Members
Article Info
/hack #4
Encryption and Data Hiding
2008-08-21

by Clay Dowling

How and what to encrypt, and why.
Recent Articles
#15: Internet Traffic Cops
#14: Outsmarted by Breakfast
#13: Taking Advantage of Big Brother
#12: The Daemon in the Machine
#11: Hacking the Car

Downloadable RPGs:
DTRPG

Visit our Sponsors!
/hack #4: Encryption and Data Hiding

/hack

What Can You Encrypt?

Communication

Any communication is a good candidate for encryption. There are limitations based on available technology. In a pre-radio era most communication is going to be by letters. A clever person could also conceal information in drawings and paintings, although encoding that information would add an extra layer of complication.

Encrypting your communication allows you to transmit data securely through insecure channels. So even if the secret police intercept your message to the leader of the resistance, they won't be able to read the actual message. Since all codes can be broken eventually, it really means that they just won't be able to take action on the information until it's too late. At least, that's what you hope. There may be a wall in your future if you're wrong.

Information

You may have information that you don't want others to get. You could have blackmail notes that you don't want getting out, or business dealings that you don't want competitors or partners to know about. You can protect this information by encrypting it.

As an example, you could have incriminating photos of a city councilman. If somebody stumbles onto this file, things could get very awkward for you. If the file in encrypted the police or the councilman's flunkies won't know what it is, and won't drag you out behind the jail to beat you into a bloody pulp for having it (providing you haven't done something else to tip them off to the fact).

How Do You Do It?

One of the really great things about encryption is that if your game is set at any point where writing is a known skill, there is some form of encryption available. Even a lot of modern encryption is or can be decidedly low tech.

The simplest encryption is a substitution algorithm. They consist of the regular alphabet paired with alternate letters. The alternate letters will be used in the encrypted text. These are the most simplistic of algorithms, because letter frequency can be used to break the code fairly easily.

Mathematical algorithms can be used to calculate the substitution text, generally so that the letters position within the document, and possibly preceding characters, determine the substitution. Generally some sort of perturbation is added to the calculation. The perturbation is the key, and having or determining that key is essential to decoding the message.

A mechanized society can produce encryption machines that are useful for encoding messages between two secure stations. Even the smallest of these machines was such that it was a bad idea for a field agent to have one in their possession. Classic examples are the Enigma machines used by the German military during WWII, but older and smaller models were also available.

Electronic computers made encoding fairly easy. Government agencies helped to drive the development of computers to increase encryption capabilities. In the 1980s cryptologists began working on algorithms that were released to the public for peer review. That move eventually led to the development of consumer programs that provided very reliable protection for anybody with a computer. Now anybody who can afford even a second hand computer has good encryption at their fingertips. The software is free and easy to use.

There is even a very modern algorithm, designed by Bruce Schneier, which can securely encrypt a message using only a deck of cards. It isn't a fast method, but it has the advantage that being found with the encryption and decryption tools is completely non-incriminating. A very similar scheme was found in the wild, in use by the KGB.

Encryption Tools

All of these methods share in common the need for a key and an algorithm.

The algorithm is a consistent series of steps which if performed on the same source text will always produce the same encrypted text, and that encrypted text will be reversible.

The key is a piece of data that provides a degree of variation in the algorithm. In some types of encryption, called symmetric algorithms, the same key is used to encrypt and decrypt the message. In asymmetric algorithms, a different key is used to encrypt and decrypt the messages. If you buy a piece of software and it comes to you in a Zip file that needs a password, that is an example of a symmetric algorithm. When you connect to a secure website to buy a book, it uses an asymmetric algorithm.

The selection of keys is very important for the security of a message, because keys which do not have enough randomness are easy for an attacker to work out. A lot of time and effort go into generating pseudo random numbers for encryption, and you can even buy special devices for your computer that generate random data.

Exchanging Keys

Because the keys are so important to securing the message, exchanging keys between the two parties hoping to communicate is very important. Ideally the key would be passed securely, face to face. That isn't always possible in the real world though.

Asymmetric methods, such as that used to secure a website or sensitive medical records being exchanged, work by generating a certificate. The certificate is split into two parts, a public half and a private half. The private half is jealously guarded. The public half is shared with anybody that you happen to want to communicate with. In fact there are public repositories of these keys that are used for things like securing email communication. When you want to send a message to somebody, you look up their public key. Your message gets encrypted with your full key and their public key. It is decrypted using your public key and their full key. The mathematics are a little involved, but it works quite well, and it's never necessary for the two parties to reveal the private half of their key.

