I DOCI UlUlUVlDUlUl 15lBlDlBVU Ul 15UllB lDWV l l15lDWl l15 l lQ W15GBPi1l 15 f WGBPi1W l1 Wl 1st Issue 1988 1 I THE DIRECTOR I S MAJOR THRUSTS o o o o o 1 BULLETIN BOARD o o o o o o o o o o o o o o o o 5 15 I AN OVERSEAS TOUR A PERSONAL CHRONICLE 6 STU-III THE NEW TELEPHONE SYSTEM o o o 12 GOLDEN OLDIE o o o o o o o o o o o o o o o 13 AN OPEN LETTER TO ALL SENIOR TECHNICIANS 14 FOR PC USERS o o o o o o o o o o o o o 16 LETTERS o o o o o o o o o o o o o o o o o o o 17 26 ABOUT CRYSCO o o o o o o o o o o o o o o L 7 REVIEWS POUR WORKS ON CRYPTOLOGY o o o o o 118 THE STATISTICAL PRECISION OP MEDICAL SCREENING PROCEDURES ' 1 1 J I ooooooooo ' n L I '1 o o o o o o o o o o THE LINGALA CODE CRASHING THE SYSTEM o o o LANGUAGE BRIEP LINGALA o NSA-CROSTIC '66 o o o o o o o o o o o 'fillS B6EURt JFtIEN'f EUR6N'fAINS EUR6BE f6RB MA'fERIAb 21 22 o 2 24 28 CLASSIFIED BY SAlEURSSM 123 2 DECLASSIFY ON OrigiRatiRg AgeAEY's DeterffliAatieA ReEtuirea eclassified and A roved for Release b NSA on 10-17-2012 86-36 DocrD 4019714 P L 86-36 Published by P1 Techniques and Standards VOL XV No 1 1st Issue 1988 I 1'--- PUBLISHER u 7 '1me 00 write at NSA BOARD OF EDITORS 63 110 f Wfiting for a 1 Editor ep s 'st TIME TO WRITE competition may bring you fame and fqttune ' ' o O 7 '6 3 ' o o o Writing for a competition may bring about CryptanalysIs 963-S Z3 I' h I 3 0 Cryptolinguistics 99 474 revo utionary c anges Index 1 196 'SZg2 i Information Science 1 r 963 34S6 The most prestigious writing competition is the Information Security George F Jelen '12 i1 22 1 Agency's Cryptologic Literature Award It brings Intelligence Research 1 96 3Sfi$ very large cash prizes in addition to prestige This Language 1 1 9 3-3 $7 year's deadline is March 31 for papers written in Mathematics K 63 5 566 Puzzles ' 1963 30 1987 The papers may be submitted by the authors SCience and Technology 1 1 9631958 or by anybody else to The NCS Registrar ExeSpe ial Research Vera R Filby 9 8014 cutive Secretary Cryptologic Review Board ITB Traffic Analysis Robert J Hanyok 4-4351 H Cl lIIu 'a o o ooo o ooo o oo 1 ' t TI r ------------l963 3738 To submit articles or letters by mail send to Editor CRYPTOLOG P1 HQ SA187 If you used a word processor please include the mag card floppy or diskette along with your hard copy with a notation as to what equipment operating system and software you used via PLATFORM mail send to cryptlg@bar1cOS bar-one c-zero-five note no '0' Always include your full name organization and secure phone also building and room numbers For Change of Address mail name and old and new organizations to Editor CRYPTOLOG P1 HQS SA187 Please do not phone While it's too late 00 write for this year's awards you're just in time to prepare for next year's And meanwhile you can try the other competitions Just about every one ofNSA's professional societies sponsors some kind of competition for writing and most are open to all Agency employees regardless of discipline Most competitions award cash prizes for the best entries It's not a bad thing to win an honorable mention even without cash Usually winning essays are published and sometimes nonwinning entries are published as well There's still another benefit to writing for a competition the chances are very good that your words will be read by people who are in a position to act on your ideas Some authors find this prospect even more appealing than winning a prize So analysts take pen in hand or put fingers to keyboard and write ' Contents of CRYPTOlOG should not be reproduced or disseminated outside the National security Agency without the permission of the Publisher Inquiries regarding reproduction and dissemination should be directed to the Editor All opinions expressed in CRYPTOLOG are those of the authors They do not represent the official views of the National Security Agency Central Security Service FOR OPFIOIi L USB ONL'I r -------I l ' DOCID 4019714 C6NIi'I8ENTIAL THE DIRECTOR'S MAJOR THRUSTS P L 86-36 1 Editor's Note An article on Thrust 114 by Glenn Stahly in CRYPTOLOG 2nd IsslLe 1987 spurred many requests for information on the overall concept of the thrusts and for specifics on the other five of what were then six thrusts We are pleased to bring you this article by the Agency's coordinator for the thrusts Shortly after becoming Director of NSA in the Spring 1985 General Odom examined the Agency's missions and activities from the standpoint of existing international alignments He realized that the requirements levied on NSAlCSS would continue to grow and expand thereby straining its capabilities so he developed six thrusts as a framework within which NSAlCSS could respond positively and effectively to existing and anticipated future requirements He viewed the thrusts as areas of emphasis or direction on which NSAlCSS must focus its corporate energies to ensure the continuation of the vitality and responsiveness of its future missions General Odom based his original six thrusts on three basic considerations 1 the estimates contained in the Future SIGINT Capabilities Study on the changing technologies expected to be applied in the telecommunications structures and operations of o target countries 2 long-range estimates of the threat to our national security and 3 an examination of our customers' ever increasing requirements for intelligence information In October 1985 the thrusts were promulgated They provide general direction in the areas of planning budgetary programming policy and operations Now all NSAlCSS specific plans must be consistent with and support the thrusts In addition the Service Cryptologic Elements SCEs are encouraged to use the thrusts as guidelines for their planning programming and operations initiatives A paper on the thrusts was distributed to the Agency's key component chiefs and also to the SCE Chiefs the Chiefs of Intelligence of the Military Services and to the Director DIA as background information and to allow them to understand the direction in which we are heading The thrusts should be viewed as a synergistic set of forward-looking areas of emphasis that serve to 1st Issue 1988 CRYPTOLOG o page 1 CQHFIDKNTI Ab DOCID 4019714 eONFIB8N'FIAL THE TEN THRUSTS 1 to modernize the SIGINT collection and processing systems to cope with the changing target communications technology 2 to integrate tactical and national SIGINT capabilities to satisfy more effectively military requirements in peace crisis and war 3 to maintain and improve our capabilities to support diplomatic economic and other non-military requirements for SIGINT support 4 to maintain a large US lead in cryptanalytic capabilities both in computers and in personnel 5 to design a framework for a survivable SIGINT system under all conditions including general war which we can develop incrementally and through astute dual-use applications over the next decade 6 to provide easily attainable inexpensive user- friendly information systems security features 7 to speed up research for major breakthroughs in the technology of computer security at the same time to help industry manufacture more trustworthy computer products for defense and other government needs 8 to establish a program to reduce significantly the HUMINT threat to information security systems bring together separate budgetary programs e g the Consolidated Cryptologie Program and the Tactical Cryptologic Program thus allowing for the cooperative development of a total SIGINT system that will furnish critical intelligence information to SIGINT customers in peacetime crisis and war influence our own eryptologic programs and enable us to influence other Intelligence Community programs that contain SIGINT capabilities but are outside the control of the CCP and serve as a yardstick against which the efficiency of all Agency resources SIGINT COMSEC COMPUSEC can be gauged and efforts redirected where necessary for maximum payoff Thus the goal is to develop a coherent aggregate of capabilities that is technically healthy secure responsive to central NSA coordination and tasking under appropriate circumstances adequately equipped to deal with all target co nications technology and concomitantly one that is survivable The original six are now ten - five SIGINT and five INFOSEC The original Thrust #6 was a broad generic statement about continuing the present revolution in improved COMSEC and repeating that revolution in 'COMPUSEC Subsequent study led to the conclusion that this thrust did not adequately address INFOSECrelated needs and concepts The Director and the DDI thereupon developed five INFOSECrelated thrusts as a replacement for original Thrust #6 These new INFOSEC thrusts were promulgated on 4 November 1986 In the past year the Director and the chiefs of key components reviewed each thrust Generally the status review takes this form 9 to provide modern secure userfriendly key management systems 10 to overcome by the end of 1991 the problem of wholesale obsolescence of COMSEC equipments and to establish a program to avoid it thereafter provide a means for the Agency's managers and analytic elements to share in shaping the Agency's future A knowledgeable person presents an overview of the thrust topic followed by a round-table discussion led by the Director The subject then is examined from the perspectives of planning policy operations funding resources etc When the discussion uncovers a shortfall or deficiency or poses a question that cannot be resolved at the table a task is assigned to a single key component to lead a study of the problem 1st Issue 1988 CRYPTOLOG o page 2 CONFI9EHTI b I DOClD 4019714 CONFI98NTU 1 Odom presented the five INFOSEC-related thrusts