Looking for feedback on Passive Privacy System
Marlow, Andrew (London)
MarloAnd at exchange.uk.ml.com
Fri Mar 16 09:36:00 CET 2001
> -----Original Message-----
> From: Aaron Sherman [SMTP:ajs at ajs.com]
> Sent: Thursday, March 15, 2001 4:43 PM
> To: gnupg-devel at gnupg.org
> Subject: Re: Looking for feedback on Passive Privacy System
>> If you're going to use steganography (or a subliminal channel of
>> sort) to hide email, that's great.
>> Is that a reason to not encrypt?
I think that perhaps I didn't make myself clear enough.
I am saying that I need to use encryption AND steganography.
the privacy, and deniable steganography protects against RIP.
encryption is security-through-obscurity. You need to have both
(well, in the UK you do....).
>> If your mailer encrypts without your having to get involved,
>> can still go through all of the steganographic hoop-jumping you
This sounds negative to me. I don't like jumping through
hoops - I'm not fit enough! I wish we didn't have to use
steganography. GPG ought to be
enough. But not with RIP around.
>> This gets you three things: 1) mail on the wire is encrypted so
>> non-authorities cannot snoop
They can snoop and RIP gives them the green light to do so.
>> 2) you have to be told if someone wants
>> to tap your communications
Big deal. By then it is too late. :-(
>> 3) you have a duress mechanism: when they
>> ask you to reveal the key, you do so, and they get the mail with
>> subliminal channel, but no knowledge of the subliminal channel
True. I did work on extending a steganographic system
a while back to support a duress key. The system I looked at was
SNOW, by Mat Kwan
(he gets a mention in "Applied Cryptography" BTW). However, to be
any good, the
security of a steganographic system must be in its deniability. We
must assume that the
interceptor has knowledge of all steganographic algorithms otherwise
we are back to
security-through-obscurity. This is why I am interested in
integrating public-key encryption
with deniable steganography. When asked for the key you simply deny
that there is
a message present. This makes a duress key unnecessary. The bit
stream recovered by
application of the steganographic algorithm is the bits that
comprise the GPG ASCII armoured
text, with random bits added after the message (and some mechanism
to determine where
the message ends).
More information about the Gnupg-devel