The Best Option for Secure Communication 1

Running Head: The Best Option for Secure Communication

The Best Option for Secure Communication William Meek University of North Carolina at Charlotte

The Best Option for Secure Communication 2

Introduction to Data Encryption Throughout my life I have always found myself excited by topics surrounding espionage after growing up watching popular figures of modern culture such as Jason Bourne, Ethan Hunt, and the great James Bond on the big screen. It was while watching The Blind Banker, an episode of the BBC television series Sherlock that I first began to develop interest in cryptography. In this episode, a fictional gang known as the Black Lotus was using a cryptosystem which used ancient Chinese numerals that corresponded to the page number and word on the page in a book. The reason I find cryptography so fascinating is the competition. Each cryptosystem is like a game of chess between the group who develops the encryption method and the group who is attempting to decrypt the system. Steganography holds the same quality: can the creator hide the information well enough to allow data to be communicated undetected? This competitiveness raises the question, how does one go about creating a system which cannot be broken? It is the majoritys as well as my own belief that public key encryption is the best method. The reason I like this system is because it is not only complex, but it leaves no weaknesses for an enemy to take advantage of. In chess, the key is not to have the best strategy, but to be able to predict your opponents moves. Public key encryption was formed on the theory that multiplication can be done quickly but factoring takes a much longer time to do. Furthermore, since it involves modular division, it is extremely difficult to determine the public key, and once an attacker learns the public key, they still have to determine a private key, and then after they finally figure that out, they still have to determine which numbers correspond to letters. The entire system is designed, not to be extremely complex, but to be a royal pain to decrypt. It is for this reason that of the many types of public-key cryptosystems, elliptic-curve cryptography (ECC) is my favorite. After 29 years of research, an algorithm to effectively solve

The Best Option for Secure Communication 3

ECC has yet to be found [Sullivan, 2013]. It is possible to calculate the amount of energy it takes to solve a cryptographic system and compare that to how much water the same amount of energy could boil. By this measure, breaking a 228-bit RSA (the most common type of public key encryption) key requires less energy than it takes to boil a teaspoon of water. Comparatively, breaking a 228-bit elliptic curve key requires enough energy to boil all the water on earth [Sullivan, 2013], just to give you an idea of how complex the system is. This ratio of security to data/energy consumption begs the question: Could ECC be a useful security system in mobile devices? Terms/Literature Review: Cryptology: When defining cryptology, Stinson [2005] considers three main points; cryptography, cryptanalysis, and cryptosystems. Cryptology is the study of codes and methods of deciphering codes. By nature, cryptology must incorporate technology a tool or technique applied to aid in the acquisition of a want or need. Boone [2005] discusses some of the different technologies in which cryptology has been used throughout history. Cryptography: The fundamental purpose of cryptography is to allow two or more people to communicate over an insecure channel in such a way that an opponent cannot understand what is being said [Stinson 2005]. Cryptography is the practice of communicating through messages containing encrypted data. Early encryption patterns used in cryptography involved simple oneway functions. Hankerson, Menezes, and Vanstone [2004] describe the path from some of the more modern (and much more advanced) processes RSA, DL, and elliptical curve encryption schemes. These modern systems are based on complex mathematical functions which yield scattered values that are nearly impossible to calculate mentally making their encryption process difficult to solve resulting in more secure systems the ultimate goal of cryptography.

The Best Option for Secure Communication 4

Cryptanalysis: Cryptanalysis is the process of deciphering known cryptosystems. According to Stinson, cryptanalysis follows four primary attack models; cipher-text only attacks, known plaintext attacks, chosen plaintext attacks, and chosen cipher-text attacks. Cryptosystem: A cryptosystem is the term used to describe the mechanics of a cryptograph or cryptogram, which is being used in the real world. Stinson defines a cryptosystem as a function with five variables (P, C, K, E, and D) in which the following rules are satisfied: P is a finite set of plaintexts. C is a finite set of possible cipher-texts. K, the key space is a finite set of possible keys. E and D represent encryption and decryption and can be used to decrypt Cipher-text in the function where ( ( ))