at the December 1987 meeting of the DoD-sponsored Military Communications Electronics Board which he hosted EXPLANATORY NOTE on Thrust #10 block or wholesale obsolescence Updating our current COMSEC equipments piecemeal is somewhat like trying to update the kitchen of a single apartment in a 70year-old building You can'tjust replace the old frig with a refrigerator-freezer or the old stove with a microwave oven-cum-stove you can't merely install a dishwasher garbage disposal and a washer-dryer You'll probably have to rewire the entire building and replace all the plumbing And very likely you'll have to make sure that the connections to the water mains and sewers are up to the task So like the old frig and stove our COMSEC equipments are old technologically and cryptologically Replacing tens of thousands of devices all at once is a daunting task as well as an extremely expensive one We want to plan our modernization so that the same situation of wholesale obsolescence does not recur ten or twenty years hence and report the results to the Director Other contributors are also designated a suspense date is set and the item is then inserted into the Thrust Tracking System Each action item specifies a deliverable to be presented to the Director e g a briefing paper study or funding item The Director continually has reaffirmed his commitment to the thrusts within the Intelligence Community and outside it as well For example the first time he publically referred to the thrusts was during his budget testimony to Congress linking budget items to a specific thrust He refers to them during his interactions with the JCS with the cryptologic and intelligence elements of the Military Services with the Intelligence Community Staff and with the US Commands Moreover whenever an opportunity arises the Director seizes it to further the thrust concept and its use not only within the NSAlCSS but throughout the Intelligence Community and Defense establishment For example General The NSAlCSS Field Representatives have been made fully aware of these thrusts Moreover the Director personally encouraged them to carry the message to the CINCs and local military commanders in order to gain their support for NSAlCSS programs and initiatives Similarly the SCEs are to use them for their own planning programming and operations At NSAlCSS the Director and the senior managers continue to review the thrusts adding action items as they arise To involve the analytic elements the Director sent a memorandum on 20 April 1987 to the Agency's workforce reaffirming his commitment to the thrusts and encouraging echelons two to three levels below to become familiar with them to understand them and to use them in their everyday decision-making During his address to NSA seniors in June the Director underscored their applicability to the Agency's future stating that even though the ten thrusts provide broad overall direction they contain enough specifics to serve as a guide Furthermore he pointed out there is sufficient latitude and freedom within them for the NSAlCSS workforce to excel a d innovate He emphasized that managers can use the thrusts to understand how he would respond in his interactions with other US government agencies and with Congress The thrusts should be viewed not as a rigid set of directions but as areas in which managers and analysts alike are encouraged to participate and in which to take creative and innovative action The thrusts will continue to represent areas of interest and concern for the future efforts of the NSAlCSS Previously NSA Directive 25-2 NSA Goals and Objectives represented the Agency's future aims but this directive was replaced by the thrusts The usefulness of having areas of interest that can be understood by managers analysts customers and laymen alike will undoubtedly pay dividends for NSA ADMINISTRATION In order to keep up with the activity generated by the thrusts there must be a focal point for 1st Issue 1988 CRYPTOLOG o page 3 J ONFI9B N'I'IAb I DocrD 4019714 CQNFIBBN'FIAL HED STATES GOVERNMENT CATE AIlEPL YTO ATTN OF SUB JGBPCT TO memorandum 20 April 1987 DIR Director's Major Thrusts U - INFORMATION MEMORANDUM DISTRIBUTION III 1 My basic planning guidance the six thrusts have served as our overall direction for more than a year In the meantime it became clear that the sixth thrust needed further elaboration for the INFOSEC mission 2 I believe that most of you have corne to realize the coordinating effect these thrusts can have on all our programs in NSA There is considerable linkage from one to another and success in one either adds or reinforces success in another I intend them as a general idea of where we are going To the extent you understand them you can anticipate and take initiatives on your own which are compatible and helpfUl in their larger context In other words they are meant not to constrain or restrict innovation and initiatives but rather to guide your innovations and initiatives into constructive directions for the USSS as a whole They allow you to anticipate how I will judge the worth and utility of proposals and actions They also allow you to fit your initiatives with those of other managers in other components and organizations without major confusion and cross purpose about final objectives Finally they help me keep track of where we are as a whole and what we may be neglecting or overemphasizing 3 I intend to repeat the thrust reviews again this summer These will involve a look at what we have accomplished since the last review and also another look at things we may be missing actions we may have neglected and things we might do to speed up and improve our programs under each thrust 4 To make the most of these reviews managers at lower levels need to think through the thrusts and ask what is lacking in our program efforts as viewed from their level I want to get as much ins ght from two and three levels below as possible While it may not be possible to act on all points raised from below it is important to consider those points They enriched my understanding last yea in the review process and I want even more this year They also give me a sense of how well you understand my general guidance 81 H fi 1iid 2 _ ' d Declassify an Giie ina iiiil p ga 1s ne I a'- oo_ J ooo CJassHjad oP TlCNAL OAM NO REV ''''0 to GSA P'PMft 41 cnt '01-11 o 0to 11 - G O 1985 0 - 461- 175 428 1st Issue 1988 CRYPTOLOG o page 4 CQNFIQKN1'li'iI I DOClD 4019714 C6NFIf EN'fIAL 5 Those of you in the support areas may not immediately see the direct relevance of the thrusts for you n many cases i t is indirect but it is there As we succeed in thrust one two three and four for SIGINT we create strains and new demands on training communications logistics and facilities To understand better these impacts on the support areas I-recently held a Corporate Management Review Support we determined needs more attention more resources and stronger leadership in some cases Ido not view this emphasis on support as a change to the basic thrusts I see it as essential for continued success in those thrusts As we progress and you see that my program decisions emphasize some support areas do not misread them as lessening emphasis on the thrusts--quite the contrary 6 I share these thoughts with you to alert you to upcoming reviews and to give you time to think through once again the rationale of my general guidance so that you may profit from it and help me carry it through As we progress we may see reasons to modify the guidance I do not see it as inexorable and I am ready to make changes when the reasons are compelling In t e meantime its firmness should be a help at all level in makins good decisions toward our shared goals L WIL AM E aDaM Lieutena t General USA Director NSA Chief CSS handling the myriad actions that emerge from the status reviews At the outset the NSA Chief of Staff administered the overall Thrust System in the Director's name Recently however the DDPP assumed this responsibility Ql does the day-to-day work of handling the status reviews preparing agendas drafting summations of the meetings initiating and maintaining the Thrust Tracking System monitoring progress of the individual action items negotiating and arbitrating between and among the various players and submitting a monthly report to the Director on the status and health of the thrusts and conducting follow-up actions 0 BULLETIN BOARD WANTED EXPERIENCED USERS OF UNICOSIUNIX U Are you an experienced user of UNICOS UNIX and willing to help others learn it If so please get in touch with CRYSCOM Chairman G451 and let him know which of the following you have experience L -_ _ UNIX operating systems programming languages machine familiarity'- ' II - ---- J P L 1st Issue 1988 CRYPTOLOG o page 5 eONFIBEN'I'IAL 86-36 P L 86-36 EO 1 4 c 86-36 DOCID 4 01971E4 1 S BCK B'I' c A l P L 86-36 0v j geag gou A PERSONAL CHRONICLE N2 I am writing this paper not only as a As it turned out this was probably the ideal personal chronicle but also as a means perhaps solution for B5 and for me of convincing others to apply for an overseas - - - - - - - - - - - - - - - - - - - tour I am writing with mixed emotions because if I do a good job in convincing more people to apply I may not be able to go again myself I am not sure whether the circumstances that allowed me to finally get an overseas tour were unusual or not but I have not heard of anyone else having the same experiences that I had U GE'ITING THERE With that in mind I will get on with chronicling the events which finally culminated in an overseas tour I had worked in B Group as a cryptanalyst for quite a few years and although