engl 1102 assignment 2 draft 2

The Best Option for Secure Communication 1

Running Head: The Best Option for Secure Communication

The Best Option for Secure Communication

William Meek

University of North Carolina at Charlotte


Introduction to Data Encryption

Throughout my life I have always found myself excited by topics surrounding espionage

after growing up watching popular figures of modern culture such as Jason Bourne, Ethan Hunt,

and the great James Bond on the big screen. It was while watching The Blind Banker, an episode

of the BBC television series “Sherlock” that I first began to develop interest in cryptography. In

this episode, a fictional gang known as the Black Lotus was using a cryptosystem which used

ancient Chinese numerals that corresponded to the page number and word on the page in a book.

The reason I find cryptography so fascinating is the competition. Each cryptosystem is like a

game of chess between the group who develops the encryption method and the group who is

attempting to decrypt the system. Steganography holds the same quality: can the creator hide the

information well enough to allow data to be communicated undetected? This competitiveness

raises the question, how does one go about creating a system which cannot be broken?

It is the majority’s as well as my own belief that public key encryption is the best method.

The reason I like this system is because it is not only complex, but it leaves no weaknesses for an

enemy to take advantage of. In chess, the key is not to have the best strategy, but to be able to

predict your opponent’s moves. Public key encryption was formed on the theory that

multiplication can be done quickly but factoring takes a much longer time to do. Furthermore,

since it involves modular division, it is extremely difficult to determine the public key, and once

an attacker learns the public key, they still have to determine a private key, and then after they

finally figure that out, they still have to determine which numbers correspond to letters. The

entire system is designed, not to be extremely complex, but to be a royal pain to decrypt.

It is for this reason that of the many types of public-key cryptosystems, elliptic-curve

cryptography (ECC) is my favorite. After 29 years of research, an algorithm to effectively solve


ECC has yet to be found [Sullivan, 2013]. It is possible to calculate the amount of energy it takes

to solve a cryptographic system and compare that to how much water the same amount of energy

could boil. By this measure, breaking a 228-bit RSA (the most common type of public key

encryption) key requires less energy than it takes to boil a teaspoon of water. Comparatively,

breaking a 228-bit elliptic curve key requires enough energy to boil all the water on earth

[Sullivan, 2013], just to give you an idea of how complex the system is. This ratio of security to

data/energy consumption begs the question: Could ECC be a useful security system in mobile

devices?

Terms/Literature Review:

Cryptology: When defining cryptology, Stinson [2005] considers three main points;

cryptography, cryptanalysis, and cryptosystems. Cryptology is the study of codes and methods of

deciphering codes. By nature, cryptology must incorporate technology – a tool or technique

applied to aid in the acquisition of a want or need. Boone [2005] discusses some of the different

technologies in which cryptology has been used throughout history.

Cryptography: The fundamental purpose of cryptography is to allow two or more people to

communicate over an insecure channel in such a way that an opponent cannot understand what is

being said [Stinson 2005]. Cryptography is the practice of communicating through messages

containing encrypted data. Early encryption patterns used in cryptography involved simple one-

way functions. Hankerson, Menezes, and Vanstone [2004] describe the path from some of the

more modern (and much more advanced) processes RSA, DL, and elliptical curve encryption

schemes. These modern systems are based on complex mathematical functions which yield

scattered values that are nearly impossible to calculate mentally making their encryption process

difficult to solve resulting in more secure systems – the ultimate goal of cryptography.


Cryptanalysis: Cryptanalysis is the process of deciphering known cryptosystems. According to

Stinson, cryptanalysis follows four primary attack models; cipher-text only attacks, known

plaintext attacks, chosen plaintext attacks, and chosen cipher-text attacks.

Cryptosystem: A cryptosystem is the term used to describe the mechanics of a cryptograph or

cryptogram, which is being used in the real world. Stinson defines a cryptosystem as a function

with five variables (P, C, K, E, and D) in which the following rules are satisfied:

P is a finite set of plaintexts.

C is a finite set of possible cipher-texts.

K, the key space is a finite set of possible keys.

