[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Covert Superhighway - the missing component?

At 09:59 AM 1/14/98 +0000, Ross Anderson wrote:
>Scratch Monkey proposes building an Eternity service using the Stego
>File System, provided an anonymous broadcast channel exists - it's
>assumed that alt.anonymous.messages will do the job.
>I suspect that wide deployment of Eternity would lead to this group
>being closed down. We need a more robust anonymous broadcast
>channel. Let's call it the `Covert Superhighway'. How do we build it?

Usenet is useful for this because flood routing works well,
and because millions of people send hundreds of megabytes a day
of cover traffic, and tens or hundreds of thousands of machines
are connected to it, so any individual machine connecting or
retrieving traffic from it is not suspicious.  It's also useful
because forgery is easy and tracing is tedious, and because there's
no central control in spite of the occasional cabals.

If we build a sub-usenet to carry our traffic, it's easy to
build good flood routing (and most of the tools can be reused),
but it isn't easy to get millions of users and thousands
of machines of cover traffic to piggyback on unless you
either create something new and really cool, or unless you
find something already cool, decentralized, and loud
to piggyback on that doesn't make your traffic noticeable.

Some directions to look:
- Stego inside Voice-over-IP - (Ron Rivest's suggestion)
This can either work because yet another phone call isn't
very suspicious, though traffic analysis is a possibility,
or you can develop the Killer Voice App for the Masses
which does store&forward of its own bits without telling them.
- IRC is one possibility, though I don't know how big it is.
- CU-SeeMe reflectors are fun, and you can stego a lot of traffic
inside your pictures.
- Ship Anonymizers with every copy of Apache (or Apache-SSL),
which is the most popular web server in the net.
- Webcam Stego for webcams with high-entropy changing pictures,
e.g. cloudy skies or oceans rather than mostly-static coffeepots.

Adam Back's idea of piggybacking on gaming nets could be 
among the more interesting approaches, at least for games
that don't have a central control system.

In general, I'd guess that the limits of stego are that
you can't really hide more than about 10% contraband
inside your cover material, and for some methods it's a
lot less.  If you assume the typical user has a 28.8 line,
you can get maybe the equivalent of 2400 bps of real traffic.
Fine for banking; a bit rough for selling lots of large images,
too slow for live speech.
Bill Stewart, [email protected]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639