[Cryptography] Directed Covertraffic was: propaganda on "hurdles for law enforcement"
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sun Jul 27 02:12:53 EDT 2014
On 27/07/14 00:45, Richard Outerbridge wrote:
> On 2014-07-26 (207), at 16:04:10, Peter Fairbrother
> <zenadsl6186 at zen.co.uk> wrote:
>
>> On 25/07/14 22:24, John Denker wrote:
>>
>>> [….]
>
>>> To say the same thing in more constructive terms: This serves as
>>> an example of /cover traffic/.
>>
>> There is a another, different hypothesis - that the lump of data is
>> the same lump of data, possibly re-encrypted, as another lump of
>> data somewhere else.
>>
>> Perhaps we need a new definition of (pseudo-) random for that
>> situation.
>>
>> On a personal note, I have been struggling with this idea, in terms
>> of cover traffic, for the last 9 or 10 years - but I haven't gotten
>> anywhere much beyond the obvious, nothing noticeably brilliant :(
>>
>> IMO. the whole subject of cover traffic needs to be investigated
>> much further, and with rigor.
>>
>> Take, as an example, a steganographic filing system where the files
>> are kept in a public cloud, and it is easy for an observer to see
>> when encrypted files are stored and recovered.
>
> Take, as an example, a one time hotline, a digital one time pad,
> constantly occupying a certain channel with indistinguishable noise.
> And every once in a while a signal gets added to the noise. __outer
That's fine, if you have the circumstances and resources.
But suppose that a OTP is not possible, perhaps for difficulty of key
exchange reasons. An attacker might well want to find out whether a
pre-arranged real random string (we assume the attacker knows the
string), whose presence sets off the bombs, was sent.
But it is the string which sets off the bombs!!!, and the sender does
not want to be caught, so he can't send it in clear. The sender might
encrypt the sequence with a nondeterministic encryption, and then it may
be super-encrypted for the link; the sender may not want the link
operator to know what was sent - even though it is just a random string.
The point here is that even though the string is random, it is
significant, it has a real-world meaning derived from context which is
not related to it's Shannon etc entropies.
I think we need to make that clear, this string is different from any
other random string of the same size - even though it is a real random
string.
To go back a bit, let's also suppose there are bandwidth restrictions,
so you can only send say 100 packets per day. Further suppose you need
to send say 20 real packets per day and, as these are urgent, you have
to send a packet at very short notice, in a short time interval, say 10
seconds. Obviously, you can't send a packet every ten seconds.
Now suppose an attacker observes or causes an event - the attacker wants
to know whether the system needs to respond to the stimulus. How do you
hide that behaviour?
One technique which might help would be to respond to any stimulus,
whether the system needs to or not.
That is an example of what I call directed covertraffic - it doesn't
cover everything with a constant random flow (perhaps because we can't
do that, or it's too expensive), but fake traffic created to cover only
specific aspects of the real comms flow on the channel.
Another example of directed covertraffic would be where you want to hide
some suspicious activity - you make fake patterns of packets (or
whatever is observable by an attacker) which look like suspicious
activity. Done properly, the attacker can't tell which is real.
Unfortunately I haven't gotten much further in developing a theory of
directed covertraffic - well, a little, but not as far as I would like.
Einstein once said "I need more maths" - I know how he felt.
(no, I am not comparing myself to Einstein!)
-- Peter Fairbrother
More information about the cryptography
mailing list