INFORMATION HIDING -- AN ANNOTATED BIBLIOGRAPHY (2/10)

'The Prisoners' Problem and the Subliminal Channel'

  • GJ Simmons, Proceedings of CRYPTO '88, Plenum Press (1984) pp 51--67
  • In order to get round the US government's prohibition on publishing work on steganography, Simmons introduced the following abstract model: Alice and Bob are prisoners, and wish to hatch an escape plan. All their communications pass through the warden, Willy. If Willy sees any ciphertext in their messages, he will frustrate them by putting them into solitary confinement. Simmons shows that a message authentication without secrecy channel providing r bits of message authentication can be perverted to allow an l < r bit covert channel between the transmitter and a designated receiver at the expense of reducing the message authentication capability to r -- l bits. Under quite reasonable conditions, the detection of even the existence of this covert channel can be made as difficult as the underlying cryptoalgorithm. In view of this open -- but indetectable -- existence, the covert channel was called the "subliminal" channel.

    'The Subliminal Channel and Digital Signatures'

  • GJ Simmons, Advances in Cryptology -- EUROCRYPT '84, Springer LNCS v 209
  • The author shows how subliminal channels can be implemented in the ElGamal and Schnorr signature schemes.

    034412 'Subliminal Channels; Past and Present'

  • GJ Simmons, European Transactions on Telecommunications v 5 no 4 (Jul/Aug 94) pp 459--473
  • This paper describes a protocol proposed in 1978 to monitor compliance with the SALT II treaty, and how the author found a potentially disastrous flaw in it -- a subliminal channel which would have allowed the USSR to discover which Minuteman silos contained missiles. This discovery led to his subsequent work on the topic of subliminal channels, some of which is described. In particular channels in the E1Gamal and DSS digital signature scheme are compared, and it is shown that the DSS provides the most hospitable setting for subliminal communications discovered to date.

    'How to Insure that Data Acquired to Verify Treaty Compliance are Trust- worthy'

  • GJ Simmons, Proceedings of the IEEE v 76 (1984) p 5
  • This is one of a series of papers in which the author describes the evolution at San- dia National Laboratories of a solution to the problem of verifying compliance with a nuclear test ban treaty. Data from sensors placed on another country's territory must report certain types of information but not others.

    023010 'Subliminal Communication is Easy Using the DSA'

  • GJ Simmons, Eurocrypt 93 pp 218 -- 232
  • The author continues the discussion of subliminal channels in the digital signature algorithm. He focusses in this paper on the broadband channel -- the one which requires the recipient to know the sender's secret key, and uses examples to compare it with the similar channel in the standard El-Gamal signature scheme. He concludes that DSA provides the best subliminal channels so far discovered.

    'Protocols for Data Security'

  • R DeMillo, M Merritt, IEEE Computer v 16 no 2 (Feb 1983) pp 39--50
  • In one of the earliest papers on cryptographic protocol failure, the authors pointed out that a protocol for playing poker over the telephone leaked information via quadratic characters.