Chaff in the Channel (Stealth PGP work)

At 9:32 PM 2/29/96, Bruce Zambini wrote:
Well, that's what I want to avoid; I think the issue is that as long as stego is predictable, there's a problem, ie a message to a certain party can be shown to exist, even if it's not readable. This might prove more than ample evidence in certain circumstances.
You shouldn't be able to recover the stego'd message without special knowledge. This isn't addressed by current software, to my knowledge.
Sorry if I haven't been following the latest "stego" messages too closely. If it is desired that an image, say, carry a steganographic message that is "undetectable" to adversaries, then much more than just stripping off the PGP markers (headers, identifying bits, whatever) must be done: the LSB bit plane, if this is the stego channel, must have statistics which are indistinguishable from "normal" LSB bit planes of images. (Not an easy thing to define or to implement, but there you go.) So, when the Khmer Rouge People's Enforcement Division looks at the image they have confiscated from your computer and examines the LSB bit plane for evidence of human rights files encrypted steganographically, that bit plane had better not have unusual statistics...it had better not look "too" random, as real life LSB randomness may not have nearly the entropy of PGP randomness, say. What can be done? One emergent standard could be to the following: - when images are sent, or stored, replace the true LSB bit plane (I say "true" to distinguish the actual "grey levels" of one or more of the color bit planes from RGB encodings in which the nominal LSB is not at all the minimum brightness changes) with a "PGP chaff image." - this PGP chaff image could be randomly generated, or chosen from a library, or (surprise, surprise) actually be an encoded message. - the point is that some percentage of all images would have this chaff present, so that mere possession of an image with the offending statistics would not ipso facto be proof of possession of an encrypted/stegoized message. (Of course, the Khmer Rouge People's Enforcement Division might simply kill you anyway, but then they might kill you for merely having a computer. One would hope that Reno's Raiders would not do likewise, and that the existence of multiple images with "chaff" image planes would be sufficient to confuse things.) - the adversary may know you have an image with a chaff plane, but he doesn't know that you actually know how to decode that chaff, that that chaff is not chaff to you. [How is this any different from simply sending chaff messages conventionally, without using steganography? Why not use the full bandwidth? Answer: Stego provides some plausible deniability, more important in court cases in the U.S. than to the Khmer Rouge, of course. Having random messages filling up one's hard disk is suspicious, but having images of the Mona Lisa which _may_ contain stego bits and which _may_ be readable by the owner is considerably less suspicion-arousing.] This is my take on fixing the stego situation. Instead of worrying about a "stealth PGP version," which is likely to be only a slight speed bump (because of the statistics), think about flooding the detection channels. Longterm, however, I certainly think that cryptographic messages can be made virtually indistinguishable from low-order bit noise. (I have argued this since the late 1980s, so I'm not changing my views now.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."

Is anyone here on the Steganography mailing list? Last I checked it looked pretty dead, which is a shame. Stego seems to be a really important topic, and a difficult one at that. The good news is there's all sorts of entropy in the data we send back and forth, the bad news is it's hard to actually exploit it. tcmay@got.net (Timothy C. May) writes:
This is my take on fixing the stego situation. Instead of worrying about a "stealth PGP version," which is likely to be only a slight speed bump (because of the statistics), think about flooding the detection channels.
The stealth PGP is, of course, a necessary element: you have to remove the big "THIS IS AN ENCRYPTED MESSAGE FOR RESISTOR-CELL-23" before you can slip it in somewhere. As noble as "flood the detection channels" sounds, has it really ever succeeded? Do people who don't care about privacy day to day ever go through extra trouble to make other people's privacy easier? I can think of two public efforts to increase noise that have failed: putting Spook keywords in all Usenet posts, and using PGP email for normal day to day traffic. The failure of the second channel-flooding is especially notable: even people doing serious crypto hacking, with well established public keys, don't seem to PGP encrypt normal day to day traffic. It's just not convenient enough. I think asking people to increase entropy in their day to day communication is doomed to fail, it's just too much trouble. Better to exploit the entropy we already have, and maybe encourage designers of new systems to build in some extra entropy sources when they get the chance. I've got some specific ideas, but am a bit nervous about talking about them because of intellectual property issues. Also, I'm not convinced that unlike cryptography, some extra security can be maintained in a steganographic system by not disclosing the way it works. I haven't resolved these concerns, but would be happy to engage in some metadiscussion about them.

On Thu, 29 Feb 1996, Nelson Minar wrote:
As noble as "flood the detection channels" sounds, has it really ever succeeded? Do people who don't care about privacy day to day ever go through extra trouble to make other people's privacy easier? I can think of two public efforts to increase noise that have failed: putting Spook keywords in all Usenet posts, and using PGP email for normal day to day traffic. The failure of the second channel-flooding is especially notable: even people doing serious crypto hacking, with well established public keys, don't seem to PGP encrypt normal day to day traffic. It's just not convenient enough.
At one point I'd thought about setting up a "random" crontab on my local machine to send out encrypted junk to remailers over the net via a SLiRP connection. It made a little more sense when I was connected 24/7. I'm still planning on doing this sometime, probably during Spring Break or this summer. I don't know how useful it would be, though. -- |\/|ike Gurski mgursk1@gl.umbc.edu http://www.gl.umbc.edu/~mgursk1/ finger or mail subject "send pgpkey" or "send index" Hail Eris! |Member, 1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570| Team My opinions are mine alone, even if you should be sharing them. | OS/2

Stenography is torn between a (reasonable) desire for secrecy in order to gain security by making it harder to detect your noise patterns, and the need for correspondants to agree on a standard. (This agreement made harder by cross platform issues.) However, I suspect that the ideal would be like cryptography: Assume the enemy knows everything about your system but the keys. Thus, your gifs need to look like normal gifs in the lsb. Your audio needs to have normal levels of hiss in it. Etc. When actually using stego, theres no need to publicise your choise of stego methods. But when desinging a system, your opponent should be assumed to understand it. Adam Nelson Minar wrote: | I've got some specific ideas, but am a bit nervous about talking about | them because of intellectual property issues. Also, I'm not convinced | that unlike cryptography, some extra security can be maintained in a | steganographic system by not disclosing the way it works. I haven't | resolved these concerns, but would be happy to engage in some | metadiscussion about them. -- "It is seldom that liberty of any kind is lost all at once." -Hume

On Thu, 29 Feb 1996, Nelson Minar wrote:
tcmay@got.net (Timothy C. May) writes:
This is my take on fixing the stego situation. Instead of worrying about a "stealth PGP version," which is likely to be only a slight speed bump (because of the statistics), think about flooding the detection channels.
As noble as "flood the detection channels" sounds, has it really ever succeeded? Do people who don't care about privacy day to day ever go through extra trouble to make other people's privacy easier? I can
I still like the idea of EVERYONE using encryption. Hiding stuff in plain sight always has appealed to me. -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 214/993-3935 voicemail/digital pager 800/558-3408 SkyPager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi "Past the wounds of childhood, past the fallen dreams and the broken families, through the hurt and the loss and the agony only the night ever hears, is a waiting soul. Patient, permanent, abundant, it opens its infinite heart and asks only one thing of you ... 'Remember who it is you really are.'" -- "Losing Your Mind", Karen Alexander and Rick Boyes The mark of a good conspiracy theory is its untestability. -- Andrew Spring
participants (5)
-
Adam Shostack
-
Ed Carp
-
Mike Gurski
-
Nelson Minar
-
tcmay@got.net