O O Ø O O O O
One Step Back And A Couple To The Side
Winnowing and chaffing for fun and profit.
I read a lot of security related papers and technical documents in the course of my day (well let’s say month). To be honest most of these papers are pretty dry. Often what I read is important and interesting, but whitepapers hardly ever make me go “Wow. That’s cool!” — particularly in the crypto arena. The other day I read a paper that really grabbed me so I thought I’d highlight it for all you out there in the ether that haven’t already seen it. It’s a paper by Ron Rivest of RSA fame on what he calls Chaffing and Winnowing. In this paper Rivest proposes an innovative technique of transmitting data using an odd mix of both steganography* and a shared secret. I won’t try to explain the concept here as the author does a fine job himself; rather I thought I’d just share what grabbed my fancy in regard to this article.
I love the fact that Rivest takes what I would normally view as a weakness, and twists it around to change it into strength. Conventional thought suggests that an open network connection between two end points is almost always the weakest link in a confidential transaction. Instead of trying to devise a technique to accomodate and deal with the network, Rivest comes up with a system that thrives on the network. The network enables the security of the transmission.
An Elegant Approach
Rivest has taken a stab at the problem of confidential data transmission from a decidedly interesting angle. Basically this involves hiding your message in existing or fabricated network traffic (“chaff”). Through the application of a Message Authentication Code (MAC) and a shared secret, the original message can be extracted from the data stream. In an innovative manner, Rivest has achieved confidentail data transmission without encryption, neatly sidestepping the legal issues associated with encryption, key escrow, and whatnot.
One could get all wound up in figuring out how much chaff needs to be inserted, what the bandwidth overhead will be, or how the MAC would be encrypted efficiently, and if you read this paper perhaps you would. When I read this paper however, I was struck by its novelty. In fact, I was reminded of the Navajo Codetalkers.
Those Crazy Codetalkers
During World War II, I’m sure it would have been easy to get wound up in the details of transmitting secret keys and one-time pads to the front line, encrypting transmission back to HQ, and speeding the decryption process to provide useful data. The Germans approached this problem somewhat conventionally with the development of the Enigma Machine. As you might know, Enigma was broken and provided the English with a significant intelligence advantage. On the other hand we have the Americans. They approached this same problem from a completely different angle. That was one sharp fellow who was able to take a step back and a couple to the side and say "Hey, look what happens if we ask these guys to speak their traditional language!" Presto! You end up with a near-unbreakable code that is fast, efficient, and uses the resources at hand. Innovation triumphs over conventional thought.
And my flippant summary (much to Kjell’s disdain): “Ronald L. Rivest is one sharp cookie.”
I heartily encourage you to check out Chaffing and Winnowing: Confidentiality without Encryption.
Friday, April 4, 1998
- *Steganography
-
Steganography is the science of hiding messages inside other messages. Potential attackers would not be able to recognize the content of the hidden message, or even confirm its existence within the outer message.
Rivest uses the example of coding messages into the sequence of low order bits of a graphical image. The difference in the colour values of the image would be imperceptible to the human eye, but a predertermined sequence could be easily desteganized to reveal the hidden content.