Cipher Security- Part 1, by East Sierra Sage

[Editor’s Note: This is good information, but readers should note that simple transposition ciphers of any type can be easily broken. Only One Time Pads and book codes offer any reasonable level of cipher security.]

My Nom de Plume is “East Sierra Sage”, and I’m writing about cipher security. I am a Retired Marine Infantry Staff Non-Commissioned Officer. I served multiple combat tours in Iraq, as well as most of the “skirmishes” the U.S. got involved in leading up to the global war on terror. Two tours were served as an instructor of Mountain Warfare training for the Marine Corps. I have taught “Survival in the Mountains” and have trained combat staff members in command post operations. I have taught Navy SEALS, Army Special Forces, Army Rangers, and Air Force Para-rescue operators, as well as many numerous foreign military personnel.

My Life, Career, and Lessons Learned in Intelligence Reporting

During my career I was “voluntold” to write ground-up Intelligence reporting to higher headquarters. These tasks, though uninspiring at first, would eventually teach me many ways to deliver “secure” messages via plain text or open source communications formats, as well as teach me the way Intelligence personnel conduct predictive analysis in order to synchronize Infantry operations to anticipate enemy actions and get personnel “left of bang”.

Husband, Father, and Patriot With a “Network”

I am a husband, a father, and a self-proclaimed patriot. I live in the East Sierra mountains where the population is sparse and the human foot print is very light. (Thank the Lord!) I have family and friends who live in Orange County and San Diego County, California. (These folks are my “Network”.)

My Network Getting Out of Densely Packed Region

My network would have a very difficult time getting out of that densely packed region, should there ever be civil unrest, a collapse of the economy, or, as all Californians fear, the “big one” shakes us beyond immediate repair. Given the population density and the nebulous highway system of Southern California, I am almost sure of the fact that my network would face many challenges getting out of the Southern California region. My mountain home is the place that they will all come to if necessary.

Never Broadcast Intentions To Enemy

One of the many things I learned, in more than twenty years in the Marine Corps, was never broadcast your intentions to the enemy! In life, I have learned to never broadcast my intentions to those who seek to stop me from achieving my goals. I rarely broadcast my intentions outside my network.

Tactics, Techniques, and Procedures for OPSEC

The tactics, techniques, and procedures (TTP’s) I intend to introduce to the readers are intended to bolster the reader’s operational security (or OPSEC). Most people exercise OPSEC in their lives and do not even realize it. If you shred your bills before disposing them in the trash, you exercise personal OPSEC. Every teenager who has ever passed a “Love Note” in class and had the note intercepted by the teacher and read to the class, certainly, wished they’d exercised some form of OPSEC. Now, imagine that instead of an English Literature teacher, malevolent operators read and understood your message. The situation wouldn’t be embarrassing; it could potentially be deadly.

Many Methods to Codify Messages

In my life’s experiences, I learned that there are many methods available to codify or align messages for broadcast. We all know that insidious actors and “Big Brother” sees and hears all. But what if these malevolent forces don’t understand what is being put out in the ether?

Brevity– Small, Manageable Pieces of Information

One way to throw off the unintended recipient of your broadcast is to codify and organize your information into small manageable pieces. While on active duty, I noticed that when communicating it was essential to use brevity, because the recipient is busy trying to write down or record the message while trying to gain instant understanding or compliance with the broadcasted message. Ask any person who has been involved with Signals Intelligence, Combat Arms, or communications. Brevity may often insure security. The transmitter needs to keep transmissions brief and concise.

Codifying Messages With a Cypher Sheet

Codifying a prearranged series of messages, your broadcasts will be more discreet. I have designed a method for communicating with my network, using a “cypher sheet”. This sounds very cloak and dagger, but the truth is that all you need to do is think about the kinds of messages that need to be conveyed and manipulate a spread sheet.

Perfect Practice Makes Perfect

Vince Lombardi once stated that his team won, not because of practice but because “perfect practice makes perfect”. With this mantra in mind, we practice, often! In order to insure effective, secure communications, I drilled my network in person.

Communicating Via Telephone or Email

My network all agree that communicating via telephone or via email is effective, as long as the users are well versed in the standard operating procedures (SOPs). Telephonic and email communications are an “Open Source”, as they are not inherently secure and can easily be monitored by criminals, “big brother”, or other unintended monitors to your message traffic.

