Research Saturday 2.15.20
Ep 122 | 2.15.20
If you can't detect it, you can't steal it.

Dave Bittner: [00:00:03] Hello everyone, and welcome to the CyberWire's Research Saturday, presented by Juniper Networks. I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down threats and vulnerabilities, and solving some of the hard problems of protecting ourselves in a rapidly evolving cyberspace. Thanks for joining us.

Dave Bittner: [00:00:25] And now a word from our sponsor, Juniper Networks. Organizations are constantly evolving and increasingly turning to multicloud to transform IT. Juniper's connected security gives organizations the ability to safeguard users, applications, and infrastructure by extending security to all points of connection across the network. Helping defend you against advanced threats, Juniper's connected security is also open, so you can build on the security solutions and infrastructure you already have. Secure your entire business, from your endpoints to your edge, and every cloud in between, with Juniper's connected security. Come see Juniper at RSA 2020 in booth 6161 one to see why NSS Labs says Juniper is back in security. And we thank Juniper for making it possible to bring you Research Saturday.

Dave Bittner: [00:01:19] Thanks also to our sponsor, Enveil, whose revolutionary ZeroReveal solution closes the last gap in data security: protecting data in use. It's the industry's first and only scalable commercial solution enabling data to remain encrypted throughout the entire processing lifecycle. Imagine being able to analyze, search, and perform calculations on sensitive data, all without ever decrypting anything – all without the risks of theft or inadvertent exposure. What was once only theoretical is now possible with Enveil. Learn more at

Dan Sadot: [00:01:58] Okay, so basically my personal background, I'm the expert in optical communications.

Dave Bittner: [00:02:04] That's Dan Sadot. He's a professor in the ECE department of Ben-Gurion University. The research we're discussing today is titled "Photonic-layer encryption and steganography over IM/DD communication system."

Dan Sadot: [00:02:17] The way it sounds is really an interdisciplinary discipline. It is combining classical communications, like communication theory, and optics, which is basically around lasers, fiber optics, and so on. These two disciplines are basically now taking the lead in the, let's say, all modern high-speed communications – like, anything running at high speed, say, above ten gigabit per second, one-hundred gig, four-hundred gig – just name it. So, these are all running over optical fibers.

Dan Sadot: [00:02:52] The thing is that all the encryption and security that is taken care today is being done on the bits level, on the digital level. And we came out with the idea that why not to take advantage of the fact that anyway, the physical layer – which carries the information – can also help you in terms of encryption, steganography, and stuff like that. So, that's the background for that.

Dave Bittner: [00:03:21] Well, so let's dig in a little bit more for some understanding here. So, I mean, can you give us a little bit of background – when we're sending signals optically, what exactly is going on? Is this inherently an analog process, or how does it work from a high-level point of view?

Dan Sadot: [00:03:40] Okay, so, basically, in any communication system, there is the transmit side and receive side, where in the transmit side, you begin with any kind of an application – could be either a human voice, all the way to mega files – but eventually, it turns out to be a digital stream of information. And this stream of information should be carried over some kind of physical media. So, it could be either a wireline or wireless, like Wi-Fi or Bluetooth or phone. The major difference while moving to optical communications is that you take the same basic stream of data – which is, again, this stream of bits – and you just put it on top of an optical carrier. The optical carrier is basically an optical wave that could be represented as a color or as a laser beam or as any sort of light that goes into an optical fiber.

Dave Bittner: [00:04:43] And so, the advantages of an optical system is that it's capable of carrying much more information than, say, over copper?

Dan Sadot: [00:04:52] Yeah, basically, there are two, I would say, large-scale advantages. One is that the bandwidth of the optical technology is roughly, I would say, two to three orders of magnitude wider. So, anything beyond, like, ten-gigabit per second hardly can be carried on non-optical. But if you do it optically, so we can go all the way to hundreds of gigabits per second, [INAUDIBLE].

