recall on my last exercise, logistics back to the battalion HQ in the city was handled over a cellular phone!) The standard radio had to be purchased from a military supplier - like Racal - and the procurement process was probably 4 years long before the first units hit the troops. During that time there could be a revolution in the way comsec could work, if one were to learn anything from the lessons of SSH, etc. Each radio was meant to last at least 20 years... Further, whatever was put in place had to be handled by soldiers. Count them as approximately as technically adept as your grandma. If she can't be taught to do it on pencil and paper, then the soldiers can't be either. As we haven't managed to get our respective grandma's using crypto on the net, yet, that would suggest why the military hasn't had much luck at the infantry level, either. (Airforce and Navy are somewhat different of course, as are armoured vehicles. They have portable infrastructure that infantry don't have.) Adam Shostack wrote: > > On Mon, Mar 31, 2003 at 01:17:43PM -0500, Peter Wayner wrote: > | He went on to talk about "crypto" as if it was something like fuel or > | food. He said, "They probably loaded up 4 or 5 days of crypto at the > | beginning, but then they had to turn it off after the supply lines > | got muddled." Makes sense, the troops probably carried the code books for the next 4-5 days, but comsec probably ruled out any more than that. Then, when that "ran out" the staff discovered that the new code books couldn't be distributed to all the soldiers. Without all of them on the same system, switching to clear would have happened like an epidemic across the force. > (Of course, if they just put the crypto on smartcards, or key fobs, > you could likely carry a month or three worth of crypto with you, but > then they wouldn't know what had happened to every key out there. Exactly. One of the things soldiers are trained to do is, after a successful action, secure the enemy's radios and try and recover their codebooks or codes. A fob or smartcard would be just like that, a token to be captured. Once captured, this would let one into the net. A big prize. So, in practice, the commsec people would not accept this solution. They would know that any pin would be listed in a plastic covered page in the radioman's notebook. > Clearly, its better to have unencrypted comms where you know they're > insecure, rather than low assurance secure comms. For some threat > models that I disagree with, anyway. Tactical security means where there is only a matter of hours where the information should be kept discrete. -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]