E and D represent encryption and decryption and can be used to decrypt

Cipher-text in the function where d K (eK ( x ) )=P x

In a cryptosystem, plaintext is the message which is being communicated between two or more

allies and cipher-text is the encrypted message which is actually sent [Stinson 2005]. Singh

[2001], Stinson [2005], Low and Stamp [2007] explain some of the basic cryptosystems which

have been popularly used throughout history and can be combined to develop more complex

cryptosystems.

Elliptic Curve Cryptography: ECC works by using the points on an elliptic curve graph

obtained by using point addition or point doubling to generate the keys used to send

secure information. An elliptic curve is represented by the equation: y2=x3+ax+b. By

using either point addition or point doubling, we can obtain a list of points that will exist

on the graph which can be put into a specific order because each previous point is

required to find the next. For example A+A=B, A+B=C, A+C=D [Sullivan, 2014]. Due

to unusual properties of elliptic curves, these points will occur to be random. Then, using


the modular division function found in computers, we can add a maximum value to the

curve by plotting the remainder. For example if the maximum x coordinate was 10 and a

point had a value of (24, 3), the point would be plotted at (4, 3). This is done by dividing

the coordinate by its maximum value, 10, and plotting the remainder, 4. This process

allows us to generate points whose initial values are nearly impossible to determine. The

computer then generates a seemingly random series of binary codes by accessing a series

of multidimensional arrays which store a specific bit-string associated with each point on

the graph. That bit-string is then encrypted using the private key and the each encrypted

bit-string is added together into one long data sequence, which is the cipher-text that is

sent. Below is a graph of an elliptic curve with the first two points plotted using point

addition:

[Sullivan, 2013]

Rivest Shamir Adleman Cryptosystem: RSA was the first public-key encryption

method ever used and marked the beginning of the modern era of cryptography [Sullivan,

2013]. RSA works by multiplying two prime numbers to determine a maximum value.


Next, we pick a random number greater than one to be our public key. The private key

can then be determined by applying the Extended Euclidean Algorithm. Finally, we select

integers from 1 to the maximum number which correspond to letters or characters. To

encrypt the data, we raise the number which corresponds to the letter we want to send by

the value of the public key. The number which is actually sent is the remainder of that

number divided by the maximum value. To decrypt the number received, the cipher-text

is raised to the power of the private key. By doing this we receive the number we began

with which corresponds to the letter we wanted to send.

Diffie-Hellman Cryptosystem: The DH system is based on the same exponential and

modular division principles as RSA but instead of using the Extended Euclidean

Algorithm, both the sender and receiver pick individual private keys. They then use each

other’s private keys to decrypt the cipher-text. This process is more secure since three

keys must be identified to translated the plaintext but less versatile since it strictly

requires just two people and the constant communication of those two people.

Steganography: The literal translation of steganography is “covered writing.” Steganography is

the hiding of secret messages within another seemingly innocuous message, or carrier [Johnson,

Duric, Jajodia, 2001].

Steganalysis: Steganalysis is the process of trying to detect hidden messages. Through

examining steganalysis, we begin to see steganography’s advantage over cryptology. It can be

extremely difficult to break steganographic codes because it is not obvious that there is a

message which needs to be detected. Hidden messages which do not incorporate the use of

digital media are especially difficult to detect because they have fewer restrictions to the means

of their camouflage. Kumar and Pooja [2010] explain the two primary approaches which can be


applied in steganalysis regarding digital medium. First, examining the size of the file and

determining whether or not the content of the file is consistent with its memory usage. For

example if you saw a Microsoft Word document that was one page in length (a file which would

typically contain 10-15 kilobytes of memory) but was stored using an entire megabyte (1000

kilobytes) of memory, that would raise suspicion because such an unusually large file size would

indicate the presence of more information being stored than was visible in the text. The second

method is more advanced and requires a stronger understanding of computer language. This

method is to observe variances between bit patterns, so unless you had a program searching for

specific recurring bit patterns or a strong understanding of binary language, file compression,

and digital memory and storage systems; a skill set which very few people possess.

Cover Work/Stego-Carrier: The cover work is the stego-carrier in which the secret message is

concealed. Essentially, a cover work is just a file but since the ultimate goal is to have some

embedded information which most people wouldn’t notice, they are generally used in files which

store unnecessary data. For example if you were using a text file, it would be more beneficial to

use a .doc (word document) file rather than a .txt (text) file because the word document will store

lots of extra information that a .txt file wouldn’t and this extra information can be modified to

contain a hidden message instead of adding the message to a .txt file resulting in a file with a

suspiciously large memory size.

ASCII: ASCII is the American Standard Code for Information Interchange. It is an encoding

scheme used in computer programming which translates the English alphabet, a set of special

characters (such as punctuation marks), and the numbers (0-9) into binary code, the language

which all computers use to operate. The ASCII system is important to steganography because it

stores each character as one byte. A byte is comprised of 8 bits which each store a value of either


1 or 0 (binary). Because not all of the bits in each byte are used to store significant data, some of

the bits can be modified. This is an important concept in the application of digital steganography.

Bit Stream: A bit stream is the representation of a message being conveyed in binary language.

Binary is a language in which all computers use to operate that consists of only ones and zeroes.

Why Elliptic Curve Cryptography is the Best Choice

It is clear that throughout history, many systems related to data hiding have been

implemented, but which method of secure communication is the most effective? Both

cryptography and steganography have their advantages and disadvantages. When using

cryptography data is more secure, but ultimately since an outside party is aware the information

is being exchanged, they will eventually break the code. In steganography, if the system is

effective enough, the data will go unnoticed, and the outside party will never know the

information was exchanged, however, there is no encryption, so if the outside party does detect

the data transfer, there is no security to protect the sent message.

Cryptography is the more effective system to use when exchanging data that is only

required to maintain secret for a limited amount of time. For example, if a company is

exchanging information about a new product, once the product is released, the priority of its

secrecy becomes less potent. Specifically speaking, the most beneficial cryptosystem to use

would be one based upon elliptic curve cryptography such as ECDSA (elliptic curve digital

signature algorithm) and ECDH (elliptic curve Diffie-Hellman). Systems incorporating ECC are

popularly accepted as the most effective form of modern cryptography, but in order to

understand their effectiveness, we must first identify how ECC works (see Elliptic Curve

Cryptography in terms).


Its peculiar properties make ECC extremely difficult and time consuming to decrypt for

external parties, but the reality is that it can still be decrypted. Previously, I discussed how

cryptographic systems are the strategic choice of secure communication for messages which

require secrecy for limited periods of time (ie a company’s new product). What about the

preferred method of transferring data that must remain unknown to outside parties for an infinite

amount of time? One would think that steganography would be the preferred method since

undetected messages can remain hidden forever. Despite this, I would still argue that the ECC is

a more beneficial method of choice. Assuming the numbers used during the encryption process

of ECC are in-fact random, the constantly changing encryption scheme combined with the single

mundane approach to cryptanalysis which exists for the particular system should provide enough

security for the system to be effective long-term. That is not to say steganography is a useless

practice. Digital steganography focuses on sending individual bits of data in places where it can

be transferred undetected. Digital cryptosystems can be strengthened by sending the cipher-text

in methods incorporating steganography. Because the message is digital, no matter how complex

the number being sent is, it is ultimately going to be sent as a bit stream.

The most common places to hide the information sent in steganography are in text,

image, audio, and video files. I will be using text-file based steganography systems for examples

as they do not require the composite knowledge of digital bit storage to and memory retrieval to

understand as systems using image, audio, and video files do. All we need to understand for text

based systems is how text is stored electronically which I will break down step by step. Digital

text is stored as locations in the computer’s memory with a value under the classification

“string.” A string is stored as an array of letters/characters called “chars.” An array is a series of

elements (in this case chars) which all reference the same name location and a unique index.


Furthermore, the computer stores each char as an integer or “int” which corresponds to a specific

character. In our examples the ints which represent each character will be derived from ASCII.

