Although I'm not a professional in the nuclear weapons field, I have done a fair amount of research on the subject of PALs (Permissive Action Links); you can find a summary of my results at http://www.research.att.com/~smb/nsam-160/pal.html. I'll be updating the page soon, to add more information I've received via FOIA and from published papers I've seen more recently, but none of the updates will change any of the discussion below. (The parent directory of my Web page discusses the possible relationship of PALs to the history of public key cryptography.)
The first thing to realize is that Blair's short note, on the 00000000 launch code, confuses PALs with "use control systems". A PAL is integral to the weapon itself; a use control system regulates the launch vehicle. This is important because PALs are within the security perimeter -- the tamper-resistant barrier -- of the bomb; if a bomb were detached from a missile, the missile couldn't be launched without bypassing the use control system, but the bomb could be detonated if other safety mechanisms were bypassed. These safety mechanisms are designed to reflect "human intent" and proper environmental conditions -- a missile-launched bomb, for example, should experience a period of high acceleration, then free fall, then decelaration and heat. But the inputs from these sources are outside the barrier, and hence could presumably be spoofed. For various reasons, I do not think these signals are cryptographically protected, though I've seen some indications (not yet on the Web page) that the human intent signal might be. (I should note that Blair is very well respected in this field; I cite one of his books in my bibliography. I'm frankly a bit puzzled by his note.) The second critical point about PALs is that they were *not* intended to guard against what I'll call the "Dr. Strangelove scenario". While there certainly was tension between parts of the military and the civilian authorities -- Curtis LeMay did his best to provoke World War III, and his successor as the head of the Strategic Air Command, Thomas Power, was described as worrisomely unstable by his own colleagues -- preventing such misbehavior was not the primary goal of PALs. If nothing else, President Kennedy never could have sold the idea to Congress under those circumstances. Instead, the problem was to retain U.S. control of nuclear weapons that were physically in the hands of our allies; furthermore, there was a desire to permit forward deployment of tactical nukes in West Germany, in positions that were at high risk of being overrun in the early stages of a Warsaw Pact invasion. The former was politically vital: not only was Congress concerned about our allies (France was seen as politically unstable; one of their own nominal nuclear tests was, in fact, scuttling a bomb before the rogue generals in the Algerian campaign could get hold of it), but German access to nuclear weapons was *extremely* threatening to the Soviets. (Think of Tom Lehrer's line in "MLF Lullaby": Heil--hail--the Wehrmacht, I mean the Bundeswehr and recall that this was less than 20 years after the end of World War II.) The Pentagon, on the other hand, was attracted by the forward deployment feature. It was geographically obvious that the West German frontier was indefensible against a massive armored invasion from the east, but it was politically impossible to state that or to act as if the real plan was to fall back to the Fulda Gap. The only solution seen was tactical nuclear weapons (which gave us such charming things as nuclear artillery shells and backpack-carried nuclear land mines). But these had to be deployed with the forward units, which might easily be overrun. Worse yet, a junior officer might use a nuke without authorization, out of desperation. PALs solved that problem, too -- the devices couldn't be used without the unlock codes, either by our forces or by the Soviets. To sum up (this note is already far too long; see my web page for details and bibliographic citations), the threat that PALs were intended to deal with was physical capture of the devices; it had nothing to do with our own launch officers. The Pentagon was very worried about PAL or procedural malfunctions preventing use of nuclear weapons (command and control of the military during a nuclear war -- including ending the war! -- is a subject that has received a great deal of study; there's a vast literature on it); given that, I'm not particularly surprised by the 00000000 code. Blair's 1977 article on the physical risk to our missile silos illustrated that there was a capture risk to them, too; official reaction was apparently swift and (at least partially) appropriate. Blair got it right; the Pentagon had been wrong. --Steve Bellovin, http://www.research.att.com/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]