I've been hearing recently about something called DNA cryptography. What is it, and how does it relate to information security?
DNA cryptography may not be what you think it is: It's not the process of creating a bunch of Johnny Mnemonics with stored secrets in their heads. Instead, DNA cryptography is the use of DNA nucleotides (denoted by the letters C, G, A and T) to form encoded micro messages for transmitting secrets. It goes something like this:
Create the encoding rule using DNA components. Nucleotides are used as quaternary code, and each letter of the alphabet is denoted by three nucleotides. For example, the letter A could be denoted by the nucleotide string AGC, the letter B by ACC, etc.
Synthesize the secret-message DNA. The secret message is encoded into a DNA sequence according to the code above. For instance, AB would be encoded as AGCACC. After coding, a synthesized secret message DNA oligodeoxynucleotide is created containing an encoded message 69 nucleotides long (denoting 23 alpha characters), flanked by forward and reverse PCR primers, each 20 nucleotides long.
Hide the message. The DNA message is physically made to look like human DNA by adding roughly 50 to 150 nucleotide pairs to it, making it average size. The secret-message DNA and concealing DNA are mixed and attached on a piece of paper using common adhesive to form colorless microdots. Then the paper containing microdots can be posted by general mail service.
- Read the message. The shared secrets containing the primers and encoding rules are sent to the sender and the receiver. After the receiver gets the paper with the DNA, he or she can easily find the microdots. Since the intended receiver should have gotten the primers and encoding rules through some other out-of-band method (telephone, email, fax, etc.), he or she can amplify the secret-message DNA microdots, sequence them and retrieve the message (plain-text) according to the encoding rule.
As you can imagine, this requires some sophisticated equipment to use DNA nucleotides as transmission packets, but you have to admit, you certainly wouldn't be looking for scrambled DNA on a paper. Secure? Yes. Does it have practical application for a company information security policy? No.
Related Q&A from Randall Gamby, Contributor
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.continue reading
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.continue reading
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.