Finally, the integer which corresponds to the correct character is converted into a bit stream. So,

if you were to type the message “Hello World!” into the computer, this is how the message

would be stored at each step:

string message = “Hello World!”;

char message[12] = {‘H’, ’e’, ’l’, ’l’, ’o’, ’ ‘, ’W’, ’o’, ’r’, ’l’, ’d’, ’!’};

char message[12] = {72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33};

Bit stream of message:

010010000110010101101100011011000110111100100000010101110110111101110010011011

000110010000100001

Now that we understand how textual data is stored, we can use this information to identify how

some text-based steganography works. Many forms of text-based steganography take advantage

of ASCII’s redundancy for “space” values in its char codes. For example, using ASCII’s codes,

values 7, 9, 12, and 32 all represent textual spaces. To use this in the simplest way possible, you

could conceal binary messages within a cover work by assigning a value of either zero or one to

each space. That value would be determined by examining the ASCII code used to write the

space. Let’s use this process with spaces whose ASCII codes are either 007 or 009 where 007

represents a zero and 009 represents a one. This example shows one possible way to conceal the

capital letter ‘A’ in binary (‘A’ written in binary = 01000001) by using the spaces of a cover

work. In the example below, the highlighted numbers are those which represent spaces. By

extracting ONLY the numbers which represent spaces (in this instance 007 and 009) and those


numbers to zeroes and ones, we can retrieve the hidden message in binary. From there, we

simply translate the binary code back into a textual value like so:

What user sees: I am happy to be alive days like today!

What the computer stores in ASCII char codes: 073 007 097 109 009 104 097 112 112 121

007 116 111 007 098 101 007 097 108 105 118 101 007 100 097 121 115 007 108 105 107 101

009 116 111 100 097 121 033

Extracted values: 007 009 007 007 007 007 007 009

Translated values: 0 1 0 0 0 0 0 1

Message in binary: A

Using a system like this would allow one to write out a long essay which seemed harmless in

order to disguise streams of underlying information. This particular system is extremely effective

at hiding the transference of information since it neither yields a visible change in the display nor

noticeably modifies the file size (amount of memory space the file uses).

Advantages of ECC in Mobile Devices/Entering the Conversation

Security in mobile devices has been a particularly tricky issue in recent years due to a

significant lack in processing power relative to home computers or PCs. For example, assuming

both devices are using ideal conditions with modern wifi, Apple’s newest PC, the iMac, can

process up to 56.3 megabytes per second (mBps), and their newest smartphone, the iPhone 5s

can process up to 19.8 mBps. The iMac is already three times faster, but while it sits at home

with a strong signal, the iPhone 5s travels to locations are not as ideal. When the iPhone 5s is not

using a wifi connection, its speeds range from 0.4 to 12.5 mBps, depending on the strength of the

network being used. To put these speeds into perspective, a typical five minute video on

YouTube uses approximately 37.5 mB of data at 720p resolution. Let’s assume the smart phone


is operating at 12.5 mBps (the standard for LTE connection). That means that the video would be

loaded in three seconds right? Not exactly. For starters, only a fraction of your device’s

processing power is going to be diverted to loading that video. Furthermore, each time your

device sends or receives a piece of data, it also sends a key in order to protect the information on

your device from others on the network. This is where ECC may begin to improve performance.

This is because ECC uses less data to send and receive keys than current RSA and DH models.

ECC could cut data usage thirty fold compared to those of RSA and DH models when using a

symmetric key size of 256 bits. This vast difference, however, becomes less important when we

consider how relatively small the amount of data usage for key exchange really is.

If we go back to the five minute video example, using one of the most popular symmetric

key sizes, 128 bits, RSA/DH models would still only require about 2.8 mB to send load the video

securely. Most people would pass such a relatively small amount of data off as meaningless. This

is because such a small amount of data does not affect their buffering speed in a noticeable way,

but what it does effect, is their device’s battery life. The more information that the hard drive of a

device processes, the more energy it uses. In today’s world where the battery life of mobile

devices, especially smart phones, is constantly criticized, implementing any techniques available

to save precious battery could be important. In fact, ECC could cut those 2.8 mB your device

uses every time it processes a piece of information it receives from a network all the way down

to 0.2 mB, assuming the same 128 bit key is being used. So for those of you who have ever

noticed that your battery life seems to dwindle a little faster when you’re using wifi, it’s not just

you. Obviously, because the hardware of each device is different, and the amount of information

being processed of external networks varies greatly, there’s no true way of testing how much

battery life this reduction in data flow would actually save, since there have been no studies


conducted to my knowledge. However, the technology for developing batteries with longer

lifespans without increasing their size is slow moving, and on the contrary, the race to create

devices with the fastest processing capabilities is surely not.

