[Gllug] news mirror sites

mute8 mute8 at mutantswarm.org
Fri Jul 2 17:28:10 UTC 2004


Hi Mike,

>> Steganography is too weak.
> Practical arguments and implementation details aside for a moment, I've
> seen no evidence that steganography would not be adequte for the task,
> and a blanket assertion like that about the technology as whole doesn't
> really hold water without some backup.

Sorry, that's a failing on my part - I was too tired to expand on the  
issue at length at the time.

Here goes:-

To quote Bruce Schneier:-

"...I've seen steganography recommended for secret communications in  
oppressive regimes,
where the simple act of sending an encrypted e-mail could be considered  
subversive.
This is bad advice. The threat model assumes that you are under suspicion  
and want to
look innocent in the face of an investigation. This is hard. You are going  
to be using
a steganography program that is available to your eavesdropper. He will  
have a copy.
He will be on the alert for steganographic messages. Don't use the sample  
image that came
with the program when you downloaded it; your eavesdropper will quickly  
recognize that one.
Don't use the same image over and over again; your eavesdropper will look  
for the differences
between that indicate the hidden message. Don't use an image that you've  
downloaded from the
net; your eavesdropper can easily compare the image you're sending with  
the reference image
you downloaded. (You can assume he monitored the download, or that he  
searched the net and
found the same image.) And you'd better have a damn good cover story to  
explain why you're
sending images back and forth. And that cover story should exist before  
you start sending
steganographic messages, and afterwards. Or you haven't really gained  
anything."

While I don't agree with all of his assumptions, the main thrust of his  
argument is valid IMO.

To make steganography a protocol strong enough for the proposed use  
requires a degree of
sophistication on the part of the communicating parties at least equal to  
that of the putative
cracker, and the knowledge and discipline required to be aware of, and to  
minimise, the
problems - through careful moderation of your sending behaviour, for  
instance. It would be
essential to educate the communicating parties of the pitfalls of the  
approach.
See below for my comments on that.

>> As it stands we are talking about a security protocol that, if breached,
>> could mean the difference between life and death for the receiver.
> Historically, far weaker protocols have been used for exactly this. At
> the end of the day, it is the choice of the user as to whether a
> specific arrangement is "secure enough" to warrant taking the risk. All
> we could do is offer advice and estimate risk.

Yes, but to protect the communicating parties, the "choice of the user"  
must
be an _informed_ choice. Which brings us to the question of how to supply  
sufficient
information to _make_ an informed choice. I'm making an assumption here -  
that
accessing information regarding secure information transfer methods would  
be considered
suspicious enough to get the end user arrested. Chicken and Egg.

>> I really don't think any of us are capable of taking on that
>> responsibility. Let's face it - we are not the people to be  
>> implementing a
>> solution to China's access problems. This needs a concerted effort in
>> diplomatic circles, and there is a reason that that effort has not yet
>> been made.
> That really isn't a good argument. Advocating inaction because you
> believe there are people better placed than you who are doing nothing
> simply becomes something of a self fulfilling prophecy. When everyone
> thinks like that, no-one ever does anything. I'm not necessarily saying
> that members of GLLUG ought to assist here, but I do believe that your
> reasoning as to why they should not is fallacious.

I'm not advocating inaction - I'm advocating a concerted diplomatic  
effort. I'm rather
afraid though that while China remains a thriving opportunity for foreign  
investment,
foreign powers with commercial interests in China will be unwilling to  
rock the boat
- at least until the matter attains a higher priority (by becoming an  
electable issue,
for instance).

I'm a fervent advocate of direct action, but where a robust, tested,  
process for dealing
with problems such as these exists, it would seem foolish to not try that  
route first - at
least in concert with other, individual efforts.

I believe it to be our responsibility to raise the profile of the issue  
with our own
governments, and persuade them to apply diplomatic pressure. In some way  
we need to make
the prospect of deregulation attractive to the Chinese government. There  
is a recent
precedent - the trade deregulation I mentioned earlier - and our own  
investment in China
gives us an amount of leverage at the very least in this direction.

This is assuming, of course, that we have the right to interfere in the  
policies and
workings of a foreign sovereign state - a tricky position at best,  
particularly considering
events of the last two years.

>> It really helps if you don't upset more than one government at a time.
> Surely upsetting governments comes down to what priciples people are
> prepared to stand up for? Would you advocate not worrying about freedom
> of speech if you were up against more than one government? Come to think
> of it, given the situation on China, isn't that exactly what you are
> advocating?

No - I was talking about upsetting your _own_ government as well as the  
Chinese
government. No government I know would allow development of a secure,  
publicly available
method of information transfer - at the very least on the grounds of  
national security.
Think back to the furore over PGP caused by the NSA in the US - the  
subsequent advocation of
escrow keys, mandatory backdoors and deliberately weakened encryption  
methods that followed.

>> Still - if anyone has any half-sane ideas, I'm open to suggestions.
> There are a number of technical solutions, some of which have already
> been put forward. They are quite possibly "good enough" to prevent
> someone seeing what's being done. However, in a police state, it isn't
> necessary to prove guilt - suspicion is ample grounds for execution or
> permanent incarceration. Whether the end users want to run that risk or
> not is another matter.

I wasn't denigrating the ideas - just that regardless of whether a  
solution is technically
"good enough", that the use of the solution requires a high level of  
sophistication by both
communicating parties - in order to make it work plausibly and with the  
highest possible
safety margins.

Even though our communications could be made to appear innocuous in  
_content_, it is possible
to extrapolate a degree of information from the _pattern_ of  
communications - enough to alert
the authorities that something is amiss.
Confounding this sort of signals intelligence requires a great deal of  
planning and creativity.
You need to establish a "control" pattern of communication ahead of time,  
and then fit your illicit
activities into the existing pattern to hide them - and the overall effect  
still needs to
fall within the acceptable parameters for "innocent" behaviour. This is  
not an easy thing to do.

> Mike.

All the best,

Mute8
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list