Thursday, August 10, 2017

Secret Splitting Revisited

I wrote about secret splitting some ten years ago and decided to fresh things up and create a new easy-to-use template. You only need a pen, paper and first grade math to obtain absolute security. But first, a quick reminder on what secret splitting is, how it works and why everyone should know this interesting system.

Secret splitting (also called secret sharing) enables you to split a secret code into multiple shares and give those shares in the custody of several persons. Retrieving the original code is only possible if the shareholders agree upon putting their shares together. The secret could be the code to a combination lock, safe deposit box, electronic key or password. You can split passwords to access a computer, encrypted files, a digital lock to enter a building or disable an alarm system.

An interesting property of secret splitting is that more people with shares means more security, because more people have to agree on putting their shares together, which is the opposite of sharing the secret itself, where more people means more risk.

There are many useful applications for secret splitting where you need to delegate access to your secret code in a specific situations. You can appoint several persons that will be able to open your safe with money or critical information in case of emergency. None of them can act alone and a single trustworthy person among them is enough to prevent misuse.

A parent who has stored his money, documents or valuables in a safe deposit box can split the number combination and all children receive a share. In case of emergency or the parent's decease they can only access the safe when all of them agree upon opening the safe. Each shareholder can even split his own share again into two shares, to hide his sub-shares separately as backup or destroy his original share and store his sub-shares at different places to increase security.

You can use secret splitting for secure remote delegation through insecure channels. Create a share for yourself and one or more shares for other persons. This way, you can be on the other side of the world and send your share to all other shareholders to give them access to a computer file or the pin code of a credit card, to name a few. The shareholders can only retrieve the code at the moment that you decide to give them your share and they all need to agree. You can use any insecure method like e-mail, chat or telephone to send your share, because that single share never reveals any useful information to an eavesdropper.

The template to create your own secure shares (download pdf here)

For our template we use the method where all shares are required to retrieve the original. It is mathematically impossible to retrieve the original if a single shareholder refuses to disclose his share. This method is information theoretically secure, read unbreakable.

There is another method, called secret splitting with threshold, which requires less shares than the total number of shares to retrieve the original. It's security is based on mathematical complexity. Unfortunately, this method does not guarantee information theoretical security.

Of course, you cannot simple cut a code or password in half or quarters, as this would reveal at least part of the code and provide clues to find the rest of the code or reduce the number of combinations to try out. The secret splitting we use is based on the principle of one-time pad encryption and all calculations are performed modulo 10 (addition without carry and subtraction without borrowing). The secret code is encrypted with one or more truly random keys and, in contrast to sending the encrypted secret to the receiver, we use the random keys and the encrypted code as shares.

We can only retrieve the original code when the encrypted code and all keys are put together. Take one share out of the equation and it will be mathematically impossible to decrypt the code. The only requirements are the use of truly random digits and, obviously, secure physical separation of the shares. The small number of required truly random digits are easily generated manually.

Secret splitting may sound complicated but it's quite simple to apply. If you can add and subtract, then you can create secure shares, and all it requires is a pen and paper. You can download the new version of the easy-to-use Secure Code Splitter which comes with clear instructions and examples, a blank calculation sheet and share template. More to read about secret splitting at my website.

Wednesday, July 26, 2017

Martha Peterson and TRIGON

Martha Peterson on her
1975 Russian driver license
The story of CIA operations officer Martha Peterson Shogi and her work related to Soviet spy Aleksandr Ogorodnik is quite remarkable and also sheds some light on how the two communicated in Moscow.

Martha 'Marti' Peterson, née Denny, met her first husband John Peterson at Drew University and married him in 1969. John enlisted as Green Beret to serve in Vietnam and was later hired by the Central Intelligence Service for covert operations in Laos. In 1971, Martha and John travelled to Laos. John was killed one year later in a helicopter crash during a mission Laos.

In 1972, the CIA recruited Aleksandr Ogorodnik, a Soviet diplomat at the Soviet embassy in Bogota, Colombia. He was given the codename TRIGON. Ogorodnik provided the CIA with communications between Soviet ambassadors in South America, giving the CIA an insight in Soviet foreign politics. In 1974 he was recalled to Moscow to work at the Soviet Ministry of Foreign Affairs. His new job provided him access to communications and reports of Soviet ambassadors from all over the world. The CIA struck gold.