With processing power in mobile devices rapidly increasing, along with the area of

secure networks expanding across the globe, some may argue that it is cost ineffective to adopt

ECC, since the systems in place still work. I would disagree with this statement simply because

of ECC’s true purpose, its security. Are you really willing to risk $170 million losses like Sony

did and have unsecure networks just to save a couple of bucks by not upgrading your systems?

Surely successful groups such as Apple, Google, and the NSA were not wasting money when

they chose to use ECC in their security networks?

Conclusions

I wanted to begin my conclusion section by relating encryption back to the figured world

in which I reside. I looked into the security information of my 1102 English class Moodle page at

the University of North Carolina at Charlotte. As you can see in the screenshot below, the

network currently uses a 256 bit key. The text “DHE_RSA” tells us that the site uses a DH key

exchange with an RSA algorithm to prove the identity of the server. Using this data I have

determined that by modifying this system to an “ECDHE_RSA” format, the website could

operate just over twenty-nine times faster than it currently does.


Though I still do not fully comprehend it, I cannot emphasize enough the power of ECC

when it comes to information hiding. Influential companies and organizations around the world

have already adopted ECC. The United States government uses it for internal communication

protection, Bitcoin provides proof of ownership through it, and Apple’s iMessage service

signatures are derived from it [Sullivan, 2013]. I have always believed that facts speak for

themselves and thus reiterate that after 29 YEARS of research, no effective method of

cryptanalysis has been found to decipher this particular cryptosystem! As of 2013, it was

estimated that the (at that time) currently used RSA and Diffie-Hellman algorithms would be


decrypted within five to ten years and that the ONLY suitable encryption scheme to use in the

future would be ECC [Sullivan, 2013]. For all the excitement I reserve about this technique, it

seems silly that I still do not fully understand it. I understand how the construction and

decryption supposedly work, but what I fail to comprehend is how the plain-text is transferred

within the cipher-text. In other words, I understand how the graph is created, and how the public

key is created using the graph and private key. What eludes me is one, how the encryption

process works after the public key is determined to get the locations of the point which generates

the cipher-text, two, how the point which the cipher-text is based upon is translated into the bit

stream which is actually sent, and three, how the plaintext is incorporated in the entire

cryptosystem. Also, through various readings, it seems evident that the size of a specific bit

stream, not the size of its value but the size of itself, is somehow important, but how that factor is

used I have yet to determine.

My experiences as a programmer have allowed me to have a much stronger grasp of

digital steganography. It is this understanding which concludes me to reject steganography as a

viable source of secure communication. Little knowledge is required to breach the security of

steganography.

This brings me back to one of my initial points in the introduction, they key to designing

a cryptosystem with a high degree of difficulty to decipher is not to think about how to make the

system more complex, rather to consider the approach the attacker will take during decryption.

By this thought process, one should make whatever steps the attacker wants to take impossible or

useless. After conducting research on ECC, I can testify that it is truly a trapdoor encryption

system which eliminates every conceivable short-cut or trick the attacker would want to use. It is


for this reason that it has gained my respect as the most secure means of private communication

which currently exists.

Annotated Bibliography

STINSON, D.R. 2006. Cryptography Theory and Practice. Chapman & Hall/CRC Taylor & Francis Group. Boca Raton, FL.