Cypher Cycle, Standard Rollover

In order to keep our cypher sheets from becoming compromised, we currently rotate our cyphers based on a routine cycle. This is the part where I want the reader to know that all members of my network know to conduct a “standard rollover” on the “7th” of every month.

Emergency Cypher Rollover

I also designed procedures for establishing an “emergency rollover”. If we suspect that someone has compromised our system, or we suspect “Big Brother” is listening, we mention the code word in the cell “L4”. We do not actually say the words, “Hey friend, I think we have been compromised.” Instead, we simply broadcast: “Lima-four- Lima-four- Lima-four, I say again, Lima-four- Lima-four- Lima-four.” When the other party or parties hear this, they immediately ”roll-over” to the next designated cypher sheet. Whether it is an actual emergency may be debatable among you readers, but in our network we have agreed that if we have been compromised, it’s an emergency!!!

Comprehensive Cypher Sheets

My cypher sheets are comprehensive, not complex. I create the document in portrait setting. Then I make vertical cells which are lettered and horizontal cells that are numbered. I recommend that you scramble the order of the alpha numeric symbols. I have incorporated numerous redundancies. My network has cypher sheets that have several different versions.

Cypher Sheet Names

I like good whiskey, so I named cypher sheets: “Jack”, “Jameson”, “Bushmills”, et cetera. My network members designed alternate cypher sheets named after Beer: “Bush”, “Miller”, “Coors”, “Pabst”, et cetera. Whatever you name them, the important thing to remember is to incorporate a system of rotation. It is absolutely crucial that all members of the network are trained and briefed regularly to insure proficiency and to avoid false emergency rollovers.

Categories and Names

On the cypher sheets are categories like ammunition status, medical status, and key members of our extended group, Cell “D-4”. Jagger and McCartney are the “Nom de guerre” of two members of our collective group. Never state actual names of people in the network. Remember, the name of the Game is OPSEC. Okay, so there may be a little cloak and dagger. At least my network is having fun while learning important lessons!

Highways

My network established that if it were necessary to bug out to my location here in the mountains, there would need to be several major highways listed for them to reference. The most direct route to my place is obviously going to be the first choice of practically anyone heading north out of the Los Angeles, San Diego, Orange County, San Bernardino County, or the “Inland Empire”, under normal circumstances. In this region, there are easily 20 million residents. So my network needs to have primary, alternate, and supplemental route choices. By our standards, a supplemental route gets you here to my location via a route that requires the member to exit California.

It can also mean that the member may end up staying in that state for some reason, if deemed necessary to preserve the secrecy of my place. There is one other option, where a member has arranged to go to Las Vegas to pick up an elderly mother, who cannot make it in her current location if there were some sort of catastrophe to affect Las Vegas as well as California.

Tomorrow, we will go into more detail and provide an example with illustration of how our network uses a cypher sheet.

See Also:

SurvivalBlog Writing Contest

This has been another entry for Round 75 of the SurvivalBlog non-fiction writing contest. The nearly $11,000 worth of prizes for this round include:

First Prize:

  1. A $3000 gift certificate towards a Sol-Ark Solar Generator from Veteran owned Portable Solar LLC. The only EMP Hardened Solar Generator System available to the public.
  2. A Gunsite Academy Three Day Course Certificate. This can be used for any one, two, or three day course (a $1,095 value),
  3. A course certificate from onPoint Tactical for the prize winner’s choice of three-day civilian courses, excluding those restricted for military or government teams. Three day onPoint courses normally cost $795,
  4. DRD Tactical is providing a 5.56 NATO QD Billet upper. These have hammer forged, chrome-lined barrels and a hard case, to go with your own AR lower. It will allow any standard AR-type rifle to have a quick change barrel. This can be assembled in less than one minute without the use of any tools. It also provides a compact carry capability in a hard case or in 3-day pack (an $1,100 value),
  5. Two cases of Mountain House freeze-dried assorted entrees in #10 cans, courtesy of Ready Made Resources (a $350 value),
  6. A $250 gift certificate good for any product from Sunflower Ammo,
  7. Two cases of Meals, Ready to Eat (MREs), courtesy of CampingSurvival.com (a $180 value), and
  8. American Gunsmithing Institute (AGI) is providing a $300 certificate good towards any of their DVD training courses.

