Cryptography-Digest Digest #107, Volume #14 Sun, 8 Apr 01 16:13:01 EDT
Contents:
Re: How good is steganography in the real world? (Mok-Kong Shen)
Re: Dynamic Substitution Question (Mok-Kong Shen)
Re: How good is steganography in the real world? (H C)
Re: How good is steganography in the real world? (H C)
anyone have digital certificates sample code ("normang")
Re: How good is steganography in the real world? (Frank Gerlach)
Re: Partitionize issues (Mok-Kong Shen)
Re: JPEG also problematic (Mok-Kong Shen)
Virtual English Nation (Frank Gerlach)
Re: approximating addition vs. xor? ("Alexis Machado")
Re: approximating addition vs. xor? ("Tom St Denis")
Re: JPEG also problematic (Frank Gerlach)
Re: JPEG also problematic (Samuel Paik)
Traffic analysis (Frank Gerlach)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sun, 08 Apr 2001 20:16:29 +0200
Frank Gerlach wrote:
>
> Marc wrote:
>
> > >It's not just that - you have to consider the traffic analysis questions
> > >as well. what sorts of GIFs are you going to use as covertext? and what
> > >plausible reason will your contacts have for sending them?
> >
> > One idea for this problem is to set up a webcam. The picture can always
> > carry the most recent message. No pictures without message are ever sent
> > so the adversary can not learn the natural noise characteristics of the
> > cam unless he has physical access.
>
> This would be true if you would actually *construct* the camera, and if you
> were able to define the physical characteristics of it. Still, you have a
> point, which is oversampling of the CCD signal. But this means that GIF is not
> useful, but a 24bit Truecolor format must be used. Even with this method, the
> NSAGCHQ folks will look at the statistic distribution of the noise. Quite some
> effort necessary to make sure the hidden data matches the characteristics of
> the sampled sensor (CCD, microphone,...)
If only a very small percentage of the pixels are chosen
to contain a single bit of stego information, I suppose
detection by statistical analysis is quite hard to do.
>
> > The web server distributes the picture to everybody who requests it. If
> > placed on the principal page of a well-visited server it should be quite
> > easy to hide the daily "hot" download. With 30 clients set up all over
> > the US (for example), one can do daily downloads, and still no "hot" client
> > visits more often than once per month.
>
> Had exactly that idea when looking at news.bbc.co.uk. British spooks in a
> foreign country could easily explain why they access the bbc website. The
> other way around is a little more difficult, although I know some people, who
> regularly update their personal website with all kinds of silly stuff, like
> images of their kids etc.
It's absurd, but porno sites could do that kind of job
well, I suppose.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Sun, 08 Apr 2001 20:31:36 +0200
John Savard wrote:
>
> On Sat, 07 Apr 2001 17:57:21 +0200, Mok-Kong Shen wrote:
> >John Savard wrote:
>
> >[snip]
> >> Although I think that there _may_ possibly be slight problems with the
> >> broader aspects of the Dynamic Substitution patent, the "preferred
> >> embodiment" at least is very clearly original. Nothing remotely like
> >> it seems to have predated it that I've ever heard of.
>
> >Since you seem to have better studied DS than many, may
> >I ask your favour to explain a little bit the term
> >'preferred embodiment' above (which isn't a commonly
> >encountered one in posts of our group)? Thanks.
>
> It's a term found in the patent.
>
> The "preferred embodiment" is the specific algorithm used in many of
> Terry Ritter's products that employ Dynamic Substitution, which has
> been given in some posts in these threads;
>
> but that is contrasted with the broader class of algorithms that are
> covered by what the patent claims.
My apology for the caused confusion which I noticed after
I sent the post. My original intention was more in asking
you to give us a good short resume of what you consider
to be clearly original. I believe that you are in the best
position (among the readers) to do that in neutral terms
(in contrast to Terry Ritter who is the patent holder),
such that the 'fog' remaining in discussions about the
issue could be cleared.
