Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Wednesday November 18 2015, @10:28AM   Printer-friendly
from the like-looking-in-a-mirror dept.

A mimic function changes a file A so it assumes the statistical properties of another file B. That is, if p(t,A) is the probability of some substring t occuring in A, then a mimic function f, recodes A so that p(t,f(A)) approximates p(t,B) for all strings t of length less than some n. This paper describes the algorithm for computing mimic functions and compares the algorithm with its functional inverse, Huffman coding. It also provides a description of more robust mimic functions which can be defined using context-free grammars.

In his short story, "The Purloined Letter", Edgar Allan Poe describes a search by the police for an incriminating letter. The police ransack the house and pry open anything that might be hiding it, but they cannot find it. They look for hidden compartments, poke in mattresses and search for secret hiding spaces with no success. The detective, C. Auguste Dupin, goes to the house and finds the letter hidden in a different envelope in plain sight. He says, "But the more I reflected upon the daring, dashing and discriminating ingenuity, ... the more satisfied I became that, to conceal this letter, the Minister had resorted to the comprehensive and sagacious expedient of not attempting to conceal it at all."

In many ways, the practical cryptographer faces the same problem. Messages need to get from one place to another without being read. A traditional cryptographer tries to guarantee the letter's security by sealing the message in a mathematical safe and shipping the safe. There is no attempt made to hide the fact that it is a letter at all. The cryptanalyst attacking the message may or may not be able to break the code, but he has little problem finding and identifying the carrier.

Many of the histories written about the cryptography community, however contain stories of how the analysis of the message traffic alone lead to intelligence coups. Mimic functions hide the identity of a text by recoding a file so its statistical profile approximates the statistical profile of another file. They can convert any file to be statistically identical to, for instance, the contents of the USENET newsgroups like rec.humor or the classified section of the Sunday New York Times. Their contribution to security is largely founded upon the assumption that the explosion of information traffic makes it impossible for humans to read everything. Anyone watching must use computers outfitted with statistical profiles to weed the interesting data from the mundane.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Covalent on Wednesday November 18 2015, @10:42AM

    by Covalent (43) on Wednesday November 18 2015, @10:42AM (#264792) Journal

    But this would seem to have a major flaw, which is described in the summary: analysis of everything. In the story the detective does eventually find the letter by looking for it where it "shouldn't" be. Modern intelligence gathering could similarly find this file simply by scanning everything. That may be thwarted by generating and communicating a nearly infinite amount of information, but anything short of that and the three letter agencies have the time, tech, and manpower to scan everything you have, and thus find this.

    However, using both mimic functions and good encryption on everything would make finding one damning file in a sea of mundanity nearly impossible. We should all be doing this at all times. I've often wondered when a hero coder (I'm looking at you SN community) will release such a tool - a plugin for email and text and maybe social media too that encrypts and salts and floods (I was looking for a better verb than this but thought of none. Ideas?) your communications with so much encrypted noise that it looks like you are broadcasting static when in fact you are just broadcasting mostly static interspersed with the communications you want.

    In the meantime, encrypt everything, especially the mundane stuff you would volunteer to the FBI without even thinking about. At the very least it will slow them down and wrest the 4th amendment from their grubby little hands.

    On a side note, how do we drum up fervor for that previous right the way the NRA has done for the 2nd amendment? If rather have #4 than #2 honestly, but I'm left holding s gun while the Feds search through my stuff anyway (if they want to, that is).

    --
    You can't rationally argue somebody out of a position they didn't rationally get into.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by FakeBeldin on Wednesday November 18 2015, @11:14AM

    by FakeBeldin (3360) on Wednesday November 18 2015, @11:14AM (#264796) Journal

    If everyone encrypts everything (with reasonably functioning cryptosystems), then everything will be a bland sea of statistical randomness anyway.
    So the tools already exist for most typical uses (e.g. https, s/mime, ssh, powerpoints*, etc.). It's just the question of spreading the use. For the web, there's a lot of initiative ongoing. For remote connections in nonwindows environments, I think ssh is already king of the hill. Email and presentation software are sadly limping behind.

    * okay I made that one up. Love the idea though!

    • (Score: 1) by nitehawk214 on Wednesday November 18 2015, @07:43PM

      by nitehawk214 (1304) on Wednesday November 18 2015, @07:43PM (#265034)

      I think this is one of the stated reasons why the three letter agencies are against everyone doing end-to-end encryption all the time. It makes it orders of magnitude more difficult for them to filter everything. Also if only a few people are doing encryption, they can use the "If you have nothing to hide..." argument to simply spy on them all the time.

      --
      "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
  • (Score: 2) by FatPhil on Wednesday November 18 2015, @12:55PM

    by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Wednesday November 18 2015, @12:55PM (#264819) Homepage
    You need multiple layers for this to be useful.

    Firstly, you encrypt your sensitive document. It now looks like noise, and therefore is suspicious. Then you use this expansion technique to make it look indistinguishable from a typical document whatever that may mean. I've not read the article, but the summary makes no mention of a key, and thefore this is nothing more than steganography. Kerckhoffs' law implies that a system with no key is insecure, you only get security from the key, so you must first encrypt.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves