Re: Stegdetect 0.4 released and results from USENET searchavailable

[Arnold G. Reinhold]

At 4:33 AM -0500 12/28/01, Niels Provos wrote:
>In message , "Arnold G. Reinhold" writes:
>>I don't think you can conclude much from the failure of your
>>dictionary attack to decrypt any messages.
>We are offering various explanations.  One of them is that there is no
>significant use of steganography.  If you read the recent article in
>the New York Times [1], you will find claims that "about 0.6 percent
>of millions of pictures on auction and pornography sites had hidden
>messages."

I certainly can't imagine any group or activity that would generate 
the hundreds of thousands of stego messages a 0.6 percent rate 
implies.

>
>>2. The signature graphs you presented for several of the stego
>>methods seemed very strong. I wonder if there is more pattern
>>recognition possible to determine highly likely candidates. I would
>>be interested in seeing what the graphs look like for the putative
>>false alarms you found. It also might be interesting to run the
>>detection program on a corpus of JPEGs known NOT to contain stego,
>>such as a clip art CD.
>The following slides contain examples of false-positives
>
>  http://www.citi.umich.edu/u/provos/papers/detecting-csl/mgp00023.html
>  http://www.citi.umich.edu/u/provos/papers/detecting-csl/mgp00024.html
>
>In my experience, eliminating false-positives is not quite that easy.
>Some graphs look like they should have steganographic content even
>though they do not.  Any test will have a false-positive rate, the
>goal is to keep it very low.

In general you are of course correct. But this particular case may be 
an exception. I am not a stego maven, and before reading your paper, 
it never occurred to me that some stego software would be designed to 
place message bits in the first n available slots. Spreading them 
pseudo-randomly seems so easy and so obvious a win.  However, since 
much software out there does use first n slot message placement, 
detection of such messages may be possible with a very high signal to 
noise ratio. The graphs in your papers, with very flat tops and 
bottoms and steep skirts suggest that to me.  They are very different 
from the false-positive graphs in the slides above. It may possible 
to distinguish them with high enough confidence to be able to assert 
the presence of stego messages even if they cannot be decrypted.


Arnold Reinhold



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CFP: PKI research workshop

[Andrew Odlyzko]

Several of the comments about the slow uptake of PKI touch on what
seem to be two basic factors that are responsible for this phenomenon:

1.  Cryptography does not fit human life styles easily.  As an example,
truly secure systems would stop secretaries from forging their boss's
signatures, and this would bring all large beaucratic organizations to
a standstill.

2.  Novel technologies take a long time to diffuse through society.
"Internet time" is a myth.  As just one example, a news story I just
read was about the great success of online bill paying.  This is all
very well and good, but weren't we supposed to have that a long time
ago?  As a matter of fact, didn't Microsoft try to buy up Intuit back
in 1994 largely in order not to be deprived of the possibility of 
controlling online payments?  (I have two papers on this subject,
one a short one, "The myth of Internet time" that appeared in the
April 2001 issue of Technology Review, and a longer, more detailed
one, "The slow evolution of electronic publishing," published in
1997, that argue that consumer adoption rates are not noticeably
faster now than in the pre-Internet days.  Both are available on
my home page.)

Andrew Odlyzko


  -Please note new address-

  Andrew Odlyzko
  University of Minnesota
  Digital Technology Center
  1200 Washington Avenue South
  Minneapolis, MN 55415

  [EMAIL PROTECTED]   email
  612-624-9510  voice phone
  612-625-2002  fax

  http://www.dtc.umn.edu/~odlyzko



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CFP: PKI research workshop

[Lynn . Wheeler]

both atm debit network and domain name infrastructure care capable of local
caching  so that timelyness is within seconds to minutes (or a few hrs
as parameter within the needs of the infrastructure). the offline world for
certificates is the analogy of the letters of credit from the days of the
sailing ships. near real time with managed caching (with relying parties
forced to deal with stale credentials manufactored months or years in the
past).

part of the issue in clearing is who has the "liability" at any particular
instance; in the case of debit network caching there are very specific
procedures and processes. Are you suggesting that the certification
industry will assume liability in the case of offline clearing associated
with mars colonilization?

the process tends to be authentication, authorization, and finally
settlement and clearing. sometimes authorization, settlement and clearing
can be batched. if you are really talking about the bank account balance
resides on the earth and the access is from mars  offline
authentication (clearing really needs to know whether the money actually
exists or not  regardless of whether or not you are dealing with the
owner of the account) doesn't get you clearing  and real clearing needs
to know that the money really exists (not just that a person is
authenticated)  ... and if the account balance is on earth and it takes 30
minutes elapsed time to establish it ... then that it what it takes.

More realistic is account balance caching at some near real-time location
on mars ... say within the parameters of the ATM withdrawal limit.

At one point in the PKI evolution there was the proposal that there could
be certificates analogous to the '70s "signing limit" checks .,... an
attempt to create certificates that not only provided authentication
information but also some hypothetical useful approximation to
authorization information (aka not quite reqressing totally to the pre-70s
credit card model). The issue in the "signing limit" checks was when they
found people writing 200 $5000 (limit) checks to get a million. What has
been seen since that time is near real-time purchasing department operation
(including business purchase cards that leverage the credit card system) to
provide real-time aggregation ... as opposed to sinlge event operation. In
the ATM machine withdrawal case, there are typically both single widthrawal
limits as well as daily aggregate withdrawal limits (aka the PKI proposal
for credit cards turned out to be a business process regression to pre-70s
and the PKI proposal for business checks turned out to be a business
process reqression to pre'80s).

Typically what you might have in a ATM withdrawal case  with foreign
ATM machine (not your local bank)  is that the owner of the ATM machine
is given a guarentee of funds from your financial institution prior to the
ATM machine releases paper money. Your bank then effectively debits your
account for the equivalent amount of funds. Then typically sometime that
evening, there is a settlement operation where there is funds transfer from
your bank to the financial institution that owns the ATM.

An offline, stale certificate  only (slightly) addresses the issue of
authentication  say an identification certificate ... which might not
even provide a binding between you and any particular bank or bank account.
Some sort of binding between you, your bank, and your bank account is
needed  just for the authentication phase of what you are talking
about. There is still the authorization phase needed so that the owner of
the ATM machine believes that it can receive something (in return for
spitting out paper bills).  That effectively has to find that there are
actually sufficient funds in your account.

So a more realistic scenario would be that there is possibly dual account,
one local and one on earth ... with funds floating back and forth as needed
in evening settlements. If you are on Mars there is some local financial
branch with local record of funds that you have immediately available and
which can authorize that amount of money.

A "local" financial branch implementation and a digital cash implementation
might have a number of similar useability attributes  aka from the
standpoint of how local funds do you have immediately available  aka
funds are transferred into you local PDA as digital cash for immediate use
 or funds are transferred into the local financial institution for
immediate use.





ray dillinger <[EMAIL PROTECTED]> on 12/28/2001 2:29 pm wrote:


The only case in which the PKI solution is not redundant is in
offline clearing.  But getting your point-of-transaction online
is easier than paying attention to PKI.

I happen to like offline clearing -- it opens up the possibility of
new transaction types and doing transactions in places you couldn't
before.  But the practical issue is, everybody who's interested in
electronic transactions of any ki

RE: Stegdetect 0.4 released and results from USENET search available

[Bill Stewart]

At 01:59 PM 12/28/2001 -0800, David Honig wrote:
>A.A.M + PGP = covert radio transmitter which sends coded messages.  Obviously
>interesting, so you direction-find to defeat the anonymity.

