Posted on 04/12/2006 12:45:55 PM PDT by teddyruxpin
INTELLIGENCE OPERATIONS: Phone Taps Just Got Impossible
April 12, 2006: Eavesdropping on phone calls just got a lot harder. Phil Zimmermann, the guy who invented PGP encryption for Internet mail, has developed a similar product, Zfone, for VOIP (telephone calls over the Internet). Zfone, like PGP, is free and easy to use. PGP drove intelligence agencies nuts, because it gave criminals and terrorists access to industrial grade cryptography. PGP doesn't stop the police or intel people from reading encrypted email, but it does slow them down. Zfone, however, uses stronger encryption. This means more delays, perhaps fatal delays, in finding out what the bad guys are saying. There's no immediate solution for this problem, unless Phil Zimmermann has provided a back door in Zfone for the intel folks. That is unlikely, but at least possible.
I wonder: to what extent might a sentence be understandable or recoverable, based on cadence alone? Most likely not everything could be understood: "yes" seems as if it should end up the same as "no" when encrypted, but perhaps not...but how far could it work? Syllable counting at least should be possible. If someone sang the ABC song, that should be detectable (and even distinguishable from "Twinkle, Twinkle, Little Star"). So cadence gives more information than nothing, but how much, if you really pushed it?
Interesting point, but, FWIW, I'm under the impression that encryption systems used by the military make this impossible, by transmitting encrypted data even when there's no data to transmit! There's a technical term for this, maybe RA knows what it is. "Deedling"? Basically, when the DoD doesn't want the Other Guys to get a clue as to what is going on, they go to a mode where the system is constantly sending encrypted data, whether or not there is any real data to be sent. Conversely, when the DoD wants the Other Guys to know whatever it is that we are doing, that we aren't trying to start WWIII, they can either broadcast the in the clear, or use an encryption mode that reveals the message length, though not content. If the message length is short enough, the assumption is even though you can't decypher the message, you CAN conclude they aren't transmitting detailed instruction on the invasion of some country or the launch of a massive nuclear strike.
I guess the point is they anticipated the type of techniques (or something similar) to what you are suggesting; that the cadence, or even length of a message can by used as a clue to aid in decyphering.
Even the old 4/5 number codes (which can still be heard on SW) defeated this approach, by breaking each coded message into packets of fixed length.
Clearly this introduces a certain amount of inefficiency to the coding scheme, which poses problems for real time encryption, but for systems used by Law Enforcement, they defeat the "cadence" approach by simply broadcasting an encrypted signal for the entire time the microphone is keyed. All you hear is a white noise "pshhhhhhhhhhhhhhht" for as long as the mike key is held down, not just during each syllable.
In conclusion, the cadence system is defeatable by using an encryption technique where the length of the encrypted "syllables and pauses" are not directly related to the length of the unencrypted syllables and pauses, or the encrypted syllables and pauses aren't discernable at all.
However, if you broke it up into tiny packets with fill bits filling in the blanks and sent the fixed length packets across at a reasonable bit rate, it would mask the phonetics.
Just my two cents. :-)
Exactly; the question is in normal VoIP, does the system send as many packets for five seconds of silence as it sends for five seconds of sound? If the answer is yes, then an encrypted version of the message should "mask" the cadence.
From the stand-point of the VoIP carrier, they don't know what you are sending; all they see is a stream of packets. I'm not sure how they would differentiate between encrypted voice and a chatter-box - if the data rates are the same, there's no difference to the network.
For quantum computers, we're up to, what, 7 qubits now? It would take just over 2048 qubits to crack 1024-bit encryption.
It also gives tools to dissidents in Iran, N. Korea, China and Saudi Arabia.
Ultimately, it's to our advantage. Effective privacy technologies may make things a bit more difficult for police in civilized societies, but they make the situation impossible for totalitarian regimes. Think of it as a sort of chemotherapy that stresses healthy cells while killing diseased ones.
That's why repressive regimes can't solve the problem by simply outlawing encryption -- their economies would be cut off from the rest of the world (and economic stagnation is a greater spur to overthrow than abstract ideas about human rights).
Don't blame me; I voted for Velcro[tm].
That depends what you mean by "we". That's university research, which doesn't necessarily involve the very best people, nor very many people, and doesn't have a lot of funding.
The NSA can spend a gigantic amount of money on something they consider to be important, and quantum computation cuts to the very core of its mission. It could lay the world's secrets absolutely bare.
If they're not spending hundreds of millions to tens of billions of dollars right now to crack this problem as soon as possible, then they aren't doing their jobs. But if they are doing their jobs, "we" won't hear about it until long after the fact.
I'm inclined to agree.
Because there is no known way to efficiently factor large integers. A quantum computer could do it efficently, but we're really far away from building one big enough to crack even encryption with a short key that would be considered very weak these days.
Until we have feasible quantum cryptography systems, which may well arrive even before large-scale quantum computing ;)
The largest known RSA (public key encryption) that has been broken by throwing massive amounts of comupting power against it is 663 bits. Remember that each bit doubles the amount of computing power to solve it, so breaking the commonly used 1024 bit encryption just in RSA would take that much computing power times about four with 108 zeros after it.
They still do that? I thought warrants were so last century.
Well, this should piss off Ted the swimmer and mortician Harry because it removes one of their favorite bush bashing topics!
Congratulations, you just guessed one of the classic ways to break a cipher. But they type of encryption used in ZFone (AES 128/256 -- Rijndael) is immune to attacks like this.
There's no such thing as perfect silence at the mouthpiece, and I'm not even sure if the compression algorithm would be able to compress the "silence" more than the voice, especially if the background noise happened to be white noise. White noise is random, and randomness doesn't compress well, plus white noise is commonly piped into sensitive meeting rooms.
The science just isn't there yet. It's like saying NASA must have a ship capable of near light speed hidden away somewhere.
OTOH, if you're really paranoid, quantum encryption is here now, provided by the private sector. As long as the equipment is not compromised, I don't believe there is even a theoretical way to intercept the communication.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.