> Here, we demonstrate a covert communications method in which photon emission is rapidly electrically modulated both above and below the level of a passive blackbody at the emitter temperature. The time-averaged emission can be designed to be identical to the thermal background, realizing communications with zero optical signature for detectors with bandwidth lower than the modulation frequency
It sounds like maybe they're modulating the emissivity of a diode up and down so that over time, its IR spectrum looks like black body radiation. Only someone looking at the intensity of the thermal radiation coming from the diode at really fast timescales (kilohertz or megahertz) would notice that there was a signal being transmitted.
> We do have encryption methods, but at the same time we’re always having to create new encryption methodologies when bad actors find new decryption strategies.
> But if someone doesn’t even know the data is being transferred, then it’s really very hard for them to hack into it. If you can send information secretly then it definitely helps to prevent it being acquired by people you don’t want to access it.
Very strange framing. Symmetric cryptography has been "unhackable" for a while now, for all intents and purposes. The real advantage is surely that nobody notices you're transmitting data at all?
It adds a layer of obscurity, but not real security. If somebody is looking, neither sender or receiver can detect it or know if their ciphertext was intercepted. Depending on the methods used, the cipertext might not be immediately crackable with currently known algorithms and resources. However, it can be archived and broken at a later date, or by an actor who has access to algorithms/resources that aren't currently public.
harvest-now-decrypt-later attacks aren't much of a concern for modern symmetric cryptography. heck, even known-broken ciphers like rc4 aren't easy to break in a non-interactive setting with modest ciphertext sizes and no key reuse.
The cypher may be prefectly impenetrable, but the software running on the transmitter or receiver may be more brittle. You cannot attack what you don't even know exists nearby.
In practice you can infer a lot. The payload of a TLS stream is formally indistinguishable from random data, but you can still tell on the wire that it's TLS. There aren't a lot of widely-used TLS implementations. It's been a while since I looked at the specifics, but I bet there's a lot of more specific signature data in the plain-text parts of the protocol like supported ciphers. You can make some good guesses from the metadata.
In the case of a physical interception, you can probably infer more. If you, after reading this article, spot an enemy drone that doesn't have any obvious emissions, then, well, there might only be one option for the software running on that drone, namely The Software that your enemy uses on their drones.
Anyway, it's not clear to me from the article whether the source object from the signal will necessarily be invisible. I think every transmitter still at least looks like a point source of blackbody radiation. The signal may not be detectable from thermal background radiation, but if the background itself is coming from a big obvious drone, well, you know it "exists nearby".
But once you've located the device, you can use a number of electronic warfare approaches to crack into it, not necessarily through its main radio interface. For instance, electromagnetic interference, heating, etc, all can inject a subtle hardware failure that the software is not ready to handle.
Or you can call it encryption along different axis. Much like extracting GPS signals from below thermal floor level - you can do it if you 1) know it's there, and 2) know exactly how to key in. It's impressive as heck, but you can always rephrase it in terms of information theory in ways that makes it sound like slightly different shade of mundane.
I don't believe you're missing anything. This is just stegenography with a possibly new covert channel, right? Apparently the secret depends on advisaries not noticing the special hardware deployed on each end. Would using spread sprectum techniques would work just as well?
Also even if they know you are transmitting, it may still be beneficial to prevent them from knowing how much you are transmitting.
Imagine the enemy detects some of your transmission, even knowing it's encrypted, they can still look at the data rate (or estimate order of it):
- 5 bps = probably a random transmitter, maybe audio spy device, maybe remote detonated weapon
- 5 Mbps = probably a feed from military hardware or personnel
Similar inferences can be made about volume, if they can identify distinct transmissions. Etc. If tricks like these can make the enemy confuse 5 Mbps TX for a 5 bps one, it has obvious tactical utility.
