Slashdot Mirror

← Back to Stories (view on slashdot.org)

Disappearing Cryptography

Posted by timothy on from the hiding-in-plain-sight dept.

Another chromatic review, this time of Disappearing Cryptography. It is a fortunate circumstance that even as governments -- and others -- are becoming more interested in peering over your shoulder, or at least at your data traffic, the exchange of large files suitable for hiding messages has become commonplace. Peter Wayner is also the author of Free For All , reviewed here on Slashdot a few months back.

Disappearing Cryptography author Peter Wayner pages 293 publisher AP Professional rating 7.5 reviewer chromatic ISBN 0-12-73867108 summary A study of steganography, making secret informationinvisible to prying eyes. A suitable, though dated, introduction.

The Scoop Cryptography, argues the author, has the potential to balance power relationships between individuals and governments. Forcing people to conduct all communications in publicly-readable forms allows the honest to be oppressed by tyrants, criminals, and pranksters. Why should the innocent suffer to help authories track stupid criminals?

Wayner mainly concentrates on steganography, hiding secret communications in plain sight. Instead of using ciphers and algorithms to generate a message mathematically indistinguishable from pure random noise, one might instead replace the lowest significant bits of a JPG image with the message. Only those who analyze the image may potentially reconstruct the text.

What's to Like? Each chapter has three sections, arranged by increasing complexity. The first contains a short anecdote to illustrate the point of the chapter. (Some make immediate sense, while others seem only tangentially related.) The second section discusses the theory. The final section gets into the guts, mathematics and algorithms, analysis and common problems. This division allows readers to go only as deeply as they prefer.

Early sections on information theory lay the framework for later chapters. While discussions of error correction and density don't have the cloak and dagger thrill of spy stuff, they're fundamental to serious analysis of techniques. Serious students would do well to use Wayner's extensive and excellent bibliography of books and papers to improve their knowledge.

The middle of the book is excellent. A lengthy discussion of text mimicry starts with analysis techniques, producing in a program hiding a secret message in an innocent-seeming baseball play-by-play. (It includes a dissertation on effective and reversible context-free grammars.) The next chapter, on Turing machines and reversable computing, is particularly interesting (especially after reading The Diamond Age).

More than just data hiding, the final section of the text covers privacy. Anonymous remailers can provide double-blind communication (but see the caveat below). The Dining Cryptographers algorithm of chapter 11 may be used to send a secret message without divulging the sender's identity. The final chapter adds a philosophical spin, explaining the author's biases and his reasoning for promoting secrecy. (He's Cypherpunk friendly.)

What's to Consider? This is not a book for beginners. Some of the initial theory throws around summations and other pre-calculus constructs as an integral (pardon the pun) explanation of entropy. One of the two large examples is written in Pascal. A second year computer science student should have no trouble understanding the text. A layman might not get past the second chapter (though he could safely skip most of the math.)

This book is also dated -- in fact, Hemos recommended it for review partly to prompt the author and publisher to produce a new version. The anonymous remailer chapter is seriously out of date, and it would be nice to have new information about distributed.net, secure peer-to-peer communications, and web stuff. In addition, some of the softwares described have been superceded by new versions and successors.

The Summary Aging but written with the future in the mind, Disappearing Cryptography favors theory and principles, for the most part. It makes a good introduction to steganography and the study of patterns in digital communications, leading naturally to more detailed works. It may also serve as a starting point to new ideas and discussions. Perhaps 2001 will bring us a new version. Table of Contents
  1. Framing Information
  2. Encryption
  3. Error Correction
  4. Secret Sharing
  5. Compression
  6. Basic Mimicry
  7. Grammars and Mimicry
  8. Turing and Reverse
  9. Life in the Noise
  10. Anonymous Remailers
  11. Secret Broadcasts
  12. Coda
  1. Mimic Code
  2. Baseball CFG
  3. Reversable Grammar Generator

You can purchase this book at Fatbrain.

3 of 46 comments (clear)

  1. More thoughts about the book by peterwayner · · Score: 4
    The book is pretty dated already, but I think that the core information is still relevant. The workshops on Information Hiding include plenty of great papers. The watermarking folks have done some interesting research, but well, we may never know much about that because the SDMI is so intent on secrecy and security through obscurity. Welcome to the new Dark Ages. I'm planning on updating the book and perhaps producing another volume in the near future.

    The easiest part to update at this point is the code. The book contains printed Pascal, something that was almost considered a munition before the latest glasnost in the crypto wars.

    There is now C code thanks to Jason Penney. He converted the original Pascal code in a pretty direct fashion. I converted the Pascal into Java. You can any of the three versions by sending me email to pcw@flyzone.com. I'm thinking of getting a website going once I figure out the current state of the export regulations. There's some problems with leaving an open site for North Korea, I think.

    The program itself is modular so you can write your own grammars for encoding messages without learning C, Pascal, or Java. That means you don't need to use my lame baseball example. One of the neater developments is a website for converting messages into spam, a medium that is quite lame by default:

    http://www.spammimic.com/index.shtml

    Finally, if you have suggestions for new information hiding techniques or steganographic algorithms to include in a future version, I hope you'll write and suggest them to me. Any help you can give, would be appreciated.

    Thanks.

  2. Steganography by gehirntot · · Score: 4
    Steganography is actually a field that has received more attention from research in the last few years. The Information Hiding Workshop comes to mind.

    Information Hiding Techniques for Steganography and Digital Watermarking by Katzenbeisser and Petitcolas is a book that has just been published last year and contains a lot more detailed technical information. However, Disappearing Cryptography is at least an amusing book to read.

    There is also a bunch of software out there that can be used to embed hidden information into images and sound files. However, most of the programs can be detected. Read the paper by Westfeld and Pfitzmann, "Attacks on Steganographic Systems".

    I myself have written a tool to hide data into JPEGs. It's called OutGuess.

    You can find more software here.

  3. stenography by sql*kitten · · Score: 4
    Stenography is often raised as a solution to the covert exchange of data, but I question its validity. There are a group of very bright people employed by governments who have spent 30 years studying ways to detect hidden information, and the government has almost unlimited resources and the root password to the Constitution at its disposal.

    Let me give you an example. During WW2, the English developed a technology for decrypting the communications of the German military. One of these messages revealed that the city of Coventry was to be attacked. This presented a problem: if Coventry was defended or evacuated, the enemy would realise that their cryptosystems had been compromised, which would cost the English a key strategic advantage. So the city was sacrificed.

    Now, the spiritual descendants of these early cryptanalysts work for the NSA. If they have the technology to scan for stenographically concealed data (or even to decrypt PGP) don't expect them to announce the fact. The UK goverment have recently decided that they want to be able to read every packet on the UK Internet backbone: why would they bother if it was that easy to conceal information?

    In other words, don't rely too heavily on technology, because it's a two edged sword.