Holographic Sonar Cryptography

Atomic Snarl writes: "New Scientist.com has this story on how to encrypt a underwater sonar message using multiple sound path timing. By detecting and adapting for the current variations on underwater sound channels, the transmitted message can be received intelligibly only at a single point. This holographic approach suggests a method of web encryption using multiple hop paths and ping times to create a message which can only be decoded when received at a specific target node!"

Secrecy by Delocalization

[Spootnik]

Exactly, they aimed more at reliability -- even though the codes were lossy and reliability was achieved mainly by coherent en/decoding, because noise is incoherent. However, much of that was dropped in favor of faster and better (in that approach) use of homomorhic processing and other DSP techniques.

Further, Holocomm's "delocalization" feature can be seen also in SHA-1, where *all* output bits change when one changes a *single* input bit. However, SHA-1 hopelessly mixes and merges all the data (as it is intended to do), while Holocomm allows for reversible and selective delocalization.

Thus, in two contrast points to former pure holographic codes, Holocomm aims at (1) non-lossy reversible (2) selective delocalization -- which also allows interoperation with all known cryptography algorithms (that require exact data for decoding). The reliability feature is also further enhanced by the non-lossy aspect of it. As mentioned, Holocomm can also work in lossy modes, including lossy compression -- which can be quite useful.

Holocomm is the first example of a practical quantum mechanical communication and encoding system that affords privacy and reliability, to a high degree, while also offering compression and selective information delocalization.

As such, it naturally has many parallels in several things that are based on wave functions or on the Schroedinger equation .. which essentially defines wave phenomena ... as the theoretical basis of Holocomm, as stated.

Re:Secrecy by Delocalization

[lightspawn]

Further, Holocomm's "delocalization" feature can be seen also in SHA-1, where *all* output bits change when one changes a *single* input bit.

Wouldn't that mean that if you changed two input bits, all output bits would stay the same?

Re:Secrecy by Delocalization

[jovlinger]

if taken litteraly, then yes. An example of such a function would be parity.

however, to be precise, SHA has every output bit influenced by every input bit. As does every other block cipher that comes to mind.

Speed of sound versus ping times

[Chiasmus_]

It seems to me that the speed of sonar through water is a physical certainty; that's why we can accurately use it to detect the distance from an object.

Internet traffic is another matter. If I tried to use a ping time to measure the geographic distance to another server, I'd be about as scientific as the Slashdot poll.

Am I wrong, or could internet latency give or take 100 ms or so from a ping, rendering the encrypted message readable by.. no one?

Re:Speed of sound versus ping times

[c_ollier]

I think the speed of sound in the water has small variations due to pressure & temperature shifts. And error checking & correcting would be difficult, as these variations would make the message unhearable.

To me, it seems as hazardous underwater as on the Internet.
--

Re:Speed of sound versus ping times

[Spootnik]

I will let you calculate it. The following are empirical equations from Kinsler and Frey.
t is in degrees C and c is in m/sec.

In Fresh water c = 1403 + 5t - 0.06t^2 + 0.0003t^3
Good for 0 to 60 degrees C.

In sea water
c = 1449 +4.6t - 0.055t^2 + 0.0003t^3 + (1.39 - 0.012t)(S - 35) + 0.017d

Where S is the salinity expressed in parts per thousand, and d is the depth below the surface in meters.

Re:Speed of sound versus ping times

[Ronin+Developer]

The sonar conditions vary considerably through time. There are inversion layers and tunnels that are formed due to the differences in the index of refraction for the audio signals.

In optical holography, you are recording the interference patterns resulting from a reference beam and reflected light. When you shine a laser of the right wavelength through or off the hologram, the interference patterns are "replayed" thus reproducing the image.

Little if any information can be gleamed from a single intererence pattern.

In the case of sonar, you are recording audio interference patterns. However, unlike in an optical holographic environment, the conditions change drastically under water depending upon weather condition and seasonal (or even geophysical (i.e earthquakes and volcanos) variations.

