RE: steganography

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Wed Oct 03 2001 - 08:34:39 MDT


Smigrodzki, Rafal wrote,
> Suppose I use a one-time pad to specify a small number of positions
> on a page as significant, randomly distributed throughout the page.
> Then if the character filling a position is from "a" to, let's say,
> "m" - it will be read as "1", if it's "n" to "z" -it means "0". I
> write a text that fills the page, is grammatically and semantically
> correct, and contains, in the specified positions, the correct
> characters to encode my message.

This may be a good idea. I don't have time to do a full security analysis
of it. But off the top of my head, what might make this secure is the
one-time pad. One-time pads are known to be secure. Also, you distribute
the one-time pad in a separate channel. As such, part of the message is not
contained in the part that might be intercepted. In a way, they can't
decode the message from the intercepted part because it's not all there.

The "classic" security problems with this would be key distribution. You
must be able to get the one-time pad to your recipient safely, without
detection and interception. This means you must establish at least one
perfectly secure channel for a message without using this good security.
This good security thereafter is only as strong as the original secure
channel was. Although one-time pads are good, the security of the first
transmission of the one-time pad itself is left up to the user.

Without much analysis, I assume any method using a one-time pad is more
secure than strong encryption. Strong encryption is better than weak
encryption. Weak encryption is better than cipher codes. Ciphers are
better than obscurity (hiding noncoded messages). Steganography itself
without additional encryption falls down in the range of obscurity or at
best as weak encryption. (The message itself can be more strongly encrypted
before using steganography, however.)

--
Harvey Newstrom <www.HarveyNewstrom.com>
Principal Security Consultant, Newstaff Inc. <www.Newstaff.com>
Board of Directors, Extropy Institute <www.Extropy.org>
Cofounder, Pro-Act <www.ProgressAction.org>



This archive was generated by hypermail 2b30 : Sat May 11 2002 - 17:44:11 MDT