When explaining cryptology, Stinson regularly mentions three important figures. Alice and Bob; the two) people transmitting encrypted messages, and Oscar; the “opponent” eavesdropping on those messages. Stinson opens his book by explaining the primary purpose of cryptography and how a cryptosystem operates. He then continues his introduction to cryptology by introducing some of the basic kinds cryptosystems (Shift Cipher, Substitution Cipher, Affine Cipher, Vigenère Cipher, and Hill Cipher) and explains how to compose and “break” each of those unique systems. After teaching some of the basic methods for creating cryptosystems, Stinson explains the basic ways to break them (attack models). Before revealing these methods, Stinson defines Kerckhoff’s Principle which states that, more often than not, Oscar knows the cryptosystem being used [Stinson 2006]. After explaining these techniques, Stinson introduces the first method which can be used to create cryptosystems which can be considered beyond a basic level. This product cryptosystem, developed by Claude Shannon in 1949, is created by combining two or more cryptosystems to form their “product,” a practice which has become a fundamental factor of modern cryptosystems [Stinson 2006].

JOHNSON, N.F., DURIC, Z., JAJODIA, S. 2003. Information Hiding: Steganography and Watermarking - Attacks and Countermeasures. Kluwer Academic Publishers. Norwell,MA.

This article begins by defining steganography (literal translation “covered writing”) as the art of hiding and transmitting data through apparently innocuous carriers in an effort to conceal the existence of the data [Johnson, Duric, Jajodia, 2003]. It then discusses the difference between steganography and cryptography; Cryptography is a means of providing secrecy by scrambling a message, whereas steganography focuses simply on hiding the very existence of the message itself [Johnson, Duric, Jajodia, 2003]. The book discusses the advantage of steganography over cryptology; that the scrambled messages used in cryptosystems often times draw attention whereas when using steganography, the enemy is unaware a message was ever transmitted. The book notes the significance of this factor when discussing how the techniques used to attack cryptosystems versus hidden messages. After defining steganography, it’s counterpoint cryptography, and the relationship the two share, the references some of the particularly successful developments in steganography throughout history including microdot technology, a technique developed by Germany in World War I so successful that modified versions are still being used today [Johnson, Duric, Jajodia, 2003]. After summarizing some of the various recorded applications of steganography throughout history, the book lists and


describes some of the countless methods used to conceal information in digital media including the use of inherent network protocols, allocated files in unused disk space, and audio/image files.

BLOOM, J.A., COX, I.J., FRIDRICH, J., KALKER, T., MILLER, M.L. 2008. DigitalWatermarking and Steganography. Elsevier Inc. Burlington, MA.

This book’s purpose was to provide framework for watermarking technology research and development and discusses solely still image watermarking techniques since the authors’ have experience dominantly in this area as well as video aspects of the field. The book begins by presenting an example of watermarking; President Jackson’s reflection which can be seen when holding a $20 bill to the light. Watermarking’s advantage which makes it so difficult to detect is that it can be applied to nearly anything including physical substances like fabrics, inks, and packaging as well as electronic sources, most commonly audio, image, and video files. Next, the book describes the primary difference between steganography and watermarking which is that when practicing steganography, it is more common to use whatever medium the message is hidden in as a decoy to camouflage the hidden message which is unrelated to the primary message or piece of data which is being sent [Bloom, Cox, Fridrich, Kalker, Miller, 2008]. Similar to steganography, watermarking uses an embedder, and a detector. The embedder carries two pieces of information; the secret message, and the “cover work” which the message is hidden in. This cover work is then presented as input to the detector which checks whether the work includes a payload of hidden information and outputs that information if it is present [Bloom, Cox, Fridrich, Kalker, Miller, 2008]. Next the book discusses the history of both watermarking and steganography followed by a section explaining the importance of each of these fields. The second chapter begins by listing and describing in detail the applications of watermarking and steganography. The book continues to follow this comparison/contrast trend as it goes on to discuss the properties of the two fields and an evaluation of their systems. Chapters three through ten focus specifically on watermarking including detailed examples of actual watermarking models or techniques, how to encode messages in those assorted techniques, and watermarking-related security.

GAGNANI, L., JOSHI, R., PANDEY, S. 2013. Image Steganography. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 2, 1, 224-227.

