Wednesday, August 31, 2011

A security conundrum in Between Silk and Cyanide

One of the advantages of being a fairly public person (having written a book and having a popular-ish blog) is that I have a small coterie of regular correspondents who send me interesting links and thoughts. One of these is a gentleman who sent me a copy of Leo Marks' Between Silk and Cyanide as a gift.

Along with the book came a cryptic note that there was an unsolved mystery in the book. Later I asked him about the mystery which turns out to be this passage:

I've thought about this and am having a hard time coming up with a solution. What could one agent be told that he would not forget but would be unable to recall? Something he could pass on (not in writing) to the other agent, but that if captured and tortured he'd be unable to reveal.

Any clever thoughts?

PS The only thing I got reminded of was this paper: Passwords you’ll never forget, but can’t recall. Perhaps PANDARUS took a photograph (or many photograph) and showed it (them) to MANELAUS. One would have meaning to MANELAUS but not the others, to PANDARUS none would have meaning.

Labels:

If you enjoyed this blog post, you might enjoy my travel book for people interested in science and technology: The Geek Atlas. Signed copies of The Geek Atlas are available.

34 Comments:

Blogger ajuc said...

You mean something that has solution easy to check, but hard to construct?

NPC problems comes to mind. Maybe it was simply very big prime? He could remember enough information about it to identify it when someone would present it to him, but not enough, to make it easy to find that number.

12:56 PM  
Blogger ajuc said...

On the second thought - this depends on knowing large prime that enemy don't know.

Better to just use RSA :)

But this requires our agent to remember huge number.

1:39 PM  
Blogger Terence Eden said...

Post hypnotic suggestion?

12:09 PM  
Blogger irve said...

You cannot recall smells...

12:24 PM  
Blogger conosp said...

Hi, I'm playing guitar, and I know a few songs i can play without looking at the partition. The funny thing is that i'm totally unable to write down the notes out of my head. Only my fingers seem to know the notes. Also, if i try to play the song slowly to pick every note one by one, then i'm not able to play the song anymore. I guess the problem described in that post might use a similar idea.

1:45 PM  
Blogger conosp said...

Hi, I'm playing guitar, and I know a few songs i can play without looking at the partition. The funny thing is that i'm totally unable to write down the notes out of my head. Only my fingers seem to know the notes. Also, if i try to play the song slowly to pick every note one by one, then i'm not able to play the song anymore. I guess the problem described in that post might use a similar idea.

1:50 PM  
Blogger Bryan said...

This comment has been removed by the author.

2:30 PM  
Blogger Bryan said...

This comment has been removed by the author.

2:30 PM  
Blogger rpauli said...

Ear worms.

Recalling the early Hitchcock movie "The 39 Steps" - wouldn't a musical composition fit the bill?

I might read music, play the tune, remember the tune - be be unable to transcribe the musical notes.

2:49 PM  
Blogger Ace Munroe said...

Could it not be a photo that the checker himself does not look at, merely presents to the other agent and asks a question? As he would no longer be in possession of the photo at time of capture there is no way to recreate this situtation

2:56 PM  
Blogger Rob Chevalier said...

A tattoo on the outer eyelid. I suppose that counts as writing though.
The first thing that came to my mind was some sort of pheromone or radioactive tagging. Maybe even a harmless virus that causes one's sweat to contain a molecular tag - again possibly a pheromone.

3:25 PM  
Blogger johnpane said...

I don't think photographs count. If Pandarus is captured he would be found with the photos, and could remember which one Manelaus should recognize.

I think the correct answer is a smell. If it is unique enough, Pandarus would recognize it if Manelaus were able to produce it. Yet he would not be able to remember it, at least with sufficient detail that he could pass on the information to his captors.

(I see someone beat me to this answer.)

4:21 PM  
Blogger Los Thunderlads said...

I think Irve is onto something.

4:34 PM  
Blogger Prof. Godel Fishbreath, Otter said...

These days, if agent is male, semen/dna. Them days, some tagged substance used to seal the letter.

4:36 PM  
Blogger Jimmy T said...

The password was "Jesus" and they probably gave him something he could not possibly have remembered, so he'd say "Jesus..." instead.

4:40 PM  
Blogger uttiyo DBC said...

This HAS to do with a standard pack of 52 playing cards. I am a math-retard here. Can anyone come up with a way to use this?

6:23 PM  
Blogger AntiRush said...

rpauli, you're thinking of The Lady Vanishes.

In The 39 Steps, the secret is in the mind of "Mr. Memory", who certainly can recall it.

6:29 PM  
Blogger John Gordon said...

Maybe it was a picture, sign or card in a non-latin alphabet or language, such as Arabic, Chinese, Cyrillic or Korean? The image would mean nothing if you don't know the language, but would be easily understood by the recipient.

7:05 PM  
Blogger forensa said...

The answer is "something you know or something you are"...

The point being you don't know what the password is, but ostensibly it's used to authenticate you - so a number of "soft questions" - mother's maiden name, birthplace, all the data you take for granted...

The other is "something you are", being facial, fingerprints, retinal, DNA - again, they don't need you to tell them the password, because *you are the password*.

7:20 PM  
Blogger Kevin said...

I recognize baby pictures of myself much more effectively than others do. I can't describe what I looked like accurately enough for somebody else to do this.

8:13 PM  
Blogger  said...

Something he can tell, but not recall? Simple: something he doesn't know. Perhaps the message is not the words he says, but is encoded in their arrangement; e.g. that this phrase appears first implies one thing; that he uses this word instead of another word with the same meaning means something else... If the enemy captures him he can tell them the exact phrase he was told, but he has no idea what the actual message is.

12:38 AM  
Blogger C Hill said...

The last part indicates that it's difficult to forget how it works, but the result is something that you probably won't remember. It has to be some easy to determine variable that changes over time, but is impossible to predict. For example, the current hour plus the current minute of their meeting, the previous night's low temperature, and/or the first word of the top headline in the local paper, etc. The identity check is simple, but not something you would remember from day to day. It's precise, but it doesn't have to be passed in writing, and meaningless to an enemy in another location.

2:39 PM  
OpenID theoreticalhypotheses said...

There are some things in the English language that cannot accurately be convayed, like smells and tastes. We are reduced to offering comparisons - Just look at the wines have to be described by experts for example.

So you could be given a unique smell/taste that you would remember, but be unable to accurately describe to someone else.

However, it was required that "What could one agent be told that he would not forget but would be unable to recall?" - Do you mean "repeat" otherwise it seems to be a contradiction. Also it was required "Something he could pass on (not in writing) to the other agent, but that if captured and tortured he'd be unable to reveal." Only if had access to the original mixture though, could they recreate the smell/taste to pass it on (say a bottle of strawberry, vinegar and mint). I am not sure though this forfills the requirements then?

Playing cards suffer a similar problem. Say you know that a deck when stacked the right way and played through completely in say "21" where all players play house rules (stick on 17, etc.). will result in you winning every round. The trick being that the first player must lead with highest card possible after all the higher cards have been delt to you. That in essence becomes a binary problem, where you only know half the solution, until you need to pass it on, when you would be told about the first player having the highest card left and how many players there needs to be to make it work.

This MIGHT forfil the requirements, but so might any binary solution, as they require one of the agents to "call home" again to get the rest of the answer when passing it on.

Unless this is acceptable, I am not sure there is an answer that forfills the requirements in the strictest sense?

The latter part of the original passage concerns me greatly. It suggests we are all miles away. Smells, numbers and cards can all be varied, so the "challenge-response" could be used many times. Here is is made very clear it can only be used once. This must mean it is based on fixed constants, with NO variables whatsoever. Say shakeing hands with the left hand instead of the right - Once the "trick" is known, it is useless forever as there is only one way of doing it "wrong".

Restating the problem, what is it that I cannot remember unless promted? Yet could tell someone else what (or how to look it up?) it was.

The only solution I can come up with is facetious in the extreme, but is my wedding anniversary...

12:36 AM  
Blogger maelorin said...

perhaps the secret is *how* rather than *what*.

how you respond when you don't know something: but where the focus of attention is on the answer itself.

for example, it would be expected that soe agents would know some things about the soe, but not all things.

an agent could ask another about how x's daughter got into oxford. one part of that may be well known, the other might not. not knowing she went to cambridge could catch you out in a lie: or by letting it slide, the interrogator can learn that the agent knows daughter went to a uni, just not which one.

an impostor wouldn't (necessarily) know they'd made a mistake. a genuine agent might realise it and raise the matter again later.

if the questions are based upon shared cultural knowledge, rather than operational knowledge, it's harder to know what might be asked. a person will be able to answer/respond appropriately to questions about their own background - but having no idea what questions might be asked, can't divulge them to anyone else.

the interrogator doesn't even have to know all the answers to the questions they ask either. just share enough 'common knowledge' to ask the 'right' questions - and in the 'right' way.

thus, it would be possible for the interrogator to give away that they're (potentially) an impostor as well ...

common cultural knowledge is generally *assumed* - you don't have to recall how to eat things, or the nicknames of local sporting teams. you *know*. but if you don't know what questions might be asked, it's hard to learn the 'right' answers.

getting a few wrong ought not to be fatal to self-identity, but getting the wrong ones wrong could be.

2:54 AM  
Blogger matthewplazin said...

a song can be easily recalled by a person when another person sings it for them and with them, however the words cannot be easily remembered under duress or force. The same applies to melodies and musical notes.

2:56 AM  
Blogger sdf said...

Two thoughts: 1) Pavlovian conditioning - the passage says P was "briefed by signals," but that doesn't necessarily mean P knew he was being briefed. There could be a particular tick or word that is triggered (which would also allow Zone Commanders to use their own "codes"). P could be trained AND tested without even knowing it. 2) A particular, but seemingly innocuous, addition to P's environment - maybe red stripes on his pillow - which would be a constant, but not the sort of thing one would associate with identification. Again, this would allow the Zone Commanders to use their own identifications.

3:54 AM  
Blogger kurtdriver said...

How about a Rorshack test? Assuming that Menelaus has the same response each time he sees it, it would work and Pandarus wouldn't nee to know it.

10:18 PM  
Blogger jared chandler said...

A picture of the agent's mother.

6:25 PM  
Blogger brendan said...

Along the lines of matthewplazin, the agent could be told an arbitrary Shakespearean passage, for example.

The person to be checked knows this passage well, and can recite it. The checker knows it well enough to recognize it when recited correctly, but could not possibly recite it himself.

7:24 AM  
Blogger Natanael said...

"Tacit knowledge".

Motor skills (doing a fancy trick with a bike could be one) or other skills that an individual can learn but not teach so accurately that it can be perfectly copied, that also can not be imitated well enough.

But that also means that the identifier must have the corresponding tacit knowledge for how to recognize the right person, he must have seen him to the task his own way *many* times.

9:55 AM  
Blogger Frank said...

Some kind of challenge-response thing comes to mind. Especially if the use of a photograph is "allowed".

You can always remember the general motive/scene of a photograph; but details only to a specific level unless you know what to look at.

The challenge has to be dynamic, ie. something "random" the challenger could ask if he has a copy of the photo.

Challenge: "How many apples are visible on the second branch of the tree on the left?"

or: "What object do you see 3.5 cm from the top, 2.1 cm from the left?"

You might remember the answer you have given, but that is useless since you don't know what question you will be asked next time.

This can even be used to "encrypt" informtation: "Multiply the number of enemies you saw with the number of people wearing black shoes of the picture".

Effectively just like the MD5 Challenge-Response protocol.

3:27 PM  
Blogger DrKayT said...

Perhaps Manelaus and Pandarus were married to each other for a very long time.

3:52 PM  
Blogger S.A.M. said...

If they're checking in physical proximity, it could be as simple as writing something on the agent's back, where he couldn't see it.

4:51 PM  
Blogger BenN said...

How about using muscle-memory? Like typing a password - you can take the letters off the keys and still type in your password - have the guy remember a sequence of key presses (on a randomises keyboard layout), but not the characters on those keys. He'll be able to reproduce the message on another keyboard, but won't be able to tell the enemy how to arrange the keys on that keyboard.

5:26 PM  

Post a Comment

Links to this post:

Create a Link

<< Home