Cryptography-Digest Digest #104, Volume #14 Sun, 8 Apr 01 01:13:01 EDT
Contents:
Re: How good is steganography in the real world? ("Robert Reynard")
Re: How good is steganography in the real world? ("Gil Adamson")
Re: How good is steganography in the real world? (Paul Rubin)
Re: How good is steganography in the real world? (Bernd Eckenfels)
Re: How good is steganography in the real world? (Matthew Kwan)
Re: New stream cipher (David A Molnar)
[NEW] I found a new TLA on Usenet (Fight Boschloo)
[NEWS] PGP broken (maybe) (Fight Boschloo)
----------------------------------------------------------------------------
From: "Robert Reynard" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sat, 7 Apr 2001 21:31:30 -0400
"Gil Adamson" <[EMAIL PROTECTED]> wrote in message
news:9anm4c$q8$[EMAIL PROTECTED]...
snip
> The goal then is to send information in such a way that the very
> existence of a private message cannot be seen or suspected.
I would think that every message send from a country ruled by a dictator, is
suspect.
>snip
> I guess my question really boils down to, how safe a method IS this,
> really? It would SEEM to me that it would be very unlikely that
> someone could discover that a hidden message is being sent (much less
> decrypt the message), but is that really true?
snip
> To put it another way, what criteria should we use when deciding
> whether to use this technique or not? When management says "That looks
> good, but what are the chances that someone will discover the images
> contain hidden messages", what do I tell them? How do you quantify
> risk?
>
> There's no question that sending encoded messages in ANY form (well,
> maybe other than with a one-time pad) poses some risk of discovery.
> The question is, how MUCH of a risk would something like this be? I
> know that's a hard thing to quantify, but is it possible to get it
> within a factor of 10 or so? Is the chance of discovery 0.1%? 1%? 10%?
I would look to history to quantify the risk of discovery and place it at
close to 100%. I doubt very much if you could conceal (keep it a secret)
that you are using some form of secret message exchange, no matter the
method used, for very long. And if it became known or suspected by an
outsider that had access to your communication channel, particularly if it
was a hostile dictatorship, I doubt they would be very concerned about
whether they were able to decrypt the message traffic. If they were able to
do that, they could probably keep that fact a secret from you.
> A lot is at stake for our company. If the risk of discovery is too
> high, it might be best just to limit communication of any critical
> information (inconvenient as that might be). But if the risk is very
> small, the benefit might outweigh the risk.
I believe it was Winston Churchill who said: If more than one person knows
about it, it is not a secret.
In dealing with a hostile dictatorship, I would be more concerned with
having to prove that I wasn't exchanging secret messages, if in fact I was
not.
> Before I give me recommendations to management, I want to be sure I
> have a clear understanding of what the risks are. So thanks very much
> to anyone who can help.
If I absolutely had to exchange secret messages, then I would employ a CODE.
I would think that would give the best odds of being able to deny that any
particular message, or part of a message or a word in a message meant
something other than what it appeared to be.
Here again, a hostile dictatorship would not necessarily be stymied by being
unable to decode the meaning of a message. They need only accuse you and
require that you prove that you are not passing secrets. Negatives are
extremely difficult to prove.
Robert Reynard
Author, Secret Code Breaker series of crypto books for young readers (8-16
yr.)
Secret Code Breaker Online at ==> http://codebreaker.dids.com
------------------------------
From: "Gil Adamson" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sat, 7 Apr 2001 23:01:56 -0400
Hello, All - thanks for the replies to my message.
I'm delighted to have been named as an honorary member of the
GCHQ/NSA/CIA, etc. :-) Of course I can't blame you for that, since my
story is quite cloak-and-dagger'ish. And obviously it's impossible for
me to prove that I'm NOT a spy. But the reality is that I really am
just a computer programmer/analyst, who's trying to evaluate
publically-available steganography tools. (And Iraq really DOES allow
(a few) foreign corporations like ours to operate in their country.)
Since I can't prove I really am who I say I am, I'll just have to
leave that with you. All I can say is that I wish I DID have some
contacts with spies or spooks who could give me a definitive answer to
this question - it would make things a lot easier for us! Fortunately
GCHQ/NSA are not our enemies, so we don't have to worry about Her
Majesty's wrath. :-) but I have to assume that whatever tools they
have will eventually make it's way to second- and third-world nations.
Basically I suppose I was hoping for one of two responses:
1) "Yes, Steganography is great! It's used by corporations and
governments alike to convey secret information without arousing
suspicion. The risk is relatively low, and the benefits are great.
Go for it!"
2) "Adamson, you fool! Don't you realize that the so-called security
of steganography was disproved years ago? Nobody uses that stuff, and
for good reason! If you want private, unsuspicious communication
either use (method NNN), or drop the idea altogether."
but I figured it was more realistic that there'd be some differences of
opinion on the subject.