M. K. Shen
M. K. Shen
------------------------------
From: H C <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sun, 08 Apr 2001 14:45:53 -0400
What you do on your own time is up to you.
> That a good excuse to look at porn. One can try to decode the message
> it may be a combination of the ratio of pussy hair to age or various
> other features in the porn itself. Any way thanks Bin now next time
> I'm asked about porn viewing I can say I really only looking for
> secret messages as to what Bin is up to. Maybe if more people analyzed
> pron we can catch Bin. What sites does ole Bin use I hope there free
> ones since I don't use the pay ones.
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
> http://www.jim.com/jamesd/Kong/scott19u.zip
> My website http://members.nbci.com/ecil/index.htm
> My crypto code http://radiusnet.net/crypto/archive/scott/
> MY Compression Page http://members.nbci.com/ecil/compress.htm
> **NOTE FOR EMAIL drop the roman "five" ***
> Disclaimer:I am in no way responsible for any of the statements
> made in the above text. For all I know I might be drugged or
> something..
> No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: H C <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sun, 08 Apr 2001 14:46:42 -0400
> >> OK. If you can hide it in the pictures seen on cnn.com, maybe this works.
> >> If you have a site which is only visited by people whose only intention is to
> >> download covertext...
> >
> >CNN had an article not too long ago about bin Laden using encryption and stego'd
> >images to communicate with cells. They used images at porn sites to communicate.
> >
> Yeah, but didn't it turn out that this was based on one part
> speculation and three parts total bullshit?
George...
Where did you hear this? Do you have a reference?
------------------------------
From: "normang" <[EMAIL PROTECTED]>
Subject: anyone have digital certificates sample code
Date: Mon, 9 Apr 2001 08:45:13 +0200
Does anyone know of sample working code to create digital certs.
We are trying to write a system for user authentication using our own
digital certificates for a internal user base (and so not have to shell out
to Verisign every time!). We intend to use ebcrypt as the basis for the
encryption requirements and transfer the packages using tcp/ip.
Thanks in advance.
Basically we want to issue x509 certs of out own and user a Kerberos type
system
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Sun, 08 Apr 2001 20:22:10 +0200
Charles Lyttle wrote:
> Frank Gerlach wrote:
> >
> > >
> > >
> > > Enigma, Navaho and other WWII encryption techniques would not be
> > > secure today.
> >
> > That's an over-generalized statement. OTP properly applied in WW2 will
> > be secure forever, and eben some WW2 hand-codes might still be secure.
> > Also, the doctrine "security by obscurity is bad" might not be so true.
> > Look at DES or RC4: All spooks around the world had now quite some time
> > to look at those very interesting targets. One could argue that this
> > long period of cryptanalysis might have produced new methods, which are
> > specifically useful against those ciphers. I am pretty sure a future
> > generation will look at (3)DES and RC4 in the same way we look at Enigma
> > today :-)
> Neither DES nor RC4 rely on security by obscurity. Both are published
> and can be analyzed.
Did you read my posting ? I said that exactly this might make them weak.
(Bruce Schneier said the same in "Applied Crypto"regarding DES) Have you
every asked yourself why the NSA uses PCMCIA cards ("Fortezza") instead of
software ? Maybe because they want to deny an opponent the opportunity to
analyze the cipher. I bet they have a full DoD stock of cards with a
different cipher available for deployment in a time of crisis. In addition to
an OTP system for highest-level communications, of course.
>
> Using code-talkers (such as the Navaho) has another problem. The
> English->Navaho#1->Navaho#2->English translation sequence resulted in
> corruption of information. Navajo and English are not one-to-one. Some
> English words/concepts do not translate well into Navajo, and some
> Navajo words/concepts do not translate well into English. The same is
> true of any two languages. Also you never know when the servants have
> learned your language.