In a cryptosystem, plaintext is the message which is being communicated between two or more allies and cipher-text is the encrypted message which is actually sent [Stinson 2005]. Singh [2001], Stinson [2005], Low and Stamp [2007] explain some of the basic cryptosystems which have been popularly used throughout history and can be combined to develop more complex cryptosystems. Elliptic Curve Cryptography: ECC works by using the points on an elliptic curve graph obtained by using point addition or point doubling to generate the keys used to send secure information. An elliptic curve is represented by the equation: By using either point addition or point doubling, we can obtain a list of points that will exist on the graph which can be put into a specific order because each previous point is required to find the next. For example A+A=B, A+B=C, A+C=D [Sullivan, 2014]. Due to unusual properties of elliptic curves, these points will occur to be random. Then, using .

The Best Option for Secure Communication 5

the modular division function found in computers, we can add a maximum value to the curve by plotting the remainder. For example if the maximum x coordinate was 10 and a point had a value of (24, 3), the point would be plotted at (4, 3). This is done by dividing the coordinate by its maximum value, 10, and plotting the remainder, 4. This process allows us to generate points whose initial values are nearly impossible to determine. The computer then generates a seemingly random series of binary codes by accessing a series of multidimensional arrays which store a specific bit-string associated with each point on the graph. That bit-string is then encrypted using the private key and the each encrypted bit-string is added together into one long data sequence, which is the cipher-text that is sent. Below is a graph of an elliptic curve with the first two points plotted using point addition:

[Sullivan, 2013] Rivest Shamir Adleman Cryptosystem: RSA was the first public-key encryption method ever used and marked the beginning of the modern era of cryptography [Sullivan, 2013]. RSA works by multiplying two prime numbers to determine a maximum value.

The Best Option for Secure Communication 6

Next, we pick a random number greater than one to be our public key. The private key can then be determined by applying the Extended Euclidean Algorithm. Finally, we select integers from 1 to the maximum number which correspond to letters or characters. To encrypt the data, we raise the number which corresponds to the letter we want to send by the value of the public key. The number which is actually sent is the remainder of that number divided by the maximum value. To decrypt the number received, the cipher-text is raised to the power of the private key. By doing this we receive the number we began with which corresponds to the letter we wanted to send. Diffie-Hellman Cryptosystem: The DH system is based on the same exponential and modular division principles as RSA but instead of using the Extended Euclidean Algorithm, both the sender and receiver pick individual private keys. They then use each others private keys to decrypt the cipher-text. This process is more secure since three keys must be identified to translated the plaintext but less versatile since it strictly requires just two people and the constant communication of those two people. Steganography: The literal translation of steganography is covered writing. Steganography is the hiding of secret messages within another seemingly innocuous message, or carrier [Johnson, Duric, Jajodia, 2001]. Steganalysis: Steganalysis is the process of trying to detect hidden messages. Through examining steganalysis, we begin to see steganographys advantage over cryptology. It can be extremely difficult to break steganographic codes because it is not obvious that there is a message which needs to be detected. Hidden messages which do not incorporate the use of digital media are especially difficult to detect because they have fewer restrictions to the means of their camouflage. Kumar and Pooja [2010] explain the two primary approaches which can be

The Best Option for Secure Communication 7

applied in steganalysis regarding digital medium. First, examining the size of the file and determining whether or not the content of the file is consistent with its memory usage. For example if you saw a Microsoft Word document that was one page in length (a file which would typically contain 10-15 kilobytes of memory) but was stored using an entire megabyte (1000 kilobytes) of memory, that would raise suspicion because such an unusually large file size would indicate the presence of more information being stored than was visible in the text. The second method is more advanced and requires a stronger understanding of computer language. This method is to observe variances between bit patterns, so unless you had a program searching for specific recurring bit patterns or a strong understanding of binary language, file compression, and digital memory and storage systems; a skill set which very few people possess. Cover Work/Stego-Carrier: The cover work is the stego-carrier in which the secret message is concealed. Essentially, a cover work is just a file but since the ultimate goal is to have some embedded information which most people wouldnt notice, they are generally used in files which store unnecessary data. For example if you were using a text file, it would be more beneficial to use a .doc (word document) file rather than a .txt (text) file because the word document will store lots of extra information that a .txt file wouldnt and this extra information can be modified to contain a hidden message instead of adding the message to a .txt file resulting in a file with a suspiciously large memory size. ASCII: ASCII is the American Standard Code for Information Interchange. It is an encoding scheme used in computer programming which translates the English alphabet, a set of special