overseas positions were advertised there never seemed to be any for cryptanalysts In 1980 a field announcement was circulated J with a position for a cryptanalystl'-It looked like an opportune time to get some experience in another aspect of the Agency I filled out my application and sent it to the required offices I also made appointments to talk to v rious people who would be making the selections and also to people who had been leith er TDY or PCS I U I decided that this was the job for me The selection committee narrowed the candidates down to two people me and the person who eventually got the job All as not lost though Because I had expressed a lotof interest the Chief of B5 asked me to consider transferring to B5 as the replacement for the selectee in order to have an inside track when the overseas position again became available This course is long and arduou s but worth every minute There were only three people in the_lass t in b EO 1 4 c P L 86-36 5th Issue 1987 el I to mcluded pa r t Of th future ThIS the e future computer and systems analyst and myself o As in most language classes morning dialogs and conversations were the norm I can really appreciate the saying you can run but you can't hide Pre-class preparation waS 8 must and participation was required Fortunately our instructor a native speaker had the patience of Job and a sense of humor 1 reallythiJ lk that the class was as hard on her as it was on the students all CRYPTOLOG page 6 SECRE'f HANBLFJ VIA EUR OflilIN'f' CHANNELS ONLY DOCID 4019714 ilf o 1 4 SEORHCf U This part of the pre-departure preparation is probably the most difficult and brings the most complaints from people going overseas The reasons for the complaints are many - not only do you have to go to class everyday and all day you also have many administrative things to take care of at the same time like getting passport pictures being inoculated being briefed on security by various elements in M and N finding out about financial and medical benefits or lack thereof changing from one payroll system to another learning your cover stories trying to find out when you will be leaving what your flight schedule will be etc and the list goes on and on I L c 86-36 I litsta rted off on the righi f06t The person whom I was replacing met me at'the airportl ii I Welcome and br0-u ght flowers He took me to my hotel checked me I I C land th eo n took I me out to our working spaces which were located outside of metropolitanl I I o II was introduced to all the team members and to 1 1 personnel I would be working closely with for the next two years Fortunately there was almost a two week overlap before my predecessor's return so he saw to it that I ot U As you get on with this you can only to meet and associate with wonder whether it's worth it Nothing seems to at the very L- - --- - ----- ----- J be organized and there doesn't seem to be beginning I was not required to jump into a enough time to get everything done before pond and sink or swim Everybody at our departure Patience is definitely what you need stationl as helpful The After going through the process I can administrative officer made sure I liked where I empathize with the people in personnel was staying initially most people stay in a security and travel They really have their hotel for several days before their apartments tasks cut out for them It is a thankless job are ready inquired if there was anything I for which they receive little credit when they needed sent a message to my daughter to let should So be patient - things always seem to her know that I had arrived safely and did lots work out eventually of little things that I personally probably wouldn't have thought of 8 0CO Finally the big day came All the paperwork was completed I had my orders s-ccm The chief met me again and gave me a briefing on everything that went on and passport and tickets my housing and hold stressed that if there was anything she could do baggage had been shipped and I was ready to go Sometime before I left the chief of the site to help or answer any questions anything at sent a welcome card and an orientation package all just let her know I got toe feeling right so that culture shock would not be too great I away that this was like a family - everyone tried to help everyone else feel at home The was also very fortunate in that I had had an opportunity to meet her several months prior to Ambassador also played a role in making new personnel welcome and comfortable by inviting my departurel made it possible to meet somel counterparts new people to attend a country team meeting during their visit to NSA All in all the where he introduced them to his staff Few principals kept us informed and gave us the analysts at the Agency have the opportunity to opportunity to meet everyone and anyone who meet people at this level but I did in this case might be able 1tI give us insight to our The Ambassador was very appreciative of the benefit and information derived through assignment SIGINT and the assistance that our office Be prepared for culture shock when you go provided him overseas iN0 matter what anyone has told you about the country you never really know what U All of this in the first two weeks I had trouble believing it but it was all happening it is l i k e until you there When I finally During this time I had settled in for an almost arrive e first thing I noticed was the heat Hot and really bright sunlight three-month stay in a hotel Some people would As in most places people make lasting think that this would be a real inconvenience but as I was there by myself and as the hotel impressions and can either make a job personnel was very cordial and congenial I tilemorable and enjoyable or absolutely found this an excellent opportunity to meet the unbearable Well fortunately in my case and I think for almost everyone else who hasl eenin Dpeople in a non-work environment The 5th Issue 1987 EO 1 4 c P L 86-36 S-OOm CRYPTOLOG page 7 il8CR8T IIANBLB 'ItA OOMIN'f' CIIANN LS 6NLT I I DOCID 4019714 5th Issue 1987 o CRYPTOLOG o page 8 EO 1 4 c P L 86-36 SHeRE'f' IIANBLI l VIA COl IINT CHANNELS ONLY I SHeRH b otel management was quite friendly and I now number some of them as good friends They found that if they treated the guests as a family the stay was much more enjoyable as well as being just good business sense This was also a good opportunity for me to start practicin I HOW TO GET OVERSEAS 1 Keep track of the overseas jobs in the announcements as they come out 2 Find out where you want to go 3 Talk to people who have been there WORKING THERE 4 Talk to the selection official 5 If you really want to go apply and make yourself known to the people who can help you get there Unclassified ES OOO This was evident sooni after they were given a CIA course using the IBM pc The Assistant Director of Training sent two very competent people to teach it and l acted as translator interpreter and assistant instructor As soon as thei course Was completed I was getting questions on how to work specific problems these were from the cryptanalysts and even the tr a ffic analysts had found useful applications for the course 5th Issue 1987 EO 1 4 c P L 86-36 CRYPTOLOG page 9 SBORE'-F I1ANQLE VIA COMIN'-F CHANNELS ONLY DOCID 4019714 ADVANTAGES OF A FIELD ASSIGNMENT 1 Money differential pay 2 Travel 3 I SEGREtF Experience 4 Career enhancement cheapest price and what the specialty of the area was If you like sea food or strange exotic dishes this is the time to try it I had one soup that had animal organs in it that I did not recognize and I was a biology major in college I ate it anyhow and it was quite good 5 Promotions 6 Meeting great people Unclassified 8-000 As an advisor I found thatl -- ' 'l' -- respected the knowledge and experience I had and would listen to what I would tell them I realized right away though that if something needed to be changed or improved or suggested it was certainly better to do it in a manner in keeping with their culture I could just not walk into an office and say such-and-such had to be changed because it was wrong to do it that way Even though NSA furnishes much of the things they use we are still their guests I don't think you would call it a con job but common sense I was lucky to have worked with a really good bunch of people from the chief of theuu eld site I IItwasmo tcJikeaEO 1 4 c family working togethert make things happy ' L 8 6 - 3 6 If anyone lu l aproblem any problem someone W'ouldhelp Everyone covered the job responsibilities of team members if they were going to be TDY on annual leave etc You always knew that any information to or from NSA would get to the right office All of the different teams helped each other When a shipment of equipment arrived and it had to be unloaded everyone turned out to help L s eeo I I Well mem r the CIA course I mentioned before I suggested that the CIA people who now knew something about using the PCs type out their new systems on a disk in a format I had lready put on the disk This saved me and them a lot of time They could make corrections enter the system into their data base and give the system to me in a short period of time In turn I could transfer their input onto a disk in message format enter the correct date and message number and give the disk to the our corom center for transmission to NSA LIVING THERE POSSIBLE DISADVANTAGES POUO Going TDY was al ld an excellent opportunity to see otherpartsl Usually after the workd f was finished the site personnel would vvant to show you their part of the countz-y They would take to you to famous te ples important landmarks and tell you