In a controlled scenario as described in the article, it works because the replay occurs in a very short time period and the interference patterns may not change much. Without an initial reference signal, it may be very hard to get a good mapping of the sonar environment.

As for the security, I wonder if you recorded the signal eminating from a single transducer at short range if you could actually receive the message at a spot other than intended.

RD

Re:Speed of sound versus ping times

[kryzx]

A transmission system that requires the person sending the message to know exactly where the submarine is kind of defeats the entire purpose of having submarines in the first place.

Not only that, but if the enemy had enough passive sonar out there listening they might be able to collect enough data on this message to determine where it was "focused", giving away the location of the sub.

That's refreshing...

[John+Leeming]

...which leaves the question...

Does this mean that they need more "big rocks" under the Great Lakes, or can they still use the same "big rock" to use this?

Radio?

[redcliffe]

Could this be used to secure wireless networking? This would be an ideal way, because it is only understandable at one location. I don't know if it would work well though on Seattle Wireless or Brismesh style 802.11 networks.

David

Re:Radio?

[sandgroper]

Could this be used to secure wireless networking?

Secure??? Who knows. What it should allow with radio is something I've been calling "Space Division Multiple Access". In effect, using scatterers in the environment (e.g. buildings, mountains, what have you) the "cell size" could be brought down to a few tens of meters using the same number of base-station transceivers as currently exist. Who needs more spectrum when you can focus the same bandwidth on multiple physical locations?

BTW, the New Scientist article is talking about kinda old work. NS had a blurb on this back in '97 or so.

Re:Radio?

[jlseagull]

i've done some work on this. this is indeed possible, though the radios on both ends need high sample rates if the communication will be recieved over short distances, which isn't practical on 802.11b cards - the sample rates are in the Gs/s range. in addition, the signal environment that 802.11b operates in is highly variable, and subject to reflective and refractive variations in power on the order of +/-3dB over 10us. Phase variations can be as large as 1000%(that is, 10 times as long as the wave itself) over the same timescale, making phase correlation and interferometrics totally useless. Something as simple as a fan running can perturb the signal environment on the other side of the building to this degree(believe me, we tried it). it might, *might* work over larger static environments like a city or a mountain range, but 802.11b isn't spec'd for that kind of range. so the short answer is, no.

Interesting, but too scientific?

[friday2k]

I think the idea Edelmann is pursuing here has some very interesting implications but also limitations. I wonder how stable the environment on greater distances might be, current, the seabed itself, and other environmental influences. The same goes for the suggested idea of using ping times and number of hop points to encrypt a message. These are highly unstable factors and in order to encrypt the message the environment shall be the same for both sides for the time of the communication flow. But I am also not enough cryptographer to really tell. Maybe others can shed some light on this?

The web is not wet, and is there a risk here

[bLanark]

The internet lag times on each leg vary from moment to moment, so there's not the same degree of certainty that the speed of sound in water has. This probably wouldn't work. Plus, we've got asymetric crypto, which works very well, thank you.

Also, in the sonar field, would it be possible to guess at the location of a recipient by catching some of the signals? One wouldn't want to give away the location of your subs, would one?

Doubt that it would be useful..

[Bowie+J.+Poag]

A well-seasoned network admin friend of mine and I once had a conversation over dinner about an idea I had brewing -- An application that would attempt to guesstimate where you were on earth based on triangulating distances from known servers by means of measuring ping time. A small network database that contained, say, a hundred servers nationwide that constantly maintained a list of ping times to a hundred other machines would provide enough coverage and enough data to allow a single machine to guesstimate where it is on earth based upon simple trig.

The only problem with this idea is that A) Network latency times can change erratically from moment to moment, and B) Some nodes may even drop out of the network due to upgrades or flaming death. Depending upon how fine-grained the mesh is, and depending how accurate you want the guesstimate to be, you could be reasonably certain of at least being able to determine your location within a couple hundred miles.

Not useful for you and I, I know.. But it would be kinda cool if people could buy PCs, set up them straight out of the box, and the box goes out on the mesh and figures out where it is in the U.S., and sets the time accordingly, suggests local IPs, other stuff.