characters (such as punctuation marks), and the numbers (0-9) into binary code, the language which all computers use to operate. The ASCII system is important to steganography because it stores each character as one byte. A byte is comprised of 8 bits which each store a value of either

The Best Option for Secure Communication 8

1 or 0 (binary). Because not all of the bits in each byte are used to store significant data, some of the bits can be modified. This is an important concept in the application of digital steganography. Bit Stream: A bit stream is the representation of a message being conveyed in binary language. Binary is a language in which all computers use to operate that consists of only ones and zeroes. Why Elliptic Curve Cryptography is the Best Choice It is clear that throughout history, many systems related to data hiding have been implemented, but which method of secure communication is the most effective? Both cryptography and steganography have their advantages and disadvantages. When using cryptography data is more secure, but ultimately since an outside party is aware the information is being exchanged, they will eventually break the code. In steganography, if the system is effective enough, the data will go unnoticed, and the outside party will never know the information was exchanged, however, there is no encryption, so if the outside party does detect the data transfer, there is no security to protect the sent message. Cryptography is the more effective system to use when exchanging data that is only required to maintain secret for a limited amount of time. For example, if a company is exchanging information about a new product, once the product is released, the priority of its secrecy becomes less potent. Specifically speaking, the most beneficial cryptosystem to use would be one based upon elliptic curve cryptography such as ECDSA (elliptic curve digital signature algorithm) and ECDH (elliptic curve Diffie-Hellman). Systems incorporating ECC are popularly accepted as the most effective form of modern cryptography, but in order to understand their effectiveness, we must first identify how ECC works (see Elliptic Curve Cryptography in terms).

The Best Option for Secure Communication 9

Its peculiar properties make ECC extremely difficult and time consuming to decrypt for external parties, but the reality is that it can still be decrypted. Previously, I discussed how cryptographic systems are the strategic choice of secure communication for messages which require secrecy for limited periods of time (ie a companys new product). What about the preferred method of transferring data that must remain unknown to outside parties for an infinite amount of time? One would think that steganography would be the preferred method since undetected messages can remain hidden forever. Despite this, I would still argue that the ECC is a more beneficial method of choice. Assuming the numbers used during the encryption process of ECC are in-fact random, the constantly changing encryption scheme combined with the single mundane approach to cryptanalysis which exists for the particular system should provide enough security for the system to be effective long-term. That is not to say steganography is a useless practice. Digital steganography focuses on sending individual bits of data in places where it can be transferred undetected. Digital cryptosystems can be strengthened by sending the cipher-text in methods incorporating steganography. Because the message is digital, no matter how complex the number being sent is, it is ultimately going to be sent as a bit stream. The most common places to hide the information sent in steganography are in text, image, audio, and video files. I will be using text-file based steganography systems for examples as they do not require the composite knowledge of digital bit storage to and memory retrieval to understand as systems using image, audio, and video files do. All we need to understand for text based systems is how text is stored electronically which I will break down step by step. Digital text is stored as locations in the computers memory with a value under the classification string. A string is stored as an array of letters/characters called chars. An array is a series of elements (in this case chars) which all reference the same name location and a unique index.

