From 045eb3d6cbc2733da98d9a498e6d69b55974036c Mon Sep 17 00:00:00 2001 From: Zesc Date: Wed, 25 Sep 2024 19:32:42 +0200 Subject: [PATCH] stegide tutorial --- opsec/steganography/index.html | 124 --------------------------------- 1 file changed, 124 deletions(-) delete mode 100644 opsec/steganography/index.html diff --git a/opsec/steganography/index.html b/opsec/steganography/index.html deleted file mode 100644 index 04d2fb9..0000000 --- a/opsec/steganography/index.html +++ /dev/null @@ -1,124 +0,0 @@ - - - - - - - - - - - Other sources of Plausible Deniability: Steganography - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-
- Previous Page

Zesc - 2024-08-30

-

Other sources of Plausible Deniability: Steganography

- -

Steganography is the craft of hiding messages. It is a close relative of cryptography, but where cryptography strives to conceal the contents of a messages, steganography attempts to conceal its presence in the first place. Therefore steganography helps avoiding suspicion and providing deniability.

- -

The important difference between the two fields is adherence to Kerckhoffs's principle: the assumption that an algorithm must be publicly known to guarantee that it has no flaws or backdoors. (This is the reason why you should only use open source crypto software and never roll your own crypto.)
Steganography does the opposite by relying on security by obscurity: the method by which you hid your data must be kept secret.

- -

That means that whilst complementary to cryptography, steganography on itself is less secure than the mathematically provable security provided by cryptography. Think of it as tucking away your valuables in secret location versus putting them into a sturdy safe. The safe may draw immediate attention by burglars, but provides reliable resistance to attacks, whilst whether they find your hidden stash is up to chance.

- -

Then why use steganography at all?

-

In military science, there is the concept of the Integrated Survivability Onion — in short, it describes the idea that they can't kill you if they don't hit you, that they can't hit you if they don't shoot at you and that they can't shoot at you if they don't see you. The same thing applies to every good digital defense-in-depth approach. Using steganography can't harm you, it just shouldn't be all your rely on. In our example, a hidden safe is better than either option on its own.

- -

The main strength of it is that steganography can conceal metadata to some extent. Metadata (i.e. data about data and communications) is the primary way that state actors identify targets. When you can become guilty by association, your primary concern may be communicating in public without anyone noticing and not the confidentiality of your communications. (In fact, since many cryptographic schemes attest the identity of the sender, e.g. signatures, you should avoid those when looking for plausible deniability in case of compromise.)

- -

However, some form of communication event must always occur, so steganography exploits various side-channels in order to embed additional concealed data. In order to thwart analysis of metadata, communicate through one or multiple uninvolved third parties as dead-drop, preferably such with broad distribution (like popular websites).

- -

When relying on such third parties, steganography can help circumventing censors. If in adversary controls a critical link in the network and blocks all communications they can't inspect, you need to conceal your encrypted traffic inside of superficially innocuous traffic.

- -
-
-
-
- - - -
-
-
-
-

Nihilism

-

- Until there is Nothing left. - -

-
- -
-

My Links

-

- - RSS Feed
Matrix Chat
- -

-
- -
-

About Zesc

-

TBD

-
- -
- -
-
- - - - - - -