And Perry replied:
>[Moderator's note: And how would you possibly do that? --Perry]

Back in the old days, it was easy - Usenet messages carried a
bang-path route to the original sender.  You could forge parts of it
easily enough, as the Kremvax hoax demonstrated,
but the only real untraceability was because there were lots of
pre-Honey-Danber UUCP sites which would accept incoming messages
from unknown senders.  These days, most of them are gone -
you're really depending on how long sites keep logfiles.

[Moderator's note: That's not the point. You can post without any
authentication via many web sites, or over the net via accounts you
can get with little or no identification in a dozen countries, which
you can log in to anonymously from web cafes, airport kiosks,
etc. around the world. If you decide not to be found, you won't be
found. --Perry]

Reader anonymity depends a lot on how many people actually read A.A.M,
and on how many sites keep NNTP logs - it probably a lot fewer readers
than the largest binary porn spam groups, but a lot also depends on
how many small ISPs around the world still spool their own news
rather than buying access from news services.  It's certainly harder
to trace than senders.

So tracing a single transmission may be hard, but tracing an ongoing pattern
is easier, unless there's a trusted Usenet site in some
country where you don't have jurisdiction problems.
That means that A.A.M + PGP is fine for an occasional
"Attack at Dawn" message, but not necessarily for routine traffic.

So it helps to add an extra step - posting the anonymous message
through a web2news gateway through an anonymizer,
or a mail2news gateway from a webmail account from a cybercafe,
or mail2news through an open relay somewhere in the world
(since open relays are usually people who haven't bothered
configuring their mail systems, and are less likely to keep logs
unless that's the default, plus you can spread your messages
among lots of different relays.)






-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: CFP: PKI research workshop

[Scott Guthery]

1) SST = supersonic transport (see Concorde, see Concorde on 
government life support, see Concorde in pretty orange and yellow.)
2) monorail = one rail, not elevated, or driver-less. The only 
running monorail I know of is in Seattle; it was left over 
after the 1962 Worlds Fair. All the airport people-movers I have
seen run on two rails or on a roadway. 
3) Videophone != Webcam (see Picturephone)

See also magnetic bubbles, cold fusion, Charles Atlas and Ginger.

PKI is a great marketing gimmick. No doubt about it.  Put that 
logo on your home page and all the hoi polloi feel warm and fuzzy. 
Flashing neon signs work better than drab old hand-lettered ones.

But how much risk does it reduce?  What is the insurance
premium with it and what is it without it?  How much
underwriting is premised on PKI?  Is there one instance where
an insurance premium has been reduced by more than the cost of 
the PKI implementation and the ongoing cost of its administration?

STP does a great business.  So does Mary Kay.  I don't knock 'em.  
But I do understand what kind of oil they are.

Cheers, Scott

-Original Message-
From: Phillip Hallam-Baker [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 28, 2001 2:34 PM
To: Peter Gutmann; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: CFP: PKI research workshop


Let us see.

Monorails are commonplace in airports these days.
Web cams for online chat are used by millions of teenagers
SST ? What is that

Phill

-Original Message-
From: Peter Gutmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: 27 December 2001 21:42
Subject: Re: CFP: PKI research workshop


>>As I never tire of saying, "PKI is the ATM of security."
>
>Naah, it's the monorail/videophone/SST of security.  Looks great at the
World
>Fair, but a bit difficult to turn into a reality outside the fairgrounds.
>
>Peter (who would like to say that observation was original, but it was
actually
>   stolen from Scott Guthery).
>
>
>-
>The SPKI Mailing List
>Unsubscribe by sending "unsubscribe spki" to [EMAIL PROTECTED]
>




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CFP: PKI research workshop

[Bill Stewart]

SST is the SuperSonic Transport; I think the term was specific
to US attempts to build something like the Concorde, but it may have
been more generic.  Among other problems (making it work, sonic booms,
economics in general), use of fast airplanes in non-military airspace
was limited by the capabilities of the air-traffic control systems,
which couldn't really handle airplanes that fast.
It's much easier to build supersonic airplanes for the military,
where you're not concerned about price per passenger-mile.