Amazing what you can discuss over a bacon cheeseburger, eh?

Cheers, and yes, PROPAGANDA is still up,

Re:Doubt that it would be useful..

[chris.bitmead]

With error correction and a means of continual
adapting to the current situation it would be
definitely doable. The bandwidth may be poor
though.

Re:Doubt that it would be useful..

[MrFredBloggs]

Its been done. Read `the cuckoos egg` by clifford stoll. They worked out the hacker was in Germany via a similar method to the one you described.

Re:Doubt that it would be useful..

[kc0dby]

Much more reliable a method would be to use a traceroute and look at suffixes until a 'listed' suffix appeared. Just set it up to trace to a few different hosts, and see where the routes begin to diverge.

This has been quite useful for air based wireless-

The theory behind it is even a standard part of amateur packet radio. When your using typically 50 watts (or even 1500 watts, legally) you tend to connect to some interestingly distant stations that you'd have no idea where they were if they didn't leave a little identifying information in their 'hostname'

Ah, yes. Manual routing of packets. Really makes one appreciate all the neat tools we use now..

Re:Doubt that it would be useful..

[Glytch]

A nice program, but after seeing various coloured balls stacked straight up to lunar orbit almost every time I've used it, I'm going to be careful about how accurately I take it's results. :)

Re:Doubt that it would be useful..

[Xerithane]

There has been a commercial solution out for a very long time, called VisualRoute. I used it for a job I did a while back. Pretty slick stuff. You really don't need *any* centralized server, if the end box is up - you can find out pretty close where it's at. One of the major problems with this is AOL because all their IPs are divied out of Ohio or some other state (can't recall).

Sorry ya got beat to the punch, but you can go punch your friend because there is a company that is making a lot of money off that idea.

Sonar audio pollution more important

[sethdelackner]

While underwater encryption is a nifty idea, I would much rather we discuss the US government plans to start using powerful sonar communications that, in test runs, have caused whales to beach with under highly atypical signs of death (the equivalent of bleading ears).

Re:Sonar audio pollution more important

[Phanatic1a]

You don't have a cite for that, do you?

net encryption

[ruppel]

Supposing one intercepted the signal underwater it could still be decrypted. Admittedly this would require formidable computing power since one would have to simulate the geometry of sender and reciever in a continuous medium.

In communications across the net this kind of playing around with different routings and time delays would not be as effective since once intercepted the decoding would be assuming a descreet medium (only so many different pathways). It isn't clear whether the effort put in this kind of scheme would be worth it, ie. it could bne much more effective to refine the encryption algorithm.

One should note that in descreet systems, like electronic locks that open when a transmitting key is waved in front of it, the principle of asynchronous signaling is already in use. These systems use clockless processors to make the recording and decoding of the transmitted signals near impossible.

Re:net encryption

[PhilHibbs]

Supposing one intercepted the signal underwater it could still be decrypted. Admittedly this would require formidable computing power...

From the article:

The system works by broadcasting messages in such a way that they can only be received at one point in the water - so no one else can intercept them

The signal is uninterceptible, not encrypted. The only place in the water where the multiple split signals coincide is the destination.

Re:net encryption

[statusbar]

Hmmm.... But it IS interceptable! All you need to do is have an array (or matrix) of listening devices near the transmitter. Then with (massive?) computing power you should be able to search for the sort of correlation that the transmitters form. Right? Probably would help if you knew the distance to the submarine too.

My question though is why not just steal the buoy?

--jeff

Impossible.

[bornie]

"This holographic approach suggests a method of web encryption using multiple hop paths and ping times to create a message which can only be decoded when received at a specific target node!"

This implies that all routes are static and no routers ever will go down. It also implies that pingtimes are constant between routers/hosts. Both with are false.

If the IP of all intermediate routers are used in the encryption (which isn't clear) a change of route will make the current 'key' unusable. Further, the ping-time between hosts/routers vary alot as the use of internet vary and will also make this system unusable. A simple DoS-attack will completly destroy any encrypted data in transit which will make it only more insecure.

