Covert Superhighway - the missing component?
Scratch Monkey proposes building an Eternity service using the Stego File System, provided an anonymous broadcast channel exists - it's assumed that alt.anonymous.messages will do the job. I suspect that wide deployment of Eternity would lead to this group being closed down. We need a more robust anonymous broadcast channel. Let's call it the `Covert Superhighway'. How do we build it? Ross
When people can buy a T1 to their house for £2,000/yr instead of £20,000, we will stand a better chance.
A few U.S. ISPs are offering xDSL at $600/mo. My local cable network, in Las Vegas, is offering bi-directinal T1 rates, with a guaranteed LOS, at $600/mo. Once these technologies get rolling, in a year ot two, rates are likely to drop below $200/mo. --Steve
Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Scratch Monkey proposes building an Eternity service using the Stego File System, provided an anonymous broadcast channel exists - it's assumed that alt.anonymous.messages will do the job.
I suspect that wide deployment of Eternity would lead to this group being closed down. We need a more robust anonymous broadcast channel. Let's call it the `Covert Superhighway'. How do we build it?
Some ideas: - post to random newsgroups, use textual mimic functions, send decryption keys after the stegoed data has been distributed to disguise data until it is too late to affect distribution - become a spammer, or employ some spammers. Spammers use the hit and run approach with disposable accounts; with sufficient availability of accounts, and the economic incentive they seem to flourish in spite of intense displeasure of recipients. - video signals: live porn shows, one on one "chat live to our model, she will do anything you ask, blah, blah" -- high volume, easy target for stego, plausible reasons for anonymity - subliminal channels in the TCP/IP and IPSEC protocols. Someone posted a reference for an implementation of some subliminal channels in the linux TCP/IP stack. - VR gaming, VR chat rooms with audio, video; this could be a higher bandwidth version of IRC. - Subliminal channels in computer generated random numbers for multi-player internet based games. (Death match doom with subliminal channels, or with audio, video, etc) Not a very super-highway like subliminal network possibly... mostly the internet is not up to real time VR, video chat, etc. for the majority of users at present. Many of the better applications for subliminal channels are currently impractical. When people can buy a T1 to their house for £2,000/yr instead of £20,000, we will stand a better chance. Adam
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 14 Jan 1998, Adam Back wrote:
Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
[...]
channel. Let's call it the `Covert Superhighway'. How do we build it?
Some ideas:
[...]
- become a spammer, or employ some spammers. Spammers use the hit and run approach with disposable accounts; with sufficient availability of accounts, and the economic incentive they seem to flourish in spite of intense displeasure of recipients.
This is a bad idear, firstly it is moraly and ethicly wrong. Spammers take resoursers without providing anything of value in return. Worce then this it is too nocitable. For a covert channel we wont something that peaple don't worry about and don't pay much attention to. Peaple tend to subject spam to alot of anylises. However it may be possable to incorparte subliminal infomation inside NoCeM posts. - -- Please excuse my spelling as I suffer from agraphia see the url in my header. Never trust a country with more peaple then sheep. ex-net.scum and proud You Say To People "Throw Off Your Chains" And They Make New Chains For Themselves? --Terry Pratchett. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNMMC0aQK0ynCmdStAQF1cAP6A+E+/myX2rYojosizVzrQ+rzwwiIOvqH oc1fOytw/x1T3yVKOx7hzSq+GAXfZiPQx1QRfy2Lpa8CIPdw/gLDutRdqcI4o22y Kx/9FD4mCzojQRN8Pen7aewxSE1FnMLfG/E6FxdJhWKQ3P8xuLUemrmw5xNR3QiC Km5ozQ3g9bw= =nCIS -----END PGP SIGNATURE-----
At 09:59 AM 1/14/98 +0000, Ross Anderson wrote:
Scratch Monkey proposes building an Eternity service using the Stego File System, provided an anonymous broadcast channel exists - it's assumed that alt.anonymous.messages will do the job.
I suspect that wide deployment of Eternity would lead to this group being closed down. We need a more robust anonymous broadcast channel. Let's call it the `Covert Superhighway'. How do we build it?
Usenet is useful for this because flood routing works well, and because millions of people send hundreds of megabytes a day of cover traffic, and tens or hundreds of thousands of machines are connected to it, so any individual machine connecting or retrieving traffic from it is not suspicious. It's also useful because forgery is easy and tracing is tedious, and because there's no central control in spite of the occasional cabals. If we build a sub-usenet to carry our traffic, it's easy to build good flood routing (and most of the tools can be reused), but it isn't easy to get millions of users and thousands of machines of cover traffic to piggyback on unless you either create something new and really cool, or unless you find something already cool, decentralized, and loud to piggyback on that doesn't make your traffic noticeable. Some directions to look: - Stego inside Voice-over-IP - (Ron Rivest's suggestion) This can either work because yet another phone call isn't very suspicious, though traffic analysis is a possibility, or you can develop the Killer Voice App for the Masses which does store&forward of its own bits without telling them. - IRC is one possibility, though I don't know how big it is. - CU-SeeMe reflectors are fun, and you can stego a lot of traffic inside your pictures. - Ship Anonymizers with every copy of Apache (or Apache-SSL), which is the most popular web server in the net. - Webcam Stego for webcams with high-entropy changing pictures, e.g. cloudy skies or oceans rather than mostly-static coffeepots. Adam Back's idea of piggybacking on gaming nets could be among the more interesting approaches, at least for games that don't have a central control system. In general, I'd guess that the limits of stego are that you can't really hide more than about 10% contraband inside your cover material, and for some methods it's a lot less. If you assume the typical user has a 28.8 line, you can get maybe the equivalent of 2400 bps of real traffic. Fine for banking; a bit rough for selling lots of large images, too slow for live speech. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (5)
-
? the Platypus {aka David Formosa} -
Adam Back -
bill.stewart@pobox.com -
Ross Anderson -
Steve Schear