Dan Sadot: [00:05:20] So, that's one great advantage. The other, I would say, not less important advantage is the fact that once the light is being manipulated into an optical fiber, it goes in and cannot run away out of that. So, in terms of – what's a technical term of power consumption and signal-to-noise ratio and stuff like that, the signal is being kept in relatively high power or attenuated, I would say, very, very little as compared to generation in other media, like in wireline or wireless or whatever. So, I would say every one hundred kilometers you can keep the optical signal without any handling, as opposed to, I would say, a few meters or maybe a few centimeters depending on the bitrate for other types of media. So these are the great two advantages.

Dave Bittner: [00:06:18] Well, so let's dig into this specific techniques that you all have developed here. Take us through what you're doing.

Dan Sadot: [00:06:24] Okay, so basically once, I mean, we have in mind the fact that we're going to take the stream of data and turn it from electrons to photons, so to speak, we can take the highest level of existing encryption, as is, and just add on top of it a new level. And this new level basically boils down to two main new concepts. One is that in order to transmit the information, as already mentioned, you take the stream of bits over an optical carrier, why not to do it over many carriers, namely many colors? So, you take this stream of data and you break it to, I would say, instead of a single wavelength or single current, to one thousand wavelengths.

Dan Sadot: [00:07:14] Now, what is the benefit of that? You can now attenuate each of those colors by one thousand. So, eventually, you take one thousand pieces – each of them becomes now very, very weak, and you transmit to all those carriers or colors in a very weak manner in the fiber. On top of that, you design the transmission scenario to be that those very weak signals will be even below the background noise. In any existing media, there is some background noise. Could be background light or some kind of spontaneous emission coming from other lasers in the network or from other amplifiers. Which is very similar to in an analog case on free space, where always there is some kind of acoustic noise or light background in any media. So, it happens also an optical fiber.

Dan Sadot: [00:08:14] So, now if you should take those two effects together, you can design a configuration where the signal is effectively below the noise level. So, what happens is that every color is invisible, and you're transmitting instantaneously, like, one thousand of those colors, but you cannot see any of them. So, this is what to configure as this kind of stealthy transmission scheme. So, now, this is one part of the scheme. So, you take this signal, break it to many, many colors, transmit it below the noise level so it's invisible.

Dan Sadot: [00:08:54] Now, of course, it sounds very attractive, but you must make sure that on the other hand, the eligible receiver will be able to reconstruct or rebuild this information. So, that's the other part of the challenge.

Dave Bittner: [00:09:10] Well, so, while you are stealthily sending this information below the noise floor, are you simultaneously sending, you know, regular information over the fiber that, you know, that's intended to be seen?

Dan Sadot: [00:09:26] It could be. I mean, it's not restricted to this scenario. It could be a part of a network where there are many other channels are running and you're just below the noise, so, naturally, you will be also below those other channels and they will not interfere in any way. 

Dave Bittner: [00:09:43] I see.

Dan Sadot: [00:09:43] So, that's one – that's actually even making the stealthiness stronger, because then you'll see many channels and your stealthy channel is not only below those channels, but also below the noise, so totally invisible.

Dave Bittner: [00:09:58] Right.

Dan Sadot: [00:09:59] But there is another challenge – on the receive side, you need to rebuild this signal, and you need also to make sure that the intruder will not be able to rebuild the signal. So, I'm going to explain in a moment how you rebuild the signal, but just before that, in order to complete the encryption scheme on the transmit side, we're doing another, I would say, aggressive manipulation, which is taking every color and adding a kind of random phase to this color. The random phase is basically changing the situation between the different colors in a way that, on the receiver side, if you do not remove this kind of phase manipulation, you'll never be able to rebuild the signal again. So, that's kind of adding an encryption key on top of the stealthiness manipulation.

Dave Bittner: [00:10:58] And this is a physical element of the light itself?

Dan Sadot: [00:11:01] Right. Right. We call it a "phase mask," which basically is an off-the-shelf kind of component. Maybe it's a good point to mention that all our scheme is based on off-the-shelf components, so it may be implemented and commercialized with existing technology and existing equipment. So, it's not requiring any development of new components that are not being commercialized yet.

Dave Bittner: [00:11:29] Is it useful to think – I'm imagining sort of the way that, you know, polarized sunglasses react to light – how you can, you know, block out things by the polarization of the light. Is it along those certain lines?

