Sometimes, the fact that a communication is taking place needs to be as secret as the contents of the communication. What if the CEOs of two companies suddenly begin frequent communications? In the business world, this might be enough to verify rumors of a merger. Under certain circumstances scrambling a message isn’t enough: the existence as well as the content of the communication needs to be hidden.
Many ways to communicate invisibly exist. Cloak and dagger movies have illustrated this concept with their spy characters relying upon “dead drops.” A dead drop is a pre-arranged point where information is left behind. After a drop is made, a signal is given. A typical signal could be an ad in the paper or a mark made on a mailbox. With a positive signal, the intended recipient can pick up the dropped information. Using a dead drop, the involved parties do not need to meet and it will be difficult to know that a communication has occurred.
The problem with dead drops is that they’re very inconvenient, time consuming, and require physical access to the drop zone. A better solution is for both parties to
“anonymously communicate” using pseudonyms and a public forum. Classified ads, bulletin boards and online forums
can provide this type of anonymity.
Even if the sender and recipient remain anonymous, messages discussing merger details may attract attention in a public forum. It might even be possible to determine the senders’ identities by the contents of the messages. Encrypting the messages could keep the communication details secret, but anybody watching will know that something important has been said. Once again, attention has been attracted. With some effort, the anonymity could ultimately be compromised.
One solution is to hide the encrypted communication in an otherwise innocent message. This concept is known as steganography. Literally, steganography means “covered writing.” It refers to any technique used to hide one message inside of another where the “innocent” message is referred to as the “cover.” There are three basic categories of steganographic techniques: media-specific, pattern, and signal/noise (yes, we made these names up, for lack of something official)
The above information is the start of a chapter in "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.
Below, you'll find links to online resources that supplement this portion of the book.