The Best Option for Secure Communication 10

Furthermore, the computer stores each char as an integer or int which corresponds to a specific character. In our examples the ints which represent each character will be derived from ASCII. Finally, the integer which corresponds to the correct character is converted into a bit stream. So, if you were to type the message Hello World! into the computer, this is how the message would be stored at each step: string message = Hello World!; char message[12] = {H, e, l, l, o, , W, o, r, l, d, !}; char message[12] = {72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33}; Bit stream of message: 010010000110010101101100011011000110111100100000010101110110111101110010011011 000110010000100001 Now that we understand how textual data is stored, we can use this information to identify how some text-based steganography works. Many forms of text-based steganography take advantage of ASCIIs redundancy for space values in its char codes. For example, using ASCIIs codes, values 7, 9, 12, and 32 all represent textual spaces. To use this in the simplest way possible, you could conceal binary messages within a cover work by assigning a value of either zero or one to each space. That value would be determined by examining the ASCII code used to write the space. Lets use this process with spaces whose ASCII codes are either 007 or 009 where 007 represents a zero and 009 represents a one. This example shows one possible way to conceal the capital letter A in binary (A written in binary = 01000001) by using the spaces of a cover work. In the example below, the highlighted numbers are those which represent spaces. By extracting ONLY the numbers which represent spaces (in this instance 007 and 009) and those

The Best Option for Secure Communication 11

numbers to zeroes and ones, we can retrieve the hidden message in binary. From there, we simply translate the binary code back into a textual value like so: What user sees: I am happy to be alive days like today! What the computer stores in ASCII char codes: 073 007 097 109 009 104 097 112 112 121 007 116 111 007 098 101 007 097 108 105 118 101 007 100 097 121 115 007 108 105 107 101 009 116 111 100 097 121 033 Extracted values: 007 009 007 007 007 007 007 009 Translated values: 0 1 0 0 0 0 0 1 Message in binary: A Using a system like this would allow one to write out a long essay which seemed harmless in order to disguise streams of underlying information. This particular system is extremely effective at hiding the transference of information since it neither yields a visible change in the display nor noticeably modifies the file size (amount of memory space the file uses). Advantages of ECC in Mobile Devices/Entering the Conversation Security in mobile devices has been a particularly tricky issue in recent years due to a significant lack in processing power relative to home computers or PCs. For example, assuming both devices are using ideal conditions with modern wifi, Apples newest PC, the iMac, can process up to 56.3 megabytes per second (mBps), and their newest smartphone, the iPhone 5s can process up to 19.8 mBps. The iMac is already three times faster, but while it sits at home with a strong signal, the iPhone 5s travels to locations are not as ideal. When the iPhone 5s is not using a wifi connection, its speeds range from 0.4 to 12.5 mBps, depending on the strength of the network being used. To put these speeds into perspective, a typical five minute video on YouTube uses approximately 37.5 mB of data at 720p resolution. Lets assume the smart phone

The Best Option for Secure Communication 12

is operating at 12.5 mBps (the standard for LTE connection). That means that the video would be loaded in three seconds right? Not exactly. For starters, only a fraction of your devices processing power is going to be diverted to loading that video. Furthermore, each time your device sends or receives a piece of data, it also sends a key in order to protect the information on your device from others on the network. This is where ECC may begin to improve performance. This is because ECC uses less data to send and receive keys than current RSA and DH models. ECC could cut data usage thirty fold compared to those of RSA and DH models when using a symmetric key size of 256 bits. This vast difference, however, becomes less important when we consider how relatively small the amount of data usage for key exchange really is. If we go back to the five minute video example, using one of the most popular symmetric key sizes, 128 bits, RSA/DH models would still only require about 2.8 mB to send load the video securely. Most people would pass such a relatively small amount of data off as meaningless. This is because such a small amount of data does not affect their buffering speed in a noticeable way, but what it does effect, is their devices battery life. The more information that the hard drive of a device processes, the more energy it uses. In todays world where the battery life of mobile devices, especially smart phones, is constantly criticized, implementing any techniques available to save precious battery could be important. In fact, ECC could cut those 2.8 mB your device uses every time it processes a piece of information it receives from a network all the way down to 0.2 mB, assuming the same 128 bit key is being used. So for those of you who have ever noticed that your battery life seems to dwindle a little faster when youre using wifi, its not just you. Obviously, because the hardware of each device is different, and the amount of information being processed of external networks varies greatly, theres no true way of testing how much battery life this reduction in data flow would actually save, since there have been no studies