Incidentally, for those who were asking about it, S-Tools is a tool to
hide data within either BMP or GIF images. It can be found at
http://www.webattack.com/files/s-tools4.zip (or a number of other
places). A review of it can be read at
http://www.isse.gmu.edu/~njohnson/ihws98/jjgmu.html. Another is at
http://www.isse.gmu.edu/~njohnson/pub/r2026a.pdf . In fact, most
everything I know about steganography (which isn't much) comes from
http://www.isse.gmu.edu/~njohnson/Steganography/ .
I was thinking that successful attacks on steganographic GIFs would
occur in one of two ways:
1) The carrier image would be sufficiently distorted (blurry,
splotchy, pixelated, etc) to tip off an investigator that PERHAPS the
image is a steganographic image, not a normal GIF.
2) An automated tool could process the image and discover
characteristics in the GIF file that would reveal that a hidden
message is present.
(again, my concern is not so much that the message will be READ, but
that it will be DISCOVERED. If an investigator or an automated tool
can determine that a hidden message even exists, the security is lost.)
S-Tools seems to create GIFs that are so similar to their originals
that #1 doesn't concern me so much. The difference in quality between
the "before" and "after" images is so slight, I'm convinced that a
casual investigator would have no suspicions (on that basis, anyway).
#2 is what I don't know about. Neil Johnson's paper
(http://www.isse.gmu.edu/~njohnson/ihws98/jjgmu.html again) indicates
that one method of steganalysis on S-Tools is to examine the palette of
the GIF image for "uncommon patterns". So the question is, are there
tools that can do that kind of analysis on GIFs? And are they
foolproof enough to give an investigator proof positive that something
is definitely suspicious with a GIF ?
Or are there other steganalysis methods besides #1 and #2.
A few people indicated that the very act of suddenly attaching pictures
to our email messages might arouse suspicion (even if nothing about the
GIFs themselves do). It's a valid point - obviously, part of avoiding
suspicion is behaviour-related, not just technology-related). I think
our employees there would have begin making it a practice to send
pictures on a somewhat regular basis ("here's the team in front of the
mosque", or whatever).
And of course, as several pointed out, the local government would NOT
be happy to discover that we're sending out private messages. Though
they still would be in the dark about the actual contents of the
message, things could still go badly for our company if a GIF could be
identified as a steganographic image. So the dangers are quite real -
that's mainly why I'm concerned about going forward with this unless
the risks involved are really very, very low.
But it seems like the consensus of the group is that the risks really
aren't all that low. And given the danger/risk/reward ratio, the
solution may just have to be to not communicate at all, at least until
the employees return home. That "solution" has its own problems but,
hey, so do Iraqi jails.
Thanks very much to everyone for their opinions.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: 07 Apr 2001 20:31:59 -0700
"Gil Adamson" <[EMAIL PROTECTED]> writes:
> GCHQ/NSA/CIA, etc. :-) Of course I can't blame you for that, since my
> story is quite cloak-and-dagger'ish. And obviously it's impossible for
> me to prove that I'm NOT a spy.
I would be happier if you were a spy than if you aren't. Spies are
supposed to take risks like what you're proposing. I'm quite
disturbed if a private company is asking its employees to take those
risks just for the sake of business. What's in it for them?
> (again, my concern is not so much that the message will be READ, but
> that it will be DISCOVERED. If an investigator or an automated tool
> can determine that a hidden message even exists, the security is lost.)
Yes, an automated tool would be the way to do it.
> And are they foolproof enough to give an investigator proof positive
> that something is definitely suspicious with a GIF ?
This isn't math class. If the Iraqis think there is a 75% likelihood
of secret messages in the gifs, the secret police will be on your tail
and/or your people will be arrested. "Proof positive" is is unnecessary
and irrelevant.
> A few people indicated that the very act of suddenly attaching pictures
> to our email messages might arouse suspicion (even if nothing about the
> GIFs themselves do). It's a valid point - obviously, part of avoiding
> suspicion is behaviour-related, not just technology-related). I think
> our employees there would have begin making it a practice to send
> pictures on a somewhat regular basis ("here's the team in front of the
> mosque", or whatever).
Wait a minute, earlier you gave the impression that you wanted to send
messages IN to Iraq, not OUT of it. Which is it, or is it both? If
you want send messages IN, then it's probably simplest to just do it
by radio, if you can equip your people with receivers.
> And of course, as several pointed out, the local government would NOT
> be happy to discover that we're sending out private messages. Though
> they still would be in the dark about the actual contents of the
> message, things could still go badly for our company if a GIF could be
> identified as a steganographic image. So the dangers are quite real -
> that's mainly why I'm concerned about going forward with this unless
> the risks involved are really very, very low.
