IN THIS CHAPTER
Keeping Data Secret: Cryptography, Codes, and Ciphers
Steganography and Steganalysis: Hiding Data in Plain Sight, and How to Find and Eliminate It
Regardless of the intent of your computer, security involves keeping your data correct, private, or both. Even if you can keep your system completely free of intruders or software that might divulge your data without you intending it to, if you pass your data across a network, it may be examined and/or modified in transit. Because it's difficult to be certain that no software on a system might accidentally divulge data unintentionally, it's best to treat all critical data as though it were publicly visible at all times. This means that even on a machine that you consider otherwise secure, it's wise to strongly encrypt data that would be damaging or dangerous if it were to become visible.
To protect data from examination either on or off your computer, you need to convert it to a form that cannot be easily accessed without your permission, and that preferably, if changed, can be easily detected as corrupted. This is the role of cryptography: the science of developing and applying techniques that allows authorized persons full access to data while converting it to nothing more than random noise for those without authorization.
This chapter covers the basic tenets of cryptography, including several cryptographic schemes from historic to current technology. It then outlines some of the ways that your data can be accessed or made insecure without actual outside intervention (such as by programs that act with your authority, to do things that you didn't intend for them to do), though these are so varied in aspect that the best we can do is warn you of the things you need to watch for, and hope you'll be clever enough to catch problem applications before they do harm. It also examines steganography, which is the application of techniques to convert data into an invisible, rather than an unreadable form. Data converted by steganography is then overlaid into some carrier data stream, with the intent that the carrier will not be sufficiently perturbed for those observing it to notice the change. Data embedded by steganography is intended to be hard to find for those who don't know what to look for, and sometimes to be difficult to eliminate from the content in which it is embedded, but it is not usually intended to make the data difficult to read. Steganography is frequently applied to embed explicitly noncryptographic data in various files, such as the watermarking of digital images by embedding copyright information directly into the visual image itself. In this form it is important that the information be essentially invisible in the image, but that it is still recoverable easily, even after considerable manipulation of the image.