The Best Option for Secure Communication 13

conducted to my knowledge. However, the technology for developing batteries with longer lifespans without increasing their size is slow moving, and on the contrary, the race to create devices with the fastest processing capabilities is surely not. With processing power in mobile devices rapidly increasing, along with the area of secure networks expanding across the globe, some may argue that it is cost ineffective to adopt ECC, since the systems in place still work. I would disagree with this statement simply because of ECCs true purpose, its security. Are you really willing to risk $170 million losses like Sony did and have unsecure networks just to save a couple of bucks by not upgrading your systems? Surely successful groups such as Apple, Google, and the NSA were not wasting money when they chose to use ECC in their security networks? Conclusions I wanted to begin my conclusion section by relating encryption back to the figured world in which I reside. I looked into the security information of my 1102 English class Moodle page at the University of North Carolina at Charlotte. As you can see in the screenshot below, the network currently uses a 256 bit key. The text DHE_RSA tells us that the site uses a DH key exchange with an RSA algorithm to prove the identity of the server. Using this data I have determined that by modifying this system to an ECDHE_RSA format, the website could operate just over twenty-nine times faster than it currently does.

The Best Option for Secure Communication 14

Though I still do not fully comprehend it, I cannot emphasize enough the power of ECC when it comes to information hiding. Influential companies and organizations around the world have already adopted ECC. The United States government uses it for internal communication protection, Bitcoin provides proof of ownership through it, and Apples iMessage service signatures are derived from it [Sullivan, 2013]. I have always believed that facts speak for themselves and thus reiterate that after 29 YEARS of research, no effective method of cryptanalysis has been found to decipher this particular cryptosystem! As of 2013, it was estimated that the (at that time) currently used RSA and Diffie-Hellman algorithms would be

The Best Option for Secure Communication 15

decrypted within five to ten years and that the ONLY suitable encryption scheme to use in the future would be ECC [Sullivan, 2013]. For all the excitement I reserve about this technique, it seems silly that I still do not fully understand it. I understand how the construction and decryption supposedly work, but what I fail to comprehend is how the plain-text is transferred within the cipher-text. In other words, I understand how the graph is created, and how the public key is created using the graph and private key. What eludes me is one, how the encryption process works after the public key is determined to get the locations of the point which generates the cipher-text, two, how the point which the cipher-text is based upon is translated into the bit stream which is actually sent, and three, how the plaintext is incorporated in the entire cryptosystem. Also, through various readings, it seems evident that the size of a specific bit stream, not the size of its value but the size of itself, is somehow important, but how that factor is used I have yet to determine. My experiences as a programmer have allowed me to have a much stronger grasp of digital steganography. It is this understanding which concludes me to reject steganography as a viable source of secure communication. Little knowledge is required to breach the security of steganography. This brings me back to one of my initial points in the introduction, they key to designing a cryptosystem with a high degree of difficulty to decipher is not to think about how to make the system more complex, rather to consider the approach the attacker will take during decryption. By this thought process, one should make whatever steps the attacker wants to take impossible or useless. After conducting research on ECC, I can testify that it is truly a trapdoor encryption system which eliminates every conceivable short-cut or trick the attacker would want to use. It is

