On Tue, Jan 25, 2000 at 04:51:12PM -0800, Nelson Minar wrote:
> Of course, this isn't easy to do - "matching statistical properties"
> isn't a simple closed problem. But I bet you could do fairly well in
> certain circumstances. For instance, Linux uses a strong random number
> when starting a TCP connections. I bet you can hide a few bits of data
> in there and no one will see it.
Any protocol that uses MACs (message authentication codes) could also
work. Replace the last N bits of the MAC with your encrypted data. The
MAC verification would fail at the other end, but if the recipient
expected stegoed data there they could check the first (MACsize - N)
bits and still detect tampering while receiving the hidden data.
This should work because only the participating parties can verify the
MAC. To an observer the MAC is just cryptographic noise with exactly the
same statistical properties as the ciphertext you want to hide.
If the remaining MAC bits authenticated the embedded ciphertext as well
as the normal plaintext data then your protocol would function exactly
as it did before- If anyone tampered with your data or the MAC then your
software would reject the altered data just as it would if you weren't
doing any stego at all. This is important because it would prevent your
stego activities from being detected by an active attack on the
protocol.
I think I suggested something like this before, shortly after Rivest's
"Chaffing and Winnowing" hit the 'net.
