CDR: Re: stego for the censored
I'm currently looking for a way to get encrypted data via stego to people who live in countries where crypto is illegal, and who may be watched. so just sending them a large graphic would likely arouse suspicion.
the 2 best solutions I've come up with so far are porn and spam. both are readily believable, even in large quantities. the problem with porn is that it may be illegal in itself in the same countries. the problem with spam is that ascii text just doesn't offer much to hide stego in (whitespacing, etc. is both easy to find and can store very little data).
Since the amount of information you need to send and the channel/event capacity for stego'd information are unspecified maybe you're looking for a general solution. Part of a general solution might be a scatter-gather mechanism. XMIT The information you need to send is broken up into multiple pieces and an index. The simplest method would be a flat structure but a tree is acceptable. Redundancy via overlapping segments could be introduced. Redundancy/error correction might be useful if Mallet is inclined for example to mess with whitespace in your e-mail. Anyway, the pieces are stego'd into multiple carriers that are made available via any and all protocols. RCV Once a recipient has the top-level index they can gather the pieces and reconstruct the original. Notes Scattering the information over multiple sites and accessing it via valid sets of linked pages for example might help in disguising the act of retrieving any particular carrier. A typical browse sequence might include many unused files and only one carrier. A single carrier might serve various fragments from multiple original input documents intended for different recipients. If a single carrier is safe and acceptable a webcam might be a nice broadcast for a few channels of text. It does simplify the task of identifying the sender and making a list of possibly recipients. A shifting set of sources would probably be safer. Message fragments could be transmitted over any period of time with the top-level index being the final step. That would help the sender avoid detection of the actual transmission since it could be interleaved with other activities. Likewise reception could be over an arbitrary period of time and interleaved with other activities. *** There's a high bandwidth cost associated with the scatter-gather process but it does allow arbitrarily sized messages and I'm assuming the cost of getting caught is extremely high as is the desire of authorities to view content, locate the sender or other recipients and suppress the information if it is detected. Mike
At 4:09 PM -0700 10/6/00, Michael Motyka wrote:
I'm currently looking for a way to get encrypted data via stego to people who live in countries where crypto is illegal, and who may be watched. so just sending them a large graphic would likely arouse suspicion.
...
Since the amount of information you need to send and the channel/event capacity for stego'd information are unspecified maybe you're looking for a general solution. Part of a general solution might be a scatter-gather mechanism.
XMIT
The information you need to send is broken up into multiple pieces and an index. The simplest method would be a flat structure but a tree is acceptable. Redundancy via overlapping segments could be introduced. Redundancy/error correction might be useful if Mallet is inclined for example to mess with whitespace in your e-mail. Anyway, the pieces are stego'd into multiple carriers that are made available via any and all protocols.
In places where crypto is illegal, this approach would also likely be illegal. "But, Obergruppenfuhrer Mueller, I am not actually using crypto. These hundreds of broken up files I have received are merely unwanted messages sent to me. " BTW, the issue is a lot more than just "plausible deniability." This may work in the U.S., until the Constitution is further shredded. But "plausibility deniability" is not enough when dealing with the Staasi, or SAVAK, or Shin Bet, or the Ayotollahs. Mere suspicion is enough. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
At 04:30 PM 10/6/00 -0700, Tim May wrote:
The information you need to send is broken up into multiple pieces and an index. The simplest method would be ...
In places where crypto is illegal, this approach would also likely be illegal. "But, Obergruppenfuhrer Mueller, I am not actually using crypto. These hundreds of broken up files I have received are merely unwanted messages sent to me. "
BTW, the issue is a lot more than just "plausible deniability." This may work in the U.S., until the Constitution is further shredded. But "plausibility deniability" is not enough when dealing with the Staasi, or SAVAK, or Shin Bet, or the Ayotollahs. Mere suspicion is enough.
The point is that each message doesn't have decryptable cyphertext. It only has a secret-share that no recipient can decode until they have enough shares of the same message, even if the KGB rubber-hoses them, and the KGB cryptanalysts won't be able to find anything more than random noise in the message because with <K shares, that's all you can get. Now random noise may also be suspicious, but it's less suspicious than something that's got more structure to it. Even if they do suspect the recipient and seize his computer, they'll only get old messages, not the new partially-received ones. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Bill Stewart wrote:
At 04:30 PM 10/6/00 -0700, Tim May wrote:
In places where crypto is illegal, this approach would also likely be illegal. ... BTW, the issue is a lot more than just "plausible deniability." This may work in the U.S., until the Constitution is further shredded. But "plausibility deniability" is not enough when dealing with the Staasi, or SAVAK, or Shin Bet, or the Ayotollahs. Mere suspicion is enough.
The point is that each message doesn't have decryptable cyphertext. It only has a secret-share that no recipient can decode until they have enough shares of the same message, even if the KGB rubber-hoses them, and the KGB cryptanalysts won't be able to find anything more than random noise in the message because with <K shares, that's all you can get. Now random noise may also be suspicious, but it's less suspicious than something that's got more structure to it. Even if they do suspect the recipient and seize his computer, they'll only get old messages, not the new partially-received ones.
Not good enough, I'm afraid. As Tim said, if the authorities in an authoritarian regime _suspect_ secrets are being passed they have "probable cause" to break out the jumper cables. Unless the holder of an incomplete secret is willing to spill his guts literally rather than figuratively, his group doesn't benefit from a secret which can be detected but not read. -- Steve Furlong, Computer Condottiere Have GNU, will travel 518-374-4720 sfurlong@acmenet.net
participants (4)
-
Bill Stewart -
Michael Motyka -
Steve Furlong -
Tim May