Another example: in some regimes merely using Tor is illegal, or say in the US using it is enough to justify a search warrant for probable cause, with no evidence of any actual wrongdoing. The EU Chat Control lobby is also trying very hard to criminalize encryption. The simple act of trying to communicate privately is taken as indicative of criminal wrongdoing in the modern world. Being able to communicate without adversarial parties knowing you're communicating is a boon.
+1. As another example see https://en.wikipedia.org/wiki/Numbers_station -- people can't decipher the messages, but they strongly suspect something spy-y is going on. If they couldn't even detect it, there would be no suspicion.
Also hi StevenWaterman, I recognize you from previous comments! I think this is the first time that's happened to me on HN
DSSS is sort of both security and obscurity at the same time. The very act of spreading your spectrum out via a secret key also has the effect of reducing the amplitude of your transmission, ideally below the noise floor. A receiver on the other side wouldn't see anything except noise unless they had the same key.
37 comments:
Link to the paper: https://www.nature.com/articles/s41377-025-02119-y
From the abstract:
> Here, we demonstrate a covert communications method in which photon emission is rapidly electrically modulated both above and below the level of a passive blackbody at the emitter temperature. The time-averaged emission can be designed to be identical to the thermal background, realizing communications with zero optical signature for detectors with bandwidth lower than the modulation frequency
It sounds like maybe they're modulating the emissivity of a diode up and down so that over time, its IR spectrum looks like black body radiation. Only someone looking at the intensity of the thermal radiation coming from the diode at really fast timescales (kilohertz or megahertz) would notice that there was a signal being transmitted.
> We do have encryption methods, but at the same time we’re always having to create new encryption methodologies when bad actors find new decryption strategies.
> But if someone doesn’t even know the data is being transferred, then it’s really very hard for them to hack into it. If you can send information secretly then it definitely helps to prevent it being acquired by people you don’t want to access it.
Very strange framing. Symmetric cryptography has been "unhackable" for a while now, for all intents and purposes. The real advantage is surely that nobody notices you're transmitting data at all?
It adds a layer of obscurity, but not real security. If somebody is looking, neither sender or receiver can detect it or know if their ciphertext was intercepted. Depending on the methods used, the cipertext might not be immediately crackable with currently known algorithms and resources. However, it can be archived and broken at a later date, or by an actor who has access to algorithms/resources that aren't currently public.
harvest-now-decrypt-later attacks aren't much of a concern for modern symmetric cryptography. heck, even known-broken ciphers like rc4 aren't easy to break in a non-interactive setting with modest ciphertext sizes and no key reuse.
It all depends on who the message needs to be secure from, and for how long.
The cypher may be prefectly impenetrable, but the software running on the transmitter or receiver may be more brittle. You cannot attack what you don't even know exists nearby.
A secure cipher is indistinguishable from random data, you can't infer what software is on either end just by eavesdropping.
In practice you can infer a lot. The payload of a TLS stream is formally indistinguishable from random data, but you can still tell on the wire that it's TLS. There aren't a lot of widely-used TLS implementations. It's been a while since I looked at the specifics, but I bet there's a lot of more specific signature data in the plain-text parts of the protocol like supported ciphers. You can make some good guesses from the metadata.
In the case of a physical interception, you can probably infer more. If you, after reading this article, spot an enemy drone that doesn't have any obvious emissions, then, well, there might only be one option for the software running on that drone, namely The Software that your enemy uses on their drones.
Anyway, it's not clear to me from the article whether the source object from the signal will necessarily be invisible. I think every transmitter still at least looks like a point source of blackbody radiation. The signal may not be detectable from thermal background radiation, but if the background itself is coming from a big obvious drone, well, you know it "exists nearby".
But once you've located the device, you can use a number of electronic warfare approaches to crack into it, not necessarily through its main radio interface. For instance, electromagnetic interference, heating, etc, all can inject a subtle hardware failure that the software is not ready to handle.
Hence, "the real advantage is surely that nobody notices you're transmitting data at all?"
You really need to look up the Kirchoff principle
> Only a receiver with the right equipment can pick up the hidden message.
