Cryptography Reference
In-Depth Information
extraneous information and noise to save space. This is why many
researchers suggest that the only long-term solution is to hide infor-
mation in the salient features, the actual visible or audible parts of a
file.
Wojciech Mazurczyk
and Krzysztof
Szczypiorski found that
Voice Over IP calls could
hide information
because the algorithms
work around missing
packets— or packets
replaced with hidden
messages.[MS08]
Here's a counter approach: Instead of hiding information in the
data itself, hide information in the gaps in the data structures, in the
places where the software won't look for it.
Consider how to join these two facts: (1) GIF files, like most files,
begin at the beginning of the data with a few bytes that describe
the size of the data, while (2) ZIP files begin at the end with a table
that describes the location of data inside. This makes it possible to
concatenate a GIF file and a ZIP file so that both are still decodable,
at least least in theory. Just type this on a Mac or UNIX box:
cat somefile.zip >> somefile.gif
This will append
somefile.zip
to the end of
somefile.gif
. t
essentially hides a GIF file at the beginning of a ZIP file or a ZIP file
at the end of the GIF file. A program looking for a GIF file will start at
the beginning, decode the header information describing the size of
the image, and then unpack it beginning at the very beginning. A ZIP
file decoder will do the same, but from the end. I assume that the ZIP
file was designed this way to make it easier to add more files to a ZIP
file by just appending them to the end.
Neither software package will notice the other— unless there are
some unspoken assumptions made by the programmers. It's entirely
possible that a clever programmer will mix up the two different val-
ues: (1) the length of the file as described by the header and (2) the
length of the file as described by the operating system. This will lead
the results to crash nonstandard implementations.
“K is for Keeler, As fresh
as green paint, The
fastest and mostest To
hit where they
ain't.”-Ogden
Nash[Nas49]
21.3 Other Formats
Many formats make it easy to add freeloading data to a file. In fact,
good programmers have been pushing this as a design feature for
software because it makes it simpler to improve software without
crashing older versions. A good file format will include a mechanism
to add more data later in case the need becomes necessary.
Many of themodern tagged languages like XML (ExtensibleMarkup
Language) or its cousins like SGML (Standard Generalized Markup
Language) or HTML (Hypertext Markup Language) are designed to
let the programmer toss in additional information or create addi-
tional data as necessary.
Here's a common example:
