Data Protection in SR4 Matrix, Just an idea. Options

[Morrigana]

You know, I was just thinking: Since, pretty much, the Wireless Matrix can present massive problems for keeping people out... Why not hide the data? You've effectively got unlimited storage space anyway.

What I would do: I would, first, set aside the data I want to store. Then I would download the entire Library of Congress, every political treatise or speach made since the 1740s, and every bit of free porn I could. Then, I'd split my data into 200 parts and scatter it among that mess. No hacker in the world would be able to break into my system and retrieve the data before Black IC could kill them.

[Crusher Bob]

Congratulations, you've re-discovered Security through obscurity

[Morrigana]

Actually, I was just trying to start a discussion of realistic methods of countering hackers under the Wireless Matrix.

With the RAW, there's virtually unlimited storage space anywhere. Most people should reasonably know this. What's to really stop every security system from doing something like this and making hacking virtually impossible? The authors themselves can simply assign each part a different, unique, keyword and write the keywords down on a piece of paper. Then, any time they need something, they can just type the keywords in and let the system do the search and compile the data. Throw in random keyword searches from time to time or put in the wrong keyword in one spot at times on purpose to make it harder for an intruder in the system to know what they're supposed to search for.

The issue is, with how the Wireless Matrix is set up, there's nothing stopping you from doing this quickly. In a real world example? You'd run out of storage space long before you ever did it right. And I'm sure storage space was enough of an issue under SR3 to prevent it from being done regularly. But, with the current? Realistically, what's to stop everyone from doing it? It would be even worse with trying to track down necessary keywords within a megacorp, as then you might have to shift through thousands per minute just to find the 200 you'd need, while still having no guarantee that you found the right ones.

This would mean that, first, to get the data, they need the keywords. Which means they have to break into your facility, steal them, and then do the search. You could, of course, counter that by changing the keywords at the end of the day and not issuing the new list until the next day.

[Dragnar]

As a small aside, internally data is stored scattered into small parts interjected with various other stuff on modern day computers anyway (which is why you should defrag your HD every once in a while), with the OS keeping a list as to which parts belong to the what file. You could intentionally mislabel that list, requiring a specific key to get the right parts, but from an effect point of view, that's roughly equivalent to just encrypting the files in the first place.


EDIT: And using a not reverse-engineerable key on a piece of paper is the equivalent of using a one-time pad encryption, which is unbreakable if implemented right even today. It's getting the key to be not deductable from the hidden data which is the hard part, meaning a regular old key to get the "right" files is no different than breaking the key on a regular encryption scheme.

[The Jake]

Actually, I was just trying to start a discussion of realistic methods of countering hackers under the Wireless Matrix.

With the RAW, there's virtually unlimited storage space anywhere. Most people should reasonably know this. What's to really stop every security system from doing something like this and making hacking virtually impossible? The authors themselves can simply assign each part a different, unique, keyword and write the keywords down on a piece of paper. Then, any time they need something, they can just type the keywords in and let the system do the search and compile the data. Throw in random keyword searches from time to time or put in the wrong keyword in one spot at times on purpose to make it harder for an intruder in the system to know what they're supposed to search for.

The issue is, with how the Wireless Matrix is set up, there's nothing stopping you from doing this quickly. In a real world example? You'd run out of storage space long before you ever did it right. And I'm sure storage space was enough of an issue under SR3 to prevent it from being done regularly. But, with the current? Realistically, what's to stop everyone from doing it? It would be even worse with trying to track down necessary keywords within a megacorp, as then you might have to shift through thousands per minute just to find the 200 you'd need, while still having no guarantee that you found the right ones.

This would mean that, first, to get the data, they need the keywords. Which means they have to break into your facility, steal them, and then do the search. You could, of course, counter that by changing the keywords at the end of the day and not issuing the new list until the next day.

Congratulations. You've just re-discovered a one time pad.

I'm not sure I've read enough of the rules yet. My solution to data security is to write data with a paper and pen.

I have now just revolutionised Matrix security.

*sticks middle finger up at technomancers everywhere*

- J.

[The Jake]

You know, I was just thinking: Since, pretty much, the Wireless Matrix can present massive problems for keeping people out... Why not hide the data? You've effectively got unlimited storage space anyway.