Except for airports and amusement parks, the only place I've seen
a monorail is in Seattle.  (I'm counting Las Vegas as an amusement park :-)
Airports similarly don't follow normal economic rules,
because they can often scam money out of government authorities,
who will often do stuff because it Looks Cool.
There may be economic niches where monorails make sense
(streets that are too narrow to add pillars for conventional
elevated railways, perhaps), but they're pretty limited.

Until recently I was the Regional ATM Specialist for
one of the offshoots of The Phone Company that did the
PicturePhones at the World's Fair back in the 60s :-)
Web cams are widely available, but they're still not how
most people make their phone calls, and it did take
30-40 years before they finally became economical.
ATM also has a fairly wide economic niche, though routers
have caught up with the big end of the performance curve,
and it always was too complex to win at the desktop end.

PKIs are quite simple and low cost to implement -
the problems are finding a way to make them widely useful.
Unfortunately, that hasn't matched most PKI companies'
business plans that promised World Domination to their VCs :-)
And even among the people who adopt crypto because it Looks Cool,
the last time I looked through the Web Of Trust on the PGP keyservers,
most keys were either unsigned or only signed by a couple of people,
not enough to build a big connected graph.

 Bill


At 07:34 PM 12/28/2001 +, Phillip Hallam-Baker wrote:
>Let us see.
>
> Monorails are commonplace in airports these days.
> Web cams for online chat are used by millions of teenagers
> SST ? What is that
>
> Phill
>
>-Original Message-
>From: Peter Gutmann <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
><[EMAIL PROTECTED]>; [EMAIL PROTECTED]
><[EMAIL PROTECTED]>
>Date: 27 December 2001 21:42
>Subject: Re: CFP: PKI research workshop
>
>
> >>As I never tire of saying, "PKI is the ATM of security."
> >
> >Naah, it's the monorail/videophone/SST of security.  Looks great at the
>World
> >Fair, but a bit difficult to turn into a reality outside the fairgrounds.
> >
> >Peter (who would like to say that observation was original, but it was
>actually
> >   stolen from Scott Guthery).
> >
> >
> >-
> >The SPKI Mailing List
> >Unsubscribe by sending "unsubscribe spki" to [EMAIL PROTECTED]
> >
>
>
>
>
>-
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to 
>[EMAIL PROTECTED]





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Stegdetect 0.4 released and results from USENET search available

[David Honig]

At 02:40 PM 12/28/01 -0500, Trei, Peter wrote:
>There's a much simpler reason why few or no stego'ed messages are
>present in usenet images: They form an inefficient  and unneeded 
>distribution mechanism.

On the subject of stego, this showed up earlier this week: 

To: [EMAIL PROTECTED]
Subject: P2P Stego Treasure Hunt


We've put into Morpheus a song, 
"Grayson_Shoot_The_Piano_Player.mp3"
which has a stego'd message in it.
The tool is mp3stego v 1.1.15 
(source available; see  

) and the (3DES) passphrase is "writecode"

Another file "DrDidg_RaveOn.mp3" has
another message under the same passphrase.

We are curious how readily the Morpheus search
engine can be used for transport purposes.  In
this instance we give unique names to files not
otherwise found in the system.  Another experiment
in P2P percolation would be to add similar 
'watermarks' (microdots) to files which are 
abundantly replicated.





 






  







-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Stegdetect 0.4 released and results from USENET search available

[David Honig]

At 02:40 PM 12/28/01 -0500, Trei, Peter wrote:
>Posting PGP to aam also avoids the bandwidth bloat imposed by stego,
>and the extra complication of having to stego and destego images, as
>well as generate the images used for cover.
>
>Why would anyone bother hide tiny messages in ebay images or
>alt.binaries.erotica.bestiality.hamster  when they can just post to 
>aam?
>
>
>Peter Trei

A.A.M + PGP = covert radio transmitter which sends coded messages.  Obviously
interesting, so you direction-find to defeat the anonymity.

