Q

The difficulty of stealing information compressed with a private algorithm

If the information traversing an OC3 line is compressed with an algorithm that is not public, how difficult would it be to steal the information? What would a thief have to do to get this information?


They need to get the compression algorithm. That's the simplest way to do it. Probably they could crack the algorithm, but it's probably simpler to just steal a copy of it.

Are you considering doing this, or are you just asking?

The reason I ask is that there's an important difference between coding and encryption. Coding is a different way of writing things. For example, this message is coded in ASCII. A coding is just a way of saying that this group of bits means that group of symbols. Anyone who knows the coding algorithm can translate the bits into symbols.

Encryption is an algorithm that is a function. That function takes a parameter, the key, and when applied to your set of bits, translates it into another set of bits that someone can't undo without the key.

It is certainly possible to make codings where the coding itself can be thought of as the key. That's what you're suggesting. If your attacker, however, gets one of your coding machines and takes it apart, then you've lost the secrecy of the entire system. With encryption, the security revolves around the keys. Your attacker can have a machine just like yours, and they still can't steal your data unless they steal your keys.

If you are building a real-world system, the best solution is to compress something, then encrypt the compressed data. That way, you can pick the most efficient compression algorithm for your data (for example, LZ compression works well on text, and JPEG works well on pictures), and then encrypt that. With today's silicon, symmetric encryption (which is what you'll do on bulk data going through an OC3) is basically for free. It is more likely that a fancy compression algorithm will be much more expensive than the encryption. It will also be much more secure.

Many people have tried to devise systems that combine some sort of compression with some sort of confidentiality features. I haven't seen one that works as well as the simple mechanism of compress and encrypt.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Encryption
Tech Tip: Tales from the crypto

This was first published in April 2002

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close