What I would do: I would, first, set aside the data I want to store. Then I would download the entire Library of Congress, every political treatise or speach made since the 1740s, and every bit of free porn I could. Then, I'd split my data into 200 parts and scatter it among that mess. No hacker in the world would be able to break into my system and retrieve the data before Black IC could kill them.

Technomancers echoes can easily beat this strategy. But like someone else said - security through obscurity always fails eventually.

- J.

[Digital Heroin]

As stated, you would still need an index, or some way to re-assemble the data. A hacker who has no idea what might be in your system and is just trolling for data might be fragged right up by the obscurity, but one who knew what they were looking for, or that you had good data, would just seek out the index/re-assembler.

Add to that the fact that any time anyone needed to access the data, they would have to re-assemble it, and that takes processing power. It might seem infinite, but if a major corp does that with all of their data, it's going to be one hell of a system hog breaking up and re-building everything for each query.

[Ustio]

On the subject of one tiome pads:

My group once used the following one time pad to secure our real-time radio chatter:

* Take a lingua-soft
* crack it to remove copy protection,
* Now access it's internal dictionary and using atmospheric noise mix it up
* Make as many copies as required for your team
* Have everyone run it on wireless disabled platform

Congratulations your radio conversations will now go like this:

Street Sam: House! Gesticulating tables

Mage: Urinating dog, urinating dog

Hacker: Lopsided turkeys juicing oranges several jobs Yellow 13


I defy a hacker to be able to do anything about this in the tiome available (remembering that if he can get access to your wireless ware he culd just shoot you in the head)

[The Jake]

On the subject of one tiome pads:

My group once used the following one time pad to secure our real-time radio chatter:

* Take a lingua-soft
* crack it to remove copy protection,
* Now access it's internal dictionary and using atmospheric noise mix it up
* Make as many copies as required for your team
* Have everyone run it on wireless disabled platform

Congratulations your radio conversations will now go like this:

Street Sam: House! Gesticulating tables

Mage: Urinating dog, urinating dog

Hacker: Lopsided turkeys juicing oranges several jobs Yellow 13


I defy a hacker to be able to do anything about this in the tiome available (remembering that if he can get access to your wireless ware he culd just shoot you in the head)

I'll just add a touch of realism here and state that if implemented correctly, a one time pad is the only undefeatable form of encryption.

Ustio -
That would definitely work. Just make sure that there are enough numbers generated to provide codes for an entire run and those linguasofts are guarded or you could be in deep trouble. (IMG:style_emoticons/default/biggrin.gif)

- J.

[Dragnar]

On the subject of one tiome pads:

My group once used the following one time pad to secure our real-time radio chatter:

* Take a lingua-soft
* crack it to remove copy protection,
* Now access it's internal dictionary and using atmospheric noise mix it up
* Make as many copies as required for your team
* Have everyone run it on wireless disabled platform

(...)

I defy a hacker to be able to do anything about this in the tiome available (remembering that if he can get access to your wireless ware he culd just shoot you in the head)

That's not a one time pad, that a simple exchange cipher (as it's functionally identical to talking in klingon or any other language nobody on the other side knows), a rather low security encryption. Yes, it's difficult to crack in real-time today, but really easy to crack at all, and SR rules tell us that doing so is trivial in 2070 even in short amounts of time.

[Blade]

On the subject of one tiome pads:

My group once used the following one time pad to secure our real-time radio chatter:

* Take a lingua-soft
* crack it to remove copy protection,
* Now access it's internal dictionary and using atmospheric noise mix it up
* Make as many copies as required for your team
* Have everyone run it on wireless disabled platform

Congratulations your radio conversations will now go like this:

Street Sam: House! Gesticulating tables

Mage: Urinating dog, urinating dog

Hacker: Lopsided turkeys juicing oranges several jobs Yellow 13


I defy a hacker to be able to do anything about this in the tiome available (remembering that if he can get access to your wireless ware he culd just shoot you in the head)

First, this isn't exactly unbreakable. As soon as you repeat the same word, you weaken your encryption of this word. For example, if everyone says "House!" every time they see a guard, it won't be difficult to interpret it as "Contact!".
Second, it's not very different from standard encryption... I've seen a few players explaining their "highly complicated and totally unbreakable" encryption schemes. Most of the time, they were either OTP or about the same (but not as effective) as today's encryption algorithms.
Third, as a GM I'm totally against this. There are reasons why there are encrypt and decrypt programs: abstraction, because not everybody wants to play "Shadowrun: Cryptographist edition" and gameplay. If an unbreakable system existed in Shadowrun, hacking would be totally impossible.