Aleksandr Ogorodnik
Before leaving to Moscow, the CIA provided him with a pen with miniature camera to photograph documents, a schedule to make dead drops, special carbon paper for invisible writing and trained him in the use of these materials. Ogorodnik also insisted on having a suicide pill, to use in case he got caught. CIA provided him with such so-called L-pill, concealed in a pen.

Martha Peterson returned to the Washington after her husbands death and applied for a job at the CIA. She was hired as CIA operations officer and agreed to be sent to Moscow. She received operational training and took a Russian language course. Peterson arrived in Moscow in November 1975. At the age of 30 she became the first ever female CIA officer to be stationed in Moscow and was now responsible for the exchange of communications and spy items with TRIGON.

Peterson had an important advantage over here male CIA colleagues. The Soviet Intelligence Service did not believe that an American female would be a CIA officer and assumed that she was a low level clerk. Peterson was therefore never under surveillance and, in contrary to other CIA officers, could travel around Moscow without being followed.

Peterson never met TRIGON in person. He delivered photographed documents and messages through pre-arranged dead drops, mostly in parks. After extensive surveillance detection runs she collected the content of the dead drop a short time later, at the same time supplying him with a new pen-camera with film, instructions and one-time pad duplicates through that same dead drop which he in turn collected later on.

TRIGON used the one-time pads to decrypt messages that he received trough CIA numbers station broadcasts from West Germany. During such operations, Peterson always wore an SRR-100 surveillance receiver to intercept and detect KGB surveillance communications.

In early 1977, the CIA started worrying about the quality of the material that TRIGON provided and grew concerned about his security. Eventually, on June 26, TRIGON failed to retrieve a dead drop and there was no more communications. TRIGON neither showed up after a numbers station broadcast, instructing him to meet at a pre-arranged location on July 14.

In the evening of July 15, after the usual surveillance detection runs, Peterson arrived at the Krasnoluzhskiy railroad bridge over the Moscow river, near Lenin Central Stadium. At 2230 hours she placed a dead drop package, concealed as a hollow piece of concrete, in a niche in one of the bridge’s towers. As soon as she walked out of the tower she was grabbed by three men who immediately strip-searched her, took photos and put her in a van that drove straight to Lubyanka prison in KGB headquarters.

KGB photo of Martha Peterson's apprehension at the Krasnoluzhskiy bridge

Martha Peterson during the interrogation at Lubyanka prison
Peterson's arrival for interrogation was filmed (see video at 48:58). She was interrogated while all items from the dead drop package and her SRR-100 receiver were displayed in front of her.

The U.S. Consul was summoned to Lubyanka prison to explain who she was and what she was doing. The KGB had no other choice than to release Peterson because she had a diplomatic status as vice consul (which of course was a cover for her CIA work). She was returned to the U.S. embassy and flown to Washington the next day. Declared persona non grata, Martha Peterson would never return to Russia.

The displayed espionage items, retrieved from the dead drop, and the SRR-100 receiver

In 1978, the Soviets released the story in the Izvestia newspaper and the heavily publicised spy case also ended up in U.S. press. The Soviets alleged that Peterson smuggled poison to kill a Soviet citizen that interfered with a spy's criminal activities (see Washington Post archive June 13, June 15 and June 21, 1978). These accusations at the height of the Cold War were later proven false by the KGB itself.

The fate of Aleksandr Ogorodnik was unknown until the Soviets aired the 1984 TV series TASS Is Authorized to Declare (also on Youtube). Its script was almost a copy of TRIGON’s story. In that movie, the spy committed suicide during interrogation with a pill from his pen. KGB accounts confirmed that Ogorodnik was arrested a month before Peterson got caught. During interrogation, he pretended to write a confession, took the special pen and quickly used the L-pill.

However, even today accounts vary on what actually happened to Ogorodnik and some even believe that he was killed by the KGB. We will probably never know the real story. The CIA believes that Karl Koecher, an agent of the Czechoslovak intelligence service StB that infiltrated the CIA as translator and analyst, betrayed TRIGON to the Soviets.

Martha Peterson continued to work as CIA officer in operations, including 10 years of foreign assignments, married her second husband Joseph Shogi in 1978 and retired in 2003 after a distinguished 32 year career in the Agency.

More about Martha Peterson at her website Widow Spy, which is also the title of the book she wrote about her CIA career and the TRIGON case. The CIA published a short Featured Story on TRIGON. CNN's DECLASSIFIED page tells how she revealed her secret spy life to her kids, including several images of her Moscow era They also aired Trigon: The KGB Chess Game.