>
> --
> Russ Lyttle
> "World Domination through Penguin Power"
> The Universal Automotive Testset Project at
> <http://home.earthlink.net/~lyttlec>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: Partitionize issues
Date: Sun, 08 Apr 2001 20:52:44 +0200
Frank Gerlach wrote:
>
> Paul Rubin wrote:
>
> > Actually, using GIF to mail digital photos around is suspicious all by
> > itself. GIF is ok for some kinds of line graphics, but for photos just
> > about everyone these days uses JPEG.
>
> It would be easier to "partitionize" the discussion to traffic analysis
> and image/sound stegano. These two issues can be discussed quite
> independently. Techniques for defeating traffic analysis are already
> well-known, image/sound stegano not so much.
Could you elaborate a bit your point on traffic analysis?
Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: JPEG also problematic
Date: Sun, 08 Apr 2001 21:00:55 +0200
Frank Gerlach wrote:
>
> JPEG attempts to do some sophisticated frequency-domain (lossy)
> compression. This means that images have quite typical (visible, statistic
> and frequency-domain) characteristics. If bandwith is not a problem, I
> would just use images/sound samples with a very high amplitude resolution
> (24 or 32 bit). Of course, the amount of noise and its characteristics (in
> various domains) would have to be carefully analyzed. The information to
> be embedded would have to be carefully encoded to have similar statistic,
> frequency domain and eyeball-visible characteristics. And here the
> cat-and-mouse game starts: There are an infinite number of transformation
> domains and statistical tests "to be discovered". Whoever has the most and
> best math/signals analysis gurus will win..
I have no knowledge but wonder voice in normal telephone
communications couldn't carry stego bits rather easily,
since all people speak differently (accents, male/female,
age, etc.) and at different times (health, emotions etc.)
so that differences due to stego modifications could be
very hard to detect.
M. K. Shen
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Virtual English Nation
Date: Sun, 08 Apr 2001 21:06:54 +0200
H C wrote:
> Really? And you speak for every such entity?
I am just doing a historic analysis:
-Bismarck said something like "the most important characteristc of 19th century
politics is that Britain and
America speak the same language"
-WW1,2
-the Zimmerman telegram
-Tony and W bombing Iraq
-An englishman responsible for EU communications security handing EU crypto machines
to the NSA for "checking security". This man could have been sentenced to death for
high treason, if *current* british law were applied.
> Which entities are these? Do they have names, in much the same way you have named
> "WASP"?
Germany, France, the European Union, Russia, China, Nato countries other than UKUSA.
> > Sure, sometimes the english and the US govt have different interests (e.g. Suez
> > canal crisis), but these are *very* seldom occasions.
>
> Vague generalities used to support a universal statement...very tricky stuff, that.
I am referring to major national security matters.
> Has a way of falling apart.
>
> > they
> > are also "racially and culturally" (sorry for being so blunt) integrated.
>
> Ah, the crux of the matter is easily reached...
Maybe Winston Churchill is not the best source (IIRC he even made some positive
remarks on Hitler at some point in time), but I'd still like to quote him: "True, we
should also remember the strong ties of blood and race that bound the Americans and
ourselves." (From "The Great Republic", page 311 ("News of the World May 15, 1938"))
So the term r-word comes from WSC, but maybe I got that totally wrong ?
> Your "virtual english nation" has some rather interesting beginnings, doesn't?
> Australia
> was originally a penal colony, and the Yanks handed the Brits a 200+ year
> "whoop-ass".
So what ? Every family has quarrels from time to time.
> Further, the US was hesitant to engage in WWII, even as the British were on the
> brink
> of collapse. I fail to see the "virtual english nation" being born in either case.
Sure, the brits will always complain that their "colonies" (this is the word they use
if they want to make fun of those uncivilized yanks) do not support them enough.
One of the most insightful episodes in "The Puzzle Palace" is that Friedmann (a
US cryptologist) was ordered to hand over America's deepest secrets (the breach of
japanese ciphers), but the brits did not reciprocate by disclosing ULTRA to the
Americans at that time.
The virtual english nation could work even better if HM subjects (including Australia
and NZ) would show a little more respect for Americans....
