Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from this list
> -----Original Message----- > From: spooks-boun...@mailman.qth.net [mailto:spooks-boun...@mailman.qth.net] > On Behalf Of KD7JYK DM09 > Sent: Tuesday, November 13, 2012 19:59 > To: Shortwave Spy Numbers Stations > Subject: Re: [Spooks] WHY > : - obscurity is not security > > At what point would this occur? Before I answer, I just want to make absolutely clear a few things: 1) I'm *not* looking to pick a fight. It's 100% friendly :-) See? I'm smiling! 2) The answers I give draws example from practical communications (i.e.: SWL logs of DGI communiqués) and most of the terminology comes from contemporary communications theory 3) I'm sorry I'm long-winded, but I hope it's a fun read. With that out of the way, here we go!... "Obscurity" means "not unknown, but not well-known". For example, the Sun may be obscured by clouds but it does not negate the fact that the Sun shines; I might not speak Japanese, but given enough time with a Japanese-English dictionary, I can figure out what I have been told; and despite having told no one about their schedules, M08a, V02a, and SK01 activity has been spotted repeatedly and consistently enough that the SWL community (bonus points to Ary and ENIGMA for their newsletters) have figured out the weekdays, times, frequencies, and formats of said transmissions. "Security" means "not to be known except for the sender and the receiver". The etymology of "security" (if memory serves) comes from the Latin "sans" and "caro" ("without" and "care", i.e., the ability to be careless). I excerpt from A. C. Doyle (because I can't put it better myself): > ...who was it that wrote this note?" He [Abe Slaney] tossed it forwards > on to the table. > > "I wrote it to bring you here." > > "You wrote it? There was no one on earth outside the Joint who knew the > secret of the dancing men. How came you to write it?" > > "What one man can invent another can discover," said Holmes. For those who haven't read "Adventure of the Dancing Men", skip to the next paragraph - I don't want to spoil it for you ;-) For the rest of you, the message should be considered obscured because substitution cyphers are readily discernable. ROT13 would have been just as good (or should that be "bad"?) because... well, you've surely read Holme's monogram on the subject so let's just move on, shall we? For those of you who skipped the spoiler, welcome back. With DGI as the example, they are able to transmit their communiqués as recklessly as they want over [relatively easily accessible] shortwave because [1] despite the obscurity of Morse, Spanish, and RDFT; [2] despite the inconvenient dates, times, and frequencies; [3] despite the millions of SW radios capable of tuning in (even if entirely by accident); and [4] despite myriad logs of these overheard conversations; the messages' meanings are not readily apparent. The symbols transmitted ("dit"s, "nueve"s, and RDFT) are readily comprehensible, but we do not know with any certainty the significance of any symbol. It's a bit like hearing Klingon for the first time: each grunt is a symbol, the symbols have significance, and yet despite being interpretable, 99.9999995% of the world won't understand it. (And that's an optimistic figure!) Languages refrain (forcefully sometimes) from changing the significance of a given symbol so that the most number of people can send messages encoded in a common frame of reference (English, Spanish, Klingon, or what have you) and be interpreted from the symbols in order to obtain significance. It's so simple that even babies can pick up the pattern - precisely because it's a consistent set of symbols repeated over time. In secured communiqués, the significance of a symbol is obscured. Forget for a moment that I've just implied that "security is essentially obscurity" because... well, frankly, it is... but assuming that DGI isn't asleep at the wheel even a tenth as much as Pedro is at the controls of Radio Internacional de Espionage de Cuba, they would be using fully randomized one-time pads. These OTPs are known (to the sender and the receiver) but not well-known (everyone else). But, since one-time pads are (by definition) never reused and never printed more than twice, we can safely assume that no one (aside from the sender and receiver) can ever know the significance of each transmitted symbol. Finally, by randomizing the jumbles of numbers, each symbol's interpretation changes dynamically, symmetrically, and constantly. Put another way, the "language" changes: too quickly, too wildly, too gibberishly. (By the way... it's 10 o'clock. Do you know where your children are?) This is what separates obscurity from security: unless you were present at the printing press and managed to five-finger-discount an additional copy of the OTP, the likelihood of breaking through the layers of obscurity is so minimal that you might as well go play the lottery. Given enough time, paper tape, and replacement vacuum tubes (and money to pay for the electric bill), even Colossus could brute force all the security out of DGI's OTPs. You'd just get a gazillion possible results and no way of determining that any of the results are even remotely correct. And so, in conclusion, DGI *obscures* their messages by... - relying on the relative difficulty of obtaining, and the relative ignorance of, SW radio (Hooray for e-commerce and Wikipedia!) - not publishing when or where they will transmit (Thanks again, Ary) - transmitting Spanish (V02a), cut numbers (M08a), and RDFT (SK01) - transmitting varieties of messages (When was the last V02a Tx that had 9s???) and bogus messages ("Patticacke, patticake, baker's man" for all you fans of "The Prisoner") - and more things that I'm not at liberty to discuss (Ignorance is bliss; Knowledge is 25-to-life) ...but underlying all that is that DGI *secures* their messages by restricting who has the list of random numbers and what the jiggery-pokery between the OTP and the received message is. I hope my description of the distinction between "obscurity" and "security" meets with your approval (if not a standing ovation (-: See? I'm still smiling!) ✇KC2TTK P.S.: La próxima vez que haya un micrófono abierto, díganos «hola», Pedro :-) P.P.S: ...y suba esa miserable wattage, ¡coño! >:-( ______________________________________________________________ Spooks mailing list Home: http://mailman.qth.net/mailman/listinfo/spooks Help: http://mailman.qth.net/mmfaq.htm Post: mailto:Spooks@mailman.qth.net This list hosted by: http://www.qsl.net Please help support this email list: http://www.qsl.net/donate.html