re: Stego inside encryption
To take this one step further, has anyone tried to ever use this method as an encryption method? You could hide data in a stream of random bits, using position as the encryption method. Obviously, the data would not be stored in packets; rather as single bits strewn throughout the stream. Even ASCII characters could be hidden in such a system very well, as the possibility of choosing the correct 8 bits (extended char set) from the data stream when any combination has equal potential of being the correct sequence would be extremely difficult. Error checking/correcting code could even be used. Using this system, the placement algorithm would be the focus of attack. If an algorithm which has a sufficiently random placement was used, extracting the correct bits would be difficult. Another way to increase the security would be to hide the correct message inside a bitstream created by using the same method on other similar messages. (Hiding a real message inside bogus messages. Hmm... Which one's real?) Patrick _______________________________________________________________________________ From: Mullen Patrick on Thu, Sep 19, 1996 9:19 Subject: Stego inside encryption To: Cypherpunks I know a lot of times the idea behind steganography is to hide the fact that a secret message is in a seemingly normal file/mail/whatever. This is good for avoiding unwanted interest in your file. The benefit of not having people attempt to crack you code, added to the strength of the cryptosystem is wonderful. However, I propose this-- Don't hide that anything's encrypted! Rather than hide this fact, throw it in their face! I propose hiding an encrypted message inside another encrypted message. Set bits in specific places to data in the real message. The benefit is Oscar not only doesn't know what the crypto is, he attacks the wrong message. Hiding statistically random bits from the true message in statistically random bits from the masking message shouldn't be too hard. Granted, this scheme doesn't get you past measures designed to keep out all encrypted messages, and it surely wouldn't keep you message from generating interest, but it would be very hard to decrypt the message, especially when some algorithm is used which (seemingly) randomly selects which bits to use for the stego. Just a thought... My apologies if someone has already proposed this method. Patrick
On 19 Sep 1996, Mullen Patrick wrote:
To take this one step further, has anyone tried to ever use this method as an encryption method? You could hide data in a stream of random bits, using position as the encryption method. Obviously, the data would not be stored in packets; rather as single bits strewn throughout the stream. Even ASCII characters could be hidden in such a system very well, as the possibility of choosing the correct 8 bits (extended char set) from the data stream when any combination has equal potential of being the correct sequence would be extremely difficult. Error checking/correcting code could even be used.
Using this system, the placement algorithm would be the focus of attack. If an algorithm which has a sufficiently random placement was used, extracting the correct bits would be difficult. Another way to increase the security would be to hide the correct message inside a bitstream created by using the same method on other similar messages. (Hiding a real message inside bogus messages. Hmm... Which one's real?)
I've written something similar to this idea a few years ago. :) You might want to check it out. Do a net search for WNS210.ZIP at your nearest good crypto ftp site. You might want to try ftp.wimsey.ca. ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes!
Mullen Patrick wrote:
To take this one step further, has anyone tried to ever use this method as an encryption method? You could hide data in a stream of random bits, using position as the encryption method. Obviously, the data would not be stored in packets; rather as single bits strewn throughout the stream. Even ASCII characters could be hidden in such a system very well, as the possibility of choosing the correct 8 bits (extended char set) from the data stream when any combination has equal potential of being the correct sequence would be extremely difficult. Error checking/correcting code could even be used. Using this system, the placement algorithm would be the focus of attack. If an algorithm which has a sufficiently random placement was used, extracting the correct bits would be difficult. Another way to increase the security would be to hide the correct message inside a bitstream created by using the same method on other similar messages. (Hiding a real message inside bogus messages. Hmm...Which one's real?)..... some text deleted here....
This sounds like exactly what I've been saying. You could paste the message inside or adjacent to the non-text data (and you could bit-pad the text before doing so), then move all the bits around, etc. I'm not sure what was meant by "even ASCII characters could be hidden...", since just before you encrypt, everything's ASCII in some sense or another.
Dale Thorn wrote:
Mullen Patrick wrote:
To take this one step further, has anyone tried to ever use this method as an encryption method? You could hide data in a stream of random bits, using position as the encryption method.
It doesn't matter *what* you do with your bits. The key thing to remember when analyzing your encryption method is that the foundation of your security rests on the difficulty of reversing the numeric sequence that drives the encryption. If I know you're using this RNG-driven steganographic message mixer, then if I can break your RNG I'm done. If I know you're scrambling bits in a file according to an RNG, if I break your RNG I'm done. The key is therefore to make the RNG cryptographically secure. Once you've done that, then there's questionable value in doing anything fancier than straight CBC (or something like that) to encrypt your plaintext. Note that simple functional composition of one or more simple insecure RNG's does not necessarily give you a stronger RNG (in fact it usually doesn't). Cheap RNG's like what you get from the old UNIX "rand()" are simple little linear functions, which when composed give you more simple functions. ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5@tivoli.com mailto:m101@io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different!
participants (4)
-
Dale Thorn -
Mike McNally -
Mullen Patrick -
Ray Arachelian