World War II information security: Navajo VPN

World War II revolutionized many technologies, including those that shaped the modern InfoSec industry. Back then, methods and machines utilizing modern cryptography principles were often coupled with ‘amateur’ ciphering methods.

World War II revolutionized many technologies, including those that shaped the modern InfoSec industry. Back then, methods and machines utilizing modern cryptography principles were often coupled with ‘amateur’ ciphering methods.

Curiously, later ciphering methods proved to be extremely reliable. For instance, here is the story in which the Navajo language was used by the US Marine Corps on the Pacific Theater of Operations.

During battle, the Marine Corps had to coordinate operations between ground units, airborne divisions, and artillery support squads. All communications were broadcasted over the radio and were easily intercepted by the adversary.

The Marine Corps had to establish a method of conversing that wouldn’t reveal tactical information to the enemy. To put it in modern day terms, when connecting over an unprotected public Wi-Fi link in a café or on the street, your personal information is put at risk of being hacked. The solution would be the like of VPN you could use to safeguard your data.

Bearing in mind the issue of security, it was crucial to maintain a high speed of interaction as well, since we are talking about the tactical actions on the battleground and not about the delivery of strategic orders from the high command. That’s why ciphering machines and one-time pads, which were used as the main means of data protection back then, were too slow and inefficient.

Using an exotic language in order to protect communication was not an altogether new idea: the first successful use was registered during World War I when American troops used the Chokto language during operations in Europe.

However, American counterintelligence was aware that, following this success story, many German ‘ethnology researchers’ visited the U.S. to study Native American languages. It is safe to presume that they shared the knowledge they acquired with their troops in the Eastern hemisphere.

If it wasn’t for Philip Johnston, a retired officer from Los Angeles, command could have never re-used this idea. He grew up by the Navajo territory and had been fascinated by their culture and language since childhood. In his teen years, he even served as an interpreter for a Navajo delegation during a summit in Washington, D.C.

By the time WW2 started, he was too old for the call-up, but when reflecting on his WW1 experience, Philip generated an idea for securing battleground communication worthy enough to offer to command.

He had to apply a considerable effort to convince command that using the Navajo language was a great idea. Initially, his idea stemmed from the complexity and isolation of the Navajo language, which, besides the Navajo themselves, was spoken by only 30 people in America. Even representative speakers of kindred languages could not comprehend the Navajo language due to its overly complex grammar.

However, after he was allowed to form a group of 29 Native Americans to initiate the education process, through collected effort, the idea evolved and in due course, an even better method of ciphering communication was created.

WW2 information security: Navajo VPN

First, a separate phonic alphabet was created: when communicating over the radio, each Latin letter matched an English word, which had a simple translation to Navajo (e.g. A — ant, B — bear, C — cat, etc.).

For example, spelling IWO JIMA over the radio would sound as “tin” — “gloe-ih” — “ne-ash-jah” — “tkele-cho-gi” — “tin” — “na-as-tso-si” — “wol-la-chee” instead of common English “item” — “william” — “oboe” — “jig” — “item” — “mike” — “able”, already familiar to the Japanese intelligence.

Second, a glossary was made for frequently used terms. For example, jet fighters became “humble-bees”, submarines turned into “iron fish”, and colonels were referred to as “silver eagles”. The aim of this approach was two-fold: to speed up the exchange and to unify terms that had no corresponding Navajo translation.

Lastly, as a final line of defense, during their training Native American marines had to study this ciphering system until they knew it by heart, so that the enemy would never get access to any written materials during operations.

As a result, the messages conveyed by the Navajo signalers were not even comprehended by their fellow tribesmen, who had not been trained in this adaptation of their language.

This scheme may seem a bit too complicated on paper, but the first real-life trials proved that Navajo marines could convey messages much faster orally than by means of purpose-made ciphering machines. Using the phrase ‘much faster’ is not an over exaggeration: it took 20 seconds versus 30 minutes for ciphering, relaying and deciphering a short three-line message.

About 400 Navajos served as signalers in the U.S. Marine Corps during the war, and we commend their performance and devotion, especially given the harsh realities of the Pacific Theater of Operation, recounted by numerous testimonies of their fellow soldiers.

The Japanese intelligence was never able to decipher the Navajo communications, although they were quite aware of the scheme’s existence. One of the Navajo Marines was captured and later told his story about being tortured by the Japanese once they discovered his Navajo origin. He was just a soldier and not a signaler, so he did not know the principles of the system.

The conclusion is applicable to modern day threats: we don’t need absolutely ‘unhackable’ protection for our data. What we need is protection strong enough to prevent an attacker from cracking it within the time they have available.

When we compare this Navajo scheme to today’s ciphering methods, which employ complex mathematical models and super powerful computing clusters, it seems a bit naïve. Of course, it is vulnerable. But the fact remains- it was not breached during the war, and, as one of the officers once said, “Without Navajo, we would never win in Iwo Jima”.

Tips

Cybersecure Christmas

Many hacks have started during Christmas holidays. A few simple tips will reduce the chances of your company becoming the next victim.