After giving a brief background of steganography, cryptography, and the similarities and differences between the two, this article discusses why steganography has gained superior popularity over cryptography. Steganography has taken off as one of the most used methods of data hiding due to a lack of sophistication in cryptographic systems. This is primarily a result of government interference. Putting legal limitations on the strength of cryptographic systems or outlawing them altogether has become common practice, not only in the United States, but in governments around the world forcing people to study alternative methods of transferring secure information [Gagnani, Joshi, Pandey, 2013]. The article also mentions how businesses have played a large role in generating popularity of steganography over cryptology discussing their


necessity for means of secure communication such as new product information or trade secrets and why it is more valuable to them to send undetected messages rather than suspicious encrypted files [Gagnani, Joshi, Pandey, 2013]. Following this analysis of steganography’s advantages, the article discusses some of the different mediums in which steganography can be applied including, text, imagery, and audio files. Following the list of mediums is a list of common methods which are used to hide data in image files and explanations of how the data in each bit of memory that stores the image file is modified to hold information.

LEE, I.-S. TSAI, W.-H. 2008. Data Hiding in Emails and Applications Using Unused ASCII Control Codes. Journal of Information Technology and Applications, 3, 1, 13-24.

In this article, the medium by which hidden information is to be passed through is referred to as the cover carrier and the result of the embedding is referred to as the stego-carrier or stego-email since the article focuses specifically on email as a medium. The article begins by discussing the two types of digital text documents, hard-copy and soft-copy. A hard copy text document may be treated as a binary image resulting from scanning a text document, while a soft-copy document may be regarded as an American Standard Code for Information Interchange (ASCII) text that can be edited by text editing software such as Microsoft Word [Lee, Tsai, 2008]. Lee and Tsai continue by giving some brief examples of methods which can be used to implement data hiding in both hard and soft-copy text documents which range from generating binary code out of the number of space between words [Bender in Lee, Tsai, 2008], to generating code by assigning values to context-free grammar [Wayner in Lee, Tsai, 2008], to embedding data within the unused space of file headers (spaces which are invisible to most readers after being automatically disregarded upon opening the files) [Cantrell and Dampier in Lee, Tsai, 2008].

KUMAR, A., POOJA, K. 2010. Steganography: A Data Hiding Technique. International Journal of Computer Applications. 9, 7, 19-23.

After giving a brief background and explanation of steganography, Kumar and Pooja describe some of the methods of steganography used throughout history including wax tablets containing concealed messages scratched into the underlying wood from ancient Greece, the German microdots, and letters with two messages, one written in visible ink, the other written between the lines with invisible ink. Next they explain some of the practical uses of steganography. These uses can be helpful to the public such as creating stronger online user security for features such as e-commerce to developing better ways to hide a dirty little secret (or a big one). The next section of the article simply compares and contrasts steganography to cryptology. Following that, is a description of steganalysis or "the process of detecting steganography by looking at variances between bit patterns and unusually large file sizes” [Kumar, Pooja, 2010]. This section discusses the approaches to recognizing stego-carriers and the tools available to make detection easier.

BOONE, J.V. 2005. A Brief History of Cryptology. J.V. Boone. Annapolis, MD.


Boone begins by iterating how important cryptology has become in everyday life, after all, we are currently living in the “age of information” and as a given, some of that information needs to be protected. Boone continues to recognize the significance of cryptology by quoting President Eisenhower:

“In war, nothing is more important to a commander than the facts concerning strength, dispositions, and intentions of his opponent and the proper interpretation of those facts. In peacetime, the necessary facts are of a different nature. They deal with conditions, resources, requirements, and attitudes prevailing in the world. They and their correct interpretation are essential to the development of policy to further our long-term security and best interests” [Eisenhower in Boone, 2005].

After preaching the importance of cryptology and giving a short explanation of what it is, Boone begins to list some of its biggest achievements throughout history such as Arthur Scherbius’ ENIGMA and many other cryptographic systems and or tools developed during World War II. The second chapter discusses some of the first mechanical devices relative to cryptology from the 1200’s to the 1800. The third chapter discusses devices developed in the 1800’s and begins to describe the significance of some modern devices such as the telegraph and phone.

