The New Codebreakers

Social Sciences and especially Sociology and History are very useful to understand how the Cryptographic Field has been shaped in France in 19th and 20th centuries. This paper tackles this issue explaining how and why this Field has been influenced in-depth by a strong process of ‘Professionalism’ under the Ecole Polytechnique rule. Being neither a Mathematician nor a Cryptologist, but a Social Scientist I belong to a minority in this book: nevertheless I will try to demonstrate how precious were and are Dave’s books for Historians and Political Scientists interested in the study of the Hidden side of the State. I would like to plead for the use of more Sociology in the Intelligence Studies Field. Social Scientists interested in Intelligence or Cryptology often conduct their research studying either the structures or the heroes (that is to say for instance Masterspies or Defectors). Some use the two approaches, but rather rarely. I am personally convinced that the combined use of the study of the structures and that one of some Individuals actors that played a major role – there are many in Cryptography from Herbert O. Yardley1 to Alan Turing via Marian Rejewski2 – can find advantages to be completed by the study of a third level, the professional groups (or the Bodies). However that may be, I would consider as an assumption the fact that, broadly speaking, in the Cryptologic field the role of some Individuals is more important that in Intelli‐ gence. Dave demonstrated the role of successive Genius that improved Secrets Writings, Ciphers and the use of Mathematics. Until now despite the growing role of Softwares and computing, the importance of Inventors remains. Be that as it may, I would plead not for taking into account the “masses” in the study of cryptology but to promote the study of the collective actors. Indeed, the case of France at the crossroads of 19 and 20 Centuries shows a main transformation, the blossoming of Bodies among those of the Officials who where in charge of Intelligence within the State. 1 See David Kahn, The reader of gentlemen’s mail: Herbert O. Yardley and the birth of American codebreaking, New Haven-London, Yale University Press, 2004, 318 p. 2 See Marian Rejewski 1905–1980. Living with the Enigma secret, Bydgoscz, Bydgoscz City Council, 2005, 287 p. © Springer-Verlag Berlin Heidelberg 2016 P.Y.A. Ryan et al. (Eds.): Kahn Festschrift, LNCS 9100, pp. 25–33, 2016. DOI: 10.1007/978-3-662-49301-4_2 1 The Lack of Tools to Study the Collective Actors No Historian can face the study of collective Actors without being confronted immedi‐ ately to the notion of “Intelligence Community” (IC). Unfortunately these two words written together create the illusion of an Intelligence Body that would be homogeneous. In fact, all the academic literature using this expression does not define the notion, nor try to explain it3: in this way the IC is only the addition of several Agencies or of several Bodies. Actually it’s a fuzzy expression. The second consequence is that if most of the structures, the organs or the bureaucracies have been studied, this is not the case of the collective Actors like the Officers, Analysts or the Cryptologists that were employed in these structures. From my point of view it is the consequence of a lack of a sociological approach. In appearance the use of Sociology can introduce some complexity but at the end it provides more light because the past is not only the combination of Individual Actors and of Structures. As the “IC” the term of “Professionnalisation” has been used by Historians of Intel‐ ligence without being firstly carefully defined4. Implicitly again, most Histories of Intel‐ ligence conclude that at the end of 19 Century many European IC were on the way of Professionnalisation. This is not my stance and I would begin considering this as an assumption that must be confirmed. Professionnalisation has been in fact used by Historians and political Scientists as a synonym for skills. But one thing are the skills of Individuals, another one is the capacity of a Body to train its members. Incontestably, the latter is a sign of a modernisation Process in a State. I would also use the recent definition of Martin Rudner who insists on some features: the management of human capital and the teaching of knowledge to new entrants in the Body5. In dealing with the study of French Cryptologists under the Third Republic (1870– 1940), I would have also to consider if these peculiar men, most of them coming from the Army or from the Navy, behaved only as Individuals or if they were strictly linked to the Bodies that appeared at the end of the 19 Century. It could help us to understand if the French Intelligence Apparatus based partly on the quality of Cryptography at the beginning of the 20 Century was the result of some Individuals or of the renewal of the French Army after the 1870 Defeat. 2 The French “Intelligence Community” as a Battlefield During the first half of 19 Century there was two unique Official Bodies in charge of Intelligence, the Diplomats and the Police Body. From the beginning of the 19 Century until today, the history of Intelligence in France and abroad is a story of permanent 3 See for instance: Jeffrey T. Richelson, The US Intelligence Community, New York, Vetwiew press, 2008, 592 p. 4 Christopher Andrew and David Dilks (ed.), The missing dimension. Governments and Intelli‐ gence Communities in the Twentieh Century, London, Macmillan, 1985, p. 6 et 7. 5 See Martin Rudner, “Training and educating US Intelligence Analysts”, International Journal of Intelligence and Counter Intelligence, 2009, 22: 1, p. 139 et 142. 26 S.-Y. Laurent

