[Cryptography] Directed Covertraffic was: propaganda on "hurdles for law enforcement"

[Peter Fairbrother]

On 27/07/14 00:45, Richard Outerbridge wrote:
> On 2014-07-26 (207), at 16:04:10, Peter Fairbrother
> <zenadsl6186 at zen.co.uk> wrote:
>
>> On 25/07/14 22:24, John Denker wrote:
>>
>>> [….]
>
>>> To say the same thing in more constructive terms: This serves as
>>> an example of /cover traffic/.
>>
>> There is a another, different hypothesis - that the lump of data is
>> the same lump of data, possibly re-encrypted, as another lump of
>> data somewhere else.
>>
>> Perhaps we need a new definition of (pseudo-) random for that
>> situation.
>>
>> On a personal note, I have been struggling with this idea, in terms
>> of cover traffic, for the last 9 or 10 years - but I haven't gotten
>> anywhere much beyond the obvious, nothing noticeably brilliant :(
>>
>> IMO. the whole subject of cover traffic needs to be investigated
>> much further, and with rigor.
>>
>> Take, as an example, a steganographic filing system where the files
>> are kept in a public cloud, and it is easy for an observer to see
>> when encrypted files are stored and recovered.
>
> Take, as an example, a one time hotline, a digital one time pad,
> constantly occupying a certain channel with indistinguishable noise.
> And every once in a while a signal gets added to the noise. __outer

That's fine, if you have the circumstances and resources.

But suppose that a OTP is not possible, perhaps for difficulty of key 
exchange reasons. An attacker might well want to find out whether a 
pre-arranged real random string (we assume the attacker knows the 
string), whose presence sets off the bombs, was sent.

But it is the string which sets off the bombs!!!, and the sender does 
not want to be caught, so he can't send it in clear. The sender might 
encrypt the sequence with a nondeterministic encryption, and then it may 
be super-encrypted for the link; the sender may not want the link 
operator to know what was sent - even though it is just a random string.

The point here is that even though the string is random, it is 
significant, it has a real-world meaning derived from context which is 
not related to it's Shannon etc entropies.

I think we need to make that clear, this string is different from any 
other random string of the same size - even though it is a real random 
string.



To go back a bit, let's also suppose there are bandwidth restrictions, 
so you can only send say 100 packets per day. Further suppose you need 
to send say 20 real packets per day and, as these are urgent, you have 
to send a packet at very short notice, in a short time interval, say 10 
seconds. Obviously, you can't send a packet every ten seconds.

Now suppose an attacker observes or causes an event - the attacker wants 
to know whether the system needs to respond to the stimulus. How do you 
hide that behaviour?

One technique which might help would be to respond to any stimulus, 
whether the system needs to or not.



That is an example of what I call directed covertraffic - it doesn't 
cover everything with a constant random flow (perhaps because we can't 
do that, or it's too expensive), but fake traffic created to cover only 
specific aspects of the real comms flow on the channel.

Another example of directed covertraffic would be where you want to hide 
some suspicious activity - you make fake patterns of packets (or 
whatever is observable by an attacker) which look like suspicious 
activity. Done properly, the attacker can't tell which is real.

Unfortunately I haven't gotten much further in developing a theory of 
directed covertraffic - well, a little, but not as far as I would like. 
Einstein once said "I need more maths" - I know how he felt.

(no, I am not comparing myself to Einstein!)

-- Peter Fairbrother