An account of Peterson's arrest is found at the The Espionage History Archive which also has the Russian view on the death of Aleksandr Ogorodnik. There's also a Russian documentary. More information about the equipment, used in this spy case, is found at the Cryptomuseum website. Numbers-station.com published TRIGON Numbers Station and on my website there's more on number stations and the use of one-time pads.

But who can explain everything better than Martha Peterson herself. The Spy Museum published the podcast Caught by the KGB where she tells about how she was captured by the KGB. Below her fascinating account (direct link) of her time in Moscow as case officer with many details on TRIGON. Highly recommended!

Wednesday, February 15, 2017

Crypto Box Challenge Solved by George Lasry

George Lasry
Great news from the Crypto Box Challenge, as George Lasry from Israel solved the final box! He's only the sixth person in more than nine years to complete the challenge. He took on the challenge in 2013 and, after various side tracks, including the completion of the Enigma Challenge, he succeeded cracking that last box.

George Lasry is a one.of-a-kind hobby cryptologist who evolved quickly into a well respected member of the classical cryptology community within a mere three years. It's the amazing story of a man who was searching for a new job in software development. Meanwhile, he wanted to train his programming skills and his interest in the Enigma machine lead him to the crypto challenges on my website. The Crypto Boxes were his first encounter with historical cryptography but the final box however proved a nut too hard to crack.

Giving up was not his cup of tea, so he started experimenting with various cryptanalytic techniques and quickly solved the complete Enigma Challenge with software he developed on his own. In search of new challenges he learnt about many cryptanalytic techniques and implemented various different types and combinations in his ever expanding software. Some other side tracks were the Mystery Twister C3 and the strong Double Transposition Challenge.

Searching a solution to a complex cipher is not simply writing some software to search for the solution or the proper key. It involves the development of complex fast algorithms for an exhaustive search, tailored for a specific problem, in combination with various methods to measure the success of the ongoing process and to proceed on a successful track.

The Crypto Box
He experimented with hill climbing, simulated annealing and used bigrams, trigrams, quadgrams and log quadgrams. A recent paper by Olaf Ostwald and Frode Weierud, Modern Breaking of Enigma Ciphertexts, explained the use of hexagrams. George had excellent results with this technique but the final Crypto Box remained unbroken. George finally solved the stubborn box on 14 February with a variation of simulated annealing, based on James Cowan's "churn" method, and even found three different keys to solve the box.

His journey through classical cryptology also draw the attention of some experts. George teamed up with German researchers and was encouraged to publish his techniques in the renowned Cryptologia journal. He started a PhD thesis and continued to solve various tough crypto challenges. His solution of the Double Transposition cipher caught the eye of people from Google, which eventually lead to his recruitment by Google.

I'm quite pleased to hear from George that my Crypto Box Challenge was his first encounter with classical cryptography and that the website inspired him to experiment with various cryptanalytic techniques, resulting in the successful decryption of the final Crypto Box. Congratulations George!

More about the challenges at Cipher Machines and Cryptology.

Thursday, November 24, 2016

Operation Vula's Secure Communications

Operation Vula was the creation of an underground ANC leadership with supporting secure communications network in South Africa to fight against the apartheid regime. The operation ran from 1988 to 1991 and is also the fascinating story of Tim Jenkin, who played a key role in providing secure communications.

Tim Jenkin today
Tim Jenkin came into contact with the anti-apartheid movement when he visited the African National Congress (ANC) office in London. He was eager to support the fight against apartheid. Jenkin was trained in covert operations and returned to South Africa where he and his good friend Stephen Lee started underground work for ANC in 1975. They ran a propaganda shop but got arrested in 1978 and were sentence to respectively 12 and 8 years imprisonment. Amazingly, they escaped 18 months later from a Pretoria high security prison with keys that Jenkin made out of wood. This gives you an idea of how creative he was. Jenkin left South Africa and made his way to the ANC office in London where he became a trainer for underground operatives.

The ANC leadership had fled to Lusaka in Zambia after many of their leaders and members were jailed or tortured. This left the ANC with no representatives in South Africa. Among the exiled members were ANC president Oliver Tambo, commander of the military wing (MK) Siphiwe Nyanda and ANC strategist Mac Maharaj, whose mission was to revive the freedom movement and ignite revolution in South Africa.

This proved to be a mission impossible because of the problems to communicate and coordinate with the few ANC members that were still in South Africa. In the mid 1980s, communications between London, Lusaka and operatives in South Africa were still protected by manual one-time pad encryption that was too cumbersome for long reports that took many hours up to days to encrypt by hand.

