Race against Cyber Crimes is reaching yet
another technological mile stone with Steganography, the new technology
of "Hiding Messages within images". It has now been found that both Osama Bin
Laden as well as LTTE has been using steganography as a means of exchanging
hidden messages by e-mails without the "Carnivores" being able to sniff the
offending data.
If the technology has reached Al-Queda and LTTE, it can
reasonably be presumed that the Pakistan based terrorists also must be using
the technology for anti Indian activities. It is quite possible that the
e-mails contained in the laptop recovered from the attackers of the Indian
Parliament on December 13th 2001, may very well contain steganographically
hidden messages. Indian police are therefore are up against a new challenge in
their anti terrorist actions.
Even though the Indian Cyber Laws came into force more than
an year back, we are still in the process of understanding the nuances of
public key cryptography. We are still not clear whether it is necessary to
introduce a law where by the digital signature should have two sets of keys,
one for the signature and another for encryption, so that the encryption key
can be mandated for deposit with the Government. We are also not clear how the
courts will accept and verify encrypted and digitally signed electronic
documents in Cyber crime cases.
It would therefore be a big challenge for the Law makers,
Law Enforcers and the Judiciary to understand the difficulties of bringing the
steganographic documents as acceptable evidences in the Indian courts.
Steganography is essentially "Digital Watermarking". It
enables bits representing data to be inserted in between bits containing some
other digital file such as a picture or a sound file so that it is not
recognized by an ordinary viewer. The hidden data can further be encrypted so
that its extraction is a complicated process that can be accomplished only
with a known key.
Initially when the technology was unleashed a few years
back, it was hailed as a means of preventing copying of picture files from the
web in violation of the Copyright of the owner. It soon became a
cherished tool for confidential communication by terrorists who were otherwise
caught by the FBI 's content monitoring software such as the Carnivore.
Now the law enforcement authorities world wide are trying
to master steganalysis, the art of discovering steganographic
data. Several software tools are available to sift steganagrophic data hidden
through some of the known algorithms.
The future in Internet security will therefore be an
interesting battle between those who create algorithms for hiding the data and
detecting the hidden data. After Virus and Anti Virus, Hacking and Anti
hacking, it is the time for Steganography and anti steganography battles in
the Internet space.
It is high time that Indian software professionals start
devoting attention on this field.
Naavi
March 10, 2002