Thursday, November 11, 2004

Cryptography thoughts

Following is an incomplete piece I started to write on one of the missing elements of modern cryptography, I'll leave it up to you as to whether it is a necessary or irrelevant part of cryptography. For me it's just something I've been interested in for a while and recently while reading The Cryptonomicon by Neal Stephenson (highly recommend it!), it got me thinking about this topic. Comments and questions are welcome.

Information Theory in Cryptography

One of the original rules of cryptography refers to making the message indistinguishable to it's background (namely if you can't see it you can't break it), back in the first & second world wars this meant making the messages appear as white noise.

White noise refers to making encrypted information indistinguishable from its background, which is fine when the communication medium is radio signals (also known as static)

A technique used to accomplish this was for 2 albums (of random noise) playing at either end of the line, so that the signal would appear to be random noise as it was sent through the air, but at either end the records would cancel each other out, and only leave the actual communication (be that 2 people talking, or an actual data stream). This technique actually served 2 purposes, being encrypt live communication (the 2 albums were in essence the encrypt & decrypt keys), as well as to hide (or mask) that stream to sound like the background it was traveling through.

But in today's era of computers and the internet what was white noise for radio transmissions is not white noise for the PC let alone communication between PC's. In fact by keeping with the current format we're advertising that we have an encrypted file, something to be focused on to 'crack'.

There's lots of different ways to crack encrypted files (some straight forward approaches to cracking: brute force, only secure as the key, social engineering, technology improvements, etc...)
Note: A lot of the current techniques for encrypting depend upon it being unfeasible to crack, ie: that a brute force approach will take years to find the key, even using the latest technology.

What can be done?
To answer that we need to answer what is the background of files on a PC and/or in communication?

On the PC there are 2 types of backgrounds:
• standard files (part of the file system)
• Unallocated blocks of the file system (random 1's & 0's)

For communication between PC's there's really only 1, as any one who has access to all the packets of data can re-create the full 'data block' which is for our purposes the same as a file.

Given that info there seems to me to be the option of creating methods for 'masking' data (preferably already encrypted as added security) to look like a standard file, obviously easier said than done, hiding the data in unused sections of the files is easily spotted (virus checkers do this on a routine basis).

Some possible techniques:
• Alterating a master file without breaking the format rules (con that need master file to unmask)
• Creating a program file using standard rules (con of unusual to transmit, possible execute and cause crash)
• Create human viewable file, ie: picture, text, audio (con complex rules to conform to to be truly hidden)

As a general note though, these techniques because of their very nature make it hard for us (as users) to realise that the file we’re looking at is not actually a thesis on cats moulting, but is in fact a masked (and possibly encrypted) design of a revolutionary can-opener.. This of course meaning that, the ease of use which is now starting to really appear in computers, is made more difficult with this masking technique… One possible solution is to only apply it when transmitting the file…

Question for the future
An alternative method is to look at how a pattern can be identified in terms of finding a file (whether or not it has been encrypted) perhaps the answer for communication is to have a constant stream of random data, in essence replicating early radio communication. [obvious problems with bandwidth and pollution of networks though..]


Anonymous said...

My issue has always been which "part" should be more secure... The data or the key... Both are equally important, or are they?

To me the "keys" to success, excuse the pun, lie in creating a message within a message, not within a picture. As you say that the early rules "refer to making the message indistinguishable to it's background "... How about if you don't, if a message makes sense like "... I was out walking the dog yesterday ..." is decrypted to "... the combination to the safe is 456789 ...". Part one of decryption is to identify the data requiring decryption.
The other part is to take the quantam crypto findings and apply them to the current real world, that is for any message there is ever only 1 "physical" key that is "split" to create the encryt and decrypt keys...

Late night rant... Enjoy the UK... Steve B.

Anonymous said...
This comment has been removed by a blog administrator.