The Best Option for Secure Communication 16

for this reason that it has gained my respect as the most secure means of private communication which currently exists. Annotated Bibliography STINSON, D.R. 2006. Cryptography Theory and Practice. Chapman & Hall/CRC Taylor & Francis Group. Boca Raton, FL. When explaining cryptology, Stinson regularly mentions three important figures. Alice and Bob; the two) people transmitting encrypted messages, and Oscar; the opponent eavesdropping on those messages. Stinson opens his book by explaining the primary purpose of cryptography and how a cryptosystem operates. He then continues his introduction to cryptology by introducing some of the basic kinds cryptosystems (Shift Cipher, Substitution Cipher, Affine Cipher, Vigenre Cipher, and Hill Cipher) and explains how to compose and break each of those unique systems. After teaching some of the basic methods for creating cryptosystems, Stinson explains the basic ways to break them (attack models). Before revealing these methods, Stinson defines Kerckhoffs Principle which states that, more often than not, Oscar knows the cryptosystem being used [Stinson 2006]. After explaining these techniques, Stinson introduces the first method which can be used to create cryptosystems which can be considered beyond a basic level. This product cryptosystem, developed by Claude Shannon in 1949, is created by combining two or more cryptosystems to form their product, a practice which has become a fundamental factor of modern cryptosystems [Stinson 2006]. JOHNSON, N.F., DURIC, Z., JAJODIA, S. 2003. Information Hiding: Steganography and Watermarking - Attacks and Countermeasures. Kluwer Academic Publishers. Norwell, MA. This article begins by defining steganography (literal translation covered writing) as the art of hiding and transmitting data through apparently innocuous carriers in an effort to conceal the existence of the data [Johnson, Duric, Jajodia, 2003]. It then discusses the difference between steganography and cryptography; Cryptography is a means of providing secrecy by scrambling a message, whereas steganography focuses simply on hiding the very existence of the message itself [Johnson, Duric, Jajodia, 2003]. The book discusses the advantage of steganography over cryptology; that the scrambled messages used in cryptosystems often times draw attention whereas when using steganography, the enemy is unaware a message was ever transmitted. The book notes the significance of this factor when discussing how the techniques used to attack cryptosystems versus hidden messages. After defining steganography, its counterpoint cryptography, and the relationship the two share, the references some of the particularly successful developments in steganography throughout history including microdot technology, a technique developed by Germany in World War I so successful that modified versions are still being used today [Johnson, Duric, Jajodia, 2003]. After summarizing some of the various recorded applications of steganography throughout history, the book lists and

The Best Option for Secure Communication 17

describes some of the countless methods used to conceal information in digital media including the use of inherent network protocols, allocated files in unused disk space, and audio/image files.

BLOOM, J.A., COX, I.J., FRIDRICH, J., KALKER, T., MILLER, M.L. 2008. Digital Watermarking and Steganography. Elsevier Inc. Burlington, MA. This books purpose was to provide framework for watermarking technology research and development and discusses solely still image watermarking techniques since the authors have experience dominantly in this area as well as video aspects of the field. The book begins by presenting an example of watermarking; President Jacksons reflection which can be seen when holding a $20 bill to the light. Watermarkings advantage which makes it so difficult to detect is that it can be applied to nearly anything including physical substances like fabrics, inks, and packaging as well as electronic sources, most commonly audio, image, and video files. Next, the book describes the primary difference between steganography and watermarking which is that when practicing steganography, it is more common to use whatever medium the message is hidden in as a decoy to camouflage the hidden message which is unrelated to the primary message or piece of data which is being sent [Bloom, Cox, Fridrich, Kalker, Miller, 2008]. Similar to steganography, watermarking uses an embedder, and a detector. The embedder carries two pieces of information; the secret message, and the cover work which the message is hidden in. This cover work is then presented as input to the detector which checks whether the work includes a payload of hidden information and outputs that information if it is present [Bloom, Cox, Fridrich, Kalker, Miller, 2008]. Next the book discusses the history of both watermarking and steganography followed by a section explaining the importance of each of these fields. The second chapter begins by listing and describing in detail the applications of watermarking and steganography. The book continues to follow this comparison/contrast trend as it goes on to discuss the properties of the two fields and an evaluation of their systems. Chapters three through ten focus specifically on watermarking including detailed examples of actual watermarking models or techniques, how to encode messages in those assorted techniques, and watermarking-related security. GAGNANI, L., JOSHI, R., PANDEY, S. 2013. Image Steganography. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 2, 1, 224-227. After giving a brief background of steganography, cryptography, and the similarities and differences between the two, this article discusses why steganography has gained superior popularity over cryptography. Steganography has taken off as one of the most used methods of data hiding due to a lack of sophistication in cryptographic systems. This is primarily a result of government interference. Putting legal limitations on the strength of cryptographic systems or outlawing them altogether has become common practice, not only in the United States, but in governments around the world forcing people to study alternative methods of transferring secure information [Gagnani, Joshi, Pandey, 2013]. The article also mentions how businesses have played a large role in generating popularity of steganography over cryptology discussing their