wh ere to get the best food at the I 5th Issue 1987 EO 1 4 c P L 86-36 Possible loss of visibility in your old office Time difference for solving problems Looking for a place to work on return CRYPTOLOG page Unclassified 10 8EEURREtF HANBLE Vhft GOMINtF CHANNELS ONLY 86-36 DOCID 4019714 EO 1 4 c P L 86-36 SE10RB problems anda llowme to introduce him around to his counterparts 1 - fa-COO After all the out-processing is done you have to clear with Embassy housing bank commissary and a lot of other places - you get your orders and plane tickets I was seen off at the airport by my colleagues l 11 --If you see an old thing you really like but the price is more than you want to pay you can try to bargain for a reduction I would recommend this avenue first or you can probably find someone who can make it for a fraction of the cost Clothes are another item that are good bargains Tailormade or ready-made natural materials or manmade they can all be found here 1 -_ _ -- - - I U I really appreciated one of the benefits of an overseas tour and that is the RIR I picked It is really nice to have someone else pay for a plane ticket I As for th eoPeople I cannot say enough g od things about them They are friendly and truly are a smiling people Not a 19tof things appear to bother them and almost all are willing to help They really make you feel at home U EO L4 c P L 86-36 After RETURNING TO HQS I asinl Ifor six months I was asked whether or not I wanted to extend for additional 1 or 2 years After discussing this with the chief of the field site I decided not to extend for professional reasons Also after six months I really did not know whether to stay or go More about this later About six months or so before I was ready to return I found out that I had a job offer from a nonDDO organization thanks again to a great boss who on her own had looked for a good job that would further my career Actually as it turned out later I had a pick of two positions U I also knew who my replacement would be we had the opportunity to correspond with each other During this time I tried to fill him in on what to expect what to bring who to see and anything else that I thought might help him and his family enjoy their tour Unfortunately we had no overlap to discuss SO 5th Issue 1987 ------ U On return to CONUS I was given 14 days of home leave and enough admin leave to more than cover the time needed to readjust and take care of personal and professional business I had to check through different elements of M and N for personnel security and finance Some of this is a hassle but necessary I got a physical from the medical center I also made it a point to stop in myoid office to see how my replacement was doing and give them a debrief of what was going on when I left U There are some things I would like to see changed from both a professional and personal point of view They include a the selection process it takes too long b out-going processing it is too confusing and time-consuming c the time six months after arrival when you have to decide whether to extend your tour it is unrealistic You really can't make a rational decision in six months Just finding your way home at night might still be a 'problem d scheduled overlap of for replacements - this should be a requirement e upon return to NSAW a two-week period should be spent in the office associated with the field site not as only as a courtesy but principally to inform them of how things were going when you left It will also help your replacement if he or she has a problem f return processing especially for payroll there should be an electronic way to transfer personnel from one payroll system to another without have to redo all the paperwork U All in all I would say if you are looking for adventure career enhancement a lot of personal satisfaction and a chance to meet new people take a chance Apply for an overseas tour but not the one I want thank you 0 CRYPTOLOG page 11 SHEURRE'f HANDLE VIA 60MIN'i' 6HANNELS ONLY o DOCID 4019714 I eONF'IBBN'FIAL STU III The New Telephone System Iv Three years ago NSA set out build a low-cost secure phone We hoped to put practical secure telephones into the hands of hundreds of thousands of personnel handling classified and sensitive information See NSA's Initiative on Secure Voice CRYPI'OLOG Jun-Aug 1985 Today as contractors are shipping out the first of the production STU-ills - Secure Telephone Unit ill pronounced stew three - it seems that our goal will be reached In the process of achieving this goal we have also created a device with the potential to change completely the nature of our entire telephone system What this eventually will mean for us at NSA is replacing the black grey and green phones with a single handset location comparable equipment Usually $Ome telecommunications organization takes cate of encrypting multiplexing and switching the calls and operating the secure trunk communications lines The average user is not involved in this process at all The present system is u$erfriendly You use it just like a regular phone This system has some drawbacks however For the most part you can call only locations with comparable systems The system is system high so you can talk on it only to people who are cleated at least as high as you are In the coming year we will deliver approximately 50 000 STU-ill's Our options add-ons to the present contracts will bring the total up to 80 000 by mid-1989 In addition each of the three major services has identified a requirement for approximately 300 000 STU-ITIs each and they have started programming action to fund these buys All of these STU-ills will interoperate with one another This secure network will be larger by more than several orders of magnitude than any secure network ever created And it may grow even more if the volume of secure communications generated by a million interoperable secure phones creates a demand for more To understand how all this may effect us we need to know how our present phone system works and how the STU-ill differs from it It is cost effective only in relatively large installations Unlike the present system where cryptography is separated from the phone instruments the STU-ill contains its cryptography in the handset Though secure phones containing their own encryption devices have been around for years the STU-ill is different in cost interoperability and the keying scheme The first production run of STU-ills has an average unit cost of $3828 Although this price would probably keep the STU-ill out of the average home it is almost five times less expensive than its predecessor the STU-II KY-71 which sold for $18 136 As the vendors make additional production runs of the STU-ill economies of scale will drive the unit cost down even more Devices acquired from the options to the present contracts will Currently most secure phone users communicate cost only $2655 It is difficult to predict the within and between secure areas We encrypt final unit cost but the trend is clearly calls only when communicating with a distant 1st Issue 1988 o CRYPTOLOG o page 12 eONFIBRN't'IAL ftA f'5LE Vf A C6Mfiff CHAf f fEL8 Qf fLY P L 86-36 DOCID 4019714 C6NFI6ENTIAL downward Given advances in manufacturing and large productions runs the unit cost of the STU-ill may well drop to less than $1000 per phone The STU-ill enjoys a degree of interoperability that is truly revolutionary It can be used anywhere there is a standard analog phone line simply by unplugging the present handset and plugging in the STU-ill While the earlier generation STU-ll also enjoys the flexibility of using standard commercial phone lines it does not have the STU-ill's multilevel security capability The STU-ill can be used for all calls from unclassified to Top Secret Codeword The secret of the STU-ill's multilevel security is its keying scheme Unlike earlier generations of secure phones the STU-ill does not depend on an external source of keying material The two phones in contact generate their own key with each call They automatically and securely authenticate calls at all classification levels Thus someone with access to a Secret level STU-ill can call someone with a Top Secret level STU-ill and talk securely at the Secret level A display panel on each phone displays the highest common classification level for that particular call A vast community that has not been able to contact us before will now be able to call us securely For the next decade we will be in a transition from our current secure phone system to a new system based on the STU-ill Meanwhile operating both systems in parallel will demand an efficient interface between the new and the old secure phone systems We have a large investment in equipment expertise and emotion in the cun ent system Although sunk and hidden costs such as segregated secure and non-secure cable plants and wideband circuit leases between installations make a comparison difficult placing a STU-ill on every desk is not yet clearly cost-competitive at existing large fixed plant installations such as NSA Headquarters CIA and the Pentagon Eventually as the unit price of the new secure phones goes down we can replace today's large fixed plant phone systems with a single instrument and a much simpler system to handle all of the functions of today's grey green and black phones 0 Reprinted from biu a bytes C4 Machine Processing Ir fomation Bulletin Vol I No 6 October 1965 VIRECTLY T JAIL VO NOTJ 1 ASS GO IF o t GO 1st Issue 1988 o CRYPTOLOG o page 13 OONPIBHN'f'IAL IIANBLE YlA eOMINf ellA HUH s OnLY I DOCID 4019714 AN OPEN lETfER 10 1 EC HN C ANS All SEN OR JI t P L 86-36 A64 DSTA Aspirant that