Slashdot Mirror
Disappearing Cryptography
The Scoop Cryptography, argues the author, has the potential to balance power relationships between individuals and governments. Forcing people to conduct all communications in publicly-readable forms allows the honest to be oppressed by tyrants, criminals, and pranksters. Why should the innocent suffer to help authories track stupid criminals?
Wayner mainly concentrates on steganography, hiding secret communications in plain sight. Instead of using ciphers and algorithms to generate a message mathematically indistinguishable from pure random noise, one might instead replace the lowest significant bits of a JPG image with the message. Only those who analyze the image may potentially reconstruct the text.
What's to Like? Each chapter has three sections, arranged by increasing complexity. The first contains a short anecdote to illustrate the point of the chapter. (Some make immediate sense, while others seem only tangentially related.) The second section discusses the theory. The final section gets into the guts, mathematics and algorithms, analysis and common problems. This division allows readers to go only as deeply as they prefer.Early sections on information theory lay the framework for later chapters. While discussions of error correction and density don't have the cloak and dagger thrill of spy stuff, they're fundamental to serious analysis of techniques. Serious students would do well to use Wayner's extensive and excellent bibliography of books and papers to improve their knowledge.
The middle of the book is excellent. A lengthy discussion of text mimicry starts with analysis techniques, producing in a program hiding a secret message in an innocent-seeming baseball play-by-play. (It includes a dissertation on effective and reversible context-free grammars.) The next chapter, on Turing machines and reversable computing, is particularly interesting (especially after reading The Diamond Age).
More than just data hiding, the final section of the text covers privacy. Anonymous remailers can provide double-blind communication (but see the caveat below). The Dining Cryptographers algorithm of chapter 11 may be used to send a secret message without divulging the sender's identity. The final chapter adds a philosophical spin, explaining the author's biases and his reasoning for promoting secrecy. (He's Cypherpunk friendly.)
What's to Consider? This is not a book for beginners. Some of the initial theory throws around summations and other pre-calculus constructs as an integral (pardon the pun) explanation of entropy. One of the two large examples is written in Pascal. A second year computer science student should have no trouble understanding the text. A layman might not get past the second chapter (though he could safely skip most of the math.)This book is also dated -- in fact, Hemos recommended it for review partly to prompt the author and publisher to produce a new version. The anonymous remailer chapter is seriously out of date, and it would be nice to have new information about distributed.net, secure peer-to-peer communications, and web stuff. In addition, some of the softwares described have been superceded by new versions and successors.
The Summary Aging but written with the future in the mind, Disappearing Cryptography favors theory and principles, for the most part. It makes a good introduction to steganography and the study of patterns in digital communications, leading naturally to more detailed works. It may also serve as a starting point to new ideas and discussions. Perhaps 2001 will bring us a new version. Table of Contents- Framing Information
- Encryption
- Error Correction
- Secret Sharing
- Compression
- Basic Mimicry
- Grammars and Mimicry
- Turing and Reverse
- Life in the Noise
- Anonymous Remailers
- Secret Broadcasts
- Coda
- Mimic Code
- Baseball CFG
- Reversable Grammar Generator
You can purchase this book at Fatbrain.
I'm not sure exactly what your point is. Of course polititians are people. Does that mean they should not be held responsible for their policy decisions?
Or are you saying that they should be let off the hook because they are just doing what anyone else would do in their shoes? If that's true, (which I suspect it may well be) then the problem is not with the people but with the system in which they operate. Either way we have to remain vigilant.
Come on everybody, there's no day like today for a revolution!
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
Long live cryptography!
Most of the issues mentioned involving hidden messages in various formats such as jpg's and audio files are not new news however I feel any information published is good to know from an educational perspective as well as a model for those paranoid types who are concerned with big brother based programs such as Echelon and Carnivore.
Applied Cryptography offered some nice information as did Information Security Management Handbook but for relevance as to the extent of big brother watching, some should go to the NSA's website and read up on their archives including Venona, and the Enigma machines to get a grasp of how deep government goes in to get their information and how you can address minimal measures on your own to avoid having your information snooped.
Last September I also wrote a quickie document on Circumventing Carnivore that mentions some of these methods to pass information off without it getting caught up on a steriod induced governmental sniffer. Sure it may not be Harvard type material but it should create interest to anyone not too familiar with encryption, ciphertext, algorithms, a simple how to.
As for the title disappearing crypto I hardly doubt it is disappearing in fact with all the hype surrounding PKI's, and the media's ever mentioning of `[H]ackers* I can see many more books, FAQ's, and companies rushing to release more information on crypto from all levels be it beginners to mathematicians based levels.
/me bounces to fatbrain to place an order with info obtained from creditcard.com crackers (of course I'm kidding)
Sexy Unix Chick
Thanks for the memories
The review makes a somewhat misleading assertion, that steganography obviates the need for cryptography. Encrypting your message first somehow (e.g. making it look like line noise) is actually a good step to take, as it will enhance the protection afforded by steganography - the altered image just looks randomly "noisy." This is especially helpful when using images encoded with lossy compression schemes such as JPEG - since different compression factors can lead to visibly similar images, but with different noise patterns. After all, if the Bad Guys somehow come up with the original image, and compare it to your altered image, you don't want your plaintext just popping out at them instantly, do you? It's like the difference between running 'crack' and 'diff' ... or giving away your one-time pad.
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
The easiest part to update at this point is the code. The book contains printed Pascal, something that was almost considered a munition before the latest glasnost in the crypto wars.
There is now C code thanks to Jason Penney. He converted the original Pascal code in a pretty direct fashion. I converted the Pascal into Java. You can any of the three versions by sending me email to pcw@flyzone.com. I'm thinking of getting a website going once I figure out the current state of the export regulations. There's some problems with leaving an open site for North Korea, I think.
The program itself is modular so you can write your own grammars for encoding messages without learning C, Pascal, or Java. That means you don't need to use my lame baseball example. One of the neater developments is a website for converting messages into spam, a medium that is quite lame by default:
http://www.spammimic.com/index.shtml
Finally, if you have suggestions for new information hiding techniques or steganographic algorithms to include in a future version, I hope you'll write and suggest them to me. Any help you can give, would be appreciated.
Thanks.
No, it's not security through obscurity. Security through obscurity is reliance on the fact that the encryption method is secret to keep the data from being read. It's dismissed because a poor encryption method is vulnerable to mathematical attack no matter how secret it is, and a good encryption method is relatively invulnerable even if the method is known.
But encryption is not the end-all and be-all of security. While it hides the data you're sending, it doesn't hide the fact that you're sending a message, and is thus absolutely worthless against signals intelligence. For example, if a spy in Beijing is sending encrypted letters adressed to CIA headquarters every day from his home's mailbox, then no matter how well encrypted the message he sends, it's still obvious that he's sending information to the CIA. If he's posting pictures of his kids that have an encrypted message hidden in them to a photos newsgroup, it isn't as obvious.
There's no "we" in team, only "me"
The problem is that these =people= don't just have a few extra powers... they have powers that they can exercise with little fear of being held responsible for their actions... It may only be one person who decides to take an action but once taken, that person has an enormous shield that even usually prevents their identy being revealed. It is big brother that the individual bureaucrat hides behind.
"It's because they're stupid, that's why. That's why everybody does everything." -Homer Simpson
What you propose is essentially security through obscurity, a practice routinely dismissed by those with basic knowledge of cryptographic algorithms and protocols. Perhaps steganography can be used to make such a system valid, but I doubt it.
Moreover, this discussion only pertains to private conversation between two individuals. Even if I perform all data exchanges with my bank, doctor and insurance company via encrypted channels, it doesn't mean squat once they decide to share information with each other or anyone else willing to pay for it. I'd much rather do sensitive business with a company that has poor data protection but a strong privacy policy than the other way around.
Maybe but only in the most useless of senses.
Let's imagine that I'm 65 years old and I have 200,000 in the bank. I have a choice between one scumbag who is going to take it all or another who is going to take 199,800. Which do I choose? The lesser of two evils of course. At least I can break the news to my wife over a nice dinner.
Since Limbaugh has turned liberal into a dirty word I'll claim to be a progressive, but I still think your guy Brown is a Big Mac with fries better than the grease bags the major parties put up for us to choose from.
Like you I choose to skip them this time.
--
And keep in mind old != outdated. For example Computer Security Basics by the good folks at O'Reilly is old but still very usefull this is because it teaches concepts that do not change and leaves the specifics to the reader. It sounds like the only bits of this book that are outdated are some web addresses and specific versions of apps. All in all it sounds very cool although I don't think I have the math for it.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
Given our next President and the impending erosion of freedoms I can understand the motivation though. Once a CIA brat, always a CIA brat...
--
I think that judging the agencies who use (and break) encryption is unwise - after all, I want the NSA to break the next Enigma code in the next big war, even if the government has swung too far to the fascist side of things.
As for technology as a double-edged sword, well, that's undeniably true, but the implication of using the word "sword" is a violent one. I prefer to think of technology, and science in general (esp. math!) as a natural resource. We can build computers with it; we can build 100 megaton bombs with it. In the end, the way we use technology is our testament to the ages.
I believe that what you're talking about is Van Eck Phreaking (that is, interrupting the stray RF that the cathode ray tube in your monitor transmits, and recreating the image on another cathode.). This is quite old stuff, and is still in use today. The Tempest stuff that was recently released deals greatly with this. Basically, if you don't have a monitor shielded in metal, you're at risk, and that's that. For more information, you can check out this link for basic information, and Van Eck's original submission, or you can check out this one, and lastly, if you want some info on how to build a Van Eck Phreaking rig, then I would suggest the book at this site. Don't forget to type in Van Eck in the search box to find the box. Happy Van Eck'ing.
--Josh Adams
-knewter
They also let ships get sunk, etc. even when they knew the positions of subs.
Sometimes they'd do things like first send out a "surveillance" plane and let the Germans see it. Then the Germans would think that the British had just happened to see them and thus the attack was to be expected. Those Germans must have been getting pretty damn frustrated when every single secret covert operation was discovered by some "chance" flyby from a surveillance plane. But they deserved it for being so damn smug about enigma, not to mention the age old end-user weak link (i.e. people in the field using the same damn keys over and over, trusting that the machine would just magically make all their correspondence uncrackable).
It's 10 PM. Do you know if you're un-American?
It's been written about in several books. There was no advance knowledge of Coventry being bombed. Do a web search, find the refutations. This should be common knowledge by now, it's been refuted so often.
--
Infuriate left and right
Besides, usually the people doing us the most harm in our government are not politicians at all. They are either appointed or hired. Did you vote last election on the director of the NSA or CIA? By being appointed these people do not have any reason to answer to the public at large.
I see that the it includes some algorithms. Does it include reference implementation in code for these? I usually find these quite helpful.
Yep, I never spell check.
More incorrect spellings can be found he
Seems like there's a bit too much buck-passing and not enough responsibilty, on ALL levels.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Information Hiding Techniques for Steganography and Digital Watermarking by Katzenbeisser and Petitcolas is a book that has just been published last year and contains a lot more detailed technical information. However, Disappearing Cryptography is at least an amusing book to read.
There is also a bunch of software out there that can be used to embed hidden information into images and sound files. However, most of the programs can be detected. Read the paper by Westfeld and Pfitzmann, "Attacks on Steganographic Systems".
I myself have written a tool to hide data into JPEGs. It's called OutGuess.
You can find more software here.
Even the most outdated material can bring back a resurgence of new and updated material for the future. Just look at MUD's. Everyone thought they were outdated but now they're aparently having a resurgence of their own, as is the subspace community. Also, I've noticed among some com sci friends that many are looking back into the older languages.
Let me give you an example. During WW2, the English developed a technology for decrypting the communications of the German military. One of these messages revealed that the city of Coventry was to be attacked. This presented a problem: if Coventry was defended or evacuated, the enemy would realise that their cryptosystems had been compromised, which would cost the English a key strategic advantage. So the city was sacrificed.
Now, the spiritual descendants of these early cryptanalysts work for the NSA. If they have the technology to scan for stenographically concealed data (or even to decrypt PGP) don't expect them to announce the fact. The UK goverment have recently decided that they want to be able to read every packet on the UK Internet backbone: why would they bother if it was that easy to conceal information?
In other words, don't rely too heavily on technology, because it's a two edged sword.