On Distributed Communications Series
IX. Security, Secrecy, and Tamper-Free Considerations
III. Some Fundamentals of Cryptography
Digital Transmission
One reason cryptographic equipment is expensive is that it is necessary to convert all signals into digital form. (Digital operations permit complex cryptographic operational transformation of the data stream without irrevocable added distortion.) Today's cryptographic devices have not been designed as an integral part of any particular communications system, but, rather, are "black boxes" added onto communications networks designed for other purposes and other times.
In the all-digital system concept being developed, a potential savings occurs by combining the digital switching equipment together with digital cryptographic equipment. Such a combination, irrespective of potential savings offered, is not implemented without difficulty, for it represents the merging of two design areas historically kept apart, both managerially and technically. Probably, a prime reason that on-line cryptography has been so slow in developing is due to the tendency to fund communications systems under the service budgets, while the cryptographic devices used by these systems are supplied as government-furnished equipment by the National Security Agency (NSA). Hence, the true cost of the cryptographic equipment in a system is often not appreciated by the communications system designer, and feedback which would encourage better overall design of future systems by reducing the high cost of the cryptographic gear is lacking. Perhaps better systems would result if this suboptimization were avoided by making the hidden cost of the cryptographic equipment in each communications system more visible. Thus, in the development of the distributed network concept, it was felt desirable to include the cost of the cryptographic equipment as an integral part of the switching equipment.
Layers of Encryption
On-line cryptographic communications operation is defined as one in which information is inserted into a network in real-time, converted by cryptographic transformation, transmitted, received, decrypted, and output to the recipient without appreciable delay.
On-line communications traffic can be encrypted at several different stages. These choices might be labeled end-to-end, link-by-link, and, a combination of the two, double encryption (see Fig. 1).
>
End-to-End Encryption
In the end-to-end encryption, a cryptographic device is connected adjacent to the user and a reciprocal transformation device at the receiver. It is an economical way of using cryptographic gear where the two end-points have sufficient volume to warrant tying up the special terminal equipment on a full-time basis. Figure la depicts end-to-end encryption, in which the message and the crypto encoder reside in a secure area, as does the end addressee. The same data transformation device (key) must be available to both crypto units.
Cryptographic Data Transformations
A canonical form of cryptographic transformation uses two synchronized pseudo-random binary streams generated by two "key generators," one at the transmitting site, the other at the receiving site. Figure 2 shows the operation of this process. A short key-base contains the starting' and modification parameters of a key generator. The key generator creates a long non-repeating digital stream. This stream is then combined with the outgoing message by some logical transformation and the resulting stream, comprising the encrypted text, is transmitted. There are a few important points to be kept in mind. First, the key generator is presumed to have statistical properties that make it appear as a totally random digital noise generator. Secondly, in this scheme it is necessary that both key generators be fully synchronized, and that means be provided to cause the time base at the receiving end to coincide with the clock rate at the transmitter end. Third, the logical function combining text and key be such as to produce the same probability of transmitting a "1"for a "0" as for a "1". In Fig. 2, a "logical-add" circuit is used to perform the equal probability of transformation that allows reciprocal operation at the receiver. That is,
The truth table for the logical-add (
) is shown at the bottom of Fig.
2. If the message bit is "0" and the key bit is ''0'', the output is "0" if
the message bit is ''0'' and the key is "1", the output is a "1"; if the
message bit is a ''1'' and the key bit is "0", the output is "1''; etc. It can
be seen, therefore, that the logical-add operation is perfectly reciprocal when
the key is again added to the encrypted text. The message bits emerge in their
original form. Other more complicated "operators" can be used in lieu of the
logical-and circuit. (For example, see the Appendix.)
While it is theoretically possible to write an unbreakable cipher merely by using an infinite-length non repeating key, it would be necessary to have a copy of this key at both the transmitting station and at the receiving station. At the high data rates being considered, this data storage requirement proves to be impractical. Therefore, the alternative of creating a long key from a relatively short key base has been chosen. It is possible to generate a long mathematical series or string of bits from a moderate-length key base. The length of the key should be chosen such that the series does not repeat or reveal periodicity before the time the key is changed. Thus, for example, a new key base can be inserted into the key generator daily and the receiving crypto system synchronized to match the time base at the transmitting station. The length of a series that can be generated by a set of digital elements cannot be greater than N2N,[1] where N is equal to the number of flip-flops or storage elements used in the circuit creating the series. This means that extremely long sequences can be created that do not repeat, using a relatively small number of storage cells. For example, if N = 50, then N2N is equal to more than 50,000,000,000,000,000. Or, maximal sequences up to this length can be created. Not all such sequences would, however, be usable, because their statistical properties would reveal the construction of the generator function.
Link-by-Link Encryption
Link-by-link encryption, as shown in Fig. 1b, is used when there is not sufficient traffic to warrant a full-time cryptographically-secure circuit between two subscribers. Thus, one key is used between the subscriber and his relay station, separate keys between each pair of relay stations. In such a system, there is an underlying assumption made that each switching center, together with its cryptographic equipment, is located in a secure area and only trustworthy, cleared personnel ever have access to the text which may be in the clear while passing through the switching center. Because of the different transmission time delays and the problems associated in providing a separate set of keys between each originator and every possible end addressee, it must be assumed that each switching center or station, together with its crypto equipment, is located in a secure area. Thus, messages generated in the clear are encrypted and sent to a switching center. Next, each message is decrypted, the address is used to set up the proper outgoing line connection, and the message is sent to the next station. The assumption of absolute security is not always a safe one to make in handling extremely sensitive information. Thus, it might be said that the chief limitation of link-by-link encryption is in the reduced security offered messages passing through several tandem switching centers. Traffic flowing throughout the entire network is openly readable by those inside any switching center--a highly undesirable possibility. Worse yet, as the complexity of the switching networks increases, the number of intermediate switching stations also increases. A point is reached where it becomes almost foolhardy to rely upon this technique alone for protection.
Double Encryption
Double encryption is a combination of end-to-end encryption for the text and link-by-link encryption for the message heading plus the encrypted text.
Figure 1c exemplifies double encryption. The first encryption operation is for text only, the second layer of encryption is for both the text and the heading. Headings must be available in the clear at the switching center in order that the switching center have the necessary information to route traffic.
[1] Assuming that the sequence generator is exactly equivalent to a nonlinear shift register.