--
Börnie

Asymmetric routing makes this moot anyway

[Kenneth+Stephen]

Even if you could eliminate the problems with the latency, the asymmetric routing that exists in the internet will kill this technique. This communication technique depends on the forward and the reverse path being identical - something which is not true when asymmetric routing is used.

Covert Operations

[DMouse]

So let me get this straight, they are suggesting that a submarine can communicate securely with something else in the water ... by being really noisy.

I can see that going down a treat when a sub is trying to keep itself invisible.

YRU : Your rights under-water

[TheMMaster]

will this article on slashdot mean that the FBI will now 'tap' the oceans too??

Ideas anyone?

[sperling]

I'm not a cryptographer at all, but i'm familiar with the basics and quite interested in the logics behind cryptographic techniques. I wonder, if anyone here have any ideas on a scheme that would let us use the routes (assuming they're static) or the pingtimes (assuming they vary very little) to improve security of a communcation channel? Maybe in a setup with 5-6 different computers all working together in a model designed to do key exchange and validations, to let a new computer into the circle.

If you think in term of a small distributed network with all point to point secure connections established, how can this be utilized to verify the identity of a new participant?

Internet version probably not workable

[Gumshoe]

Although it is a fascinating idea, I seriously doubt you could
use a similar method for encrypting traffic on the present day
Internet.

The biggest show stopper will be the lack of reliable source
routing. Unless you can reliably specify the route the packet
takes (or alternatively, predict the route), the whole schema is
unworkable. IP/4 simply does not support source routing to any
usable degree. IP/6 does IIRC, but even then, I suspect the ping
times will not be consistant enough.

Secondly, a serious change will have to be made to the TCP stacks
as the time interval between the arrival of packets will be an
important factor in this system. Again, I don't see how you can
rely on the transit time given the infrastruture of the Internet.
Don't forget that this infrastructure is what gives the Internet
it's power.

Finally, in the Internet scenario (as opposed to the SONAR
version) this is as about as secure as private key encryption.
Unless my machine is multi-homed, there's likely to be at least
one router that sees every packet my machine sees. This is
fundamentally different to the SONAR version, where you have to
be a precise physical location to be be able to "hear" the
transmission.

Cute idea, but not feasible.

Only in the real world

[joe_fish]

It won't work on the net well, and there are problems with the idea in the real world too.

In effect the sea floor and positions of sender and reciever are acting as a secret key. They 'encrypt' the messages and you can only decrypt if you know the secret key in enough detail - i.e. you are the reciever, and the working with the sender. However the snooper in *theory* could decode the signal if he knew enough about the sender/reciever/sea bed, and could do some farily complex maths. How complex the maths is says if it will work in practice. But given that computer can model huricanes, I would guess that modeling the sea bed is plauible.

In the virtual world though all bets are off. The terrain is very mappable, and fairly simple. So if the problems of varing ping times can be worked out the encryption is very easily broken.

I wonder if the sea bed version stops working if the tide changes.

Better article: Scientific American Nov 1999

[Alsee]

A much more detailed (7 pages) article on time-reversed acoustics appeared in the November 1999 issue of Scientific American.

I pasted the summary below, but here's a link to the summary just to make it official.
Time-Reversed Acoustics
Mathias Fink
Record sound waves, then replay them in reverse from a speaker array, and the waves will naturally travel back to the original sound source as if time had been running backward. That process can be used to destroy kidney stones, locate defects in materials and communicate with submarines.

I thought it was so cool that I wrote a program to simulate the effect. It simulates 1 or more waves emitted by 1 or more sources, and records the waves at 1 or more "microphones". It then treats the "microphones" as "speakers" and plays back the time reversal of the recording. At first the screen is filled with chatoic expanding circles, but after a while the expanding (and fading) circles combine to create a CONTRACTING and STRENGTHENING circle!

I wrote it for my own curiosity, and the code is "dirty". If there's some real intrest here I could dig it out and clean it up a bit.

