« At 10:35 pm | Main | Elemental Haiku »


monkey.gifThe common problem of sending private messages through a public channel is surprisingly difficult, and a fruitful area of research.

Throughout history, entities from major governments to private personages have sought to protect their lines of communication. Their efforts seem to have fallen into several categories:

  1. Develop a private means of transmission. ("Private" is relative to the attacker's resources.) An example would be the use special couriers to take the message from one party to the other. The addition of a courier brings another party into the picture, and many messages have been compromised by the courier failing in his duties. With the technological advances in the 20th century, such as radio broadcasting, as well as the specialization of labor (inexpensive public networks maintained by profit-seeking companies), it is increasingly difficult to NOT make use of the available public communication networks. Because private communication lines are so easily compromised (if the attacker is sophisticated), and because public networks are so inexpensive, it makes sense to investigate other forms of ensuring privacy.
  2. Use an algorithm to encrypt data, transmitted over a public channel. A sender and receiver agree upon some means of encrypting the data, such as via one-time pads, or secret keys and public algorithms. This is perhaps the most widely used approach. Publicly-available algorithms, such as the Advanced Encryption Standard (AES, formerly know as Rijndael), are usually researched by a large community of analysts, and strengths and weaknesses are well-known. This ensures the quality of the algorithm, leaving the secrecy of the message to depend upon the secrecy of the keys or passwords. Many governments and militaries use secret algorithms, to provide another layer of safety. (This approach implies that those entities have enough in-house experts to ensure that the algorithms are safe. History is filled with stories of groups that depended upon a secret but easily-crackable algorithm.) Still, encryption algorithms reveal that SOME SORT of secret message has been passed. Also, encryption means that secret keys must be passed between the two parties. The secrecy of the keys seems to be the weakest link.
  3. Hide the secret message in seemingly-innocuous data. Perhaps the most common approach to this is to reference mutual experiences within normal text. This only works, of course, when the sender and receiver actually HAVE mutual experiences that are relatively unknown to others. An approach known as "steganography" modifies image data, so that the picture looks the same, but a message can be extracted. (There have been rumors that terrorists have communicated by modifying bits of pornographic pictures, and then posting those pictures on USENET. As far as I know, those rumors have never been validated.) This approach differs from the second concept (encryption) by the fact that the sender and receiver might not have to agree upon an algorithm ahead of time, and that it is possible that attackers might simply ignore the message due to its innocent character.

If I had to evaluate those three options, I would say that the first method is simplest conceptually (when the attacker is not sophisticated), that second method (encryption algorithms) is the most secure in the general case, while the third method (hiding secret messages within innocuous text) is the most fun.



TrackBack URL for this entry:

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)