India�s Electronic Warfare Programme Part II - The Art of Cryptography

Digital data is at the heart of the revolution ushered in by the rapid advances of the Information Age. Militaries around the world have based their modernisation imperatives on the ability to collect, analyse and disseminate accurate and reliable information in real time to military decision makers. Indian Army is also pursuing a large number of modernisation programmes including the Tactical Communication System (TCS), Optical Fibre Cable Network (OFC), Battlefield Management System (BMS), Network Centric Operations (NCOs) and cyber/electronic warfare capabilities. One theme that is common across all these critical programmes is the element of information and the ability to protect this information from interference and unauthorised access. The science and art of protecting information through the techniques of encryption and decryption is known as cryptography. A well-known cryptography story is of Britain’s spectacular success in cracking the German Enigma codes during World War II. In my earlier article on India’s TCS programme, I had referred to the criticality and the need for indigenising the “hopping algorithm”. The cryptographic capabilities are equally important and need to be fully indigenised if India is to shield its strategic information.

In the past decade, events such as the US claims of large scale Chinese hacking, US PRISM programme, information dominance in Iraq and Afghanistan wars, the Wiki leaks episode etc. have pointed to an ever increasing need for safe guarding confidential and military grade information from potent threats. India possesses relevant expertise in IT, communication and electronics technology. However, a great deal of work needs to be done in the field of cryptography. The cryptographic techniques operate at three levels - hardware, software and humans. The hardware capabilities of India are quite limited and most of the integrated chips and electronic units are imported particularly from China, which is an area of grave concern. India needs to boost its electronic manufacturing capabilities by providing economic incentives for setting up domestic factories and assembly lines. The irony is that a great deal of chip designing and testing is done in India but mass manufacturing is done in other countries. Technological sovereignty in ICT equipment is paramount and it can only be achieved through economies of scale and state of art technological knowhow. The present policies of the Government of India like the National Telecom Policy 2012 and New Policy on Manufacturing 2011 are steps in the right direction. These policies will boost indigenous manufacturing with increased local content. These policies coupled with the policy on Preferred Market Access (PMA) notified by the Government are expected to accelerate manufacturing within the country.

In terms of software cryptography, the traditional model consists of plaintext, which is the input to the encryption algorithm and a key, which converts plaintext to unreadable format. The process of decryption involves the same ingredients with a similar key (symmetric key) or different (asymmetric key). Refer Figure 1 below for symmetric (top half) versus asymmetric (bottom half) key models.

Figure 1: Symmetric (top half) versus asymmetric (bottom half) key models

India has a vast pool of IT engineers but lacks in the development of cryptographic and crypto analysis tools. In the US, the National Security Agency (NSA) employs the maximum number of PhD scholars in mathematics in the world. In addition to computer/IT specialists, contributions made by these scholars along with scholars from other disciplines such as humanities, linguistics, psychology, physics and biology have largely contributed to the success of the US PRISM programme. As per Dr. VK Saraswat, former chief of DRDO, “India has to develop high level cryptographic tools and keys to protect its information. It should also aim at deciphering the information which is being used against its interests.”

The human factor is as essential as the other two factors involved in cryptography. The people entrusted with developing encryption systems should have high levels of analytical capabilities, mathematical aptitude and advanced knowledge of state of art systems. Even the end users of information should have high levels of integrity, security consciousness and technical knowhow to preserve confidential information. As the saying goes, “the tools are only as effective as the skills of the craftsman using it”. The need of the hour is to train the Indian Army in latest information security tools and inculcate an environment of habitually following the laid down standard operating procedures (SOPs).

India needs to develop a robust and secure national information architecture actively involving the Armed Forces. The seriousness of the technology related to cryptography can be gauged from the fact that US laws treat encryption technology as munitions and forbid its export. A case in point is the Data Encryption Standard (DES), created by IBM on a contract with NSA. The export of DES is cleared by NSA as it possesses the capability to break the algorithm. Similarly, other software packages purchases by India from US have significant security risks attached to it. The need of the hour is manifold as under:

• To standardise algorithms and data formats in a vendor and platform neutral fashion. Make greater use of open source platforms in order to have access to source code.
• Establish "key management infrastructure" taking cue from the recommendation of DSCI/NASSCOM study on the use of symmetric encryption for e-commerce applications, including SSL for end-to-end authentication, allowing encryption of up to 256 bits with AES or equivalent algorithms up from the present encryption restriction of 40-bits under the telecom licensing policy regime.
• Use of lightweight cryptography models. An example is TWIS block cipher algorithm from Joint Cipher Bureau (JCB). Classifying models for identifying type of cryptosystem based on- Statistical Decision Theory and Artificial Neural Networks.
• Enhancing crypto analysis capabilities by promoting in-house solutions. An example could be the decryption alogorithm (2010) of Prof. Palash Sarkar, Indian Stastical Institute, Kolkata. The decryption algorithm was hailed by experts in India as a breakthrough in converting cipher text to plain text with faster and lightweight computational capabilities.
• Study of open source models such as Pretty Good Privacy (PGP) to give near military grade security to ordinary citizens including emails for protection of privacy rights. The need of law enforcement and security agencies has to be balanced against the right of privacy of citizens in a liberal democracy.
• Feasibility Study of the advantages of symmetric key (recommendations by DCSI/NASSCOM study to boost Section 84A of IT Act 2008 dealing with encryption policy) versus asymmetric key (Indian Army, in its RFI for AWAN II project has stated requirement of asymmetric key).
• Ciphering agencies such as JCB, Systems Analysis Group (SAG) of DRDO, Defence Intelligence Agency (DIA), SIGINT/ELINT departments of Armed Forces should employ more mathematicians, linguists and human behaviour specialists.

Indigenous defence PSUs such as Electronic Corporation of India Ltd (ECIL), Indian Telephone Industries (ITI) etc. have accumulated great experience in devising cryptographic systems which when coupled with the private sector expertise can lead to an effective joint partnership to provide world-class protection solutions to both ordinary citizens and security agencies. India’s ability to protect its strategic information and associated architecture will dictate the course of the country’s success in the years to come.

The author is an Associate Fellow at Centre for Land Warfare Studies (CLAWS)

Views expressed are personal