Satellites and SIGINT

From the blog:

Full article here:


Signal intelligence 101: SIGINT targets

In order to start a series of articles about the American signal intelligence satellites, written with guest author Rob1, I thought it could be interesting to give some background on what those satellites listen to. So here is a quick overview of the various types of signal intelligence targets, with an emphasis on the Cold War period.

Historical Context

The discovery of radio waves revolutionized communications. Instead of having to transport messages by horse, train or plane, and instead of having to build long telegraph lines, it became possible to transmit information instantaneously between two points without any infrastructure in-between.

The advantage was obvious, especially for military applications. Remote outposts, ships at sea, and planes, could easily receive their orders and report their status. Conversely, being able to intercept those communications became equally critical. During World War II for instance, the Allied forces put a lot of resources in intercepting and decrypting German and Japanese communications. After the war, the political situation changed, and for the Americans the USSR became the focus of their intelligence effort. The closed nature of the Soviet government and society made it a tough target to crack. US diplomatic presence, and US spies in the Eastern bloc, brought some light on the Soviet activities, but much of it remained inaccessible.

To gather more information, the US turned to signals intelligence (SIGINT) – the collection and analysis of electronic emissions – in order to answer the most pressing political and military questions. Because SIGINT relies on collecting signals from targets, different questions will result in collection against different targets. A few of those targets are listed below, with a bias towards installations targeted by the USA in the Soviet Union.

Read the rest of the article at it’s source:

Updated version of DRYAD generator

A “Bombe” early computer, used to break the German Enigma code

After I released the DRYAD generator, I received  few reports that it would generate the same output every time.    This is not good, even for training.   Work, family, and life put my programming efforts on the back burner for a while.   When I finally got back to it, I discovered that I committed an amateur programming mistake. 

I forgot to seed the random generator

Computers are “deterministic” machines.   That means that every action has a predictable action, or that the actions are “determined” by the programming.   That is a good thing because computers would not be very useful if their output changed at random.   However for generating cryptographic materials you need good randomness.   In order to create the appearance of randomness computers use a “Pseudo Random Number Generator” (PRNG).   A PRNG basically takes a number as input called the “seed”, and then runs it through a complicated series of mathematical equations that gives you a result that seems random, with no correlation to the input seed.   For example, a seed of “1” might yield a result of “72542” while a seed of “2” might result in “17”.

My DRYAD bug

I forgot to add a line defining a seed, so most likely it would default to “0”
resulting in the same DRYAD page being generated every time the program was run.

The Seed is the key

In order to get pseudo randomness that does not repeat, many programming classes teach using a value of time as the random seed.   Computers keep time by counting the number of seconds since some predetermined date/time reference (called an “epoch”)
Since real time does not repeat I.E. it will only be 12:01 PM on January the 1st, 2017 once, using it as a seed guarantees that our seed is never repeated.   
This is what I have added to the 1.01 version of the DRYAD generator.
Link HERE!

While it is pseudo random, it is still not good enough

While this is unpredictable enough for video games and entertainment, it sucks for real cryptography.   For a single line on a DRYAD sheet, there are 403,291,461,126,605,635,584,000,000 possible combinations.   That is over 403 Septillion combinations.   However there are only just over 35 million seconds in a year.   If you know the formula a given crypto uses, and you know it uses “time” as the seed, then you can run the formula and simply increment the seed, starting at the earliest possible time the computer was used.   A modern computer can test years of “time” based seed in a few minutes, leaving a searchable database of every possible DRYAD sheet that could be generated in a given year.   Not very secure by a determined adversary.

This is why the current version of the DRYAD generator should be limited to training purposes ONLY!

I hope to have an improved version later that will solve the “seed” problem.
An ideal crypto-secure seed would come from a very large unpredictable source.   Government grade high level crypto use special devices that use an “entropy” source.
“Entropy” is defined as “lack of order or predictability.”  

Imagine a very sensitive thermometer that can accurately read to 1/1000 of a degree.   If that thermometer is in a computer case, it will measure the fluctuations of temperature inside.      The temperature is affected by ambient room temperature, how hard the CPU and graphics cards are running, fan speed, etc.   The temperature can fluctuate by as much as twenty degrees.   twenty degrees doesn’t sound like a lot, a fluctuation between 100.0001 and 100.9999 degrees overs a much larger range of unpredictability. 

Government certified entropy devices have been designed AND tested to insure that they are truly entropic (unpredictable) and evenly distributed. (if they generate a number between 1 and 10, a sample of a million tests should have roughly equal quantities of each value.)   

Because of the value of entropic seeds in generating random numbers for cryptography, most modern computer operating systems now have “entropy pools” to be used in seeding PRNGs.   These entropy pools combine mouse movements, keyboard timings, temperatures, hard drive seek times, and other unpredictable sources to populate the pool.

The next version of the DRYAD generator

I hope to include strong entropy and a better PRNG for the next version of the DRYAD generator.   After that, I hope to add a GUI.   I won’t put a timeframe on it, because if I do, life will guarantee that I won’t make the deadline.

P.S.   The big numbers:

The number of possible combinations on a single DRYAD line:
aka 403.29 Septillion

The number of possible combinations for a full DRYAD sheet:
I can not count that high.   

Number of seconds in a year: (and possible time based random seeds for a given year)
aka 31.54 Million

Estimated age of the universe:
13.82 Billion years old
Number of Seconds in the universe so far:
About 484,000,000,000,000,000
aka 484 Quadrillion
aka orders of magnitude fewer seconds in the history of the universe, than possible combinations for a single line of a DRYAD sheet!