Sending hidden messages inside routine traffic is always going to be possible. Defeating traffic analysis is actually easy because of the size of the haystack. In some senses, it might be better to use one of the obscene collection platforms for such traffic: Skype, Yahoo, Gmail, Facebook, etc. Hiding in the open often works.
Read the following message and try to guess if it holds hidden information:
Dear John and Teresa,
How are you? I hope everything is going well. Thanks for having us over! It was really nice to see you. Wow! That was the best barbecued chicken ever. An amazing dinner! I hope we can come back in October. Right now my work is a real headache. Fran is busy too. The kids keep our hands full. Especially Tommy. I hope the kids were not too much problem at dinner. And I am sorry Tommy broke that vase.
Fran just got a new one. Please accept it. OK? She is going to bring it over next week. Please don’t worry. She is going to be in town for two days next week because of a conference, and it is easy for her to stop by. So give us a call this week if you can.
Again, it was so fun to see you two again and I am really sorry about the vase. Hope to see you soon myself when work slows down. Things have been hectic. You can imagine. I have to work late just about every night. No time to do anything except get some sleep and show up back at work.
Gotta run! Take care and see you both soon.
There is a plaintext message inside the letter. Count the number of words in each sentence (after the greeting).
In this system a sentence with 13 words resolves to a three. Ten words resolves to a 0.
Using a code pad somewhat similar to the STASI “TAPIR” the plaintext resolves to the following message:
Mine owner wants bribe
So this message was sent in the clear (in plaintext). That is usually not the best lifestyle decision. Someone clever could guess you are communicating this way, and he could go to work to resolve your message by guessing the format of the code pad. In fact, come to think of it, such an effort could be automated. Simple code pads would be the most vulnerable. But there is a solution.
The best way to send this message is to not send plaintext. Send ciphertext.
Send an unobserved and unbreakable message with a random symmetric key
Gestapo 2.0 has arrived to your world, and you want to foil them.
1. Decide on your message.
Message: Go to the synagogue
2. Use a code pad like the one below:
3. Convert your message into numbers using the code pad.
4. Use a one-time-pad key designated by the greeting:
“Hey!” uses key:
15423 89479 30985 95704 35770 95893 07814 10585 98524 24782 94553 89265 84302 52941
Both you and your correspondent have this key prior to the message being sent. Therefore you will want to hide your one-time-pad keys. You must be careful that your local Gestapo 2.0 does not find your keys (maybe you hid them on a USB with a hidden, encrypted partition inside another encrypted partition using VeraCrypt), and the huge advantage is that your message is not subject to computational attack. They can look at it forever with a planet full of computers, but this will do them no good at all.
5. Add the plaintext to the key without carrying over.
Here is your ciphertext:
70791 16235 05456 91230 898
6. Write your letter (Each sentence will have the number of words as in the ciphertext. Seven words, then 10 or 20, seven again, etc. Contractions count as one word, and all of this must be clearly understood beforehand):
My trip to Berlin was really fun. The people there are so sophisticated and friendly and relaxed. I walked around downtown all day long. I have to tell you that it is beautiful. Really!
Gosh. Berlin has so many good restaurants. Cheap too. It was fun. I want to go back. One thing that stood out to me was how clean everything was, not just the restaurants, but the streets too. It is a vibrant city. I just love it. Maybe we can go together? I really enjoy the cosmopolitan atmosphere.
How have you been doing with your new studies? Ok? How’s Ben? He’s so funny. I hope that he can help you with your school. I know he is a bright, diligent student. Why not ask him again to help you out?
Maybe I’ll see you in a couple weeks!
So you see that this method takes some time to create the story, to encrypt the message hidden in the story, and then to decrypt it. Using a code table of bi-graphs or tri-graphs might be faster and easier for some messages. Also, one can come up with one’s own methods based on the idea of hiding ciphertext in a normal-looking letter. Both you and your correspondent need to have the prearranged set of keys and a code pad. The advantages to this system are its low cost and simplicity.
One of the lessons here is that low-tech means can achieve high-end results. If both correspondents destroy their key to this message after it is used, destroy it completely, then that is another plus, and it can be as if the secret message never existed.
The above example may seem fanciful or unlikely to ever happen. On the contrary, at this very moment there are people who could use a system such as this to communicate in the face of a regime.
Currently, for the general user or someone just wanting to practice old-school encryption methods, one must be careful to obey local laws. In some countries, keys must be maintained and surrendered upon demand.