Re:Better article: Scientific American Nov 1999

[GlobalEcho]

It's probably worth noting that this works fine as an approximation, but that physically almost any medium will exhibit a certain amount of dispersion. That is, you will have not just

d^2 u / dx^2 = d^2 u / dt^2

but also a small diffusion term (size mu)

d^2 u / dx^2 = d^2 u / dt^2 + mu du/dt

This cannot be run backwards in the way the wave equation can. Essentially, it loses information, which will be evidenced by instability of your numerical scheme.

Brian

SHA-1 != XOR

[morzel]

Further, Holocomm's "delocalization" feature can be seen also in SHA-1, where *all* output bits change when one changes a *single* input bit.

<NITPICK>

Due to the nature of bits (being 0 or 1), changing a bit means flipping them from 0 to 1 of vice versa. Changing *all* bits, would mean flipping them all, i.e. a XOR operation.
Changing a single input bit will change *some* output bits, not all of them. Would be a pretty useless hash algorithm ;-)

</NITPICK>

Re:SHA-1 != XOR

[morzel]

Damn!

I really meant "XOR with one input always 1" ;-)

</SLAP>

It suggests no such thing

[Zero__Kelvin]

"This holographic approach suggests a method of web encryption using multiple hop paths and ping times to create a message which can only be decoded when received at a specific target node!"

It suggests no such thing, and the post should be updated to reflect this. The way a sonar wave travels through water is so fundamentally different from the way packets move through the net that the comparison is in fact quite absurd. Indeed, the IP protocol in no way supports the kind of controlled packet delivery the poster is assuming.

All I want to know is...

[hyrdra]

Since when does the Internet considered a particle wave system? 'Holographic packets' sounds more like an invention of Steve Gibson than a method with sound scientific and technical backing...

Encryption not possible.

[TrixX]

What makes this a viable option for underwater encryption, is that nobody can sample a big area of ocean entirely to be able to reconstruct the "holographic signal".

But in the internet, it just only obscures your data. Anyone can read it provided it has backdoors in routers in every path you are using. Yeah, it's harder than monitoring a single router, but still possible, so this approach wouldn't give Real Security[tm]

TCP/IP Ping != Sonar Ping

[Tassach]

This holographic approach suggests a method of web encryption using multiple hop paths and ping times to create a message which can only be decoded when received at a specific target node!

I don't think so. Sound travelling through water conforms to well-understood, consistant physical laws. You can accurately predict how long it will take a sound wave to reach a given destination. However, packet transmission time varies unpredictably based on current load, which changes from millisecond to millisecond. With sonar, if a stationary source pings a stationary target, the ping time will remain constant. With TCP/IP, pinging the same address will give highly variable ping times. Since it appears that this technique is highly dependent on timing, an analogous technique isn't possible on a TCP/IP network.

I dispute the premise

[MarkusQ]

I dispute the premise of the original article.

Their logic seems similar to that of "whisper" chambers, but they break one of the assumptions when they start sending a steady stream of phase encoded ones and zeros. Now instead of having to reconstruct a complex wave form, all an eavesdropper has to do is:

1) Listen for pink-noise with a strong 1kHz component.

2) Play with the (recorded) signal a bit (e.g. adding 1us delayed copies to the original) until you can decompose it into two types of 1us segments--call them A & B.

3) Now you have a stream of As and Bs, and two possibilities; either A=0 and B=1, or visa versa. Test both.

-- MarkusQ

Oh yes you CAN intercept it along the way

[PD]

Theoretically, at least.