[Heath Robinson]

Multilayer OTFE filesystem. Filled with layer after layer of honeypots. Hidden in the noise of a troll-on-dwarf low budget porn sim DIR-X wet record. Interleaved between the POVs. Copy protected and Encrypted.

Not only is it now so ridiculously huge that you will have to try to crack it in the node it originates (Unwired, thank you for giving us something that can't be downloaded), but it'll probably be beneath the notice of the hacker ("heh, crappy porn, must be slow around here") .

Consider paying Dissonants to run raids on the archive RRs and corrupt the data (and as much else as you can) contained therein. With the emergence of Technomancers and the archive RRs we may see an increase in the manual bookkeeping for sensitive data by low budget groups with things to hide (paranoia, more than practicality) but for a large organisation that's far less possible. But they'll surely be able to afford hiring a few submerged Dissonants, even Dissonants know the value of nuyen. If you can't, then Technos can still learn the Corrupt CF and Submerge, but a Dissonant probably wants to try invading Techno RRs for the entertainment value.

[The Jake]

First, this isn't exactly unbreakable. As soon as you repeat the same word, you weaken your encryption of this word. For example, if everyone says "House!" every time they see a guard, it won't be difficult to interpret it as "Contact!".

When it starts repeating its no longer a "one time pad"... (IMG:style_emoticons/default/nyahnyah.gif)

Comes back to what I said about the implementation... (IMG:style_emoticons/default/biggrin.gif)

Second, it's not very different from standard encryption... I've seen a few players explaining their "highly complicated and totally unbreakable" encryption schemes. Most of the time, they were either OTP or about the same (but not as effective) as today's encryption algorithms.
Third, as a GM I'm totally against this. There are reasons why there are encrypt and decrypt programs: abstraction, because not everybody wants to play "Shadowrun: Cryptographist edition" and gameplay. If an unbreakable system existed in Shadowrun, hacking would be totally impossible.

I was thinking that if I was going to houserule encryption, I'd err on the side of the rules except in cases where the encryption/decryption itself in and by itself is intended to be a plot device (e.g. "Only XYZ hardware at ABC location can decrypt this file!"). How does that sound?

- J.

[hobgoblin]

only grief can come from all this...

i can see why blue planet basically tossed hacking to the dogs in preference to good old break-ins and intimidation...

[Malachi]

On the subject of one tiome pads:

My group once used the following one time pad to secure our real-time radio chatter:

* Take a lingua-soft
* crack it to remove copy protection,
* Now access it's internal dictionary and using atmospheric noise mix it up
* Make as many copies as required for your team
* Have everyone run it on wireless disabled platform

Logic hole in the highlighted section. Unless the entire team is communicating by Commlinks connected with wires, then your communications device is wireless enabled. Your linguasoft needs some way to access the communications data (the voices) in order to encrypt (translate) or decrypt ("untranslate" the word into English). Therefore the platform running your Linguasoft (even though it may be on a Wireless disabled device) is still connected to a wireless enabled device (your Commlink sending and receiving signals), and it needs access to that data in real-time to boot. All you have created is a slight inconvenience in that an intruder Hacker needs to go from your Wireless Commlink to your non-wireless Commlink (but connected to your Wireless Commlink via cable or skinlink) in order to get the Decryption codes.

Third, as a GM I'm totally against this. There are reasons why there are encrypt and decrypt programs: abstraction, because not everybody wants to play "Shadowrun: Cryptographist edition" and gameplay. If an unbreakable system existed in Shadowrun, hacking would be totally impossible.

QFT. I don't see why this whole "encryption" issue keeps coming up. There are many things in SR that are fantastical, ridiculous, and/or abstracted heavily. If it makes the game fun, then who cares if its not "realistic" enough. Unbreakable encryption is no fun.

[Blade]

I was thinking that if I was going to houserule encryption, I'd err on the side of the rules except in cases where the encryption/decryption itself in and by itself is intended to be a plot device (e.g. "Only XYZ hardware at ABC location can decrypt this file!"). How does that sound?

That's more or less what's in Unwired. There are 3 kinds of encryption:
* basic encryption (BBB's encryption)
* strong encryption, it takes longer to encrypt the file/node but the longer it takes the stronger the encryption is. (I don't remember the exact rules)
* dramatic encryption: uses a special encryption that needs something specific to work (as in your example). Of course, this kind of encryption can't be used by everyone for everything. Actually, properly implemented OTP apply here (and you can't use them for real-time communication).