------------------------------
From: "Alexis Machado" <[EMAIL PROTECTED]>
Subject: Re: approximating addition vs. xor?
Date: Sun, 8 Apr 2001 16:33:14 -0300
"Peter L. Montgomery" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Using the identities
>
> x + y = OR(x, y) + AND(x, y)
> EOR(x, y) = OR(x, y) - AND(x, y)
>
> the equation x + y = EOR(x, y) reduces to 2*AND(x, y) == 0.
>
> If by x + y you mean the twos' complement sum
> (i.e., modulo 2^W) then you need AND(x, y) == 0 (mod 2^(W-1)).
> The bottom W-1 bits of the AND must vanish.
> These events (for different bits) are independent, each with probability
3/4.
> The overall probability is (3/4)^(W-1).
>
> If you also want the carry bit to be clear, then
> you want AND(x, y) = 0, for which the probability is (3/4)^W.
>
> Tom's formula
>
> { sum from R=0 to W { (W choose R)(1/2)^R } } over 2^W.
>
> simplifies to (1 + 1/2)^W / 2^W = (3/4)^W, by the binomial theorem.
>
Hi Peter,
Just another way to solve.
The sum
S = A + B
The bit i addition carry ('.' is 'and', '~' is 'not')
Ci = Ai.Bi or Ai.Ci-1 or Bi.Ci-1
The bit i addition result
Si = Ai xor Bi xor Ci-1
The probability of "A + B = A xor B" is the same of "Ci-1 = 0" for all i.
Let P(Xi) be the probability of "Xi = 1". Then
P(Ci) = P(Ai.Bi or Ai.Ci-1 or Bi.Ci-1)
= P(Ai.Bi) + P(Ai.Ci-1) + P(Bi.Ci-1)
- 3*P(Ai.Bi.Ci-1) + P(Ai.Bi.Ci-1)
= P(Ai)*P(Bi) + P(Ai)*P(Ci-1) + P(Bi)*P(Ci-1)
- 3*P(Ai)*P(Bi)*P(Ci-1) + P(Ai)*P(Bi)*P(Ci-1)
= 1/4 + P(Ci-1)/2 + P(Ci-1)/2 - 3*P(Ci-1)/4 + P(Ci-1)/4
= 1/4 + P(Ci-1)/2 =>
1 - P(~Ci) = 1/4 + [1 - P(~Ci-1)]/2 =>
P(~Ci) = 1/4 + P(~Ci-1)/2
Note that P(~Ci | ~Ci-1) = 1/4 + 1/2 = 3/4
---
Alexis
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: approximating addition vs. xor?
Date: Sun, 08 Apr 2001 19:36:00 GMT
"Alexis Machado" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> "Peter L. Montgomery" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> > Using the identities
> >
> > x + y = OR(x, y) + AND(x, y)
> > EOR(x, y) = OR(x, y) - AND(x, y)
> >
> > the equation x + y = EOR(x, y) reduces to 2*AND(x, y) == 0.
> >
> > If by x + y you mean the twos' complement sum
> > (i.e., modulo 2^W) then you need AND(x, y) == 0 (mod 2^(W-1)).
> > The bottom W-1 bits of the AND must vanish.
> > These events (for different bits) are independent, each with probability
> 3/4.
> > The overall probability is (3/4)^(W-1).
> >
> > If you also want the carry bit to be clear, then
> > you want AND(x, y) = 0, for which the probability is (3/4)^W.
> >
> > Tom's formula
> >
> > { sum from R=0 to W { (W choose R)(1/2)^R } } over 2^W.
> >
> > simplifies to (1 + 1/2)^W / 2^W = (3/4)^W, by the binomial theorem.
> >
>
> Hi Peter,
>
> Just another way to solve.
>
> The sum
> S = A + B
>
> The bit i addition carry ('.' is 'and', '~' is 'not')
> Ci = Ai.Bi or Ai.Ci-1 or Bi.Ci-1
>
> The bit i addition result
> Si = Ai xor Bi xor Ci-1
>
> The probability of "A + B = A xor B" is the same of "Ci-1 = 0" for all i.