Symmetric methods work by sharing the same key. This key must be carefully guarded, and it must be changed frequently to prevent it from being compromised by repeated use. One technique is known as a one-time pad. The two parties communicating are equipped with a large set of predetermined keys. Each party has the keys in the same order, and each message is encoded with a new key. This kind of pad (they were originally like tear off note pads) is very suspicious to be caught with, although the current sodoku craze might be useful to hide it.

Another method is to base the key off some sort of shared public information. In his card based algorithm, Bruce Schneier suggested that the key could be determined by the hands described in the bridge columns of a lot of papers. If a national paper were used, it would be very easy to ensure that a message encoded on a specific day had a reliable key.

Hiding Information

Keeping information from being noticed is often an important part of encryption, especially for things like key exchange. Bruce Schnier's example is a prime case of exchanging secret information via public means.

A clever method of hiding both code and key were described in Dorothy Sayers' Have His Carcase. The two parties regularly exchanged long letters which were for the most part full of trivialities. The actual encrypted message was scattered through the letter. Letters in certain positions, such as the start of paragraphs or sentences, are part of the coded message.

The key was formed by pulling letters from a book, again using an algorithm based on position in paragraphs and sentences. Where to start pulling the letters that formed the key was determined based on information in the previous message, although it could just as easily have been based on the day of the month or some trivial information also in the letter.

An interesting method of hiding information, and the exchange of information, is to do it in plain sight. Two people walk past each other on the street, when their hands pass the message is passed between them discretely. Al Quieda operatives are known to use this method for passing messages, and I have seen drug dealers use the same method to pass product. But because the act of two people walking past each other is so innocent, it goes unnoticed and the secrete message or illegal product was moved without anybody being the wiser.

Playing In Game

Although I favor a contest of person versus person, breaking encryption is really more about a check against the algorithm used to encode it. The human factor does some in where the sender of the message may not be sophisticated and chooses an easily guessed key, or makes a mistake implementing the algorithm. There have been very public cases of improperly implemented algorithms even in the last year that compromised the integrity of encryption.

If the person sending the message is unsophisticated about choosing keys, anybody attempting to crack the code should get a bonus relative to the level of innocence. A computer use skill might be made for modern electronic encryption. An intelligence or education roll might be good for manual encryption. The degree of failure could be applied as a bonus to the attacker, or a variant on the degree of failure.

For information hiding, the direct contested roll is fully appropriate. At it's core it's a test of intelligence vs. intelligence. If your game system has such things though, you might allow rolls against a camouflage or concealment skill (or use the skill as a bonus to the roll).

To use the hand-off I discussed above, some variety of streetwise or acting skill can be used as a modifier to a contested role. If your system includes a perception skill or attribute, that can be a good basis for the roll of the person attempting to see the hand-off.

In general I would tend to use encryption to lend a certain flavor to the game. Breaking the code could be a good dramatic point in your story, but working on deciphering the code will probably be very undramatic.

Key exchange provides a lot of opportunities for dramatic story telling. The player characters could be secret agents attempting to intercept encryption keys, ideally without being detected. Or they could be attempting to deliver encryption keys without getting caught.

Conclusion

Encryption is great for adding an espionage flair to your game. Used carefully, you can use it as a plot element for distributing information to the players. I have given you a very brief overview of encryption, hopefully enough to let you use encryption convincingly in your game.

If you want to see a little bit of encryption in action, grab a copy of gpg and experiment exchanging secure emails with a friend or two.

Recent Discussions
Thread Title Last Poster Last Post Replies
sell fresh dumps g026r 01-27-2011 10:50 AM 1
#10: Improvised Spy Gear freddy 07-27-2010 06:28 PM 3
#15: Internet Traffic Cops RPGnet Columns 02-18-2010 12:00 AM 0
'm Seller for: CC, CVV US,UK,CA, EURO,AU, Italian,Japan,Fran... fresh_hack 01-21-2010 04:12 PM 0
#14: Outsmarted by Breakfast Motorskills 11-08-2009 09:05 PM 2
#13: Taking Advantage of Big Brother RPGnet Columns 08-20-2009 12:00 AM 0
#12: The Daemon in the Machine Clay 06-02-2009 12:56 PM 4
#11: Hacking the Car RPGnet Columns 03-19-2009 12:00 AM 0
#9: The Liberation of Jorge Ramirez RPGnet Columns 01-22-2009 12:00 AM 0
Column Suggestions Clay 12-18-2008 11:15 AM 0
( goto forum | post new thread )

Copyright © 1996-2013 Skotos Tech, Inc. & individual authors, All Rights Reserved
Compilation copyright © 1996-2013 Skotos Tech, Inc.
RPGnet® is a registered trademark of Skotos Tech, Inc., all rights reserved.