“We’ve been working with our military partners to get them off key tape for, oh jeez, well over a decade; probably longer”
Neal Ziring, technical director of the NSA‘s Capabilities Directorate, is responsible for setting technical direction across the signals intelligence agency.
He joined Computer Business Review for a call to discuss the NSA’s efforts to phase out the use of punched paper tape to produce cryptographic keys.
(The interview came as part of our feature on the UK Key Production Authority’s work and the British crypto industry – the partner piece to this Q&A.)
How Many Punched Tape Keys Does the NSA Still Produce?
We can’t give you the exact figures of course, but at one point – the high watermark – we were probably in the millions a year. Now we’re down into the hundreds; the final production line is later this calendar year. And then we’ll probably have a party!
What’s the Background to Its Use?
It works in two kinds of ways historically. With a key tape there’s a hole or no hole; it’s either one or zero, right? There’s two things you can do with those ones and zeros: you can either use a length of tape as a one-time key, roughly equivalent to a one-time pad; then you use that to directly encipher your message. Or you can use information on a key tape as a crypto variable – as the key for a symmetric algorithm.
The first use as a one-time key was in 1917, when an engineer at AT&T patented the use of paper tape as an additive single-use key; you just XOR the bits in and if nobody knows the contents of your paper tape and it’s properly random, then you’ve got a effectively a perfect cipher… as long as your paper tape is long enough!
NSA used one-time key tape, or produced one-time key tape for our customers, up into the 1970s; it had to be pretty extensive sometimes, in case you had to encrypt a long message. [As a result] the blank tape by the 70s was not all paper, it was paper-mylar-paper sandwich for durability, and came on five-thousand foot rolls. That was for straight-up enciphering bits.
Then you can use the paper tape for the cryptographic key: we used it to initialise military cryptographic devices, because the paper tape was durable, easy to transport and lightweight. The reader to read it was inexpensive to manufacture even with the technology in the ‘60s and ‘70s and the precision didn’t matter. You could basically position it in the reader and pull it through. And even if you had some variation of speed it worked. So it was very durable and well suited to tactical applications. And that that was part of what really led to its popularity.
Was it Secure to Move Around?
Key tape segments were originally shipped around in plastic bags, until the spies Walker and Whitworth used to nick things out of the plastic bags, copy them and the Russians put them back in the bag. That raised the need to protect the tapes and kicked off NSA’s protective technology programs.
Ever since 1986, paper tapes are delivered in a tamper-resistant plastic canister that was engineered that you couldn’t take it apart without destroying it. There was no particular doctrine for this. It was just obvious to the recipient: ‘Hey, my plastic canister has been destroyed! Maybe I shouldn’t use this!?’
What Has Kept Punched Tape in Use for So Long?
Really it’s that military equipment stays in use for a long time. Once the military gets a tactical radio or something that they like, they tend to use it for a long while. We’ve been working with our military partners to get them off key tape for, oh jeez, well over a decade; probably longer.
We officially sunsetted [sic] key tape production as of December 2015. We’re in the process now of accommodating the last dribs of customers. We really are in the very last stages of getting our customers off paper tape!
The final production run will be completed this calendar year and the production organisation is in negotiations with the museum to see if they want the actual paper tape punching machine…
How Did You Make that Work?
We worked with, I would say dozens of military acquisition programmes, as part of a large umbrella program called ‘cryptographic modernisation’ and a programme called ‘physical to electronic transition’ where we’re trying to move our customers over from paper tapes over to electronic key management.
It’s very important for us to get in that upgrade cycle, so if they go ‘hey over the next 10 years we’ll be gradually replacing these radios with new ones’ we get in early and say ‘OK the new one is going to have electronic key management. Right. And let us help you with that work’…
That’s not the only aspect of modernisation. There’s all sorts of reasons to want a newer radio: newer RF wave forms; improved anti-jam and all sorts of other properties that the military wants also require them to upgrade their kit. So trying to surf that wave and make sure that when things are being modernized, that the key management and other cryptographic properties are also being modernised.
The Commercial World Seems… Much More Digitalised. Has the NSA Taken Any Lessons From it, or Does Expertise just Flow the Other Way?
Historically NSA, GCHQ: we’ve had to operate at a much higher level of security or cryptographic assurance than the private sector would have had to do. In recent years with banking and e-commerce and online banking and greater use of the internet we’ve seen that gap start to close.
Folks on the outside – particularly the financial sector- are looking at the same problems that we looked at, in terms of threat to key management, and insiders, and keying devices that are geographically distributed.
You see much greater use of asymmetric, public cryptography in the private sector, whereas military applications are still very much a mix of public key and secret key cryptography. So I think the military side still probably has more reliance on straight up secret key than our private sector counterparts.
We do learn from them and we talk to those folks though.
A critical lesson though, which we both learned along the way, is that key management really matters. It’s great to have a strong cipher and a good device in which to operate that cipher. But if you want good cryptographic security you have to have good key management.
What’s an Example of Bad Key Management?
Let’s say that you had a bunch of aircraft that were sharing a key that they used to communicate in a small net for that mission… an adversary managed to steal it six months ago and you’re still using it. Giving your adversary tonnes of time to try to compromise you, and get enormous gain out of that.
It’s completely analogous to the commercial situation of using default passwords. Everybody knows nowadays that that’s a poor hygiene practice, because you can allow someone to easily guess a password. The same sorts of silly things apply in the key management world.
Good Practice is…
One aspect of good practice that both we and the UK invest a great deal in, is basically the key accounting, or comsec accounting. The notion is that you know the keys that you produced. You know where they are; who was supposed to have them. If one of them was to get compromised and lost in transit, you know everyone else who is supposed to be using it and you could inform them and make them stop.
A nation that takes cryptographic security seriously, as we do and the UK does, you have to have that. Yeah that’s certain part of the cost of doing business. And when you’re in electronic world you’re doing electronic key management, that makes that easier than trying to track little plastic canisters as they go around the world.