>
> Let P(Xi) be the probability of "Xi = 1". Then
>
> P(Ci) = P(Ai.Bi or Ai.Ci-1 or Bi.Ci-1)
>
> = P(Ai.Bi) + P(Ai.Ci-1) + P(Bi.Ci-1)
> - 3*P(Ai.Bi.Ci-1) + P(Ai.Bi.Ci-1)
>
> = P(Ai)*P(Bi) + P(Ai)*P(Ci-1) + P(Bi)*P(Ci-1)
> - 3*P(Ai)*P(Bi)*P(Ci-1) + P(Ai)*P(Bi)*P(Ci-1)
>
> = 1/4 + P(Ci-1)/2 + P(Ci-1)/2 - 3*P(Ci-1)/4 + P(Ci-1)/4
>
> = 1/4 + P(Ci-1)/2 =>
>
> 1 - P(~Ci) = 1/4 + [1 - P(~Ci-1)]/2 =>
>
> P(~Ci) = 1/4 + P(~Ci-1)/2
>
> Note that P(~Ci | ~Ci-1) = 1/4 + 1/2 = 3/4
That's neat (albeit a somewhat longer proof...)! Thanks for the replies.
Nice to know this group still works.
Thanks a bunch,
Tom
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: JPEG also problematic
Date: Sun, 08 Apr 2001 21:31:32 +0200
Mok-Kong Shen wrote:
> I have no knowledge but wonder voice in normal telephone
> communications couldn't carry stego bits rather easily,
> since all people speak differently (accents, male/female,
> age, etc.) and at different times (health, emotions etc.)
> so that differences due to stego modifications could be
> very hard to detect.
So you would want to distort the phase and amplitude (let's use those crude
frequency domain terms) in order to encode the hidden information ?
I agree this is difficult to detect for an automated system, but then whatbout
the Mk1 acoustic bio-neural system (aka. "ear") ?
There are obviously two major approaches:
1. distorting the bogus signal (voice, music, images, video)
2. distorting the noise of the sampling process
Approach 1 is very difficult to assess, as a difficult-to-understand opponent
(the trainable and genetically varying human brain) is involved.
Approach 2 "only" makes assumptions about mathematical methods.
>
>
>
> M. K. Shen
------------------------------
From: Samuel Paik <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: JPEG also problematic
Date: Sun, 08 Apr 2001 19:41:45 GMT
Frank Gerlach wrote:
> Mok-Kong Shen wrote:
> > I have no knowledge but wonder voice in normal telephone
> > communications couldn't carry stego bits rather easily,
> > since all people speak differently (accents, male/female,
> > age, etc.) and at different times (health, emotions etc.)
> > so that differences due to stego modifications could be
> > very hard to detect.
>
> So you would want to distort the phase and amplitude (let's use those crude
> frequency domain terms) in order to encode the hidden information ?
Multi-channel telephone lines (e.g. T-1) used to steal the lsb of
some data words for signalling. This practice is now mostly gone
since many users now actually want a "digital clear channel"...
--
Samuel S. Paik | [EMAIL PROTECTED]
3D and digital media, architecture and implementation
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Traffic analysis
Date: Sun, 08 Apr 2001 21:39:37 +0200
Mok-Kong Shen wrote:
> Could you elaborate a bit your point on traffic analysis?
TA in the internet age might be a little different than TA in the short-wave
radio and snail-mail age, but the problem is well understood and IMHO solved.
For example, stegano communications should always go through a "hub" and never
directly to the target. The hub should be an unsuspicious bogus server (such
as the "grandparents in London").
The BND allegedly botched it badly when re-using West German addresses for
their operatives in East Germany. The GDR's Stasi were very good in TA (they
would actually be very familiar with NSAGCHQ "vacuum cleaner" methods) and
found the operative this way...
>
> Thanks.
>
> M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
