Secure Communication Article Index for
Secure 		Articles about
Secure Communication 		Website Links For
Secure 		 

Information About

Secure Communication
  CATEGORIES ABOUT SECURE COMMUNICATION
   
secure communication
   
internet privacy
   
espionage techniquessecure communication
   
internet privacy
   
espionage techniques
   
security
   
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...



The purpose of this article is to describe the various means by which security is sought and compromised, the differing kinds of security possible, and the current means and their degree of security readily available.

With many communications taking place over long distance and mediated by technology, and increasing awareness of the importance of interception issues, technology and its compromise are at the heart of this debate. For this reason, this article focusses on communications mediated or intercepted by technology.

Also see '' Trusted Computing '', an approach under present development that achieves security in general at the potential cost of compelling obligatory trust in corporate and governmental bodies.


USERS AND NEEDS

Many forms of everyday communication are "reasonably" secure, thus, we do not assume telephone calls are intercepted when we use them. However in some areas such as online intellectual property rights, legal, criminal, political and commercial communications, this assumption is inadequate.


HISTORY


One of the most famous forms of secure communication was the Green Hornet. During WWII, Winston Churchill had to make vital calls to the President of the United States, Franklin D. Roosevelt. These calls talked about such things as shipping and troop movements. At first, the calls where made using a radio phone as this was thought to be secure. Unfortunately, due to the Nazis having a listening station in Holland they where able to hear every last word. As soon as it was realised they stopped using the radio phone and started work on a whole new system, the Green Hornet. It worked by playing a copy of white noise over the conversation and then an identical copy was subtracted on the other end of the line. This meant that anyone listening in would just hear white noise but as the only two identical copies where held with the Prime Minister and the President the conversation was clear to them. As secrecy was paramount, the location of the Green Hornet was only known by the people who built it and Winston Churchill, and if anyone did see him entering the room it was kept in, all they would see was the Prime Minister entering a closet labeled 'Broom Cupboard.' It is the said that because of the way the Green Hornet works it is not able to be beaten, even today.


NATURE AND LIMITATIONS OF SECURE COMMUNICATION


Types of security

Security can be broadly categorised under the following headings, with examples:

  • Hiding the content or nature of a communication

  • --- Code

  • --- Encryption

  • --- Steganography

  • Hiding the parties to a communication (prevention of identification, or Anonymity )

  • --- " Crowds " and similar anonymous group structures. i.e. it is difficult to identify who said what when it comes from a "crowd".

  • --- Anonymous communication devices (unregistered Cellphone s, Internet Cafe s)

  • --- Anonymous Proxies

  • --- Hard to trace Routing methods (through unauthorised 3rd party systems, or relays)

  • Hiding the fact that a communication takes place

  • --- 'Security by obscurity' (similar to 'needle in a haystack')

  • --- Random traffic (creating random data flow in order that the presence of genuine communication is harder to detect and Traffic Analysis less reliable)


Each of the three is important, and depending on the circumstances any of these may be critical. For example, if a communication is not readily identifiable, then it is unlikely to attract attention for identification of parties, and the mere fact a communication has taken place (regardless of content) is often enough by itself to establish an evidential link in legal prosecutions. It is also important with computers, to be sure where the security is applied, and what is covered.


BORDERLINE CASES

A further category, which touches upon secure communication, is software intended to take advantage of security openings at the end-points. This software category includes Trojan Horse s, Keylogger s and other Spyware .

These types of activity are usually addressed with everyday mainstream security methods, such as Antivirus software, Firewall s, programs that identify or neutralize Adware and Spyware , as well as web filtering programs such as Proxomitron and Privoxy which check all web pages being read and identify and remove common nuisances contained. As a rule they fall under Computer Security rather than secure communications.


TOOLS USED TO OBTAIN SECURITY


Encryption

See Also: Encryption



Encryption is where data is rendered hard to read by an unauthorised party. Since encryption can be made extremely hard to break, many communication methods either use deliberately weaker encryption than possible, or have Backdoor s inserted to permit rapid decryption. In some cases government authorities have required backdoors be installed in secret. Many methods of encryption are also subject to "man in the middle" attack whereby a third party who can 'see' the establishment of the secure communication is made privy to the encryption method, this would apply for example to interception of computer use at an ISP. Provided it is correctly programmed, sufficiently powerful, and the keys not intercepted, encryption would usually be considered secure. The article on Key Size examines the key requirements for certain degrees of encryption security.

The encryption can be implemented in way to require the use of encryption, i.e. if encrypted communication is impossible then no traffic is sent, or opportunisticly. Opportunistic Encryption is a lower security method to generally increase the percentage of generic traffic which is encrypted. This is analogous to beginning every conversation with "Do you speak Navajo ?" If the response is affirmative, then the conversation proceedes in Navajo, otherwise it uses the common language of the two speakers. This method does not generally provide Authentication or Anonymity but it does protect the content of the conversation from Eavesdropping .


