"Where is that Shuttle Going?"
VADER: Where is that shuttle going?PIETT (into comlink): Shuttle Tydirium, what is your cargo and destination?
PILOT VOICE (HAN)(filtered): Parts and technical crew for the forest moon.
VADER: Do they have a code clearance?
PIETT: It’s an older code, sir, but it checks out. I was about to clear them.
In modern cryptography, a system is designed so that even when the cryptosystem is fully known, it is hard to break. The only part that must be kept secret are the keys which are used to encrypt the message. In many modern designs, the “bulk” or “symmetric” encryption keys that are used for each message are generated specifically for that message, and then discarded. The clever cryptosystems that allow us to do that are called “public key” or “asymmetric” systems. (I like asymmetric, owing to the fact that the two participants each has a different key.)
Changing keys is useful. An attacker who learns the key learns nothing that helps them break any message encrypted with a different key. That’s the essence of Kerkhoff’s principle: that systems should be designed that way.
Even if you’re using public key encryption systems (and I’ll simply assume the Empire is), changing your keys now and again is helpful. If rebel scum steal your keys without you realizing it, then periodic re-keying ensures that the problem is bounded in time.
In a military situation, where your opponent will go to great lengths to steal keys, there’s a logistics issue of how to distribute the new keys. You can’t send them over a channel which is secured by the old keys. You need to use either a separate system (and how do you ensure those keys are secure?) or couriers. But when your units are dispersed across the planet or a galaxy, you can’t have a daily courier service. You also have to plan for your courier service to fail, either because the courier is intercepted, or the rendezvous point is unavailable. So you need to send out a set of keys that will be used over the next N cycles.
In the second world war, the allies took advantage of this, by attacking Nazi weather ships. (The plan may have originated with Ian Flemming, who went on to write the James Bond novels.) By capturing keys, the allies were able to read Nazi traffic.
Regardless, Piett was about to authorize the shuttle’s landing. The history of cryptography is littered with examples that didn’t take place a long, long time ago, but whose pattern is the same. The desire to believe that everything is ok, the pressure of the routine, and the operator’s belief that the slightly abnormal is close enough to normal combine together to justify bending the rules a little bit.
Piett is about to accept an out of date key, he is making a decision which is militarily, cryptographically and psychologically probably sensible. The design of the process means that such anomalies are to be expected. That expectation is why stealing keys is worth heroic efforts. (Such efforts are the reasons behind Jack Shaftoe’s work in Stephenson’s “Cryptonomicon.”) Even with systems designed according to Kerkhoff’s principle, key management is a hard challenge.
Incidentally, be sure to check out the Piett Gallery, from whom I borrowed today’s image. Next Friday, we may detour back to Tatooine to answer a reader question, or I may start in on Saltzer and Schroeder’s classic work. I’m still looking for a good web version that I can link to. Finally, thanks to DM for pointing out some flaws in the first draft.
good enough S&S ?
http://web.mit.edu/Saltzer/www/publications/protection/
Thanks, but that’s really not a very good rendition, and I’m hoping to find something better.
Let me explain:
When I printed it out to read, there was too much text, not enough navigation. It was hard to read because the formatting is so minimally done. I’d like to link to something easier to read.
Where Is That Shuttle Going?