So all an eavesdropper has to do is setup the right equipment then? I guess it is only invisible until the technology becomes more widely available.
As invisible as radio signals then.
Now now... Let's be fair...
Radio broadcasts to everyone.
Light you can block off to a single direction.
Oh wait, directional radio antennas exist. Nevermind, yes. Exactly like radio waves.
> Light you can block off in a single direction.
Sorta, kinda. You're really only just attenuating things a lot. It's tricky to actually block it off fully.
Same with radio waves, as light is literally the same phenomena as radio waves, it's just shaking faster.
Maybe I'm missing something, but this reads like a complicated way to say "We made an IR diode that gets cold as well as hot."
Or you can call it encryption along different axis. Much like extracting GPS signals from below thermal floor level - you can do it if you 1) know it's there, and 2) know exactly how to key in. It's impressive as heck, but you can always rephrase it in terms of information theory in ways that makes it sound like slightly different shade of mundane.
No, this has nothing whatsoever to do with encryption, and no real security, probably
Depends on how you modulate it. Think e.g. frequency hopping / spread spectrum: it's encryption, just done on modulation instead of transmitted data.
I don't believe you're missing anything. This is just stegenography with a possibly new covert channel, right? Apparently the secret depends on advisaries not noticing the special hardware deployed on each end. Would using spread sprectum techniques would work just as well?
Yeah, but saying that doesn't get the military to give you money.
I would much rather have been called a computerologist than a computer scientist.
Yep.
It's impressive how this article made this sound like a breakthrough, didn't even mention the entire historied field of steganography once.
The paper itself mentions steganography in the second sentence at least.
Makes me look at steganography in slips on sunglasses an entirely new light.
It seems simpler to use a secure radio protocol instead of relying on security by obscurity for communication.
A covert signal is still beneficial even if the signal is secure. The existence of the signal is valuable metadata.
For a contrived example, imagine I'm in a warzone:
- Secure = Enemies can't read my messages. Good. But they can still triangulate my position.
- Covert = Enemies don't know I exist
Also even if they know you are transmitting, it may still be beneficial to prevent them from knowing how much you are transmitting.
Imagine the enemy detects some of your transmission, even knowing it's encrypted, they can still look at the data rate (or estimate order of it):
- 5 bps = probably a random transmitter, maybe audio spy device, maybe remote detonated weapon
- 5 Mbps = probably a feed from military hardware or personnel
Similar inferences can be made about volume, if they can identify distinct transmissions. Etc. If tricks like these can make the enemy confuse 5 Mbps TX for a 5 bps one, it has obvious tactical utility.
Another example: in some regimes merely using Tor is illegal, or say in the US using it is enough to justify a search warrant for probable cause, with no evidence of any actual wrongdoing. The EU Chat Control lobby is also trying very hard to criminalize encryption. The simple act of trying to communicate privately is taken as indicative of criminal wrongdoing in the modern world. Being able to communicate without adversarial parties knowing you're communicating is a boon.
+1. As another example see https://en.wikipedia.org/wiki/Numbers_station -- people can't decipher the messages, but they strongly suspect something spy-y is going on. If they couldn't even detect it, there would be no suspicion.
Also hi StevenWaterman, I recognize you from previous comments! I think this is the first time that's happened to me on HN
Unless they have "the right equipment". Then you are right back at the same situation.
Nobody has "the right equipment" everywhere all at once, especially not with operators (human or otherwise) set to monitor it all the time.
In the real world, obscurity is the cornerstone of security.
DSSS is sort of both security and obscurity at the same time. The very act of spreading your spectrum out via a secret key also has the effect of reducing the amplitude of your transmission, ideally below the noise floor. A receiver on the other side wouldn't see anything except noise unless they had the same key.
Secure channels can still be jammed. Undetectability is a fundamentally different goal than secrecy.
I am sure you could encrypt the warmth message somehow.
Unless your adversary is scanning for RF emissions, which is getting more and more common.