1. Field of the Invention
The invention relates to digital data security technologies and communications and more particularly to a method and apparatus for securing data and permitting secure electronic communications relying on encryption and steganographic techniques.
2. Description of the Related Technology
Information and data transfer is growing at an alarming rate. The need for data security has also grown at an equal if not greater speed. The core problems that need to be addressed by any data security system are level of security, ease of use, integratability within the work environment, and mass/global level usage. By contrast, electronic communications are inherently insecure and open. Confidential and proprietary information and data are transferred regularly through channels which are in need of a secure and user-friendly methodology to facilitate confidentiality. Presently there are two basic approaches to securing information: access control (such as password protection), and encryption (single key, dual key, One Time Pad (OTP), steganography, and hardware). Each of these methods has its own advantages and disadvantages pertaining to implementation, design, level of security, interoperability, development, ease of use, and widespread adoption, use, and appeal.
Password protection is commonly used for access control but has inherent security level shortcomings when applied to data security.
Encryption has been implemented in five basic methodologies:
(a) Single key encryption--This uses an encryption algorithm along with an encryption key to encrypt and decrypt data. The same key is used in both encoding and decoding. The major shortcoming of single key technology is the transference of the key to the recipient. Most methodologies require a separate secure communication of the key to the recipient/decoder, via either fax, telephone or in person.
(b) Dual key encryption--Public key encryption solves this problem by utilizing different keys for encryption and decryption. The encryption-public key is given out insecurely to all potential encoders. The decryption-private key is kept by the recipient/decoder and not given out. Encryption is performed on data using the public key and only the private key can decode the data encrypted using its matching public half. Public key technology is primarily based on factorials of large prime numbers that facilitate the public and private key halves. There are presently several patents relating to public key technology, such as those held by RSA (U.S. Pat. No. 4,405,829) and Diffie-Hellman (U.S. Pat. No. 4,200,770). Presently, there are three shortcomings to the public key system in a large network. First, a repository capable of storing millions of public keys needs to be in place to facilitate Internet level global communications security. Second, due to the nature of public keys, they require large streams of data, and a method of authentication needs to be in place to validate the authenticity of the public keys within the repository. Third is the present difficulty and lack of ease of use inherent in today's public key products.
(c) One Time Pad (OTP) is an encryption methodology that provides a high level of security for encrypted information. However, due to its reliance on truly random sequences for the initialization key and the inability of software to provide truly random numbers, OTP is not suitable for the mass market of end users and corporate users for secure communications.
(d) Hardware encryption cards and boxes have been used for secure communications. Hardware encryption provides high level security and key management but is very costly. In addition, hardware encryption systems have not been compatible with other hardware systems, i.e. they lack interoperability. Hardware encryption is ideal for point to point communications or closed systems where cost is not a factor; they range from $1,000-$25,000 in cost. Hardware encryption systems are typically not suitable for open or mass communication applications.
(e) Steganography is a relatively new method for data security. Steganography, the art and science of hiding the existence of information, has in the past been primarily associated with invisible inks, messages sent via telephone line noise known as TranSec, and red cellophane such as that used in games to reveal information hidden in a red-blue block. Within the past two years, Steganography has migrated to the computer in the form of hiding information in graphical images, sound files, or other media including text files such as Mimic functions. Mimic functions convert plaintext letters into common everyday English words that are then put together to form pseudo-sentences. The resulting message resembles a Madlib.TM.. When steganography is applied to graphic images, it encodes information in the code of a graphic file either in the pixel coding, high bits, or low bits of the coding. The former is useful for small messages but becomes apparent if large amounts of data are hidden. The latter two are more recent but are still in development stages as the encoding generates a noticeable deviation from the standard code of the graphics file. An example of a steganographic system is described by Cooperman et al. (U.S. Pat. No. 5,613,004), which is herein incorporated by reference in its entirety. All of these methods lose their security when the system is known and therefore should be used together with key based encryption for additional security.