PDA

View Full Version : embedding a message in other information



Layla Nahar
02-15-2014, 07:09 PM
For example, codes like they did in WWII (Alan Turning & co?) - that's cryptography, right? I want to improve my knowledge of this for a project, but when I looked up 'Cryptograpgy for Dummies' it seems to be about internet security.

Can anybody recommend some good books for a layperson to get a better understanding of this?

tnx
LN

Maxx B
02-15-2014, 07:23 PM
Are you looking to take a message and obscure it by using a cryptographic algorithm or hiding a message in plain sight like using a book code?
It's a huge topic, if you could give us a little more info about what info you are trying to hide and why, we could suggest places to start with your research. If you are not happy sharing too much info, then you could start your research by looking into Steganography.

Torgo
02-15-2014, 07:45 PM
For example, codes like they did in WWII (Alan Turning & co?) - that's cryptography, right? I want to improve my knowledge of this for a project, but when I looked up 'Cryptograpgy for Dummies' it seems to be about internet security.

Can anybody recommend some good books for a layperson to get a better understanding of this?

tnx
LN

A few definitions for lay-people (like myself; please correct me, experts?) Most of this I gleaned from Neal Stephenson's classic novel CRYPTONOMICON, which is essential if you're interested in this aspect of WW2.

There's a distinction between a code and a cipher. In a code, you use some word or symbol to stand for another. So I show up at the train station with a carnation in my buttonhole, and that's code for 'I've put a message in the dead letter box' or something; or I send a postcard to you that says 'purple anteater saraband', and you look it up in your code book and find that it means 'meeting 10pm Tuesday'.

In a cipher, we perform some kind of operation on the message (which we will call the 'plain text'.) A really simple cipher would be the Caesar shift, where we just shift each letter a certain number of letters forward or back in the alphabet. Modern ciphers are (a) more complicated (b) involve mathematical operations that are only easy to reverse if you happen to know the key.

Cryptography is the science of writing ciphers. Cryptology is the science of deciphering ciphered writing. Steganography is the art of hiding a message (plain or ciphertext) inside another message. There is, for example, lots of room in a computer image file (a JPG or BMP etc) where you could hide a message just by tweaking the pixels a bit. Using a freely available steganography program I once, for fun, hid the full text of the Geneva Convention inside a photograph of George W Bush.

Here's a useful-looking paper (https://www.sans.org/reading-room/whitepapers/stenganography/steganography-past-present-future-552) I found on the history and current state of steganography (PDF.)

Layla Nahar
02-15-2014, 08:22 PM
MaxxB, Torgo -

Thank you very much. That's a way lot more clarity than I had this morning. :)

Siri Kirpal
02-15-2014, 10:42 PM
Sat Nam! (literally "Truth Name"--a Sikh greeting)

And in case you're interested, the master cryptographers of WWII in the US were Navahos. They simply wrote their messages in Navaho.

Blessings,

Siri Kirpal

kuwisdelu
02-16-2014, 12:26 AM
And in case you're interested, the master cryptographers of WWII in the US were Navahos. They simply wrote their messages in Navaho.

It was actually more complicated than that. The Navajo was encoded to an extent as well.

robjvargas
02-16-2014, 02:56 AM
Here's a link (http://searchsecurity.techtarget.com/Understanding-encryption-and-cryptography-basics) to a pretty decent discussion about it. Might be a whisker technical. It's an I.T.-oriented site.

Siri Kirpal
02-16-2014, 03:04 AM
It was actually more complicated than that. The Navajo was encoded to an extent as well.

Sat Nam! (literally "Truth Name"--a Sikh greeting)

Ah! Thanks for the correction.

In any case, Navaho is unusual enough and complicated enough to be the starting point for an unbroken code.

Blessings,

Siri Kirpal

frimble3
02-16-2014, 09:30 AM
And, you want simple explanations, a little of the history, and examples and samples, try children's books on codes and codebreaking. Obviously, simple stuff, but it works as an introduction and starting point.

Telergic
02-16-2014, 06:48 PM
Putting aside the technical aspects pertaining to modern communication protocols and encryption methods, steganography turns out to be really easy and is almost never detected. Even the clumsiest, most naive, most technically unsophisticated forms almost always work unless someone in on the method compromises it explicitly.

Of course an important element of steganography is that the messages transmitted should be short, at least in comparison to the information conveyed by the masking message or content, and like key exchange, the participants usually have to have prearranged the method.