[The Jake]

Logic hole in the highlighted section. Unless the entire team is communicating by Commlinks connected with wires, then your communications device is wireless enabled. Your linguasoft needs some way to access the communications data (the voices) in order to encrypt (translate) or decrypt ("untranslate" the word into English). Therefore the platform running your Linguasoft (even though it may be on a Wireless disabled device) is still connected to a wireless enabled device (your Commlink sending and receiving signals), and it needs access to that data in real-time to boot. All you have created is a slight inconvenience in that an intruder Hacker needs to go from your Wireless Commlink to your non-wireless Commlink (but connected to your Wireless Commlink via cable or skinlink) in order to get the Decryption codes.


QFT. I don't see why this whole "encryption" issue keeps coming up. There are many things in SR that are fantastical, ridiculous, and/or abstracted heavily. If it makes the game fun, then who cares if its not "realistic" enough. Unbreakable encryption is no fun.

Not necessarily.

If the lingua soft is not repeated and the background noise used as a cipher is truly "random" then I'd suggest that so long as none of the text is repeated, it counts as an OTP.

If the attacking party however, was able to learn which linguasoft was used, I'd rule they have a fighting chance to crack it....

- J.

[Blade]

Yes but the problem is that the vocabulary used in infiltration/combat situation is limited to a few words. These words will be repeated, and consequently, be cracked.

[Aaron]

Actually, I was just trying to start a discussion of realistic methods of countering hackers under the Wireless Matrix.

I believe I can offer a method of good security against hackers with one word. That word is "patrols."

[Steampunk]

I totaly agree to Blade, imho the whole idea to use some home-brew cryphtographic system breaks the rules. The rules are abstract and as long as the players don't want to change the game into a cryptographic discussion group, the should work inside the rules - or change them. This isn't a bad idea, because the SR4 encryption rules are (imho!) pretty stupid.

[The Jake]

Yes but the problem is that the vocabulary used in infiltration/combat situation is limited to a few words. These words will be repeated, and consequently, be cracked.

Short answer: maybe/probably.

Long answer: It REALLY depends.
If the pad is a proper one time pad, then its fine. Upon further examination, one could reasonably argue it isn't a proper one time pad but I think it is highly debatable.

A proper one time pad would be something like each party member having a pad of over a large number of combinations for all conversation. Each sentence would decrement the count so all could understand the conversation. As long as all the PCs did not use the entire pad or get to a point where the pad ran out but the encryption had to continue (and thus, repeat/reuse the pad), then their encryption should be safe.

That is however assuming the standard was reasonably "strong" (by SR4 standards) and the pad was distributed using appropriate "out of band" channels and not intercepted, etc.

- J.

[Prime Mover]

I've found that time is the hackers enemy. The longer you can keep said hacker in the system the more likely something or someone is gonna spot them. Layered nodes,choke points,honey pots,pass by pass analyze etc,unique encryption etc... These things have been the only "speed bumps" that our now experienced hacker gets caught up by.

[Chrysalis]

You can have every person loaded with the digitised collection of the Library of Congress. Every word has a numerical value, no number is repeated, every ten minutes the book is changed.

However, maybe cryptography has not been cracked, but random number generation has been. So in the above example a strong decrypter knows every random number outputted and also uses signal analysis to verify decryption. All of this can happen in the millisecond (if we are handwaving space, let's also handwave speed) needed for it to be now decrypted real-time.

[hobgoblin]

or simply, the rules as they exist are designed to be playable and enjoyable by non-techies...

the other option is "space opera"...

[Blade]

A proper one time pad would be something like each party member having a pad of over a large number of combinations for all conversation. Each sentence would decrement the count so all could understand the conversation. As long as all the PCs did not use the entire pad or get to a point where the pad ran out but the encryption had to continue (and thus, repeat/reuse the pad), then their encryption should be safe.

That is however assuming the standard was reasonably "strong" (by SR4 standards) and the pad was distributed using appropriate "out of band" channels and not intercepted, etc.

And also assuming that the synchronization is perfect.
All the opposition needs to do is to spoof incoming messages, or use jammers to disrupt the signals and the pads will be desynchronized. Eventually, they'll run out of pads.