No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
The flaw in the jn25 series of ciphers
Abstract
The principal series of operational ciphers of the Imperial Japanese Navy [IJN] from 1939 to 1945, collectively called JN25, used five-digit code groups which were all multiples of three. This is shown to have been a quite unnecessary major flaw with very considerable consequences.
... MI Involvement: U.S. Naval Intelligence had broken the JN-25 [19] Code of the Japanese prior to World War II and had been intercepting enemy naval traffic. In analyzing the traffic, CDR John Rochefort (in command of the code-breaking effort) was able to determine the target of the attack by using a false (spoofed) message. ...
Electrical utility security and national security are closely related, sharing many of the same characteristics and needs. Effective critical asset protection and proactive defense against a variety of threats are high among these common needs. Military Intelligence has more than a 225-year history of protecting critical national assets. The Intelligence Community pioneered the concept of "Defense in Depth" and directly shaped modern security practices. Until the 9/11 attacks, an assault against a utility facility was considered a possibility only during a time of declared war. Various groups now consider themselves permanently at war with the United States and its allies, prompting the U.S. government to mandate extensive security measures for critical infrastructure protection (CIP). This paper explores what can be learned from the Intelligence Community to facilitate securing utility facilities. Beginning with the "Defense in Depth" strategy, followed by a discussion of Intercept, Destroy, Disrupt, and Takeover (IDDT) analysis-a method that identifies and classifies threats-and using classic historical examples, this paper makes practical suggestions about how to evaluate and strengthen the defense of a utility facility against intelligence gathering, intrusion, and disruption of utility operations. 1.0 Introduction On Nov. 28, 2008 a single intruder scaled two electrified ten-foot-high razor wire protected fences at the Kingsnorth coal-powered generation station in Kent, England [1]. After bypassing the ₤12M perimeter defenses, and in full view of CCTV cameras, the man entered through an unlocked door and manually shut down a 500MW generator. The intruder, dubbed the "green Banksy," then exited the station in the same manner he entered. The note left by the man indicated that his motivations were political and that he wished to reduce carbon emissions from "dirty" coal. Despite the expensive protection mechanisms, no lock was placed on the door to the critical and sensitive asset. Defenses were concentrated at the perimeter. Once breached, there were no further barriers to prevent the intruder from carrying out his plans. There was no, in military terms, "Defense in Depth." This paper explores what can be learned from the Intelligence Community to facilitate securing utility facilities. Beginning with a detailed discussion of the "Defense in Depth" strategy and then exploring the concept of IDDT analysis, practical suggestions are made to evaluate and strengthen the defense of a utility facility against intelligence gathering, intrusion, and disruption of utility operations. The paper will examine historic cases where military organizations both used and ignored defense in depth strategies with predictably varying results. 2.0 Background Information Assurance (IA), a term used synonymously with information security, is concerned with the management of risks to information. IA seeks to identify and control risks to the confidentiality, integrity, availability, and non-repudiation of information [2]. Rather than concentrating on the mechanisms and tools needed to implement protection, IA focuses on the policies, procedures and governance necessary to minimize risk and provide for the restoration of information.
During World War II, The National Cash Register Company built an additive recovery machine for the U.S. Navy. The machine was designed to attack the Imperial Japanese Navy cipher JN-25, which was a superenciphered code. This article describes how that machine, called “Fruit” by the British, implemented three methods of additive recovery: the known-word method, the difference method, and Knepperizing.
From 1939 to 1945 the Imperial Japanese Navy made heavy use of a series of additive cipher systems generically named JN-25 by the cryptanalytic unit of the United States Navy. Most of these consisted of a code-book assigning a five-digit ‘group’, always a multiple of three, to each word or phrase in a very long list and encrypting these by ‘false’ (non-carrying) addition of a five-digit group (‘the additive’) taken from a long table of essentially random such groups. These ‘false sums’ were transmitted, usually by radio, to the intended recipient. The American jargon for these was GATs, or groups as transmitted. (Note 1 given after the main text discusses changes in the source of additives introduced in the later stages of the Pacific War. This is not relevant to the mathematical consequences of such use of only multiples of three, which is the main theme of this paper.) The author's earlier paper explains how this use of multiples of three provided a route for relatively rapid recovery of the additive and, thus, the decryption of intercepts. Another quite different and rather surprising source of insecurity inherent in this use of multiples of three was noted only in 1943 and became the basis of a process code-named ‘Mamba’ needed in 1944. This paper explains one consequence of the statistics underlying Mamba: the use of multiples of three in JN-25 codebooks betrays itself very quickly. Note 2 mentions other aspects of Mamba.
Sets out the background to the January 1944 BRUSA Agreement between the US Navy and the British Government Code and Cypher School on Japanese naval codes and ciphers, and subsequent agreements, and their texts.
This article analyses the process by which the indicator encryption system of the Japanese Army Water Transport Code, sometimes called 2468 after its discriminant, was breached in February, March, and April 1943. The method can be modified to deal with other Japanese Army mainline codes of the era, such as that with discriminant 7890. The opportunity is taken to discuss how the indicator encryption system of the first of the Japanese Navy ciphers collectively called JN-25 was breached by Brigadier John Tiltman in August and September 1939.
Biography of Brigadier John Tiltman, who worked as a cryptologist for the British and American governments from 1920 to 1980.