some individuals were not staying a current with the people and projects in the Editor's Note where they toured tor certification in A6's voice language technic4l track propides branches quality control and for post-professionalimtion certification in cpdfty CGrdrOl QC TM Branch Senior Transcriber Analyst is upeeted to propide training and technic4l l Jdership on all branch prOjects and to propide technical adpice to branch management TM Division Senior Transcriber Analyst DSTA is to do the same 071 all or most division projects At Office level tM Senior Linguist should be capable of doing tM same for selected projects in all divisions This article originally appeared in the Fall 1987 issue of Vox Topics It is reprinted Mre with the kind permission of tM Editor During a recent meeting of the AM Technical Track Advisory Group the discussion centered on the tech track in general and specifically on some of the perceived problems within the tech track Two of the problem areas which surfaced during this discussion were b that after certification many individuals were not paying back to the branches the learning time spent there as aspirants I would like to spend a little time discussing these two problems One of the areas that senior technicians are rated on when it comes time for performance appraisals has to do with technical leadership This is a broad area that includes at least the willingness to perform on those projects where we have been QC-certified as well as the requirement to take part in promotion boards Career Development Review Boards Quarterly Management Reviews Branch Management Teams Division Management Teams etc I don't feel that we can be considered to be properly performing in a technical leadership role unless we are willing to function in these areas 1st Issue 1988 o CRYPTOLOG o page 14 peR epJi'telAL tiSR eNLY DocrD 4019714 o G9NFIBBN'fIAL In order to be able to provide adequate input to the groups mentioned above it is necessary to know the work of as many people as possible I believe that the only way to gain that knowledge is to spend some time each year in each of those areas where we are QC-certified When I finally achieve certification as a DSTA I will be QC certified in AMI A643 and A644 Sin I enjoy chasing airplanes around the sky I Wlll probably make A643 my home I do however intend to spend one month each year in each of the other branches in order to stay current not only on the projects in those branches but also to get to know the workforce so that I can better represent them I would like to suggest that other titled senior technicians consider doing the same The process of becoming QC-certified on the projects necessary for becoming a titled senior technician is looked upon by some of the aspirants as nothing more that a ticketpunching exercise Spend as little time as poSsible on a project get certified and immediately move on to something else seems to be the way many aspirants view the program I believe that this is very shortsighted as well as selfish The managers of each project we work on spend a good deal of time training us and getting us to the point where we can be considered to be QC-certified It seems to me that the least we can do is to pay back a little of that time after we achieve that certification The amount of time to be paid back should be negotiated between the aspirant and branch or project manager I personally think that a pay-back of 20-25% is a good figure to aim for and as a DSTA aspirant this is what I am suggesting to the management of those branches where I receive QC certification Again I suggest that other titled senior technical aspirants give this serious consideration BULLETIN BOARD d NEW ISO STANDARD FOR CYRILLIC U The International Standards Organization has just published ISO 9 oerransliteration of Slavic Cyrillic Characters into Latin Characters This is intended for international communications The new standard leaves every country Cree to adopt a national standard for its own internal use U ISO 9 provides Latin-alphabet equivalents for 52 characters adequate for transliteration of Bulgarian Byelorussian Macedonian Serbo-Croatian and Ukranian 1et- At NSA however the authority for SIGINT purposes is US8ID 406 Standard Transliteration of Foreign Writing Systems The individual annexes for specific languages treat special problems unique to that particular writing system Address your questions about PO ' tl3-5577 USSID 406 ATTENTION POLEMICS P L 86- 3 6 CRYPI'OLOG seeks permission to reprint two items from POLEMICS a cartoon and a mini-article Would the appropriate person please send a note to Norm saying yes or no 0 BACK FROM THE FIELD Yes you can catch up on issues of published while you were away AVaIlable on a loan basis is a volume titled While You Were Away which contains issues published in the last three years or so Address your inquiries to the Editor PI HQS Please do not call U CR OLOG ATrN CRYPPIES WHO PROGRAM IN C The technical track provides those in the workforce who do not feel comfortable as managers and who are better technicians than managers with an avenue in which they can channel their efforts in a meaningful way It is up to all of us who have chosen the tech track as our career path to make it the best it can be To this end I offer these comments 0 U E53 is looking for unclassified examples of C-language code that perform unclassified C tech nique and also some sample I O e g bIt manIpulation The examples will be put in a booklet that will be given to students in Clanguage courses Send your submissions to for c lassification review POC L-JE5 ITB 968-8007 isc J P L 1st Issue 1988 o CRYPTOLOG o page 15 G9NFIBBN'FIAL 86-36 I DOCID 4019714 FOR PC USERS PERSONAL CDMPUTER SECURITY FLOPPY DISKS Care and Keeping o KEEP DISKS IN THEIR PROTECTIVE JACKETS WHEN NOT IN THE ORIVE UNIT o KEEP DISKS STORED UPRIGHT IN THEIR BOXES o KEEP DISKS CLEAR OF ERASER CRUMBS OUST AND SMOKE PARTICLES o USE A FElT TIP PEN WHEN WRITING ON THE OISK LABEl PENCIL OR BALL POINT PRESSURE CAN DESTROY FLOPPY PRECISION o MAKE-UP COPIES THEN STORE THEM IN A SEPARATE FACILITY FROM THE ORIGINALS o DON'T TOUCH THE DISK SURFACE IT'S EASILY CONTAMINATED SO SOMETHING AS MINOR AS A FINGERPRINT CAN CAUSE ERROR ON A DRY DAY YOUR FINGER COULO HAVE ENOUGH ElECTROSTATIC CHARGE TO DAMAGE THE DATA PERMAN NTlY o DON'T USE ALCOHOL THINNERS OR FREON TO CLEAN THE DISK CHEMICAL FUMES CAN ENOANGER THE MAGNETIC COATING SO DON'T EXPOSE IT TO SOLVENTS LIKE NAIL POliSH OR OUPlICATING MACHINE FLUIDS o DON'T EXPOSE THE DISK TO MAGNETIC OR MAGNETIZED OBJECTS DATA CAN BE DESTROYED SCRAMBLED OR WIPED OUT COMPLETELY ACOLOR TV CRT ELECTRIC MOTOR OR OTHER DEVICES CAN DESTROY DATA INTEGRITY SCREWDRIVERS PAPER CLIPS CAR KEYS OR ANY METAL OBJECT MAY ALSO BE MAGNETIZED o DON'T PUT ATELEPHONE ON TOP OF A DISK THE DISK DRIVE OR A BOX OF DISKS ONE RING CAN CAUSE OAMAGE o DON'T EXPOSE DISK TO HOME POWER SUPPLY UNITS o DON'T BEND FOLD OR USE RUBBER BANOS OR PAPER ClIPS IN THE DISK ANY WARPING CAN LEAD TO MISTRACKING o DON'T REST HEAVY OBJECTS ON THE DISK IT CAN CAUSE ACRIMP THAT WOULO LEAO TO MISTRACKING o PROTECT YOUR FLOPPY AT LEAST AS WELL AS YOU WOULD THE DATA THAT'S ON IT NATIONAL COMPUTER SECURITY CENTER 1st Issue 1988 o CRYPTOLOG o page 16 FOIt OFFICIAL USE ONLY DOCID 4019714 eONF'IBBN'fIAL LETTER TO THE EDITOR About '--- P L 86-36 To the Editor U I Iletter CRYPrOLOG 4th Issue 1987 praising interns matches our experience We value their energy and ability and could not get along without their help But experience counts too A538IP13 FOUO The first annual Cryptanalytic Software Conference CRYSCO was held in April 1984 The Cryptanalytic Software Committee CRYSCOM organizes and conducts this conference where super-computer users can share ideas and information and discuss plans and problems The purpose of CRYSCO is to provide organizations using supercomputers with a better understanding of the plans and progress of cryptanalytic software used by other organization in the supercomputing community CRYSCO also addresses long-range hardware and software plans and problems The week-long conference is attended by cryptanalysts and programmers from NSA and also from Australia's Defence Signals Division DSD Canada's Communications Security Establishment CSE the United Kingdom's Government Communications Headquarters GCHQ and the Institute for Defense Analysis IDA U Succesful analysis depends not only on intellectual ability but on some knowledge of S eakers are ex erts from NSA what came before The former without the 'r- l l I 'l 'II l'I o o o '_ _ Jand outside peopl latter is not enough Particularly in this as we RY 0 presentations and workAgency we must place high value on shops take place in the Friedman Audiexperience and create an environment in which torium and in a conference room experienced analysts who may well have been 'bright young' interns in their day can prosper FOUO During CRYSCO recomm endaand whose contributions are recognized Only tions are forwarded by the cryptanalytic by remaining in the technical fields might they super-computing community which are then one day perform some the magic related above reviewed prioritized and implem nted by CRYSCOM U The example I gave is simplistic but the principle has broad application Let's not denigrade the need for experienced analysts and look only to the 'bright young' interns U This year's conference CRYSCO-88 will be held 23-27 May Specifics on the program will be announced later 0 lstIssue 1988 o CRYPTOLOG o page 17 P L 86-36 eONF'IBElti h L GOMI rF GIIAUNELS O LY 1U l n Vk' EO 1 4 c P L 86-36 DOCID 4019714 rpQP SHeRe trMBKA Review