Duress, Watermarking, a simple design

Major Variola (ret) mv at cdc.gov
Fri Apr 23 15:12:08 PDT 2004 

                    Specificiation For
                A Duress File System.
                     Disguised as a
Watermark Annotation Management System

Maj. Variola (ret), the OsamaSoft Corporation
---------------------------------------------------

Background:
To deter torture, physically *destroy* your data.

If you can't destroy it, you need a *duress* system.
It will at least buy some time.



Specs for a duress system:
    Adversary can't know if there's more data
   You can reveal multiple passphrases to satisfy the Adversary (incl.
false data)

The former requires stego, otherwise the Adversary could tell that
there's more data.
The latter requires that your stego'd info doesn't interfere with other
stego'd data.

Simple Multiple-Use Implementation:
    Treat the cover media as a block-sized filesystem.  The user must
specify
    (and keep track of) the index of the block to embed the payload.
To
    extract data, only a passphrase (not index) is needed if a checksum
accompanies
    data in each occupied block.  Multiple blocks can be embedded using
    the same passphrase, they are all decoded when that passphrase is
supplied.

    (I don't think its possible to store allocation info *in* the file
without giving away
    the presence of more occupied blocks!)

Usage:
   As a watermarking system, anyone can embed any type of watermark in a

   "block" so long as block occupations are tracked globally.  eBay
could stego-watermark
   images in the upper left quadrant, individuals get to use the upper
right.  Each
  could use their own watermarking tools.

   As a collaborative tool, if the annotations are all plaintext this
could be like writing
    comments on the back of a JPG.  With the convenience of keeping them
with
    the image.

   As a duress file system, the watermarks are secret data.   They are
compressed, encrypted,
  then embedded in the given block of the cover media.  It would be
smart to use
  boring annotations in some blocks so that its not unusual to use the
tool with the cover media.
  (One should also use layers of increasingly sensitive info to give up
gradually, as well
   as plausible fakes.)

More information about the cypherpunks-legacy mailing list