SINGH, S. 2001. The Code Book: How to Make It, Break It, Hack It, Crack It. Simon Singh. New York, NY.

Singh begins by summarizing the story surrounding Mary Queen of Scots. She had been accused of high treason with plans to assassinate Queen Elizabeth of England, correctly so. The issue surrounding the case was that Mary had only communicated with the group responsible for conspiring to assassinate Queen Elizabeth through letters written in a cipher. In order to prove her guilt and secure her conviction, Sir Francis Walsingham had to break the cipher [Singh, 2001]. Singh then begins to mention some of the earliest recorded accounts of the use of “secret writing” throughout history dating all the way back to Herodotus, the supposed father of history. According to Herodotus, it was a method of secret writing which saved the Greeks from being conquered by Persia during the Peloponnesian Wars. After summarizing the beginnings of cryptology, Singh divides the field into two major branches, transportation, and substitution. Transportation is a method related to scrambling the order of characters in a message. By using transportation, it is possible to generate over 50,000,000,000,000,000,000,000,000,000,000 possible combinations out of a sentence containing only 35 words [Singh 2001]. Substitution is the process of pairing specific corresponding symbols with one another and then swapping each of them when encrypting.

LOW, R.M., STAMP, M. 2007. Applied Cryptanalysis: Breaking Ciphers in the Real World. John Wiley & Sons, Inc. Hoboken, NJ.

This book breaks ciphers into four main categories; Classic ciphers, WWII ciphers, stream ciphers, and block ciphers. The book begins by explaining basic terminology associated with cryptology. Following this introduction is a list of some of the “classic” types of ciphers that have been used throughout history including transposition ciphers, double transposition ciphers, substitution ciphers, and affine ciphers. After describing these basic ciphers, Low and Stamp explain the index of coincidence or probability that two randomly selected cipher text


symbols represent the same symbol in plaintext [Low, Stamp, 2007]. Following this theory, the book describes why the only cryptosystem which is truly invulnerable to cipher-text-only attacks is the one time pad, a cipher based in binary language which uses a key to trans-morph the plain text when encrypting it. The book also explains how a codebook cipher works, essentially the plaintext and cipher-text words are all paired in a book and as long as the book itself is secure, the messages transmitted are nearly impossible to decipher, due to the overwhelming amount of data this system allows storage for.

SULLIVAN, N. 2013. A (Relatively Easy to Understand) Primer on Elliptic Curve Cryptography. ars technica. http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

In his article, Sullivan breaks down public-key encryption – the format which modern cryptography is based upon, and explains how elliptic curve cryptography (ECC) works. The article explains the RSA system, the most popular form of public-key encryption, and why it was necessary to develop ECC. Because RSA is built upon factoring, it is ultimately not sustainable as a long-term source of encryption, hence, ECC was conceived. Like RSA, ECC uses modular division to keep numbers appearing random, but instead of using multiplication to generate numbers, it uses elliptic curves. All elliptic curves follow the expression y2=x3+ax+bAfter explaining ECC, Sullivan notes ECC’s accelerating gain in popularity and lists some of the applications in which it is currently being used including the United States government internal communication protection, proof of bitcoin ownership, and Apple’s iMessage service signatures [Sullivan, 2013]. Sullivan proceeds to list some of the flaws in ECCs discussing the flaw in the electronic random number generator. When a computer generates a “random” number, the number is actually selected from a sequence and therefore not truly random at all. Given this information, if an attacker had a list of the random numbers that a selected piece of software using an ECC contained, they could predict the “random” number and relatively easily decrypt the information being transferred. Fears of these threats were legitimized in 2013 when companies using ECDSA (a variant of ECC) for online security were hacked including bitcoin suffering losses around 1.2 million dollars and Sony’s Playstation network suffering losses of approximately 171 million dollars [Sullivan, 2013]. Despite these drawbacks, many experts predict that the currently implemented RSA and Diffie-Hellman encryption schemes could be broken within five years (as of 2013) leaving ECC based encryption methods as the only possible alternative for the future.

engl 1102 assignment 2 draft 2

Documents