In astronomy, the coolest research is in adaptive optics (do a Google search and you will be reading in fascination all day). Here it is in a nutshell, step by step:

1) The earth's atmosphere is turbulent. That turbulence causes the images of stars to dance around in telescopes, making the image all fuzzy. This is what causes the stars to twinkle when you look at them. Avoiding this problem is the big reason why the Hubble Space Telescope gets such amazing photos when it is much smaller than the largest telescopes on the Earth.
2) How to fix this problem without launching telescopes into space? Adaptive optics, of course. If you can flex a telescope mirror into exactly the right shape, you can compensate exactly for the distortion that turbulence introduces into the image, removing the majority of the noise from the signal. Suddenly the image becomes almost perfectly clear and steady, not fuzzy.
3) We know that stars look like points of light, even through the largest telescopes. When we receive a fuzzy image, a very fast computer figures out what shape a mirror would have to be to focus that fuzzy image back into a single point of light. That star is called a reference star. Any interesting objects close to that star are also therefore made clear.
4) Commands are sent to mechanical actuators on the back of a mirror that deform it to the correct shape to focus the reference star. This happens very quickly, so the resulting image is steady and sharp, despite all the turbulence in the atmosphere. Neat trick.

OK, so that's how it works.
You can do the same thing to submarines too, if you know what they sound like. The submarine's sound becomes the "reference star" in this case. When you receive the garbled signal, you might be able to correct it based on the sub's sound. If you apply that correction to the message as well, you might be able to hear the message.

This has a lot of problems, so practically it wouldn't work. For example, the easiest way to defeat the intercept is to change the noise that your sub makes, maybe with a random noisemaker. But that makes your sub less quiet. Also, the person trying to make the intercept would have to be listening to the sub before the message is sent, because once the message is sending, that would make the sub a random noise and you couldn't focus the sound. And, since the turbulence conditions change (I don't know how fast), over time your ability to focus the sound into a message would steadily degrade. The sending submarine would only have to figure out how fast the sea conditions are changing, and only start sending the good parts of the message after you've lost your ability to focus the sound.

Re:Oh yes you CAN intercept it along the way

[Dolly_Llama]

You can do the same thing to submarines too, if you know what they sound like. The submarine's sound becomes the "reference star" in this case. When you receive the garbled signal, you might be able to correct it based on the sub's sound. If you apply that correction to the message as well, you might be able to hear the message.

I see a significant problem in using the sub's sonar signature as a baseline, it's sort of obvious actually. The boats are damn quiet. Or at least can and should be. Missle boats, the russian akula, and the Seawolf class are so quiet that the best way to look for them in the open ocean is to look for a "hole of no sound" where you think ambient ocean sound should be.

Quantum but not communication

[MarkusQ]

Since I wrote the original, I did a bit of digging and found this [mediaone.net] (scroll down a bit for a really flash diagram). By affecting the measured polarisation on one end, they are, instantly, affecting the measured polarisation on the other.

The snag is, the only way for them to know that we did it is for us to tell them by some other means. This system can't be used to transmit any information since there's absolutely no way for them to know that the polarization entanglement has colapsed without either 1) measuring it first (which would make them the sender) or 2) getting a regular old non-quantum message from the sender.

So unlike Ma Bell and church Bell's, etc. J. S. Bell doesn't help you get your message through.

-- MarkusQ

This wouldn't quite work on the web.

[BlueTurnip]

If one reads the article carefully, one would discover that this "encryption" technique makes use of the wave nature of sound to both obscure the data in transit, and reconstruct it at the final destination.

There is no analogy for web traffic which travels over IP which is sent as discrete packets of bytes. They resulting packets cannot be made to interfere with each other at the destination to produce plaintext, nor do they interfere and reflect and become distorted in transit!

The closest analogy would be to split a message into many small parts and send them along different paths in the hopes that no one could catch them all in transit, but then timing isn't really an issue at all as others have suggested. Also, anyone bugging your connection to the internet (your ISP for instance) could still catch all the packets, ditto for the source. Some have suggested splitting keys and sending some parts by snail-mail, others by FedEx, others by e-mail to different accounts which you read on different machines, and that is really a form of security through obscurity, not encryption, whereas the sonar technique is more like encryption in that even if an adversary knew that information was being send and knew from where, they could't recover the plaintext unless they were at the target location.

Perhaps quantum cryptography is a better analogy to what's going on, but it's not a perfect one either as there are fundamental differences between accoustical waves and quantum wavepackets.