FOUR WORKS ON CRYPTOLOGY U EO 1 4 c P 86-36 86-36 Analysis and Design of Stream Ciphers by Rueppel begins with the usual definitions Rainer Rueppel Sproinger-Verlag Berlin New d fi 11 o York Heidleberg 1986 TK5105 R83 an care u y develops the algebra aSSOCiated with polynomial rings over a finite field He Though cryptologically naive Rueppel has mentions the synchronization problem for stream cipher generators and discusses briefly developed a great deal of shift register theory and has presented it in a very attractive way the advantages and disadvantages of selfsynchronizing stream cipher generators known Rueppel is a Swiss national Much of his to us as CTAK machines book is taken from his doctoral thesis written Chapter 4 is concerned with the linear under the direction of Jim Massey lin complexity of a sequence the length of the American at the Swiss Federal Institute of shortest shift register which will generate the Technology in Zurich Rueppel has had sequence contacts in useful places He mentions Bor er I Electronics of Solothurn Switzerland he WR$ at one time an employee of a popular Swiss manufacturer of cryptologic equipment he has designed a cipher system for the European Space Agency He was recently visiting at the University of California San Diego in the Department of Electrical Engineering and Computer Science U Most of the work done by academic cryptologists has been in the development of block cipher schemes for which a plaintext element and a ciphertext element is a unit of a preassigned large number of bits Rueppel instead studies stream ciphers text elements are single bits As usual there is the obvious but universally acknowledged to be much less important generalization to fields of more than two elements I I that the linear complexity of a sequence is near to n 2 in fact of the complexity is asymptotic n mod 2 and the variance 86 81 He shows random n-Iong the expectation to 1 18 9n 4 is asymptotic to e It should be pointed out that Rueppel allows shift registers which produce tails coalescent registers and that a similar theory can be developed' I fa ' EO 1 4 c Using a recursion devisE i J Rueppel was able to calculate inductively the exact distribution for the function N n L the number of n-Iong sequences which have linear complexity L The work that he does is closely related to the mechanics of the Berlekamp- OJ DOClD 4019714 'FOP SHCIt'KT t1MBRA Chapter 6 is one of the poorer chapters of Massy algorithm known to us as Zierler's algorithm after its inventor % Chapter 5 which takes up 88 of the book's 230 pages deals with the analysis of nonlinear combiners which produce key from a linear shift register Here the important result is the Paige-Blankinship Theorem and Rueppel worries about when the upper bound of this theorem is in fact not attained We know and he does to that such an occurrence is rare Though the book was published in 1986 there is already an update to the material of Chapter 5 Products of Linear Recurring Sequences with Maximum Complexity by Rueppel and Othmar StafTelbach in the 1987 IEEE Transactions on Information Theory In the 1984 IEEE Transactions on Information Theory Siegenthaler defined the correlation-immunity of a function to be of order m if the output is independant of any m input variables We would express this differently the bulges of all linear approximators of density mare O It turns out that for a memoryless system one cannot have both large correlation-immunity and large linear order since their sum is bounded by the number of input variables This can be corrected by allowing a single bit of memory in the combiner as Rueppel notes in his Chapter 9 apparently an afterthought as it logically should follow Chapter 5 the book Rueppel notes that changing the timing of a register operating the register d times as fast as the system clock or equivalently decimating the output of the register by d yields a different stream He proposes a random sequence generator as follows Take two or possibly more - he's vague on the implementation in that case shift registers of different say relatively prime lengths L M with primitive feedback polynomials Form key as ki I f l XiYi mod 2 where Xi and Yj are the contents of the L low-order stages of the registers Optionally add in some y J for j L He seems to think he gains something by varying the speeds of operation of the registers U In Chapter 7 Rueppel introduces the notion of a cipher system based on the knapsack subset-sum problem Initially this idea was devised by Merkle and Hellman but the Merkle-Hellman knapsack has been shown by Shamir to be weak Rueppel laments the reputation which has befallen the knapsack concept The idea is that N positive integer weights wI' w2 o WN are chosen and then a test integer T is given the challenge is to find a subset of the weights which sum to exactly T mod Q This problem is well known to be difficult when N is large for most choices of T Rueppel goes on to define th Walsh Handamar Fourier transform of a bmary function and to develop its most elementary properties This has been done before but Rueppel goes on to make a connection with cryptology He discusses the Data Encryption Standard DES and calculates a Walsh transform of one of the 6-input 4-output Sboxes We already knew this was announced by Adi Shamir at a CRYPTO meeting that there exist strong linear approximations to some of the S-box functions In Chapter 8 The Hard Knapsack Stream Cipher Rueppel introduces an entirely new approach to knapsack design This is the system proposed for the European Space Agency This is not a public-key system the weights are not available to the analyst Rueppel employs an N-stage primitive register and a set wl'w2 1 ' WN of weights He calculates an N-bit number k I f l XiWi mod Q where Xi are the fills of the register and Q is a number equal to or just less than 2N o The number k expressed in its binary representation provides N bits of key for encipherment Recognizing that weakness may 4th Issue 1987 o CRYPTOLOG o page 19 TOP SECRET TJMBftA o DOCID 4019714 ep SEellE I UMBRA 'fSC One of the papers for which Kranakis exist in the low-order bits Rueppel suggests prepares his readers is the interesting A shortening k by lopping off a few bits He also Simple Unpredictable Pseudo-random Number recognizes that the regular single stepping of the device could lead to an attack and proposes Generator by Lenore Blum Manuel Blum and Mike Shub from the 1986 SIAM Journal on the multiple but still regular stepping of the Computing pages 364-383 An internal G44 register paper ''The x2 mod N key generator comments is seems quite a sensible proposal and on the article Apparently Rueppel's design has appeared elsewhere for Two Issues in Public-key Cryptography RSA Don Coppersmith of ffiM has ann un Bit Security and a New Knapsack-Type System by Ben-Zion Chor MIT Press Cambridge L in a paper MllSS London 1986 78 pp $20 dated March 1986 Coppersmith also refers to TK 5J02 5 c478 la paper by Gander and Bader Coppersmith's U This bQok represents the author's doctoral W' at MIT un 1 r Ron Rivest The ChorRivestkllapsack was introduced at CRYPTO e book sells for $47 I own only two '84 A description shoul4 be in the Proceedings books each of two volumes for which I've paid of that conferenceCavl l ila61e at the NSA that much but perhaps it's the changing times library I don't think Rueppel's book is worth that EO 4 c much Certainly for us there's little that's new Knapsack-type CryptoSYlite1Il s and Mg rail J36 He has a few problems with English but none Coding Theory by Ha rald Niederretier of the errors are troubling he writes very well Problems of C ontrol and Information Theory a Hungarianjournal 1986 pp 159-166 In NSALibrary I I Primality and Cryptography by Evangelos Kranakis Yale University Wiley-Tuebner Stuttgart Chicester New York 1986 235 pp $41 TK 5102 k66 U This Austrian was the eo-author of an excellent book on finite fields In the article he carefully compares his system with the ChorRivest Knapsack No prizes for guessing the winner U This is another book of cryptologic significance It does not deal with mainstream crypt topics as Rueppel's does but prepares the reader to study with understandin the recen t t papers on cryptologic systems which are based on the difficulty of mathematical especially number-theoretic problems I found nothing novel in Kranakis' book but it certainly is a convenient collection of number-theoretic facts which one needs to know to understand contemporary academic cryptology WE WELCOME REVIEWS of books articles software audio cassettes and video cassettes that relate to any of our disciplines or that pertain to our mission 4th Issue 1987 o CRYPTOLOG o page 20 TOP SECRET YMBRk I DocrD 4019714 Technical Literature Review Joseph L Gastwirth The Statistical Precision of Medical Screening Procedures Application to Polygraph and AIDS Antibodies Test Data with Comments by D H Kaye J C Kircher and D C Raskin Janet Wittes J D Goldberg Seymour Geisser and Beth Gladen Statistical Science Volumen No 3 August 1987 pp 213238 Reviewed by David Harris R513 This article should be of interest to anyone concerned with either government polygraph or government drug testing policy The problem is the statistical analysis of the false positives and negatives when these tests are applied to populations in hopes of detecting rare phenomena Suppose a test is 90% reliable in the sense that if a person has the disease there is a probability of 0 9 that the test will give a positive response while if he does not have the disease there is a probability of 0 9 that the test will give a negative response