[Moderator's note: And how would you possibly do that? --Perry]

Stego = signalling via called-in requests to a commercial music radio station.
Not interesting.


Sure its extra work but high risk requires high effort.
Strong-anonymous broadcasting takes work too.

dh






 






  







-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CFP: PKI research workshop

[Ray Dillinger]

On Thu, 27 Dec 2001 [EMAIL PROTECTED] wrote:

>given that authentication is being performed as part of some business
>process or function ...  then it is normally trivial to show it is easier
>to have authentication (even digital signature authentication) integrated
>into such business processes  and correspondingly easy to show that
>certificate-based operations are redundant, superfulous and extraneous
>(modulo the issue of toy demos are cheaper than modifying production
>business operations).

The only case in which the PKI solution is not redundant is in
offline clearing.  But getting your point-of-transaction online
is easier than paying attention to PKI.

I happen to like offline clearing -- it opens up the possibility of
new transaction types and doing transactions in places you couldn't
before.  But the practical issue is, everybody who's interested in
electronic transactions of any kind is also interested in getting
online, and when PKI's were deployed in "developing" areas (south
africa) they got dumped just as soon as the area was developed
enough for communications to support online clearing.

On the principle of people refusing to adopt something until
it relieves pain, maybe we won't see a real PKI deployed until
we need to serve markets where speed-of-light delays make online
clearing impractical.

Mars, for example, is 3 to 22 light-minutes away.  I don't imagine
someone using an ATM on Mars is going to want to wait 12 to 88
minutes for online clearing (more if the protocol is talky or the
bandwidth is busy...).  So a martian colony might be the first
practical application of PKI and/or digital cash, assuming the
colonists want to do business with Earth companies.  But a colony
looks pretty distant right now: we haven't even got an outpost
there yet.

Bear







-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Stegdetect 0.4 released and results from USENET search available

[Trei, Peter]

There's a much simpler reason why few or no stego'ed messages are
present in usenet images: They form an inefficient  and unneeded 
distribution mechanism.

Try taking a peek at the Usenet newsgroup alt.anonymous.messages.
Dozens for PGP'd messages a day, from our old friends Secret Squirrel, 
Nomen Nescio, and Anonymous. 

Usenet has some very good properties for those wishing to maintain
privacy: multiple entry points, including from mail2news gateways,
flooding distribution independent of message content, and knowledge
of who reads what is restricted to the server from which the news is
read (and there are 1000's of news servers, as well as web based
systems such as groups.google.com). But you already know this.

Posting PGP to aam also avoids the bandwidth bloat imposed by stego,
and the extra complication of having to stego and destego images, as
well as generate the images used for cover.

Why would anyone bother hide tiny messages in ebay images or
alt.binaries.erotica.bestiality.hamster  when they can just post to 
aam?


