from the secret-message?-what-secret-message? dept
Over the last year, we have learned that keeping things secret as they pass over the Internet is much harder than we thought because of the extraordinary NSA and GCHQ surveillance programs revealed by Edward Snowden’s leaks. One of the problems with traditional encryption is that its opaque text flags up rather obviously that something is being hidden. An alternative approach, known as steganography, tries to get around that by hiding secret messages in other kinds of text or images in such a way that it is not obvious — for example, by changing individual pixels — and therefore does not attract unwanted attention.
Those carrying out surveillance are of course perfectly aware of steganography, and have methods that allow them to inspect files for subtle changes that indicate there are hidden texts. In the usual arms-race fashion, this has now led to the development of a more advanced kind of steganography that hopes to evade those tools. It comes from Bram Cohen, creator of the important file-sharing protocol and software, BitTorrent. His new system bears the dramatic name “DissidentX”; here’s how it works:
Cohen has programmed DissidentX to serve as a customizable framework for steganography that can use any method of tweaking a file from adding spaces at the end of a text file’s lines to adding pixels to a video. But unlike older steganographic tools, those alterations to the camouflage file known as the “cover text” don’t serve as a set of on-or-off bits to encode the secret message. Instead, DissidentX makes the changes such that when the recipient puts the entire file through a cryptographic function known as a “hash” — a transformation that converts it into a unique string of characters — it produces an encrypted version of the sender’s message, ready to be decrypted with the recipient’s key.
As well as this more subtle approach, Cohen’s DissidentX has another big advantage over traditional steganography:
He’s designed DissidentX to allow multiple secret messages to be encoded in an altered file, each of which can only be read with different decryption keys. That means a single text file or video could hold messages intended for multiple recipients, or additional false messages can also be encoded into the file as red herrings.
As the article in Forbes quoted above points out, this could be important for dissidents who face the prospects of being tortured for their decryption key: alongside the real message, kept secret, a dummy text that can be given up to the authorities could be stored as well.
It’s a clever approach, albeit with one drawback: the visible text in which the steganographic message is hidden has to be around 500 times longer than the invisible one. Sending such long texts might in itself draw some attention, but Cohen hopes to reduce that size factor in future versions. In any case, it doesn’t really matter whether or not this particular steganographic system takes off; what’s important is that people like Cohen are coming up with a range of new ways to thwart the surveillance state we find ourselves inhabiting.