Looking for feedback on Passive Privacy System

Marlow, Andrew (London) MarloAnd@exchange.uk.ml.com
Fri Mar 16 09:36:00 2001 


> -----Original Message-----

> From:	Aaron Sherman [SMTP:ajs@ajs.com]

> Sent:	Thursday, March 15, 2001 4:43 PM

> To:	gnupg-devel@gnupg.org

> Subject:	Re: Looking for feedback on Passive Privacy System

> 

	>> If you're going to use steganography (or a subliminal channel of
any
	 >> sort) to hide email, that's great.
	 >> Is that a reason to not encrypt?

	I think that perhaps I didn't make myself clear enough.
	I am saying that I need to use encryption AND steganography.
Encryption provides
	 the privacy, and deniable steganography protects against RIP.
Steganography without
	 encryption is security-through-obscurity. You need to have both
working together
	 (well, in the UK you do....).

	 >> If your mailer encrypts without your having to get involved,
then you
	 >> can still go through all of the steganographic hoop-jumping you
	 >> wish. 
	This sounds negative to me. I don't like jumping through 
	hoops - I'm not fit enough! I wish we didn't have to use
steganography. GPG ought to be 
	enough. But not with RIP around.

	 >> This gets you three things: 1) mail on the wire is encrypted so
	 >> non-authorities cannot snoop
	They can snoop and RIP gives them the green light to do so.

	  >>  2) you have to be told if someone wants
	  >> to tap your communications
	Big deal. By then it is too late. :-(

	 >>  3) you have a duress mechanism: when they
	 >> ask you to reveal the key, you do so, and they get the mail with
the
	  >> subliminal channel, but no knowledge of the subliminal channel
itself.
	True. I did work on extending a steganographic system
	a while back to support a duress key. The system I looked at was
SNOW, by Mat Kwan
	 (he gets a mention in "Applied Cryptography" BTW). However, to be
any good, the
	security of a steganographic system must be in its deniability. We
must assume that the
	interceptor has knowledge of all steganographic algorithms otherwise
we are back to
	security-through-obscurity. This is why I am interested in
integrating public-key encryption
	with deniable steganography. When asked for the key you simply deny
that there is
	a message present. This makes a duress key unnecessary. The bit
stream recovered by
	application of the steganographic algorithm is the bits that
comprise the GPG ASCII armoured
	text, with random bits added after the message (and some mechanism
to determine where
	the message ends).

	-Andrew M.