Dan Sadot: [00:11:43] It is a good analogy. Polarization is an additional or a different feature of light. So, light has an amplitude, it has the phase, and it has also the polarization. So, these are independent features of flight. So, it's a good example, but it's different.

Dave Bittner: [00:12:03] I see, okay.

Dan Sadot: [00:12:04] So anyway, once we've done those two steps, like spreading the light and hiding it below the noise, that's the first step. And then adding deliberately kind of what is supposed to seem random, but it is not random – it's a deterministic phase manipulation. So then, on the other hand, we need to kind of cancel those actions. That's the rebuilding of the signal by the eligible receiver. So, I'll try to explain what's going on there on the receive side.

Dave Bittner: [00:12:37] Yeah, please.

Dan Sadot: [00:12:37] So, on the receive side, only being seen at this point is just noise, because the signal is below the noise and it's just hidden there. But if the eligible receiver knows that he's supposed to receive some useful information, so he will apply the opposite of the phase mask that was applied on the transmit side, basically removing all those the random phase manipulations that have been applied to each of those colors. So, that's the first step.

Dan Sadot: [00:13:08] Once done, so now, the eligible receiver has the chance, so to speak, to rebuild the signal. And the way he rebuilds the – may rebuild the signal is by collecting all those thousand of independent colors and adding them together in what is called in optics a coherent addition. So, the coherent addition is basically taking all the ingredients of light in this special, coherent way that they will add coherently and then the original strong signal will be rebuilt on top of the noise. So again, just to emphasize, this cannot be done if the phase mask effect was not removed, because then this coherence feature will be lost.

Dave Bittner: [00:13:58] Now, in terms of informing the receiver as to what's going on with the phase mask – in other words, letting them know the information they need to do this decoding – is that information being sent on a side channel? Is that under separate cover? Is that included in the main signal?

Dan Sadot: [00:14:18] No, that's a great question. So basically, you can look at the phase mask in both sides as the key of the encryption. So, once you follow this kind of paradigm, so basically you can follow all the existing protocols, or how to exchange keys between the eligible transmitter and receivers. We have no additional invention here – we're just following well-known protocols, how to distribute the key between the eligible users.

Dan Sadot: [00:14:48] Okay, another point, probably the most important one that I didn't emphasize yet, is the fact that this kind of rebuilding – optical rebuilding of the signal – is being done on the optical domain, and all this kind of destruction and reconstruction of the signal is all optical. And why is it so important? Because what happens usually is that once a signal is being encrypted and trying to be decoded by an intruder, so what is happening is the signal is being recorded, and then you can try to break the code offline, so to speak, by using high-power computers, or in a few years, there will be optical quantum computers and so on. So, the fact is that if you rely on the strength of the code, you are in risk, because the stronger the computing power becomes, the higher the chances that your code can be broken... 

Dave Bittner: [00:15:51] Right. 

Dan Sadot: [00:15:51] ...That's what's happening today. And that's the concern of all those, I would say, encryption entities. So, what is happening with our scheme is that recording is off the table. You cannot record the signal – that's probably the most important message of this scheme. And the reason you cannot record it is because the recording is going through an optical to electrical transformation. And this optical to electrical transformation is involving losing the phase information. So if you did not remove the key – which is the phase mask that I explained earlier about – what will happen is that the phase is being lost once the recording process is happening, and basically the information is being destroyed.

Dan Sadot: [00:16:46] So now, there is no meaning by recording the information and trying to break it, because it's not there anymore. So, that's the great benefit. No high-power computing will help here in this scheme, and the only way to break the code is to do it all optically by trying many, many optical masks and so on. But this is impractical because you cannot keep the light – like, store the light in hand and try to manipulate it with the potential many, many phase masks. So, once the light is traveling, it's being detected and lost. That's it.

Dave Bittner: [00:17:25] Yeah, that's fascinating. So in other words, if you didn't know to look for the phase manipulation that you're doing here, there would be no reason to even attempt to record it, and so in the recording and digitization process, I suppose that information would be lost.

Dan Sadot: [00:17:42] Yeah. That's exactly right. And so, you must to break the code and decode the information on the fly, as opposed to offline.

