Skip to main content

Original DataHush Encryption Strategies

Description

This section discusses some of the encryption strategies originally employed by DataHush. Some novel strategies remain unpublished.

In general, an encryption’s strength relies upon the following:

- Encryption algorithm – the ‘formula’ used to encrypt

- Length of key

- Processing power/time

We have the following techniques that we feel make it possible to strongly secure a transmission:

Dual encryption technique and compression

Two strong encryptions are used. One method is based on a known published method, the other proprietary. A third layer is related in that the stream is compressed according to one of a battery of techniques. Compression is a form of encoding that effectively strengthens the encryption, since even if the decompression technique is known, it increases the burden of overhead required to break the code.

Physical possession

It is possible to require a proprietary hardware device. This would require physical possession of the hardware device to make a transmission (the software would not work without it).

Challenge-response

The system can be configured to require a challenge-response from either party to a transmission. This involves in addition a ‘two-way’ lock box of data that has never been transmitted, as well as a real-time requirement by a spoofing machine that will likely exceed the ability of any known machine.

Processor dependent key-scaling

This is an aid to making the encryption future-proof. The length of the key and the intensity of the calculations required are negotiated by either end of the system based on the CPU cycles available at either end. Ten years from now, the same software will require much greater capacity, even of a trusted party to decrypt. This means that if the processing power of a common workstation such as a PC is 4 orders of magnitude below that of the largest known machine, and it can force a real-time response that exceeds the capability of the larger machine, then as long as the differential in capacity holds true, the encryption can never be broken by superior processing power.

Two-way lock box

A large body of data used only as additional encryption will be transmitted by a trusted means to both parties. This store of data will be used by both parties as a method of lengthening the encryption key. Without access to this store, an intercepting party is forced to crack the encryption using the entire key.

Non-deterministic decryption algorithm

This technique is used to ‘up the ante’ in terms of required processing power. Not all of the information required to decrypt will be available to the receiving party. This can impose an arbitrary time of decryption, even if keys are intercepted. This will require the decryption process to actually guess part of the key. Sometimes, a packet will fail to transmit end to end, since the receiving party simply does not have the resources to decrypt. This introduces a further variable of noise that will confound an intruder, but be scaled within the limits of both ends of the trusted parties.

Decoying and nested decoys

Not all of the data in our secured transmissions will be data. Some of it will be noise, and the amount will vary from transmission to transmission. In addition, mock data that appears to be encrypted by simpler methods will be included in the transmission. This will occupy the resources of an intruder that might otherwise be engaged in breaking the true transmission. Decoying is nested at each level of the encryption process, requiring an intruder to follow many blind alleys at each level.

Comments

Popular posts from this blog

The system cannot execute the specified program

It always annoys me no end when I get messages like the following: "The system cannot execute the specified program." I got the above error from Windows XP when I tried to execute a program I use all the time. The message is hugely aggravating because it says the obvious without giving any actionable information. If you have such a problem and you are executing from a deep directory structure that may be your problem. It was in my case. Looking on the web with that phrase brought up a bunch of arcane stuff that did not apply to me. It mostly brought up long threads (as these things tend to do) which follow this pattern: 'Q' is the guy with the problem asking for help 'A' can be any number of people who jump in to 'help'. Q: I got this error "The system cannot execute the specified program." when I tried to ... [long list of things tried] A: What program were you running, what operating system, where is the program? What type of

Coming Soon: General Artificial Intelligence

The closer you get to experts who understand the nuts and bolts and history of AI, the more you find them saying that what we have is not nearly General Artificial Intelligence (GAI), and that GAI seems far away. I think we already have the roots in place with Neural Networks (NN), Deep Learning (DL), Machine Learning (ML), and primitive domain limited Artificial Intelligence (AI). Things like computer vision, voice recognition, and language translation are already in production. These are tough problems, but in some ways, machines are already better than humans are. I expect GAI to be an emergent property as systems mature, join, and augment one another. I was around during the 70s AI winter, and was involved in the 80s AI winter as one of the naysayers. I built a demonstration system with a Sperry voice recognition card in 1984. I could demonstrate it in a quiet room, but as a practical matter, it was not production ready at all. Around 1988 we built demonstration expert systems usin

Your call is important to us, but not much.

Rogers entire network is down and Rogers either does not know why or sufficiently disrespects its customers that it won't say. I was on the advisory committee for the largest private network in Canada serving 150,000 employees countrywide. I was also an active participant building out that network. I installed the first Local Area Networks there. I wrote a code generator responsible for the most critical portion of Bell's mobile network. I also wrote a portion of code for a system in the United States that detected and pinpointed line breaks in their network before they happened. For a time, I held the title 'Networking Professor' at our local College. I registered my first domain name in the 1980s. I have administered Internet network servers for decades. In one capacity or another, I have worked with most of the telecommunications providers in Canada past and present. Nearly a billion devices use a small network codec written by me decades ago.  Except that Rogers was