Second Prize:

  1. A Model 175 Series Solar Generator provided by Quantum Harvest LLC (a $439 value),
  2. A Glock form factor SIRT laser training pistol and a SIRT AR-15/M4 Laser Training Bolt, courtesy of Next Level Training, which have a combined retail value of $589,
  3. A gift certificate for any two or three-day class from Max Velocity Tactical (a $600 value),
  4. A transferable certificate for a two-day Ultimate Bug Out Course from Florida Firearms Training (a $400 value),
  5. A Trekker IV™ Four-Person Emergency Kit from Emergency Essentials (a $250 value),
  6. A $200 gift certificate good towards any books published by PrepperPress.com,
  7. RepackBox is providing a $300 gift certificate to their site.

Third Prize:

  1. A Royal Berkey water filter, courtesy of Directive 21 (a $275 value),
  2. A large handmade clothes drying rack, a washboard, and a Homesteading for Beginners DVD, all courtesy of The Homestead Store, with a combined value of $206,
  3. Expanded sets of both washable feminine pads and liners, donated by Naturally Cozy (a $185 retail value),
  4. Two Super Survival Pack seed collections, a $150 value, courtesy of Seed for Security, LLC,
  5. Mayflower Trading is donating a $200 gift certificate for homesteading appliances, and
  6. Two 1,000-foot spools of full mil-spec U.S.-made 750 paracord (in-stock colors only) from www.TOUGHGRID.com (a $240 value).

Round 75 ends on March 31st, so get busy writing and e-mail us your entry. Remember that there is a 1,500-word minimum, and that articles on practical “how to” skills for survival have an advantage in the judging.




9 Comments

    1. Thanks for the link, Totally agree with you about Bruce Schneier. His book Applied Cryptography is a great read, however his criticism of one time pads is directed towards their use in the digital realm.

      Key distribution is indeed a difficult issue and discipline in use is paramount to maintaining integrity of encrypted material ( soviet example, pads were reused ). Notice though that he did not say one time pads were insecure, just the opposite. Once encrypted, the cypher text can be transmitted by any means available to you, email, web page like paste bin, over the air ( radio, numbers stations ) or event painted on a wall or on a billboard. As long as the key is not compromised ( reusing compromises the key ) the message is secure.

      One time pads are a tool, just like PGP encryption, symmetric cyphers, etc… Use the correct tool for the task at hand. In a grid down situation your not going to use PGP or other encryption methods that are computer based, your going to use 10 sided dice or something like this, https://amrron.com/2018/03/18/amrron-dark-labs-otp/ Check it out for your self, schematics and source code are on that page. Don’t trust, verify. ( in the interest of full disclosure, i am involved with that product).

      One time pads are a “meatspace” encryption tool, and that’s where it counts.

  1. Another option is the “Book Cipher,” although it’s more suited for “base station” operations than the field.
    Each person has a copy of the same book – same edition, same printing – exactly the same. Best to purchase (with cash) two or more of the books from the same book seller to avoid buying different versions. Buying more than two may require researching a few book stores to ensure their versions are exactly the same, again purchased with cash.
    From there, the code uses page number, line number and letter on that line. For example: 121/32/11 = page 121, line 32, word 11 on that line starts with an “s.” More cumbersome but it works pretty well until the book is compromised…then it’s on to the next book in the cycle. A schedule can be set to rotate between books. Since it also may take more time to encode and decode, as the author says, keep it concise.
    For field operations, you can tear out an agreed upon page and take it with you, but not ideal.
    For numbers, in a time-sensitive situation, use any symbol other than the number, an “* (asterisk)”, “$”, “&” sign before a letter: *a = 0, *b = 1, up to *j = 9. Note that encoding numbers this way does not require the book, but it’s also easily deciphered. The book cipher can be used for numbers that are critical.
    The Book Cipher my not be perfect, but it may be simpler for some to learn and use, and no software involved.

  2. From my comment above, “…the code uses page number, line number and letter on that line. For example: 121/32/11 = page 121, line 32, word 11 on that line starts with an “s.”

    I should’ve said, “…line number and first letter of the numbered word on that line.”

Comments are closed.