Suppose only 1 person in 5000 in the population being tested has the disease Then in any 5000 people tested there will be about 500 positive responses to the test but only one of these people will in fact have the disease Gastwirth takes this standard analysis further in showing that in such situations it is extremely difficult to analyse accurately how reliable the results of the test are Thus we may not even be able to draw reliable inferences on how much faith we should have in the test as a guideline to who is diseased and who is not The implications of this for the proper use of drug tests and polygraph tests are clear Employers who give people a single polygraph test and then either fire people or refuse to hire people on the basis of this test a common practice in industry are likely to be doing grave injustices to hundreds of people for every one true risk they expose This is especially serious when the victims have no legal recourse against employers who advertise the results of polygraph or drug tests to the community at large Such use of testing in screening a large population is clearly believed improper by all the experts Repeating the test mayor may not protect against injustice depending on whether the false positive is for a causal reason resulting in correlation between the incorrect results of consecutive tests Two guidelines are generally accepted by all the experts First if advanced screening has been applied so that the population tested has a reasonably high likelihood of being infected then the problem of false positives is much less severe Testing for AIDS in a high risk population is more reasonable than testing for AIDS in the population at large This of course has implications for drug testing especially Second even when a trait is low probability in the population tested there are proper ways of using the results of the test to guard against abuse In particular failing a polygraph or a drug test should not in and of itself disqualify an employee but passing a test can be taken in the absence of further reason for suspicion to be grounds to trust the employee Polygraphs and drug tests can thus be used as money-saving devices If an employee passes such a test we may reasonably cut back on other checks of his character If an employee fails the test then he should get special attention of some sort Since relatively few people in the population fail the test we can concentrate our efforts on them But when screening a largely innocent population we should remember that most of the people who fail the test are innocent Thus in AIDS testing if someone fails the ELISA screening test the proper approach is to explain the situation to him unhysterically and go on to more sophisticated tests to settle the matter That there is general agreement among the experts on the proper technique for screening a broad population is impressive 0 1st Issue 1988 o CRYPI'OLOG o page 21 FOR OFFIOIAb USFJ ONLY I DOOlJD 86-43EUR119714 ' il'lI oooo oo oo ooooo oooooooo ooooooo o ooo C SHING THE SYSTEM ' '-- b lell U System ciashes have become common place in this high tec h world All kinds of things can cause theIri from power failures to innocent mistakes by a perhaps inexpe rienced user The latter v8 iety are ones that operating systems try to 'p event but as with most things done by humaii ings 'they are subject to mistakes I can call my own experience crashing the system ' F'OUO The object of my attack was RYE and I used it infrequently enough to need the cheat-sheet a three-by-five card actually that Carolyn Palmer had taped to th e terminal Carolyn had used a red pencil when writing the card the first element of th first command line was the priority a digit from 1 to 7 but the digit we were to use was a 3 Carolyn had made a slight goof when she started writing maybe she w thinking of something else at any rate she started off' with a single vertical stroke whi h she tried to erase Marks made by red Pencils don't erase easily Her 3 was abutted to a partially-erased vertical stroke looking for all the world like a B The LingalaCode by Warren Kiefer Random House New York 1972 Reviewed 16 U Why report on a 16-year old novel Because I just ran across it by chance when my local library rearranged its holdings FOu'O Maybe you can guess what hap ned Logging onto the system I typed the li that I thought I was seeing and pro ceeded with the rest of the command Too late I remembered that the first character should have been a digit About an hour later I got a call from the System Admini strator L as I recall wanting to know why I had logged on with the Direct or s priority It seems that 7 the highest was reserved for the Director and it threw everybody else off' the system But I hadn't asked for a 7 - I had asked for a B I i FOUO In what is good programming practice in other situations the system test ed for a greater-than-or-equal-to 7 rather than just testing for equal-to 7 On that system alphabetic characters were numeri cally greater than digits So to the system I looked like a surrogate for the Director I think they fixed that little bug after that by II- U It is an adventure story abounding in steamy jungles spies and bureaucratic infighting There's lots of atmosphere It's a good yarn clearly written by someone who was there at such at time and who pa rticipated in events similar to those described F'OUO But the reason for reporting it here however belatedly is that the author describes an ingenious cipher system the invention of Eddie Ryan a code clerk working with Mike Vernon a CIA agent in Mrica It seemed plausible to me and even more so after reading the description of Lingala beginning on page 24 l'eUO This book certainly would have been acquired for the Crypt Collection back in those Olden Days-which become ever more Golden with the passing of time The Collection included fiction that had descriptions of crypt systems especially home-made ones just in case they popped up somewhere U Say whatever happened to the novels that once were in that collection U Let Mike' describe the Lingala code lstIssue 1988 o CRYPTOLOG page 22 FOR OFFIGIAL 188 ONLJPY o DOCID 4019714 Unclassified o ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo a ooooooooooooo Ryan's system had the supreme virtue of looking exactly like several hundred other obscure African dialect written phonetically Yet it was not It was as Ryan said gibberish Only when broken would it become a piece of intelligible information The As I said Ryan had talent Lingala Code worked on some of the oldest cryptographic and theological principles available to Eddie Ryan Its basis was a missionary grammar which had fascinated him and which he then showed me The book was the product of a Protestant evangelical conference in Ubangi in 1931 I leafed through it The Lingala Code answered our simplicity requirement And it was secure as Washington later discovered The following day I sent it ofT to the States without the missionary grammar The Agency failed to crack it computers and all That was because machines do no have Ryan's imagination let alone his perception When I sent the Agency the book finally it still took them a few days to break the code They did not realize that the underlying key was the way of the Congo simple tings were often simpler than they looked until you tumed them inside out and found they were not quite The Lingala Code never attracted attention because it looked and sounded like a bone-fide Mrican language Everyone thought it was Lingala is a tonal language That was one of the keys to the code's success Lingala had never been written by the people who spoke it until the missionaries came For their schoolrooms and their prayer-learning Lingala was necessary and by missionary standards it was equally necessary that the local tribesmen become literate in what was essentially a spoken tongue The wrong tone in Lingala could turn the word for shield into the word for nut So the phonetic system was full of traps The last sentence of Ryan's coded page read Kobana yu aya yosa yu mumu Read that sentence aloud to the average Mrican and he will not laugh It was total nonsense But the average Mrican is polite and language is language There are so many dialects that it can pass as just another I tried the Lingala Code on two eminent professors at Louvanium University men learned in tongues df Mrican origin They were unable to make any sense of it but they sagely agreed because of its presumed source that it was an interesting variation on one or another esoteric tribal speech Bullshit It was a variation on Ryan's ingenuity one read the sentence as Ryan suggested I read it in reversed word order it took on a recognizable halting Mrican rhythm Mumu yu yosa aya yu kobana But it was still gibberish Then he showed me his simplified table of ten letter substitutions It contained four vowels and six commonly used Lingala consonants The list looked like this a u e i i o u l l k k n n b t m b y and m l With the substitution the new sentence read Tata na biso oyo na likolo A quick reference to the missionary grammar and I came up with a literal translation of Father from we is of heaven or Our Father Who art etc Ryan pronounced me a genius If Now sir he continued patiently in our word assignments suppose we designate 'Father' our man in Stanleyville and we assign 'heaven' as the code name for Kamina base The message is quite clear o lnc assl 'iec 1st Issue 1988 CRYPTOLOG page 23 FOK OFFICh'ib JSE ONbJPY o DOCID 4019714 I CfOP SECKEl' UMBftA L LANGUAGE BRIEF LINGALA U Lingala was originally the speech of the Bangala a tribe living between Lisala and