Aside on Navajo: Needless to say using Navajo signal staff in WWII was a half-assed approach to communications security. It was a convenient non-cryptographic method of communication which relied completely on security through obscurity, the combination of code and language, with only the most primitive of ciphers. Had the Japanese had better cryptographers and linguistic analysts, even with no knowledge of Navajo whatsoever they could have "broken" the method in the usual way by relating an accumulated dictionary of words and phrases to actual events.

afarnam
02-16-2014, 06:51 PM
My favorite are where you write a message that looks like it is about sports, say, but the people involved know that the sports teams stand for something else. Complicated ciphers are okay but it can be fairly easy for a computer to see that something encrypted is being sent. The computer may not be able to crack the code very quickly but in the modern day and age of police work and so forth, it is often as important to know who sent an encrypted message where, when and to whom as it is to know what is in the message. So, one way to do it is to mask important communication as chatter. Have the recipients know what different words really stand for and then you can pretend you are talking about Girl Scout cookie sales when you are really talking about delivering the drugs or the weapons or whatever is secret. Certainly, that kind of code is crackable, especially if you can get an informant, but it is fairly easy to crack computer encryption too. All you need is access to one of the computers that uses it for a few seconds, if you're good at it or an informant or even just a big computer and enough time to run decryption programs.

Telergic
02-16-2014, 07:37 PM
it is fairly easy to crack computer encryption too.

If used with a deep understanding of how the system works, and proper security precautions, it's extremely difficult to crack good computer encryption. Access after the fact to a computer used for the purpose is useless unless the user is an idiot and private keys or traces of the original message can be recovered from it.

The problem is the context: hardware, software, and procedural. It's not possible for unskilled people to use encryption in a secure way, and the amount of effort required to properly secure a computer or a communication channel is such that going to all that trouble is rarely warranted. If any aspect of the encryption, key-exchange, or communication system has been compromised in advance (an NSA specialty), which is extremely difficult even for most technical experts to detect or cope with, much less for civilians, the whole system has been undermined.

Wilde_at_heart
02-16-2014, 07:48 PM
For example, codes like they did in WWII (Alan Turning & co?) - that's cryptography, right? I want to improve my knowledge of this for a project, but when I looked up 'Cryptograpgy for Dummies' it seems to be about internet security.

Can anybody recommend some good books for a layperson to get a better understanding of this?

tnx
LN

Switching up your search terms might help as well - try 'code breaking', 'cryptanalysis' or even 'deciphering'. I've found on occasion that subtle changes in search terms can bring up vastly different results.

There was one book on the Zodiac Killer - who'd sent mysterious encoded messages to the media - that delved into how codes and so on were created in the first place, the various methods, etc.

Telergic
02-16-2014, 07:57 PM
Oh yeah, in WWII Bletchley Park was all about the Enigma machine. That should be easy enough to Google for many many accounts of the general undertaking and historical context, but understanding how the machine worked and what the cryptanalysts actually did to break the cipher may not be so easy.

afarnam
02-16-2014, 09:41 PM
Okay, it isn't "easy" to break properly done computer encryption but it can be done with a big enough computer. And the point is probably more what Telergic says, it is very difficult to do computer encryption properly. That is more what I meant.

Telergic
02-16-2014, 10:52 PM
Okay, it isn't "easy" to break properly done computer encryption but it can be done with a big enough computer. And the point is probably more what Telergic says, it is very difficult to do computer encryption properly. That is more what I meant.

Just to be pedantic, the assembled computer power of the entire world wouldn't be enough to break the encryption on a public-key cipher with a very long key, but people don't use such keys for routine communication because it's expensive in compute power to encrypt and decrypt even when you have the key.

Still, with proper security surrounding the use of the keys and the computers involved, for important messages -- high-value commercial transactions, state secrets, and the like, it's quite feasible to use effectively unbreakable encryption, which is why these embarrassing government phone taps and leaks and so on in recent years are really inexcusable. For an ambassador to use an ordinary cell phone to say anything business-related at all is grossly unacceptable, much less to say something sensitive in a country where the phone company is controlled by a government who would like to see you embarrassed.

afarnam
02-17-2014, 12:06 PM
I can see using that kind of encyrption for government or bank purposes. But if you are talking spies in the field or an organized crime type of thing, I think there are major drawbacks. You have to have the encryption key in a computer in order to communicate. You can't just have it memorized. If your device gets stolen, your buddies are in trouble. And so on. My current project has some significant use of codes. There is some encryption as well but the key to making it work is to avoid notice of the message in the first place. There is so much data flowing around that it is much more effective to hide the message in plain sight, by making it seem like they are discussing sports, when they aren't. In one case, I have characters using kid-style encryption that can be easily memorized but they use it only to hide a name or address in a message, so that the message will not tend to stand out or be intercepted by a simple computer scan. It is just what seems realistic under the circumstances. If you are the weaker party technologically, which my characters are, it is better to hide your communications alltogether than to risk that the government and business guys with the big computers will be able to crack whatever cell-phone encryption you can come up with.

melindamusil
02-17-2014, 10:40 PM
Something else to keep in mind - you are dealing with both "cryptography" and "steganography". Cryptography is encoding a message. Steganography is hiding the message in plain sight - for example, writing a message with invisible ink.

Often they are used in tandem - the message is encoded before it is sent through open channels. In the case of the Enigma in WWII, the message was encoded using the Enigma machines, then it was sent via telegraph. The Allies began intercepting the messages early in the war, but until the team at Bletchley Park was able to decode the message, the Allies had no idea what the Germans were saying.

