Hassan Khan at the University of Southern California has developed a new way of securing information. It’s debatable whether it’s “better” than data encryption but it definitely has its uses, as Khan observed.
When Encryption is the Crime
My weekly reading of gizmodo.com led me to a post that started off thusly:
The thing about data encryption is that it’s basically a flashing neon sign indicating “SENSITIVE DATA HERE!”
Some might say that’s the point: once a potential thief sees that a computer is encrypted, there’s a good chance that they’ll move on to hacking some other computer that is not as well-protected. Plus, there is something to be said about a data security product that has the balls to claim that “you shall not pass!”…unless you hold the correct key, that is.
On the other hand, there are countries that severely restrict the use of encryption software or find problems with its use by “unauthorized” people:
Encryption should sometimes be avoided, says Hassan Khan at the University of Southern California in Los Angeles, because the gobbledegook it creates is a dead giveaway: it shows someone might have something to hide. That could spell disaster for someone trying to smuggle information out of a repressive country. [newscientist.com]
So what to do when you don’t even want to hint that you might have sensitive data? Use steganography, which I covered once before. Steganography is the art (or science) of hiding things in plain sight.
There is software, for example, that will encode a text file into a picture. The picture, from a human perspective, doesn’t look any different from its original version. What looks like a folder full of vacation photographs could in actuality be a folder full of corporate secrets.
Steganography is not limited to digital data. Supposedly, Herodotus tattooed a message on a slave’s head (after shaving his hair off), waited until the hair grew back, and then sent the slave to allies, warning them of a Persian attack. To see the message, the recipient shaved the slave’s hair off.
Stego that Uses Its Natural Environment
The problem with steganography is that it’s not security; rather, it’s concealment. Hence, just knowing where to look could easily produce the hidden message. This is, apparently, especially true with stego software (we can’t go checking everyone’s scalp, can we now?) because unencrypted data is naturally “ordered.”
Except for when it’s physically saved, which is what Khan’s approach exploits. When a computer file is saved to a hard drive, it naturally gets saved in fragments: some bits over here, some bytes of there, and some other bytes waaaay over there. This is why you’ve got to run defragmentation software once in a while (at least, for certain computer operating systems you do).
Khan’s approach is to control the fragmentation of the file you want to hide, and place it in between other fragmented files. It’s like hiding a blade of grass in a golf course.
Brilliant. Read it about here.
Related Articles and Sites: