How secure is America's nuclear arsenal? The question here does not involve missing American weapons along the line of Russia's hundred or so "suitcase" nuclear bombs that have mysteriously disappeared. Rather it refers to the electronic security of nukes known and accounted for.

The launch controls of small missiles are secured by electronic locks. Such "electronic locks" are just computer security code based on encryption algorithms. "Small missiles" may be as large as the Minuteman. The National Security Agency (NSA) is responsible for Minuteman communications security, including unauthorized intrusion, interference or jamming.

Unauthorized intrusion could result in an unauthorized launch by someone with a gripe. Look out, Long Island. If you thought TWA 800 was controversial, contemplate the debate over whether there was or was not a streak in the sky shortly before the Hamptons were decimated.

More insight into the potential problems with American's nuclear arsenal can be gleaned from a lawsuit filed against NSA and Sandia National Laboratories by a former lab employee: William (Bill) Payne.

Sandia has long been involved with the security of America's nuclear arsenal. As they announce on their website: "We are funded primarily by the U.S. Department of Energy to design all the non-nuclear components of the nation's nuclear weapons" (http://www.sandia.gov/). This includes the cryptographic locks used to secure the nukes. NSA supplies the algorithms and implementation guidelines to Sandia.

Sandia has also in the past performed numerous other extra-curricular projects for NSA. Prior to finishing its own fabrication facility at the end of the 1980s, NSA relied on Sandia's classified RHIC-II. What were some of these NSA projects? According to Payne, NSA abused its relations with Sandia "in order to find ways to develop viruses, decrypt ATM cards and smart cards, and sabotage private signature keys" [1].

Who is Bill Payne? First, he is the author of three computer texts, one of which is Embedded Controller FORTH for the 8051 Family, Academic Press, Boston, 1990. [2]

One of the areas Bill Payne worked in at Sandia was cryptographic microcomputer systems. This includes the creation, as well as the reverse engineering, of electronic-lock systems.

In addition, from 1986 to 1991 Payne worked on Sandia's Deployable Seismic Verification System. This project concerned authentication programs for seismic "events". It was designed to monitor nuclear tests in the former Soviet Union. The Threshhold Test Ban Treaty signed by the Soviet Union and the U.S. had limited nuclear tests between the two countries. Any detected "seismic events" could be nuclear tests, rather than ordinary earthquakes. The purpose of data authentication was to ensure the received data had not been altered in order to conceal what was really happening. (The data was not allowed to be encrypted, because the host nation needed to ensure that monitoring did not exceed the allowable parameters.) Payne was involved with verification systems based on generalized feedback shift-registers.

Why was Bill Payne fired from Sandia? According to lab officials, in a letter written to the Equal Employment Opportunity Commission, Payne was fired because of "conduct that had the potential of compromising the mission of a valued customer as well as that of Sandia, and for behavior designed to offend the valued customer". Who was this valued customer? The National Security Agency. Payne had made derogatory statements about NSA in a letter he sent to a Tokyo university professor.

He also refused a Sandia order to steal corporate secrets under the concealing guise of national security. At issue appears to be an interagency project called Casanova which sought to break Hirsch keypad electronic locks. (The name "Casanova" apparently derives from the intelligence community's obsession with chastity belts.) The company selling Sandia the keypad had done so under a contract that forbid [ sic ] anyone at the laboratory to retrieve the keypad's internal code. That is, reverse engineering it in order to develop software that could be used to break into facilities protected by the keypad.

But Sandia told Payne to break the keypad's security anyway. They also gave him other projects of questionable legality, such as building a portable device for copying the magnetic strips on the backs of ATM cards. Apparently NSA need such devices in the event NSA agents ran out of cash down at Madame Or's Belt House.

Government employees working on classified projects are often forced into a Catch 22-type environment:

1. First, it is made clear to them that their security clearance will be revoked if they do illegal work.

2. Next, they are ordered to do illegal work. In Payne's case, his supervisor said Payne "did not choose his jobs. Rather, Sandia assigns duties" to him. [3]

3. If, however, the employee complains about the order, or threatens to blow the whistle, national security is invoked to conceal what has happened. A 1980 court case Navasky vs. CIA indicates that courts will rule that classification procedures and security oaths are still valid even when an intelligence agency breaks the law.

So the employee who doesn't go along is always wrong. He will be fired if he doesn't follow orders. If he does follow orders, then in the future he becomes subject to the threat of prosecution for illegal activities. In short, he is owned by the agencies he works for. They like it that way.

In a letter to Electronic Engineering Times, Payne wrote: "My Sandia project leader and several supervisors told me to illegally copy an American company's security software from microcontroller internal memory to floppy disk. I was told to disassemble object code. The purpose was to reverse-software-engineer the code with the intent of defeat. I signed a non-disclosure agreement with this company. I was told to do this illegal work behind the veil of classification abuse. I refused." [4]

What does this have to do with nuclear security? A lot, it seems. Sandia, operated by the Department of Energy, has shown it will compromise in order to make NSA and other spook agencies happy. The NSA is obsessed with the existence of any electronic lock, or chastity belt, it can't break into. So it insists on compromising security everywhere, U.S. nuclear facilities included, to ensure it always has an entrance--the electronic vagina project.

Sandia goes along to get along, and doesn't follow standards and procedures when it comes to quality control over nuclear security. Take issues like public key cryptography and chip quality.

Sandia was in charge of implementing public key cryptography in the nuclear arsenal. The applications of public keys are described by one of the founders of public key cryptography, Whitfield Diffie, as follows:

"A nuclear weapon could demand a digitally signed order before it would arm itself; a badge admitting someone to a sensitive area could bear a digitally signed description of the person; a sensor monitoring compliance with a nuclear test ban treaty could place a digital signature on the information it reported. Sandia began immediately both to develop the technology of public-key devices . . . and to study the strength of the proposed systems . . ." [5]

Sandia began to develop chips for data authentication and access security, using the RSA encryption algorithm [6]. Now RSA is very hard to implement in practice. If the computer word size is 8 bits, a 1024-bit RSA key takes up 128 words. In a 64-bit Cray, it's still 16 words. Other problems arise from the fact that the RSA modulus is not prime. At Sandia, it took six months to implement RSA in Fortran 77. Even so, a bug was not found for a year and a half. Sandia's special purpose chips for RSA implmentation had a failure rate of virtually 100 percent. (It was Cylink corporation that eventually came up with a workable chip.)

But Payne suggests there are still major problems in Sandia's nuclear security implementation. This, in addition to the ordinary hardware concerns. (In 1996 three researchers at Bellcore demonstated a model for breaking some cryptographic schemes by exploiting random hardware faults (transient faults). [7] The attack they outline can be directed at certain implementations of RSA and Rabin signatures, as well as certain authentication protocols like those of Fiat-Shamir and Schnorr. Their attack uses a register fault that occurs while the hardware device is waiting for a response from the outside world.)

To repeat, how secure is America's nuclear arsenal? Who has access? Who is in control?

Notes
More information on William Payne's lawsuit can be found at John Young Architect's Cryptome (http://www.jya.com/index.htm).

[1] Loring Wirbel, Electronic Engineering Times, March 21, 1994.

[2] The other two are:

Machine, assembly, and systems programing for the IBM 360, Harper & Row, New York, 1969.

(with Patricia Payne) Implementing BASICs: how BASICs work, Reston Pub. Co., Reston, VA, 1982.

[3] Albuquerque Journal, April 25, 1993.

[4] April 11, 1994.

[5] Whitfield Diffie, "The First Ten Years of Public Key Cryptography," Proceedings of the IEEE, 76(5), May 1988.

[6] This algorithm is described in J. Orlin Grabbe, "Cryptography and Number Theory for Digital Cash," 1997.

[7] Dan Boneh, Richard A. DeMillo, and Richard J. Lipton, "On the Importance of Checking Computations," Math and Cryptography Research Group, Bellcore, Morristown, New Jersey, 1996.

Posted October 25, 1997
Web Page: http://www.aci.net/kalliste/