1994-02-18 - Mimicry

Header Data

From: szabo@netcom.com (Nick Szabo)
To: sergey@delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Message Hash: 9500df12496f5b5f78015c6c24e5d3aa86dfaefb7afdb89a03b27811135c6097
Message ID: <199402180810.AAA23236@mail.netcom.com>
Reply To: <Pine.3.89.9402172335.E9841-0100000@delbruck.pharm.sunysb.edu>
UTC Datetime: 1994-02-18 08:10:56 UTC
Raw Date: Fri, 18 Feb 94 00:10:56 PST

Raw message

From: szabo@netcom.com (Nick Szabo)
Date: Fri, 18 Feb 94 00:10:56 PST
To: sergey@delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Subject: Mimicry
In-Reply-To: <Pine.3.89.9402172335.E9841-0100000@delbruck.pharm.sunysb.edu>
Message-ID: <199402180810.AAA23236@mail.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Specific comment:

Sergey Goldgaber suggests hiding files amongst the disk blocks
marked "deleted" by the filesystem.  

This sounds practically equivalent to implementing an alternative file 
system with its own FAT, etc.  In addition to the problems and solutions
Sergey mentioned, the true/surface/original filesystem must be slightly
modified so that it doesn't bash the hidden filesystem in the
process of making new files.  Of course, it will look rather funny
when the disk runs out of space several tens of megabytes below
the manufacturer's specs.  

This hidden file system feature might fit in naturally with
SecureDrive which implements an encrypted file system.

General comments:

Encryption and mimicry are both a matter of economics.
Unfortuneately, as with most mimicry, the effort needed to
find the hidden filesystem is easier than the effort needed
to implement and maintain the hidden filesystem.  ("Effort"
here is primarily programmer and user effort, not computer
resources).

It also costs to hide encrypted data in noise; in this case
the cost is mostly bandwidth.  This must be traded off with the
fact that nobody is going to be either (a) banning compression or
noise-containing data or (b) sampling significant fractions of 
compressed and noisy files that cross the net to see if they're 
actually encrypted.  Both passage and enforcement of anti-cryptography 
laws will be greatly discouraged by widespread use of mimicry
(including steganography).

This is also a good opportunity to put in my plug _in favor_
of "security through obscurity" as a good practical solution to
some problems.  For example, the task of scanning the net gets 
super-linearly more expensive with the number of data formats used 
(since the cost of implementing software is super-linear with its raw 
complexity).  Simply having a wide variety of fax, compression, sound, 
video, encryption, etc. formats will quickly make the cost of
automated scanning efforts prohibitive.  Interoperability
favors standardization, but security and privacy favor
incompatability with the popular formats used by the snoopers.  

Nick Szabo				szabo@netcom.com




Thread