I would absolutely not trust the security of any method that purports
to put significant sized messages into gifs by messing with the color
table (there are a lot of programs like that). If you *have* to put
messages into images, use video recordings, not gifs. Equip your
group with mini-DV camcorders and then adapt a video editing program
to embed messages into video that's written back out to the tape.
Make the subliminal bit rate extremely low, like one bit per video
frame.
> But it seems like the consensus of the group is that the risks really
> aren't all that low. And given the danger/risk/reward ratio, the
> solution may just have to be to not communicate at all, at least until
> the employees return home. That "solution" has its own problems but,
> hey, so do Iraqi jails.
If you're doing legitimate business in Iraq, you ought to be able to
use the Internet there. I'll repeat my earlier suggestion: just set
up a secure web server in your UK office, give your workers laptop
computers with web browsers, and have them read and send email over
SSL encrypted web sessions. This will have better security than any
of those cloak and dagger schemes and is not especially suspicious.
To be extra cautious, delete all the standard cert authority root keys
from the browsers and install one of your own, and sign a cert with it
for your server. You might also want to make client certificates for
the browsers, to give better security than passwords would give. You
better get competent legal advice first though about whether it's ok
to bring such browsers into Iraq, from either the UK's point of view
or Iraq's.
------------------------------
From: Bernd Eckenfels <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: 8 Apr 2001 03:48:39 GMT
In comp.security.misc Gil Adamson <[EMAIL PROTECTED]> wrote:
> 2) An automated tool could process the image and discover
> characteristics in the GIF file that would reveal that a hidden
> message is present.
You can actually detect stegano noice if it is applied without care. This
means the noice you add to the gif must match the noise of the image, which in
turn is depending on the method you used to record that gif. A CCD has another
statistic viewable noise than a Scanner or a drawing program.
This is especially an issue if you want to store more than a few single bits
into a file.
Of course the question is, if you can send so many gifs you need to store a
complete message without making ppl even more suspicious.
If you fear a Agency, then probaly stegeno doesnt help ypu mutch.. they will
just observe your keystrokes or whatever.
Greetings
Bernd
------------------------------
From: [EMAIL PROTECTED] (Matthew Kwan)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: 8 Apr 2001 14:26:44 +1000
"Gil Adamson" <[EMAIL PROTECTED]> writes:
>Incidentally, for those who were asking about it, S-Tools is a tool to
>hide data within either BMP or GIF images. It can be found at
>I was thinking that successful attacks on steganographic GIFs would
>occur in one of two ways:
>1) The carrier image would be sufficiently distorted (blurry,
>splotchy, pixelated, etc) to tip off an investigator that PERHAPS the
>image is a steganographic image, not a normal GIF.
>2) An automated tool could process the image and discover
>characteristics in the GIF file that would reveal that a hidden
>message is present.
An alternative means of concealing messages in GIF images can be
found at http://www.darkside.com.au/gifshuffle
This works by shuffling the colourmap of a GIF image, which has no
visible impact on the image itself. However, storage space is limited
to log2(N!), where N is the number of colours in the image - with 256
colours you get 1675 bits. The program supports basic huffman
compression, so you can usually squeeze in about 350 characters of
English text.
Automated tools will have trouble identifying concealed messages, since
the GIF standard doesn't say anything about the ordering of colours
in the colour table, so everyone does it differently.
mkwan
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: New stream cipher
Date: 8 Apr 2001 04:27:20 GMT
Paul Rubin <[EMAIL PROTECTED]> wrote:
> David A Molnar <[EMAIL PROTECTED]> writes:
>> > https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions.html
>>
>> For some reason my browser does not recognize the certificate this site uses?
> Yeah I seem to remember it's a Globalsign cert. They only work in the
> latest browsers. That's why they're giving them away. Do you care?
> Are you sending anything secret to the nessie site?
No, just wondering if I'm being spoofed.
thanks,
-David
------------------------------
Date: 7 Apr 2001 19:38:50 -0000
From: [EMAIL PROTECTED] (Fight Boschloo)
Subject: [NEW] I found a new TLA on Usenet
Crossposted-To: alt.privacy.anon-server,alt.security-pgp
I found a new Three-Letter-Abbreviation on Usenet
WAB !
It stands for "What a Boschloo" !
And it is not exactly a nice thing to say
===============================================
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wanted
to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(when he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
------------------------------
Date: 8 Apr 2001 05:07:43 -0000
From: [EMAIL PROTECTED] (Fight Boschloo)
Subject: [NEWS] PGP broken (maybe)
Crossposted-To: alt.privacy.anon-server,alt.security-pgp
Sure Boschloo will announce that, now, to get some attention
===============================================
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wanted
to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(when he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