Oliver Tambo tasked Siphiwe Nyanda to join MK's Chief of Staff Joe Slovo in starting up Operation Vula. The goal of this extensive operation was to set up a secure covert communications network and to smuggle ANC leaders and weapons into South Africa to install a leadership that would take over command of the underground work. This is where Tim Jenkin comes into play.

Jenkin met Mac Haharaj while training ANC agents on radio communications in Lusaka. Haharaj asked him to set up secure communications between covert operatives in South Africa and the ANC office in London. At that time, Jenkin was experimenting with computer communications. Personal computers were quite a novelty in the 1980s but handyman Jenkin developed one-time pad encryption software that used floppy disks, filled with random data, to serve as key. During encryption, used key bytes were automatically wiped from the disk, making the system unbreakable. The software also increased encryption speed for Vula messages considerably, compared to the slow pen-and-paper system.

Jenkin's office in London, nicknamed GCHQ (after the British Signals Intelligence organisation) served as the main Vula communications hub for messages between London, Lusaka and South Africa. In his computer shack he developed, tested and ran secure communications to cope with the increasing amount of reports from and to the ANC underground leadership.

Tim Jenkin in his communications hub

Jenkin devised a system to convert encrypted message digits into DTMF (dual-tone multi-frequency) telephone dial tones that were then recorded onto cassette tapes for transmission by pay phone later one. They provided ANC operatives with several DTMF tone generators that were disguised as electronic calculators. Later on, they dropped the method of manually keying in the DTMF tones and drastically increased communication speed by  recording the computer modem sound directly to tape.

Conny Braam, a Dutch anti-apartheid activist, became responsible for the Vula logistics. She ran a network of people that supported the entire operation. First task was to get the network running. She had to find someone to travel several times a month between Amsterdam and Johannesburg. Air hostess Antoinette Vogelsang volunteered as courier. Being an air hostess, she didn't had to go through airport checks and could safely smuggle into South Africa the Toshiba laptops and software that secured the network. She also provided the communication hubs with a regular supply of floppy disks, containing new one-time pad keys.

The Dutch Lucia Raadschelders was sent to Lusaka to run a communications hub from a small house in the slums. She also served as contact between Jenkin and ANC headquarters in Lusaka. Janet Love, the ANC underground operative in Johannesburg switched from the slow manual one-time pad encryption to its fast computerised version. Everything was finally up and running. In 1988, Mac Maharaj and Siphiwe Nyanda  were the first Vula leaders to clandestinely infiltrated into South Africa.

Meanwhile, Janet Love's communications hub in Johannesburg was also operational. Tim Jenkin received the first long reports from Mac Maharaj a few weeks later. ANC's freedom movement finally was able to communicate securely with Jenkin's London office as central hub. From then on, Janet Love encrypted all Johannesburg messages and recorded the computer modem sound on cassette tape.

The operative in South Africa chose a random pay phone to call an answering machine in London and played back the tape with the message that he had encrypted and recorded earlier. The London office checked the message and called the operative's pager with a specific code to signal that the message had arrived well. London then relayed this message to, for instance, ANC headquarters in Lusaka.

The London office also used a specific pager code to warn operatives in South Africa that there were messages for them to receive. To retrieve a message, the operative again chose a random pay phone and called another answering machine in London on which the London HQ had recorded an encrypted message from Lusaka or from other operatives.

From the manual encryption of long reports, taking many hours to encrypt and days to get across, they now were able to get a message to London in one or two hours. Jenkin relayed the messages almost real-time back and forth between the ANC headquarter in Lusaka and the operatives in South Africa. The South African security services could not track these messages as they were sent anonymously from randomly chosen pay phones. It would require them to monitor each and every pay phone and even if they managed to intercept such a message, it would merely contain what seemed like unintelligible fax or computer tones, giving them no clue about their purpose.

Mac Maharaj succeeded in setting up covert communications with the imprisoned Nelson Mandela through his lawyers. By then, the South African government held secret talks with Mandela, who they believed to be clueless about the situation in the country. Little did they know that Mandela was in direct contact with ANC president Oliver Tambo and a well organised underground leadership. In fact, without realising it, the apartheid regime was negotiating directly with the ANC. When Nelson Mandela was released from prison in February 1990, the Vula operation continued underground to protect the actual leadership and its communications with Mandela.