Dave Bittner: [00:17:50] How practical is it to use this thing you've developed here? Is it going to be relatively easy to apply in the real world?

Dan Sadot: [00:17:59] Yes. As I was trying to emphasize earlier, I mean, all the components that we're using in this end-to-end solution are based on existing technologies, mostly off-the-shelf, commercial. Maybe some should go through some modifications, but it is like, I would say, adding less than a factor of two on the cost of such kind of an existing optical communication system. So that's, I would say, a very good message, as compared, for example, to, say, more futuristic schemes based on quantum encryption and so on, which would require future development, and much more, let's say, futuristic than this means.

Dave Bittner: [00:18:45] Suppose someone were looking out for this method that you've developed. Would they be able to look at the signal and, you know, take a look at the noise filter – or the noise floor, rather, and say to themselves, aha, I see there's some phase manipulation going on here, this needs a closer look.

Dan Sadot: [00:19:05] No. So, basically, the good thing is that once you design the capsulation here to be that the signal is significantly below the noise level – and we already have demonstrated, like, some kind of field trials showing that we're being able to transmit signal at what is called "negative SNR," like negative signal-to-noise ratio, meaning the signal is maybe twenty, thirty times weaker than the noise. So, it's practically invisible. And once it's invisible, so you don't know what you need to manipulate there. And anyway, phase is not something that you can record or try to extract. You can record the entire light, which includes also the phase as part of the features of the light, but you cannot, like, extract what's going on with the phase, what is the manipulation here, and how can you do the decapsulation of this phase manipulation. It's not possible.

Dave Bittner: [00:20:04] I see.

Dave Bittner: [00:20:04] One of the challenges, which is not a technological challenge, is that usually when you go with, like, high-speed communication, especially the communication which is very broadly used, say, for data center interconnections and for long-haul transmissions – all those most popular communication links that consume, say, ninety, ninety-five percent of entire communication worldwide – one of the major challenges is how to change the standards that are around those transmission schemes. This one obviously is not part of any standard because usually when you standardize transmission, you want to make it clear, you want to make it visible, you want to make it as simple as possible so any commercial entity can use it.

Dan Sadot: [00:20:56] But here, it's actually the opposite. Here, you're going to transmit something as complicated in terms of observing the signal. In fact, you're going to manipulate this in a way that it is non-observable. So, there's kind of a, let's say a mental barrier to convince those entities to transmit – it's kind of a paradigm shift, so to speak. As opposed to transmitting something that looks high-quality and clear and so on, the opposite. You need to transmit something that looks – for an ineligible user, like an intruder, it looks very unclear or like noise. It's an opposite concept, just the transmitting noise. It's something that has been done ever.

Dave Bittner: [00:21:44] Yeah. I have to say, my own perception of this is that there's something kind of delightfully analog about this in our digital world...

Dan Sadot: [00:21:52] Correct, yes.

Dave Bittner: [00:21:52] ...You know, the way that this works. (Laughs)

Dan Sadot: [00:21:53] (Laughs) Yes, certainly. Yeah. Actually, light is an analog entity. I mean, unless you really go to the photo level, which are, again, becoming like quantum entities, but in general, light is kind of an analog entity.

Dave Bittner: [00:22:14] Our thanks to Dan Sadot from Ben-Gurion University for joining us. The research is titled, "Photonic-layer encryption and steganography over IM/DD communication system." We'll have a link in the show notes.

Dave Bittner: [00:22:30] Thanks to Juniper Networks for sponsoring our show. You can learn more at, or connect with them on Twitter or Facebook.

Dave Bittner: [00:22:38] And thanks to Enveil for their sponsorship. You can find out how they're closing the last gap in data security at 

Dave Bittner: [00:22:46] The CyberWire Research Saturday is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliott Peltzman, Puru Prakash, Stefan Vaziri, Kelsea Bond, Tim Nodar, Joe Carrigan, Carole Theriault, Ben Yelin, Nick Veliky, Bennett Moe, Chris Russell, John Petrik, Jennifer Eiben, Peter Kilpe, and I'm Dave Bittner. Thanks for listening.