Appendix Bibliographic Notes

This book is quite incomplete because it offers the reader an introduction to many of the topics. Some topics are simply left out because of time and space constraints. Others are only touched briefly. This preface to the bibliography is intended to offer some suggestions for further reading and exploration.

A good place to begin is with history. David Kahn's Codebreakers is an excellent survey of the history of cryptology [Kah67]. There are numerous descriptions of steganographic solutions like secret inks and microdots. More recent histories are published in Cryptologia.

There are a number of other good books on the subject. Stefan Katzenbeisser and Fabien A.P. Petitcolas edited a collection of essays from the leading researchers entitled Information Hiding Techniques for Steganography and Digital Watermarking. [SKE00] Neil Johnson, Zoran Duric, and Sushil Jajodia's recent addition, Information Hiding: Steganography and Watermarking, is the first part of a series. [JDJ01]. Ross Anderson's general survey, Security Engineering, also includes some information on steganography and watermarking.[And01]

Some of the best material can be found, in it's original form, in the Proceedings of the Information Hiding Workshop. There have been nine conferences and more are on their way.

Other more specific information can be found in these areas.

• Error-Correcting Codes The chapter in this book can not do justice to this wide field. There are many different types of codes with different applications. Some of the better introductions are: [LJ83] and [Ara88].
• Compression Algorithms Compression continues to be a hot topic and many of the latest books aren't current any longer. The best solution is to combine books like [Bar88, BS88] with papers from the the procedings from academic conferences like [Kom95]. I also wrote an introductory book on compression last millenium. [Way99]
• Subliminal Channels This idea is not covered in the book, but it may be of interest to many readers. Much of the work in the area was done by Gus Simmons, who discovered that many digital signature algorithms had a secret channel that could be exploited to send an extra message. [Sim84, Sim85, Sim86, Sim93, Sim94] This is pretty easy to understand in the abstract. Many of the algorithms, like the Elgamal signature scheme [ElG85] or the Digital Signature Algorithm [NCS93] create a new digital signature at random. Many valid signatures exist and the algorithm simply picks one at random. It is still virtually impossible for someone without the secret key to generate one, but the algorithms were intended to offer authentication without secrecy. Imagine that you want to send a one bit message to someone. The only encryption software you can use is a DSA signature designed not to hide secrets. You could simply send along a happy message and keep recomputing the digital signature of this message until the last bit is the bit of your message. Eventually, you should find one because the algorithm chooses among signatures at random. This abstract technique only shows how to send one bit. There are many extra bits available for use and the papers describe how to do the mathematics and exploit this channel. The algorithms form an important basis for political discussions about cryptography. The U.S. Government would like to allow people to use authentication, but they would like to restrict the use of secrecy-preserving encryption. Algorithms like the DSA appear to be perfect compromises. The existence of subliminal channels, however, shows how the current algorithms are not a perfect compromise.^[1]1 They may be a perfectly adequate practical compromise because implementing the software to use this additional channel is time consuming.
• Covert Channels This is, in many ways, just an older term for the same techniques used in this book. The classic example comes from operating system design: Imagine that you run a computer system that has an operating system that is supposed to be secure. That means the OS can keep information from traveling between two users. Obviously, you can implement such an OS by shutting down services like file copying or electronic mail. It is not clear, however, that you can completely eliminate every way of communicating. The simplest example for sending a message is to tie up some shared resource like a printer. If you want to send a ‘1’ to a friend, then you print a file at 12:05 and tie up the printer. If you want to send a ‘0’, then you print the file at 12:30. The other person checks the availability of the printer. This may not be a fast method, but it could work. The speed of the channel depends on the shared system resources and the accuracy of detection. Obviously one way to defend against covert channels is to create timing errors, but then that just creates other problems. Some beginning sources are [NCS93, PN93, MM92]
• Digital Cash There are many different ways to exchange money over digital wires, but some of the most interesting systems offer complete anonymity. People are able to spend their money without fear of records being kept. This is a fairly neat trick because digital cash must be counterfeit-resistant. Paper cash achieves this goal when it is printed with a sophisticated press. Digital copies, on the other hand, are easy to make. If people can copy files of numbers meant to represent cash, then anonymity would seem to allow people the freedom to counterfeit without being caught. The cleverest schemes involve a complicated spending system that forces the spender to reveal part of their identity. If the spender tries to use a bill twice, enough of the identity should be revealed to expose the criminal.
• Anonymous Voting People often want to cast their votes anonymously because this can prevent coercision. Paper ballots are generally successful if no one checks the ballot before they enter the box. Providing the same accountability and security is no simple feat. Interest in this topic is very high and there are enough good algorithms to justify a separate book. K. Sako and J. Kilian [SK95], for instance, modified the Mixmaster protocol described in Chapter 10 to provide a simple way for people to cast their vote. Each person can check the tally and compare their vote to the recorded vote to guarantee that the election was fair. Many of the newer systems rely upon the homomorphic encryption systems that allow manipulation of encrypted data. One notable examples includes the work of Martin Hirt, Kazue Sako and Joe Kilian [HS00, Hir01, SK94]. There are many features in the different Sensus system from Lorrie Faith Cranor and Ron K. Cytron, for instance, provides the user the ability to vote for one person but effectively hide and this fact from others. Other systems include [BY86, Boy90, FOO93, CC96].

¹ They may be a perfectly adequate practical compromise because implementing the software to use this additional channel is time consuming.

Finally, newer and better papers can be found through electronic paper archives like the CiteSeer system run by NEC (http://citeseer.nj.nec.com/). This is an invaluable source of knowledge.