The operation was eventually compromised in July 1990 after the police followed Siphiwe Nyanda and discovered encryption disks and plain messages in a Vula hide-out. Mac Maharaj, Siphiwe Nyanda and six other Vula members were arrested and imprisoned. Others fled the country or went into hiding. Despite this setback, Tim Jenkin was able to reboot the Vula network within 24 hours. All Vula members eventually received amnesty as part of the political transition that lead to the end of apartheid.

Tim Jenkin's story is an amazing example of people with no background in intelligence, espionage trade craft or secure communications who used their creativity to set up an ingenious international secure network that changed South Africa's history. It should be noted that their communications system, which was quite novel and therefore secure in the 1980s, would pose serious risks in today's world with advanced signals intelligence capabilities, ranging from hacking computers to extensive electonic surveillance and geolocation.

Tim Jenkin's story of operation Vula is published at the ANC website (alternative link here). More details about the encryption systems and equipment at the web page How the ANC sent encrypted messages. Below an excellent eNCA documentary about operation Vula. Additionally, you can watch a NGC documentary of Tim Jenkin's escape from Pretoria prison.

Sunday, November 13, 2016

Tatjana J. van Vark at Secret Communications 2

The Crypto Museum and the Foundation for German Communication and Related Technologies again teamed up to present their second Secret Communications exhibit. This unique and meanwhile international event brings together the finest pieces of historical crypto and covert radio equipment, some of which has never been on public display before (non-exhaustive list here). I visited the opening day, but the collection can be visited two three (!) more days in the coming weeks. Due to its immense success, there will be an additional exhibit on January 14!

This year, they have the honour of receiving Tatjana Joëlle van Vark, a Dutch lady who is impossible to introduce in a few words. On November 12 she gave a demonstration of her amazing hand-crafted Cryptograph machine and we were fortunate to talk with her. She will give a second demonstration on December 3.

Although inspired by the German Enigma Machine, the Cryptograph is quite different and more complex in mechanical design. Her machine includes encryption of letters, digits and punctuations, a printer and paper tape puncher and reader.

Tatjana explains the mechanics of the Cryptograph

Some call it a Super Enigma, but I prefer to see it more as a piece of art work. Tatjana is a lady that strives for perfection and beauty. The sophistication and attention to detail are a crucial part of all her projects and the hallmark of her work and philosophy. From the tiniest metal parts, over tidy packed wiring to the shiny instrument panels, it all breaths perfection.

The Cryptograph. An art work of electro-mechanical design and beauty

Personally, I believe that somewhere along the line we lost the desire to create beauty in every-day items. Everyone knows those old radios, from little design pieces to beautiful wood crafted receivers, but also the gracious curves of kitchen machines and other household items, all produced with excellent and durable materials. This craftsmanship and design has almost become a lost art. Sadly, today's products in simple plastic boxes are often a hymn to cheap mass production.

Not so with Tatjana J. van Vark! Her projects arise from her imagination and are shaped and developed solely in her mind. She doesn't use technical drawings or plans and works straight from her memory! She has what we can call a beautiful mind, supplemented with skilled hands that put raw materials into all kinds of precision parts, assembled into devices that are no longer simply functional objects but true pieces of art. The true art of creating things.

The Cryptograph printer. Perfection as only to be found in scientific instruments

Talking about Enigma, Tatjana is above all an enigmatic person. Her interest in scientific instruments as a child evolved into scientific work for technology firms, government and military. Her work includes such a wide range of science and technology that can only be explained by her drive to understand and learn all and everything. Power systems, electronics, telephone switching, instruments for the pharmacy industry, aircraft avionics, radar and weapons control, navigational equipment, optics. You name it, she did it.

She explained to me that you can create anything, as long as you learn enough and think enough about it. Now that's the spirit of a true explorer. I can only end with admitting being really jealous of that lady's talents.

You will have another chance to meet Tatjana J. van Vark and her Cryptograph on the last day of the Secret Communications exhibition on December 3. If you can't make it to the exhibition, then you should visit Tatjana J. van Vark's website and her amazing collection of home brew instruments with many amazing photos (make sure to click each image for more details) or visit her page at the Craftsmanshipmuseum. The short documentary Myth of a Magistra (incl subtitles) shows some of her extraordinary work.

Much more to discover at Secret Communications 2

More information about the unique Secret Communications 2 exhibition, its amazing list of displayed items and directions to its location near Amsterdam in the Netherlands at this link. Be advised that roadworks are in progress near the exhibition and alternative directions are available.