Nouvelle-Anvers in northwest Congo First through the trading activities of the Bangala up and down the Congo River and then through their services as mercenaries of the Belgians Lingala became a lingua franca spoken on both sides of the Congo River from Kinshasa to Kisangani Under the Belgians it was the usual language of laborers clerks riverboat and railroad employees in the whole central and northern part of the Congo b - 86-36 _-------------_ rs CeO This article was originally published in the November 1969 issue of The'luarterly Review for Linguists QRL where it was to be the first of a series of briefs on the more exotic languages prepared by lin8uists working in those languages In fact only one other brief was published on Uzbek in the May 1970 issue rs CeO The idea for language briefs was eresented by Prescott Currier in his article Data for the Language and Linguistics Section of the Country Reference Book in the Mal 1968 issue of QRL The Country Reference Books were to be a series designed to provide useful technical information in ready-reference form on each of the target U It is one of the four official native languages of the Congo and along with French countries of NSA That project never got off the ground the official language of the Congolese National G GeO We invite linguists to contribute Army It also appears to be known by all briefs on low-density languages as well as on major government figures Most Congolese o exotic ones You may wish to consult the have learned Lingala as a second language but outline suggested by Capt Currier For a copy write to Editor CRYPTOLOG P1 HQS o nowadays many urban dwellers particularly in Kinshasa learn it as a primary tongue It is 1st Issue 1988 CRYPrOLOG o page 24 CfOP SECKEl' UMBRA DOCID 4019714 'VQP 880R8q UMBRA probably the most useful of the Congolese languages for a foreigner to learn it is also an excellent starting point for the study of Bantu languages U Lingala is a member of the Bantu family of languages which dominates almost the whole southern part of Africa from the lower edge of the Gulf of Guinea across to the Indian Ocean below Somalia It shares with other Bantu languages the characteristic of noun classes of which it has seven distinguished by prefixes and agreement of other parts of speech with the noun by means of concordial prefixes U Through its widespread use as a lingua franca Lingala has become simplified Rules for concordance are not strictly observed many adjectives are invariable and in everyday language the use of verb prefixes showing person and number is limited The genitive particle -A normally appears only in the forms -NA and -YA the two highest-frequency words in the language U The consonants used in Lingala are 2 g g m y and The letter does not occur in foreign words it become D U often occurs as a variant of Q dz and frequently interchange The nasalizing consonants m and are sometimes dropped before another consonant ro U Tone is of some importance in spoken Lingala but since there are no tonal markings in the standard written language context has to be the prime determinant of meaning The frequent inclusion of the French words in Lingala texts can often be an aid to understanding EO 1 4 c 1st Issue 1988 o CRYPTOLOG o page 25 P L 86- 3 6 tFOP S 8CR 8tF U1UBRA I DOCID 4019714 4l ll e fj r g e I To the Editor lIetter in I refer tol CRYPTOLOG 3rd Issue 1987 Amen Vera Filby E4 To the Editor Just a note to say that I enjoyedl _ larticle on traveling very much I I can't match his experience by a long shot but it did bring back some of my memories of trans-Pacific MATS flights in the middle and late 50's crash trucks and Hawaiian lay-overs then too and of travel to the Middle East special baggage searches unattended baggage concerns I wonder if Kermit ever went through body searches in the Far East South Korea lacked electronic gear in 1959 so there were separate male and female search rooms Again thanks Kermit for taking the time to write that article ---__Ia chosen at random from the source document which has the same first letter as the plaintext and the number of that word is written down as the first cipher character Hopefully the encipherer will also mark through each word in the source document to prevent a unilateral substitution In this case a source document of 4000 or more words is needed since numbers in the 3900's appear Finding the source document is no easy matter but even a second grader can solve the problem if the source document is in hand Sir Arthur Conan Doyle described this system in The Valley of Fear 'The Beale ciphers appeared in 1820 as documented in a 1964 paper by George L Hart published by the Roanoke VA Public Library The first mention of such a system may have been by a French mathematician named M Michel Chasles who flourished around the time of the French Revolution ManYman-hours have been spent by the American Cryptogram Society and the Beale Cypher Association in the unsuccessful attempt to deciph r the two unsolved 1820 Beale messages w hich indicates a certain degree of security of the method '-- 1 R223 TotbeEditor To the Editor Another well done on your 4th Issue 1987 I was intrigued by your note on the British with very valuable tipsfn the articles on Diplomatic Cipher of 1783 4th Issue 1987 writing This cipher looks a great deal like what is most frequently referred to as the Beale Ciphers I'm circulating my copy th ughout Cil Basically a source document is chosen The words are then numbered starting with the first _ _ _ jID Chief C12 word or some previously agreed upon starting point To encipher the plaintext a word is 1st Issue 1988 CRYPTOLOG page 26 FOR OFFIOIAL USB ONLY P L 86-36 DOClD 4019714 eONPIDBNTh L - r OB3B P L 86-36 ZNY MHNSH U R 210838Z JAN 8S FH GCHQ Tol Dm ZE' Q C FIB w a _ I WI WI U II 1 4 d e N T I A I 86-36 luu u CRYFTO OG NO 4 1987 - BRITIS CI kER OF 7S3 1 CODe BEARS CLOSE RESEH9 AI'fCE TO TwO WE HOLD 1' CIPHER MUS UM DAT D 1609 R R A D 1820 1 7 BOT ARE T_C-PA T W T 4200 GROUPS OF WHICH 102 Af E NSTiWCTION GROUPS lJ 7A E ONLY THE IRST SYL AB E OF THE PRECEDING NUH E CO O GROUPS nAVE TWO OR O 1'10 5 A TERNATIV S C19 i 9 FD W f T IS' ' - CiZV LY e iIID SYLLABIC S E 4 4 FOR FU STOP 5 5 G A VA uE3 ARGBP OFT COI1j LEX EG HUR iUCANE T 'Jl_ RY UE I 2 CODE T IS ESSENTIAL Y A H 7TING C CD i t SriAL DLOCKS OF a oups 2 3 4 - PROBABLY BY H F L NG DECOD YPS CASE CO IS a C N TO tiAlJl TWG EAR IE V RSIQNS a ' OF 1806 ANI N N OF 795 Sj- AL_ iJE C a I NG 7 1 5E ON - l 22 AN - o OS l' THH ONE AY WORt AS PI RIS iN 1772 3 hE -'I T L ' ' SEE KAH 'S CODEBREAKE S PP 173-174 wIL_ LET YO J IIOW RESt i To 1t3043 1 4 d 86-36 ZC DAR9 5 C L-J1t 212 ZNY tNSH 0251628 U R 2516282 3AN B8 FH GCHQ TO r z t% a e 8 i lmm I B e ' 0 'i il T I AL III aQQ f m FURTH MY 2108S8 3AN sa 1 NEITHER N N OR Q G WC KEr THE ORAC C ON TriAT G OUP RANGES AS FO Q S AL 2- ART N 1795 1-4200 U Q 1806 1001-5200 R 1809 1-4eoo T US20 301-4500 INSTRUCTION VAL ES AL THE SAME Q 2 OSSIBLE THAT uBLIC Rns J CZ MAY III WI ASK FOR NON-PRIOR TY _l RARY NE YO AV - tl3c12 Istl ue 1988 o CRYPl'OLOO pap 27 eONPIBBN f'I AL M 1 CARE iO PASS SuM T INu 1 4 d 86-36 F I it ho 1 4 d 86-36 DOClD 4019714 NSA CROSTIC #66 I P L 86-36 1R822 The quotation on the next page was taken from an article that appeared in an NSA publiootion The first letters of the WORDS spell out the author's name and the title ofthe work DEFINITIONS WORDS A Learned 175 141 131 125 1S 1 52 U I 169 UI 105 19 196 34 6a U 117 '23 1517 142 77 151 114 113 170 46 171 137 '44 103 101 56 147 163 80 139 61 III '90 '12 '0 107 IO 3' '30 106 116 74 51 143 21 U 96 B Injuriously C Travel D Use E Attic quality F Coined G Fascinated H Blood condition I The act of exploding 40 21 '95 6S 124 121 115 17 173 75 84 132 165 117 39 21 37 97 13 1 14 161 II 17 il i 4i II 32 44 14 19 131 171 27 150 83 30 J Compels obedience to K Plumbing fixture L liThe 172 Show M Anna Pavlova used it N Know by instinct o Cape preamble 171 -133 - 2-'53-11- 17- 25 201 71 g P Miss Dunham O Scurries 120 23 15 20 12 5 16 157 so 7' 72 152 16 156 zoo 1M 146 10 ' 154 127 29 141 110 134 15 31 g 31 45 S4 114 14' 174 '61 ISS '1 2 140 14 53 110 16 51 51 151 In 114 145 1 131 112 R Barnyard speech S Terminator T Shade U Encourage V Serpentine W Hairy spider 135 X A motley crowd 111 70 14 Z6 171 102 li3 35 113 43 73 ZOZ 126 57 57 95 117 33 '01 41 10' 111 121 16 Y Pertaining to birds Z Gravity gradient a Where meteorites fall 1st Issue 1988 CRYPrOLOG page 28 EOa OEi'ICVJtL UiB 9HbY 71 24 OOClO 4019714 HOW TO SOLVE A DOUBLE-CROSTIC Using the Definitions fill in whatever Words you can Then copy each letter from the Words into the corresponding square of the grid below Scan the text in the grid from time to time from the recovered fragments you may be able to complete the word in context Copy the new entries from the grid into the Definitions where the fragments there might suggest a complete Word and so on working back and forth Also scan down the first positions of the Words as you recover them for additional clues MOVING If you want ro be sure of receiving CRYPTOLOG at your new home send a change ofaddress showing Name Old and New Organizations and Building of your new organization to Editor CRYPT OLDG PI HQS Write do not phone about your subscription 1st Issue 1988 o CRYPTOLOG o page 29 FOR OFFICIAL US8 ONLY DOCID 4019714 TOP SECREl- TillS 9QCHMBNT CQNTAINS CQBBWORB MA BRIAb JOP-5EGREfNOT RELEASABLE TO CONTRACTORS This document is from the holdings of The National Security Archive Suite 701 Gelman Library The George Washington University 2130 H Street NW Washington D C 20037 Phone 202 994-7000 Fax 202 994-7005 nsarchiv@gwu edu