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[3]  Feifei Li,et al.  Dynamic authenticated index structures for outsourced databases , 2006, SIGMOD Conference.

[4]  V. Piuri,et al.  A comprehensive conceptual system-level approach to fault tolerance in Cloud Computing , 2012, 2012 IEEE International Systems Conference SysCon 2012.

[5]  Sushil Jajodia,et al.  Optimizing Integrity Checks for Join Queries in the Cloud , 2014, DBSec.

[6]  Gerardo Pelosi,et al.  Protecting Access Confidentiality with Data Distribution and Swapping , 2014, 2014 IEEE Fourth International Conference on Big Data and Cloud Computing.

[7]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[8]  Sushil Jajodia,et al.  Combining fragmentation and encryption to protect privacy in data storage , 2010, TSEC.

[9]  Gerardo Pelosi,et al.  Supporting concurrency and multiple indexes in private access to outsourced data , 2013, J. Comput. Secur..

[10]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[11]  R. S. Sandhu,et al.  On some cryptographic solutions for access control in a tree hierarchy , 1987, FJCC.

[12]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[13]  Jean-Sébastien Coron,et al.  Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers , 2012, EUROCRYPT.

[14]  Xiaofeng Meng,et al.  Integrity Auditing of Outsourced Data , 2007, VLDB.

[15]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[16]  Peter Williams,et al.  Single round access privacy on outsourced storage , 2012, CCS '12.

[17]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[18]  M V Patil,et al.  HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING , 2006 .

[19]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[20]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[21]  Vincenzo Piuri,et al.  Supporting Security Requirements for Resource Management in Cloud Computing , 2012, 2012 IEEE 15th International Conference on Computational Science and Engineering.

[22]  Yin Yang,et al.  Authenticated join processing in outsourced databases , 2009, SIGMOD Conference.

[23]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[24]  Sushil Jajodia,et al.  Access Control Policies and Languages in Open Environments , 2007, Secure Data Management in Decentralized Systems.

[25]  E. Damiani,et al.  New paradigms for access control in open environments , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[26]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[27]  Sushmita Ruj,et al.  Privacy Preserving Access Control with Authentication for Securing Data in Clouds , 2012, 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012).

[28]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[29]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[30]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[31]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[32]  Marco Gamassi,et al.  Robust fingerprint detection for access control , 2005 .

[33]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[34]  Kouichi Sakurai,et al.  Realizing Fine-Grained and Flexible Access Control to Outsourced Data with Attribute-Based Cryptosystems , 2011, ISPEC.

[35]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[36]  Robert H. Deng,et al.  Database Access Pattern Protection Without Full-Shuffles , 2011, IEEE Transactions on Information Forensics and Security.

[37]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[38]  Salve Bhagyashri Salve Bhagyashri,et al.  Privacy-Preserving Public Auditing For Secure Cloud Storage , 2014 .

[39]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[40]  Valérie Nachef,et al.  “I Shall Love You Until Death” (Marie-Antoinette to Axel von Fersen) , 2010, Cryptologia.

[41]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[42]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[43]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[44]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[45]  Michael T. Goodrich,et al.  Practical oblivious storage , 2012, CODASPY '12.