Steganography

)''


Anonymized networks

Recently, anonymous networking has been used to secure communications. In principle, a large number of users running the same system, can have communications routed between them in such a way that it is very hard to detect what any complete message is, which user sent it, and where it is ultimately going from or to. Examples are Crowds , Tor , I2P , Mixminion , various Anonymous P2P networks, and others.


Anonymous communication devices

In theory, an unknown device would not be noticed, since so many other devices are in use. This is not altogether the case in reality, due to the presence of systems such as Carnivore and Echelon which can monitor communications over entire networks, and the fact that the far end may be monitored as before. Examples include Payphone s, Internet Cafe , etc.


METHODS USED TO "BREAK" SECURITY


Bugging

See Also: Covert listening device


The placing covertly of monitoring and/or transmission devices either within the communication device, or in the premises concerned.


Computers (general)

See Also: Computer security


Any security obtained from a computer is limited by the many ways it can be compromised - by hacking, Keystroke Logging , Backdoor s, or even in extreme cases by monitoring the tiny electrical signals given off by keyboard or monitors to reconstruct what is typed or seen ( TEMPEST , which is quite complex).


Laser reading of windows

See Also: Laser microphone


In certain cases individuals have had private spoken communications intercepted by means of laser. This usually involves a sensitive laser directed at a window, capable of picking up the tiny glass movements caused by sounds, and conversion back to speech.


SYSTEMS OFFERING A DEGREE OF SECURE COMMUNICATION


Anonymous cellphones

Cellphones can easily be obtained, but are also easily traced and "tapped". There is no (or only limited) encryption, the phones are traceable - often even when switched off - since the phone and SIM card broadcast their International Mobile Subscriber Identity ( was assassinated after he was located by using his cellphone signal.


Landlines

Landline requires authority to tap, but offers no other security. Cordless phones may possibly be intercepted by scanning and decryption.


Anonymous internet

See Also: Anonymity


Using a third party system of any kind (payphone, internet cafe) is often quite secure, however if that system is used to access known locations (a known email account or 3rd party) then it may be tapped at the far end, or noted, and this will remove any security benefit obtained. Some countries also impose mandatory registration of internet cafe users.

Anomymous Proxies are another common type of protection, which allow one to access the net via a third party (often in a different country) and make tracing difficult. Note that there is seldom any guarantee that the Plaintext is not tappable, nor that the proxy does not keep its own records of users or entire dialogs. As a result anonymous proxies are a generally useful tool but may not be as secure as other systems whose security can be better assured. Their most common use is to prevent a record of the originating IP , or address, being left on the target site's own records. Typical anonymous proxies are found at both regular websites such as Anonymizer.com and spynot.com, as well as on proxy sites which maintain up to date lists of large numbers of temporary proxies in operation.


Programs offering more secure communications


  • ).). Proprietary. No information on backdoors. An article in 2004 suggested that Skype has relatively weak encryption, but more recent analyses, one by invitation and one by Reverse Engineering presented at DEF CON 2005, both conclude that Skype uses encryption effectively. Criticism focuses upon its proprietary "black box" design, its relatively short (1536 bit) keys, excessive bandwidth use of user Supernode s, and excessive trust of other computers able to "speak Skype". ''(See Skype#Security )''

  • Zfone is an Open Source secure voice over Internet program, by Phil Zimmermann , the creator of PGP . As of April 2006 it is being Beta Tested prior to release.

  • Secure IRC and web chat - Some IRC clients and systems use security such as SSL . This is not standardised. Likewise some web chat clients such as Yahoo Messenger use secure communications on their web based program. Again the security of these is unverified, and it is likely the communication is not secured other than to and from the client.

  • Trillian - offers secure IM facility, however appears to have weaknesses in key exchange which would enable a "man in the middle" attack with ease. Proprietary, no information on backdoors.

  • Off-the-Record Messaging is a plugin which adds end-to-end encryption and authentication as well as Perfect Forward Secrecy to instant messaging. It is not a separate protocol but runs under most every IM protocol.

  • WASTE - open source secure IM, high strength "end to end" encryption, within an anonymised network. Apparently secure.

  • Secure Email - some email networks such as " Hushmail ", are designed to provide encrypted and/or anonymous communication. They authenticate and encrypt on the users own computer, to prevent transmission of plain text, and mask the sender and recipient. Mixminion provides a higher level of anonymity by using a network of anonymizing intermediaries, (similar to how Tor and Crowds work above).



SEE ALSO



General background



Software selections and comparisons



Other



REFERENCES



EXTERNAL LINKS


  • [http://ise.gmu.edu/~xwangc/Publications/CCS05-VoIPTracking.pdf --- X. Y. Wang, S. Chen and S. Jajodia “Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet”. In Proceedings of the 12th ACM Conference on Computer Communications Security (CCS 2005), November 2005.]