Cryptography Reference
In-Depth Information
13.12 Summary
The order of objects in a set is a surprisingly complex stream of infor-
mation that offers a correspondingly large opportunity for stegano-
graphy. Sometimes an adversary may choose to change the order of a
list of objects in the hope of destroying some steganography. Some-
times the data objects take different asynchronous paths. In either
case, a hidden canonical order defined by some keyed function,
f
,is
a good way to restore the order and withstand these attacks.
The idea can also be turned on its head to store information.
Changing the order of objects requires no change in the objects
themselves, eliminating many of the statistical or structural forms
of steganalysis described in Chapter 17. There are no anolomies cre-
ated by making subtle changes. The result can hold a surprisingly
large amount of information.
objects can store log
n
! bits.
Of course, sometimes subtle changes may need to bemade to add
cover. Many lists are sorted alphabetically or according to some other
field of the data. This field could be an artificially generated system
t act as a cover. A list of people, for instance, might be sorted by a
membership number generated randomly to camoflage the reason
for sorting it.
n
The Disguise
Any set of
,canconceallog
n
! bits
of information in the sorted order. This information can be
keyed or hidden by sorting on
n
items,
{x
1
,...,x
n
}
f
(
x
i
) instead of
x
i
,where
f
is
an encryption or hash function.
Some decoy packets can also distract eavesdroppers if another
function,
, can be used to create a secure signature or mes-
sage authentication code that distinguishes between valid and
invalid packets.
Sometimes the attacker will rearrange the order of a set of ob-
jects to destroy amessage. Sorting the objects with the function
f
g
before processing them is a good defense.
How Secure Is It?
The security depends on both the quality of the
camouflaging data and the security of
. Ifthesetofobjects
is a list that seems completely random, then it is unlikely to
receive any scrutiny. The information can only be extracted if
the attacker discovers the true order of the set—something that
a solid encryption or hash function can effectively prevent.
f
How to Use It?
Choose your objects for their innocence, choose an
encryption function, choose a key, compute
f
(
x
i
) for all ob-