The Best Option for Secure Communication 18

necessity for means of secure communication such as new product information or trade secrets and why it is more valuable to them to send undetected messages rather than suspicious encrypted files [Gagnani, Joshi, Pandey, 2013]. Following this analysis of steganographys advantages, the article discusses some of the different mediums in which steganography can be applied including, text, imagery, and audio files. Following the list of mediums is a list of common methods which are used to hide data in image files and explanations of how the data in each bit of memory that stores the image file is modified to hold information. LEE, I.-S. TSAI, W.-H. 2008. Data Hiding in Emails and Applications Using Unused ASCII Control Codes. Journal of Information Technology and Applications, 3, 1, 13-24. In this article, the medium by which hidden information is to be passed through is referred to as the cover carrier and the result of the embedding is referred to as the stego-carrier or stego-email since the article focuses specifically on email as a medium. The article begins by discussing the two types of digital text documents, hard-copy and soft-copy. A hard copy text document may be treated as a binary image resulting from scanning a text document, while a soft-copy document may be regarded as an American Standard Code for Information Interchange (ASCII) text that can be edited by text editing software such as Microsoft Word [Lee, Tsai, 2008]. Lee and Tsai continue by giving some brief examples of methods which can be used to implement data hiding in both hard and soft-copy text documents which range from generating binary code out of the number of space between words [Bender in Lee, Tsai, 2008], to generating code by assigning values to context-free grammar [Wayner in Lee, Tsai, 2008], to embedding data within the unused space of file headers (spaces which are invisible to most readers after being automatically disregarded upon opening the files) [Cantrell and Dampier in Lee, Tsai, 2008]. KUMAR, A., POOJA, K. 2010. Steganography: A Data Hiding Technique. International Journal of Computer Applications. 9, 7, 19-23. After giving a brief background and explanation of steganography, Kumar and Pooja describe some of the methods of steganography used throughout history including wax tablets containing concealed messages scratched into the underlying wood from ancient Greece, the German microdots, and letters with two messages, one written in visible ink, the other written between the lines with invisible ink. Next they explain some of the practical uses of steganography. These uses can be helpful to the public such as creating stronger online user security for features such as e-commerce to developing better ways to hide a dirty little secret (or a big one). The next section of the article simply compares and contrasts steganography to cryptology. Following that, is a description of steganalysis or "the process of detecting steganography by looking at variances between bit patterns and unusually large file sizes [Kumar, Pooja, 2010]. This section discusses the approaches to recognizing stego-carriers and the tools available to make detection easier. BOONE, J.V. 2005. A Brief History of Cryptology. J.V. Boone. Annapolis, MD.