(BTW, the Enigma is an incredibly complex machine. Many modern cryptologists say that, if not for a few dumb-luck interceptions of code books and other tools that were used at Bletchley Park, the Enigma code would not have been broken until long after the war ended.)

Another form of cryptology/steganography that was used by the Germans was microdots. A message would be photographed, then shrunk down into dot no larger than the period at the end of a sentence or the dot on the top of an i, then printed on a postcard that was mailed through the standard mail system. Usually this message was encoded (cryptography) before it was sent through regular mail (steganography).

With computers, cryptography and steganography is rampant on the internet, which is why you will encounter a LOT of information about using those on computers. Information can be hidden within a photography or almost any other type of file. They're commonly used in drug trafficking and child pornography rings.

Trebor1415
02-18-2014, 12:25 AM
There's plenty of stuff online about WWII (and earlier) codes and ciphers and codebreaking.

Try researching "SOE" or "Special Operations Executive" which was the Brit WWII branch that place agents behind enemy lines. Same goes for "OSS" or "Office of Strategic Services" which was the US WWII forerunner to the CIA.

There's all sorts of things from One Time Pads to microdots to "book codes" to mechanized machines like the Eginma, etc.

At what level do you need to know about codes/cyphers? Are we talking the "agent behind enemy lines" level or "sending secure messages to Army HQ" level or "trying to read the enemies message traffic on a grand scale" strategic level? There are different methods, techniques and equipment for each.

Also, for the higher end stuff, look for info on MAGIC which was the U.S. program that intercepted and decoded Japanese traffic.

asnys
02-18-2014, 02:37 AM
Okay, it isn't "easy" to break properly done computer encryption but it can be done with a big enough computer.

Unless you use a one-time pad. Although that's a massive pain to set up if you want to send large amounts of data.

Torgo
02-18-2014, 02:47 AM
Unless you use a one-time pad. Although that's a massive pain to set up if you want to send large amounts of data.

Yeah, if I understand it right, if the pads aren't truly randomized it means the cryptologist has a little lever to use to break them. Any pattern at all can skew the maths against you.

benbradley
02-18-2014, 04:18 AM
A great intro (almost certainly the best for the general public) is "The Code Book" by Simon Singh:
http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323
It covers a lot of history that you may not need to read, but the last 1/4 or so of the book covers public key cryptography, the "strong" encryption that is commonly used for things such as PGP (mentioned below) and the Web's SSL layer:
http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Wikipedia has good articles:
http://en.wikipedia.org/wiki/Steganography
http://en.wikipedia.org/wiki/Cryptography

There's some terminology related to computers (in general, not related to cryptology) and cryptology that may be confusing, and I'd like to clear it up here:

Encoding means to change information into a form more easily processed with computers than it is by people (a chip that converts a 16-key keypad key press into a four-bit number is called an encoder), and the opposite for decoding (a chip that converts a four-bit binary number into outputs to drive a 7-segment LED single-digit display "0" through "9" is a decoder). There is not necessarily any intention to "hide" data or information by doing this:
http://en.wikipedia.org/wiki/Code
(okay, like semaphore flags and Morse Code, it's not always to be processed by computers)

Encryption means to change information WITH the intention to hide it from all but the intended recipient.

Also interesting reading, PGP:
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Click through to the author's name on Wikipedia to read what happened to him - PGP is "good" enough that the government was upset that it was released to the public domain, effectively bypassing export restrictions on strong encryption.

ECathers
02-18-2014, 04:29 AM
Just to be pedantic, the assembled computer power of the entire world wouldn't be enough to break the encryption on a public-key cipher with a very long key, but people don't use such keys for routine communication because it's expensive in compute power to encrypt and decrypt even when you have the key.


I actually read a novel, Quaife's Last Theorem a few weeks ago about just this. It's available here for free https://www.smashwords.com/books/view/386351

How what sort of information do your characters need to pass on? For instance do they need to be able to send a heretofore unknown to either party bit of information, such as an address, data on enemy movements, chemical analysis, etc? Or are they sending simple messages like "they're onto you" and "pickup at the usual location" and so on?

My favorite type of "embedding a message in other information" is things that don't look like they're messages at all. As an example, in Victorian times it became popular for lovers to send "secret" messages in bouquets of flowers. http://thelanguageofflowers.com/ They could use this idea to send numerous pre-set messages. You could even have the bouquets sent to a pretty girl in the person's office if they don't want to look like they personally are receiving too many flowers. LOL though they'd probably want to have a few alternate flowers for the same message. I can just imagine:

Florist: Sorry sir, we're out of carnations. I substituted baby's breath instead.
Criminal Mastermind: Oh sh-- We just told him to kill the police chief instead of "the police chief has important information for you"!

In his Burke novels, Andrew Vachss has the owner of the local criminal hangout (a Chinese restaurant, where the food -- at least what they serve anyone who isn't part of their group -- is terrible so folks don't hang around if they're not supposed to) change the banners in the window. One color means "coast clear" another means "cops are here" etc.