[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Steganography Browser Addon (Google Summer of Code)

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Steganography Browser Addon (Google Summer of Code)
From: Moritz Bartl <moritz@xxxxxxxxxxxxxx>
Date: Tue, 04 Jun 2013 18:23:52 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Jun 2013 12:24:09 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=headstrong.de; h=content-transfer-encoding:content-type:content-type :in-reply-to:references:subject:subject:mime-version:user-agent :from:from:date:date:message-id:received; s=mail; t=1370363032; x=1372177433; bh=dB6sgjvRzbI3Dk01QjjAx/e1efMEuDtGwVZPhpqDuV8=; b= LDjzZ5dx/yC3DCnIgTxMFwQ4iGd3lPCXvpvAHv1+cnn1NhZPbEmSTh/7htVUjiqG DeV1yjOgPTvuoizB5O3gVcl0NqnSG3cvilDY2L5QtopRbG7XLJPw9IU3+JNiXkzy TOiq2KGI1SgcYPt4SbCwWhMuWXif5QhgyOmCKpOi+qo=
In-reply-to: <CAEtYqJmj43NT_SJzSw6z5TDMpvxwPkCW_P3QMp6nxT4yQ+sUng@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAEtYqJmj43NT_SJzSw6z5TDMpvxwPkCW_P3QMp6nxT4yQ+sUng@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6

Hi Hareesan,

Thank you for taking this on!

The crucial parts are the interfaces to the steganography plugins, and
how they signal what kind of data they can process (html, image, video,
...). I don't think it will scale if we just dump all data into all
plugins for processing. (see comment below)

For the user interface, apart from the ability to select local files as
carrier, I think it would be neat to be able to select content from
websites (like: right click on image, select "embed secret"). Payload is
either textual (entered via form), or binary (file selection).

To encrypt the payload before embedding, a private/public key scheme was
proposed. I prefer ECC over RSA. You mention SJCL, which has an ECC branch.

> Once Bob open a web site with web contents which he wants to check if
> it contains any messages steganographically hidden, he will click on
> the extension icon Figure 5. All the items in the page will be
> displayed in the extension with decrypt option.

We discussed earlier that the extension, together with its steganography
addons, should have the capability to automatically find matching
payload while browsing. Depending on the algorithms, this may or may not
be feasable, so users may want to disable this for certain types of
content, algorithms (plugins), or only enable scanning for specific
sites. (which you outline in Figure 6)

Personally, for the manual scan/decrypt, I'd like to see an option in
the context menu when I right-click an image or other content.

I was not able to completely follow the steps you describe in "How
Alice's side works" and "How Bob's side works". The charts look neat,
but are not ideal to describe the process.

The situation of usable javascript steganography libraries does not look
too good. For the GSoC project, we should not waste too much time on
this, and focus on the surrounding extension and clean interfaces to
potential libraries. If we have time left, we can investigate what kind
of algorithms we would like to see implemented/ported in Javascript.

-- 
Moritz Bartl
https://www.torservers.net/
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Steganography Browser Addon (Google Summer of Code)
  - From: Hareesan

Prev by Author: [tor-dev] difference between cached-descriptors and cached-consensus
Next by Author: Re: [tor-dev] Tor over Open Garden mesh network
Previous by thread: Re: [tor-dev] Torsocks reengineered
Next by thread: Re: [tor-dev] Steganography Browser Addon (Google Summer of Code)
Index(es):
- Author
- Thread