[Cryptography] stego mechanism used in real life (presumably), then outed
Ray Dillinger
bear at sonic.net
Wed Jun 7 15:34:06 EDT 2017
Text documents (plain text) have very little 'extra' bandwidth for
identifying stego. But considering it, there's a level where content
and stego become indistinguishable, and you can 'watermark' a text
document in ways that will even survive retyping on a manual typewriter.
It would be easy (and possibly useful, for agencies trying to control
leaks) to have programs that automatically edit documents to
occasionally create minor variations in sentence structure without
changing the factual content. Seed the program with a serial number,
process a document to produce a 'copy' when saving, and a sister program
could then recover the serial number based on selected sentence
structures in the document.
You'd want it to avoid editing any direct quotes, but otherwise there
are a dozen things you could do to most sentences in English to change
the word order or clausal structure that wouldn't affect the information
content at all. Two or three per thousand characters, and leaked text
would become easily traceable.
The downside is that such minor sentence-structure clues are sometimes
useful in author attribution, and you'd be losing some part of that
information. Not usually an issue, but sometimes, especially if you
were being sneaky and trying to embed it in the 'cp' command or
something so it might be used on documents where you really needed that
information, it could bite you in the shorts.
[digression]
On a related note, there was a pseudo-stego that mapmakers used to use,
to catch each other if somebody tried to sell copies of their maps
instead of doing the cartography themselves. They had mapped subtly
different, alternate versions of America.
If your local geography happened to match the idea of "out of the way
and on no path from any real place to anyplace else" you'd notice them
occasionally and wonder what the mapmakers had been smoking.
Where I grew up out between the boondocks and the sky, there was a
fictitous town where a dirt road dead-ended in the next county. The
rancher who owned the land put up a city limit sign there with
"Population: 0". He kept a little box out there containing an accurate
map, a compass, a cache of a couple of K-rations, and directions to his
house (an 8-mile walk from there) just in case somebody had car trouble
and had gone there by mistake. I was with him once when he rotated the
cache contents, while fixing fences.
There was also a fictitious quarry (marked as a long-closed railroad
gravel pit) in a pasture less than six miles from my hometown, which we
saw on maps from a different company. I figured it was bullshit, but
I'd never actually seen the middle of that particular pasture and I was
a curious kid, so I still walked out there once just to have a look.
[/digression]
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170607/009cdef4/attachment.sig>
More information about the cryptography
mailing list