Reapprove:berea Re: NSF and the Birth of the Internet

[David Farber <dave () farber net>]

Begin forwarded message:

From: Jim Thompson <jim () netgate com>
Date: August 20, 2008 5:09:54 AM EDT
To: Vint Cerf <vint () google com>
Cc: Karl Auerbach <karl () cavebear com>, Dave Farber <dave () farber net>, skent () bbn com 
, gnu () toad com
Subject: Re: [IP] Re:    NSF and the Birth of the Internet

This may be relevant:  http://www.toad.com/gnu/netcrypt.html

excerpted:
---

Paul Lambert, palamber () us oracle com

Approching for network layer encryption have been openly published  
before the work in the IETF.
The research and development of "Network Security" started in the late  
70's at BBN with the development of the "IPLI". Classified research  
and development continued in this area on the Blacker (Unisys) and  
Caneware (Motorola) programs in the early 80's. The NSA sponsored  
Secure Data Network System (SDNS) project brought together a variety  
of vendors that created the early SP3, KMP and MSP specifications. SP3  
provided network layer security services that included a tunneling  
mode. SP3 is very similar to the IPsec working group ESP  
specification. The Key Management Protocol (KMP) is similar to the  
ISAKMP specification in concept, but used ASN.1 for specifying the  
protocol formats. Much of the SDNS work was openly published starting  
in about 1988. The Motorola Network Encryption System (NES) is an SDNS  
device and was designed in the mid to late 80's.

The SDNS specification for SP3 was submitted to the ANSI and ISO  
standards committees and mutated into the Network Layer Security  
Protocol (NLSP). NLSP included a network layer key establishment  
protocol that served as a starting point for some of the current IPsec  
key management proposals.

An important early paper on network security was written by Dave  
Golber (Unisys at the time) on the "Dual versus Single Catenet  
Security Model" (about 1983). There are a variety of SP3 security  
papers written in 1988 and 1989.

So, there is a lot of prior art for network encryption. Most of the  
major wrinkles in the technology were worked out in the late 80's by  
projects sponsored by the NSA and openly published to help create  
"good" security standards.

Howard Weiss, hsw () columbia sparta com

Actually, the PLI (Private Line Interface) was developed by BBN in the  
early '70s. The IPLI was to be its "modern" successor. It consisted of  
a classified-side (red) processor, a KG-30 encryption box, and an  
unclassified-side (black) processor. It was evaluated and certified by  
NSA around late-1975 or early-1976. Its function was to allow  
classified traffic to flow, encrypted, over the ARPAnet. This meant,  
at the time, that ARPAnet NCP headers remained in the clear while the  
data payload was encrypted. COINS (Consolidated On-line Intelligence  
Network) used the PLI to connect a distant node via the ARPAnet in  
order to save the line charges for the then, very expensive 50KB lines.

Steve Kent, kent () bbn com

As one who participated somewhat more directly in the history of this,  
let me refine some of Paul's comments. The first packet encryptor was  
the PLI (not IPLI) developed in the early 70s by BBN under DARPA  
funding. It was approved by NSA for limited deployment on the ARPANET,  
to protect classified data being sent by DoD folks, starting in 1975  
(a somewhat more sophisticated version was approved for use in 1976).  
Due to the restrictions imposed by use of government COMSEC equipment  
(KG-34), this was a manually keyed system.
In the 1975-1980 timeframe, BBN and the Collins Radio division or  
Rockwell developed and did limited deployment of the BCR, also under  
DARPA funding, as an experimental network encryption device. The BCR  
worked in the TCP/IP protocol environment, used the first NBS- 
certified DES chips, and had automated, KDC-based key management and  
access control (the same model later adopted by Kerberos and Blacker).  
The BCR underwent substabtial performance testing in 1980-81, before  
being retired. Later, DES-based network security devices were design  
and some were built as prototypes for DARPA in the early 80s,  
experimentin with higher speed network connections (Ethernet) and  
newer versions of protocols (IPv4 vs. IPv3).

