From: Karl Barrus <elee9sf@Menudo.UH.EDU>
To: cypherpunks@toad.com
Message Hash: fbdc34721e8da27a01deb6212569a5927ff8b5dbf61ace921fb77c9f1fd82d21
Message ID: <199307230404.AA00923@Menudo.UH.EDU>
Reply To: N/A
UTC Datetime: 1993-07-23 04:05:16 UTC
Raw Date: Thu, 22 Jul 93 21:05:16 PDT
From: Karl Barrus <elee9sf@Menudo.UH.EDU>
Date: Thu, 22 Jul 93 21:05:16 PDT
To: cypherpunks@toad.com
Subject: STEG: subliminal messages
Message-ID: <199307230404.AA00923@Menudo.UH.EDU>
MIME-Version: 1.0
Content-Type: text/plain
[I'm forwarding mail from Eric which was meant for the list as well]
From: Eric Hughes <hughes@soda.berkeley.edu>
To: elee9sf@Menudo.UH.EDU
>An interesting related topic is subliminal channels and messages. A
>subliminal channel is one in which communication takes place without
>an external observer realizing it.
[summary deleted]
Gus Simmons has recently written a paper on subliminal channels in the
DSA (the one PKP is about to license). The paper as of yet is not
officially published, but likely will be at Crypto '93 next month.
I've seen a copy of the paper, but don't have a copy.
I do, however, remember this one line. "The DSA provides the most
hospitable environment for subliminal channels in any system yet
seen." (Almost verbatim, but not quite.)
Assume this is true. (I believe Simmons, myself.) What might this
mean? Suppose some agency of the government makes digital signatures
on some certificate for individuals. To take a concrete example, take
driver's licenses. The subliminal channel in the signature might be
used to encode, say, the following:
1. number of drunk driving convictions
2. number of drunk driving arrests
3. insurance rating
4. whether this person is suspected of habitually
a. merchandising narcotics
b. carrying large amounts of cash
c. looking at child pornography
d. wanting to kill police officers
e. carrying concealed messages
Since the signature itself contains this information, and since the
channel is subliminal, the only way to know whether the channel
carries data is to see the software.
For this reason the DSA should not be used by government agencies to
make certificates for individuals. It should be scrapped for this
purpose and some other algorithm designed which has a provable upper
bound on the subliminal channel of less than one bit.
Eric
Return to July 1993
Return to “Karl Barrus <elee9sf@Menudo.UH.EDU>”
1993-07-23 (Thu, 22 Jul 93 21:05:16 PDT) - STEG: subliminal messages - Karl Barrus <elee9sf@Menudo.UH.EDU>