Peter Trei


> --
> From: Niels Provos[SMTP:[EMAIL PROTECTED]]
> Sent: Friday, December 28, 2001 4:33 AM
> To:   Arnold G. Reinhold
> Cc:   [EMAIL PROTECTED]
> Subject:  Re: Stegdetect 0.4 released and results from USENET search
> available 
> 
> In message , "Arnold G. Reinhold"
> writes:
> >I don't think you can conclude much from the failure of your 
> >dictionary attack to decrypt any messages.
> We are offering various explanations.  One of them is that there is no
> significant use of steganography.  If you read the recent article in
> the New York Times [1], you will find claims that "about 0.6 percent
> of millions of pictures on auction and pornography sites had hidden
> messages."
> 
> >2. The signature graphs you presented for several of the stego 
> >methods seemed very strong. I wonder if there is more pattern 
> >recognition possible to determine highly likely candidates. I would 
> >be interested in seeing what the graphs look like for the putative 
> >false alarms you found. It also might be interesting to run the 
> >detection program on a corpus of JPEGs known NOT to contain stego, 
> >such as a clip art CD.
> The following slides contain examples of false-positives
> 
>   http://www.citi.umich.edu/u/provos/papers/detecting-csl/mgp00023.html
>   http://www.citi.umich.edu/u/provos/papers/detecting-csl/mgp00024.html
> 
> In my experience, eliminating false-positives is not quite that easy.
> Some graphs look like they should have steganographic content even
> though they do not.  Any test will have a false-positive rate, the
> goal is to keep it very low.
> 
> >3. If you did succeed in decrypting one of Osama Bin Laden's 
> >missives, wouldn't he have a case against you under DMCA?
> Good question.  The panel about the DMCA at the USENIX Security
> Symposium seemed to indicate that the exceptions built into the DMCA
> have no real meaning.  In my understanding of the American legal and
> judicial system, it is not possible to know what is right or wrong
> according to some law until one has been taking to court about it.
> 
> Niels.
> 
> 
> 
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> [EMAIL PROTECTED]
> 
> 
> 
> 
> 


This e-mail, its content and any files transmitted with it are intended
solely for the addressee(s) and are PRIVILEGED and 
CONFIDENTIAL.  Access by any other party is unauthorized without the express
prior written permission of the sender.  If 
you have received this e-mail in error you may not copy, disclose to any
third party or use the contents, attachments or 
information in any way, Please delete all copies of the e-mail and the
attachment(s), if any and notify the sender. 
Thank You.





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CFP: PKI research workshop

[Phillip Hallam-Baker]

Let us see.

Monorails are commonplace in airports these days.
Web cams for online chat are used by millions of teenagers
SST ? What is that

Phill

-Original Message-
From: Peter Gutmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: 27 December 2001 21:42
Subject: Re: CFP: PKI research workshop


>>As I never tire of saying, "PKI is the ATM of security."
>
>Naah, it's the monorail/videophone/SST of security.  Looks great at the
World
>Fair, but a bit difficult to turn into a reality outside the fairgrounds.
>
>Peter (who would like to say that observation was original, but it was
actually
>   stolen from Scott Guthery).
>
>
>-
>The SPKI Mailing List
>Unsubscribe by sending "unsubscribe spki" to [EMAIL PROTECTED]
>




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Euro bank notes to embed RFID chips by 2005

[R. A. Hettinga]

http://www.eetimes.com/story/OEG20011219S0016

Euro bank notes to embed RFID chips by 2005

By Junko Yoshida
EE Times
(12/19/01, 3:03 p.m. EST)





  Set- top box SoC ready for high-speed demands

  'Future proofing' set-top box design

  MIPS, software make for smooth DVD decoding

  Meeting MPEG-4 advanced audio coding requirements

  Altering algorithms to create '3D' sound


SAN MATEO, Calif. - The European Central Bank is working with technology
partners on a hush-hush project to embed radio frequency identification
tags into the very fibers of euro bank notes by 2005, EE Times has learned.
Intended to foil counterfeiters, the project is developing as Europe
prepares for a massive changeover to the euro, and would create an instant
mass market for RFID chips, which have long sought profitable application.

The banking community and chip suppliers say the integration of an RFID
antenna and chip on a bank note is technically possible, but no bank notes
in the world today employ such a technology. Critics say it's unclear if
the technology can be implemented at a cost that can justify the effort,
and question whether it is robust enough to survive the rough-and-tumble
life span of paper money.

A spokesman for the European Central Bank (ECB) in Frankfurt, Germany
confirmed the existence of a project, but was careful not to comment on its
technologies. At least two European semiconductor makers contacted by EE
Times, Philips Semiconductors and Infineon Technologies, acknowledged their
awareness of the ECB project but said they are under strict nondisclosure
agreements.

The euro will become "the most common currency in the world" at midnight on
Jan. 1, when 12 nations embrace it, according to Ingo Susemihl, vice
president and general manager of RFID group at Infineon. The ECB and
criminal investigators in Europe are already on high alert, worried not
only about counterfeiting of a currency most people haven't seen, but also
of a possible increase in money laundering, given the euro's broad
cross-border reach.

The ECB said 14.5 billion bank notes are being produced, 10 billion of
which will go into circulation at once in January, with 4.5 billion being
held in reserve to accommodate potential leaps in demand.

Thwarting underworld popularity

Although euro bank notes already include such security features as
holograms, foil stripes, special threads, microprinting, special inks and
watermarks, the ECB believes it must add further protection to keep the
euro from becoming the currency of choice in the criminal underworld, where
the U.S. dollar is now the world's most counterfeited currency. The ECB
spokesman said his organization has contacted various central banks
worldwide - not just in Europe - to discuss added security measures for the
currency.

In theory, an RFID tag's ability to read and write information to a bank
note could make it very difficult, for example, for kidnappers to ask for
"unmarked" bills. Further, a tag would give governments and law enforcement
agencies a means to literally "follow the money" in illegal transactions.

"The RFID allows money to carry its own history," by recording information
about where it has been, said Paul Saffo, director of Institute for the
Future (Menlo Park, Calif.).

The embedding of an RFID tag on a bank note is "a fundamental departure"
from the conventional security measures applied to currency, Saffo said.
"Most [currency] security today is based on a false premise that people
would look at the money to see if it is counterfeit," he said. But "nobody
does that. The RFID chip is an important advance because it no longer
depends on humans" to spot funny money.

RFID basics

The basic technology building blocks for RFID on bank notes are similar to
those required for today's smart labels or contactless cards. They require
a contactless data link that can automatically collect information about a
product, place, time or transaction. Smart labels produced by companies
such as Philips Semiconductors, Infineon, STMicroelectronics and Texas
Instruments are already used in such applications as smart airline luggage
tags, library books and for supply chain management of various products.

"Two minimum elements you need for RFID are a chip and an antenna,"
according to Gordon Kenneth Andrew Oswald, associate director at Arthur D.
Little Inc., a technology consulting firm based in Cambridge, Mass. When a
bank note passes through reader equipment, the antenna on the note collects
energy and converts it to electric energy to activates the chip, he said.

The antenna then "provides a communication path between a c

Re: Stegdetect 0.4 released and results from USENET search available

[Niels Provos]

In message , "Arnold G. Reinhold" writes:
>I don't think you can conclude much from the failure of your 
>dictionary attack to decrypt any messages.
We are offering various explanations.  One of them is that there is no
significant use of steganography.  If you read the recent article in
the New York Times [1], you will find claims that "about 0.6 percent
of millions of pictures on auction and pornography sites had hidden
messages."

>2. The signature graphs you presented for several of the stego 
>methods seemed very strong. I wonder if there is more pattern 
>recognition possible to determine highly likely candidates. I would 
>be interested in seeing what the graphs look like for the putative 
>false alarms you found. It also might be interesting to run the 
>detection program on a corpus of JPEGs known NOT to contain stego, 
>such as a clip art CD.
The following slides contain examples of false-positives

  http://www.citi.umich.edu/u/provos/papers/detecting-csl/mgp00023.html
  http://www.citi.umich.edu/u/provos/papers/detecting-csl/mgp00024.html

In my experience, eliminating false-positives is not quite that easy.
Some graphs look like they should have steganographic content even
though they do not.  Any test will have a false-positive rate, the
goal is to keep it very low.

>3. If you did succeed in decrypting one of Osama Bin Laden's 
>missives, wouldn't he have a case against you under DMCA?
Good question.  The panel about the DMCA at the USENIX Security
Symposium seemed to indicate that the exceptions built into the DMCA
have no real meaning.  In my understanding of the American legal and
judicial system, it is not possible to know what is right or wrong
according to some law until one has been taking to court about it.

Niels.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]