The first Blacker program also began in the late 70's, funded by NSA  
with work done by SDC (software) and Burroughs (hardware). It too made  
use of centralized key management and access control. The followon  
program, designed to produce a product (vs. a proof-of-concept demo)  
was awarded to Unisys (merged SDC and Burroughs) in the early 80s, but  
it did not produce fielded devices until the late 80s. The fielded  
Blacker was revolutionary in its use of a single processor design with  
the (custom) crypto as a peripheral on the internal bus. It was  
designed to be a very high assurance (A1) system.

---

If Blacker began in the late 70s, (as Steve states), funded by NSA,  
and work being done by SDC and Burroughs, then a blackboard written on  
Dec 31, 1975, marked "save until January 10, 1975" is unlikely to be  
about Blacker, or BCR.

The earlier quote from Karl was:

---

Take a look at the following URL for a photo of a a blackboard when  
Vint and I worked late into the evening of Dec 31, 1974 on the  
insertion of an encrypting security layer between IP and TCP - http://www.cavebear.com/archive/cavebear/photos/tcpip.gif 
 (I really do need to do a better re-scan that 35mm slide.)

---

The slide/photo also appears to have "G. Cole" two names below Karl's.

Jim



On Aug 19, 2008, at 7:50 PM, Vint Cerf wrote:


> Karl,
>
> it is possible that the BCR work (predecessor to Blacker) used an  
> initial TCP format that did not split out IP.
>
> I don't think the term "IP" emerged until 1977.
>
> Steve Kent may recall the specifics of the initial BCR format, I  
> have copied him on this note. If it is the case that the system ran  
> on TCP-only initially, then we might surmise that your slides  
> somehow referenced only TCP. Did you say earlier that the slide said  
> TCP/IP specifically? that would sound like an anachronism.
>
> v
>
> On Aug 19, 2008, at 9:06 PM, Karl Auerbach wrote:
>
> > Vint Cerf wrote:
> > > Karl et al,
> > > Dec 31 1974 would have literally the date of the first TCP spec,  
> > > RFC 675. I don't think I began working on the BCR stuff with NSA  
> > > until 1975 and Blacker came later.
> > > Is it possible you are off a couple of years, Karl? we didn't  
> > > split IP off until 1977 with version 3 and then version 4 of TCP/IP.
> >
> > I just went and looked at the 35mm slide and it has "Jan 1975"  
> > embossed into the frame.  And I do remember from the strangeness of  
> > the context that it was New Years eve.  Also, the photo has "Save  
> > until Jan 10, 1975" on it in the upper right corner in my scratchy  
> > script which hasn't improved in the intervening 33+ years.
> >
> > David Kaufman and I started work on the idea of network security  
> > with an encryption layer well before the start of the Blacker  
> > project.  I know that we were well into encrypted layers and key  
> > management protocols by the mid '70's.  (One of the issues that I  
> > remember was our concern with the growth of the size of datagrams  
> > when using self-synchronizing cryptography that required a  
> > synchronization preamble.  We were into block-chaining.  I think  
> > that that picture may suggest some of these concerns.)
> >
> > I can't remember all the details of what went on top of what - I  
> > know that we at one time were thinking of TCP (red/unsecured) on  
> > top of an encryption layer on top of another TCP (black/unsecured)  
> > and that that middle layer evolved to be a datagram layer.
> >
> > It isn't surprising that the idea of splitting out a datagram layer  
> > may have gotten stuck inside SDC - we were operating in a  
> > classified environment and the folks in the "Defense Department"  
> > kinda frowned on us talking to anybody but them.  (I really got  
> > clobbered when I wrote about some of this stuff in 1980 in a letter  
> > to CACM - even though I had open sources for everything.)
> >
> > We had the core of the blacker system running, or at least  
> > stumbling, by around 1977 or '78 [a year that forms a fairly bright  
> > bookmark because that's when I finished law school and took the bar  
> > exam - and cut my Moses-like beard] - After blacker I went on at  
> > SDC to a couple of years of capability based architectures and  
> > things like Peter Neuman's "Provably Secure OS" (which Frank  
> > Heinrich and I redesigned into something that could really run on a  
> > real hardware platform that we also designed.  I left for  
> > Interactive Systems in 1980 or '81.)
> >
> >                 --karl--





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com