[46]  Hakan Hacigümüs,et al.  Ensuring the Integrity of Encrypted Databases in the Database-as-a-Service Model , 2003, DBSec.

[47]  K. Selçuk Candan,et al.  Hiding Traversal of Tree Structured Data from Untrusted Data Stores , 2003, ISI.

[48]  Kyriakos Mouratidis,et al.  Enhancing access privacy of range retrievals over B+-trees , 2013, IEEE Transactions on Knowledge and Data Engineering.

[49]  Vincenzo Piuri,et al.  Fault Tolerance Management in Cloud Computing: A System-Level Perspective , 2013, IEEE Systems Journal.

[50]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[51]  Cong Wang,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2012, IEEE Transactions on Parallel and Distributed Systems.

[52]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[53]  Peter Y. A. Ryan,et al.  Trapdoor Privacy in Asymmetric Searchable Encryption Schemes , 2014, AFRICACRYPT.

[54]  Giuseppe Di Battista,et al.  Authenticated Relational Tables and Authenticated Skip Lists , 2007, DBSec.

[55]  Sushil Jajodia,et al.  Selective Data Encryption in Outsourced Dynamic Environments , 2007, Electron. Notes Theor. Comput. Sci..

[56]  Gerardo Pelosi,et al.  Distributed Shuffling for Preserving Access Confidentiality , 2013, ESORICS.

[57]  Philip S. Yu,et al.  Dual encryption for query integrity assurance , 2008, CIKM '08.

[58]  Sushil Jajodia,et al.  Fragmentation in Presence of Data Dependencies , 2014, IEEE Transactions on Dependable and Secure Computing.

[59]  Kian-Lee Tan,et al.  Authenticating query results in edge computing , 2004, Proceedings. 20th International Conference on Data Engineering.

[60]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[61]  Wendy Hui Wang,et al.  Integrity Verification of Outsourced XML Databases , 2009, 2009 International Conference on Computational Science and Engineering.

[62]  Pierangela Samarati Data Security and Privacy in the Cloud , 2014, ISPEC.

[63]  Vincenzo Piuri,et al.  A privacy-compliant fingerprint recognition system based on homomorphic encryption and Fingercode templates , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[64]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[65]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[66]  Sushil Jajodia,et al.  Integrity for join queries in the cloud , 2013, IEEE Transactions on Cloud Computing.

[67]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[68]  Sabrina De Capitani di Vimercati,et al.  Managing and accessing data in the cloud: Privacy risks and approaches , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[69]  Sushil Jajodia,et al.  Fragmentation and Encryption to Enforce Privacy in Data Storage , 2007, ESORICS.

[70]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[71]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[72]  Michael Gertz,et al.  Authentic Third-party Data Publication , 2000, DBSec.

[73]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[74]  Kui Ren,et al.  Attribute-based fine-grained access control with efficient revocation in cloud storage systems , 2013, ASIA CCS '13.

[75]  Pierangela Samarati,et al.  Cloud Security: Issues and Concerns , 2016 .

[76]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[77]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[78]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[79]  Sushil Jajodia,et al.  Integrity for distributed queries , 2014, 2014 IEEE Conference on Communications and Network Security.

[80]  Jinsheng Zhang,et al.  A Light-Weight Solution to Preservation of Access Pattern Privacy in Un-trusted Clouds , 2011, ESORICS.

[81]  Sushil Jajodia,et al.  Preserving confidentiality of security policies in data outsourcing , 2008, WPES '08.

[82]  Jean-Sébastien Coron,et al.  Fully Homomorphic Encryption over the Integers with Shorter Public Keys , 2011, IACR Cryptol. ePrint Arch..

[83]  Gerardo Pelosi,et al.  Efficient and Private Access to Outsourced Data , 2011, 2011 31st International Conference on Distributed Computing Systems.

[84]  Sushil Jajodia,et al.  Policies, Models, and Languages for Access Control , 2005, DNIS.

[85]  Sushil Jajodia,et al.  Enforcing dynamic write privileges in data outsourcing , 2013, Comput. Secur..