The Best Option for Secure Communication 19

Boone begins by iterating how important cryptology has become in everyday life, after all, we are currently living in the age of information and as a given, some of that information needs to be protected. Boone continues to recognize the significance of cryptology by quoting President Eisenhower: In war, nothing is more important to a commander than the facts concerning strength, dispositions, and intentions of his opponent and the proper interpretation of those facts. In peacetime, the necessary facts are of a different nature. They deal with conditions, resources, requirements, and attitudes prevailing in the world. They and their correct interpretation are essential to the development of policy to further our long-term security and best interests [Eisenhower in Boone, 2005]. After preaching the importance of cryptology and giving a short explanation of what it is, Boone begins to list some of its biggest achievements throughout history such as Arthur Scherbius ENIGMA and many other cryptographic systems and or tools developed during World War II. The second chapter discusses some of the first mechanical devices relative to cryptology from the 1200s to the 1800. The third chapter discusses devices developed in the 1800s and begins to describe the significance of some modern devices such as the telegraph and phone. SINGH, S. 2001. The Code Book: How to Make It, Break It, Hack It, Crack It. Simon Singh. New York, NY. Singh begins by summarizing the story surrounding Mary Queen of Scots. She had been accused of high treason with plans to assassinate Queen Elizabeth of England, correctly so. The issue surrounding the case was that Mary had only communicated with the group responsible for conspiring to assassinate Queen Elizabeth through letters written in a cipher. In order to prove her guilt and secure her conviction, Sir Francis Walsingham had to break the cipher [Singh, 2001]. Singh then begins to mention some of the earliest recorded accounts of the use of secret writing throughout history dating all the way back to Herodotus, the supposed father of history. According to Herodotus, it was a method of secret writing which saved the Greeks from being conquered by Persia during the Peloponnesian Wars. After summarizing the beginnings of cryptology, Singh divides the field into two major branches, transportation, and substitution. Transportation is a method related to scrambling the order of characters in a message. By using transportation, it is possible to generate over 50,000,000,000,000,000,000,000,000,000,000 possible combinations out of a sentence containing only 35 words [Singh 2001]. Substitution is the process of pairing specific corresponding symbols with one another and then swapping each of them when encrypting. LOW, R.M., STAMP, M. 2007. Applied Cryptanalysis: Breaking Ciphers in the Real World. John Wiley & Sons, Inc. Hoboken, NJ. This book breaks ciphers into four main categories; Classic ciphers, WWII ciphers, stream ciphers, and block ciphers. The book begins by explaining basic terminology associated with cryptology. Following this introduction is a list of some of the classic types of ciphers that have been used throughout history including transposition ciphers, double transposition ciphers, substitution ciphers, and affine ciphers. After describing these basic ciphers, Low and Stamp explain the index of coincidence or probability that two randomly selected cipher text

The Best Option for Secure Communication 20

symbols represent the same symbol in plaintext [Low, Stamp, 2007]. Following this theory, the book describes why the only cryptosystem which is truly invulnerable to cipher-text-only attacks is the one time pad, a cipher based in binary language which uses a key to trans-morph the plain text when encrypting it. The book also explains how a codebook cipher works, essentially the plaintext and cipher-text words are all paired in a book and as long as the book itself is secure, the messages transmitted are nearly impossible to decipher, due to the overwhelming amount of data this system allows storage for.

SULLIVAN, N. 2013. A (Relatively Easy to Understand) Primer on Elliptic Curve Cryptography. ars technica. http://arstechnica.com/security/2013/10/a-relatively-easy-tounderstand-primer-on-elliptic-curve-cryptography/ In his article, Sullivan breaks down public-key encryption the format which modern cryptography is based upon, and explains how elliptic curve cryptography (ECC) works. The article explains the RSA system, the most popular form of public-key encryption, and why it was necessary to develop ECC. Because RSA is built upon factoring, it is ultimately not sustainable as a long-term source of encryption, hence, ECC was conceived. Like RSA, ECC uses modular division to keep numbers appearing random, but instead of using multiplication to generate numbers, it uses elliptic curves. All elliptic curves follow the expression After explaining ECC, Sullivan notes ECCs accelerating gain in popularity and lists some of the applications in which it is currently being used including the United States government internal communication protection, proof of bitcoin ownership, and Apples iMessage service signatures [Sullivan, 2013]. Sullivan proceeds to list some of the flaws in ECCs discussing the flaw in the electronic random number generator. When a computer generates a random number, the number is actually selected from a sequence and therefore not truly random at all. Given this information, if an attacker had a list of the random numbers that a selected piece of software using an ECC contained, they could predict the random number and relatively easily decrypt the information being transferred. Fears of these threats were legitimized in 2013 when companies using ECDSA (a variant of ECC) for online security were hacked including bitcoin suffering losses around 1.2 million dollars and Sonys Playstation network suffering losses of approximately 171 million dollars [Sullivan, 2013]. Despite these drawbacks, many experts predict that the currently implemented RSA and Diffie-Hellman encryption schemes could be broken within five years (as of 2013) leaving ECC based encryption methods as the only possible alternative for the future.