Project topics for University of Ulster Computing Students

Adaptive Networking
Kevin Curran, Lecturer in Computer Science, Magee College

Uncrackable Encryption

The idea for this project was taken from this research site by R. Green. Please take some time to visit his excellent website and read about his other Student Java Projects available.

Uncrackable encryption for the masses. It works transparently with the email package. It uses CDs or DVDs distributed ahead of time to those communicating. CDs are recorded with truly random numbers generated by monitoring radioactive decay. pseudo random numbers are useless for this purpose. (NOTE: RANDOM NUMBERS: There are two kinds of random numbers, pseudo-random numbers that can be rapidly generated from mathematical formulae, and true random numbers, generated from some random physical process such as radioactive decay. Pseudo-random numbers are are useless for cryptography. You need true random numbers for that. )

It is a OTP One Time Pad system using a simple XOR of message and key, using a key equal in length to the message, and never reusing a key. See the encrypt utility documentation for more detail on how the scheme works.

A more advanced version of the project requires to you build a peripheral that is a true random number source. Pseudo random number generators are useless for this purpose. Such a device would be useful for creating one-time pads, and also in various simulations. Here are several ways it could work. See true random numbers in the Java glossary for more details on how to build on buy one.

Once you have this mechanism in place, you can build an uncrackably secure webphone. You use the standard Java microphone API to convert sound into numbers, compress them a little, encrypt the numbers and send them over the web in real time. On the other end you reverse the process, and play the sound. You logically have two channels, one in each direction. Keep in mind that snoops can still place hidden microphones at either end, or snoop on EMF radiation from your computer. It is best to use a laptop which emits fewer clues. However, snoops can't do anything simply by packet sniffing or intercepting and replacing packets. There is a slight delay as packets wend there way through the Internet, but not that different from a long distance call to Indonesia from Canada.

The advantages of this scheme are:

The code is simple enough to write yourself. You need not rely on an outside company to provide encryption code to you. It becomes much harder for the CIA/KGB/FBI/LBJ/CSIS (pick your favourite bad guy) to hide a snoop in the code. You can have several people study the code and freshly compile it to ensure it does what it is advertised to do. With ordinary encryption you must trust some company that might be under CIA control.
The messages themselves cannot be cracked, even in theory. The keys must be intercepted, the decoded messages read or the software compromised.
The algorithm is very quick.
With digital signing, it is possible to distribute software over the Internet without worry the CIA has tampered with it. You don't need to distribute it by secure courier the way you would with private one time pad keys. However, if you think the CIA may have cracked the digital signature schemes, you might want to distribute software by secure courier too, so you might as well distribute a year's worth of one time pads at the same time.

The disadvantages of this scheme are:

You must predistribute bulky keys on CD. In contrast, in a private/public key encryption scheme, there is no need to transport private keys around.
If you have more than two parties communicating, you probably want a CD of keys for each pair who might potentially communicate. You need a large hard disk to contain all those keys and software to select the correct key source, and make absolutely sure no piece of any key is ever reused.

Code for Encryption

Here is the code + text file to encode a file for sending via old email packages that do not support enclosures. It also includes a simple encryption called encipher, and an breakable Vernam one-time-pad cipher called Encrypt which uses the Mexican peasant algorithm. Unforutately these program are very old, written in Pascal. You could use them as models for more modern Java implemenatations. Please note that this code was written by Roedy Green.

Thanks to Roedy Green of Canadian Mind Products for creation of this material. Please take some time to visit his excellent website and read about his other Student Java Projects available.

Home

To contact Author: Email: [email protected].