Our scheme does not require users to input some cover-object, but one could think of the generated noise characters as a cover. As we move from stego only to known stego, we make it increasingly easy to find flaws. The more information we allow the attacker, the more sophisticated his attack vectors become.
In the blind, stego only setting, the adversary has extremely limited chances of success. The block has4400!different permutations. The block always consists of the same letters, since the target letter distribution will be the same.
Should the adversary for some reason learn which part of the block is cover and which is message, it will become much easier to break the algorithm. The message is still permuted, but in the worst case - he will have to try "only"200!
different permutations to reveal the real message. Extracting the noise would however be difficult, as one would need the internal state of the PRNG, and then it would be simpler to just extract the message itself.
The adversary can operate in the known message setting, if for some reason he acquires a raw StegoBlock email, and learns the message - for instance by looking over his victims shoulder when reading. From knowing these two, he should not be able to tell anything about the next StegoBlock enabled emails from the same sender. The password, or part of it, should not leak in any way.
We effectively prevent against this, by appending a seed.
To our application, there is little difference between the chosen stego attack, chosen message and known stego attack. The adversary may install StegoB-lock and begin examine algorithms, chose messages and generate stego-objects at will. We argue that our encoding method is solid and that he will have no noteworthy advantages. If our chosen CSPRNG is in fact secure, and we imple-mented our shuffle algorithm correctly - StegoBlock should be safe against even known stego attacks.
While we are obviously unable to highlight any ourselves, our own best bet on a flaw in the system, is examine the PRNG and in some way learn its internal state from when it executed the permutation. We explicitly stated our trust in our PRNG choice, and that we did not formally examine it. We merely reasoned that its security is plausible, and so this could be the place to look for flaws.
6.8 Summary
We successfully implemented a solution for communicating confidentially over the Internet. We devised a private key steganographic scheme, with encoding
and decoding algorithms. Given some stego-key and seed, we may encode and later decode some message of at most 200 ASCII characters.
Based on a large email corpus, we calculated a frequency alphabet, optimized for english language. Based on this alphabet, we decided on max message lengths of 200 characters and a total block length of 4400. This allow us to successfully encode ~90% of the messages we sampled. We expect this to be a good tradeoff between MAR and TBL.
Different possible attacks on block integrity was presented. Because we are not hiding the block entirely, but storing it in a header, we must pay attention to block integrity. StegoBlock does not implement any check, but it has been thoroughly explained how one should be implemented. A simple SHA-256 hash of the block, key and seed will do as a MAC, and can be sent a long in a separate header. It is critical to ensure plausible deniability that block with randomly chosen messages are also encoded with random keys.
We did not use a formally proven CSPRNG. One was not available, and we consider it outside the scope of this thesis, to prove one. We assume the one we use is secure, but first established that doing so is fair. By shuffling a deck of 4 values 600.000 times, all different results should appear with equal probability.
While it is impossible to validate it that was actually the case, a small test hinted in that direction.
Based on the tests we performed, and our analysis of our encoding function, we believe that our solution is in fact secure. We also believe we met our goals of user friendliness with our interface. It requires little to none getting started with StegoBlock, as the UI comes with build in help. Users can keep communicating with their existing contacts, the ones that like can install StegoBlock and gain an extra, subliminal communication channel in their emails.
Chapter 7
Conclusion
We have learned that online communication is under heavy pressure, in the form of eavesdropping and possible regulations. Intelligence agencies pose a large threat, as they have resources necessary for wiretapping backbones of the Internet. We have learned how they can build massive data centers for storing the vast data amount, form these taps. Collected data is analyzed, structured, categorized and made available for later search. From Edward Snowden’s leaks we have seen screenshots of the NSA application X-Keyscore that allows analysts to pick up information on people, with simple queries like name or email ad-dress. It is most plausible that other major intelligence agencies possess similar tools. Furthermore we learned that analysts are trained for looking after peo-ple displaying suspicious behavior, for exampeo-ple in the form of using encryption.
We also notice how Turkey and Pakistan impose bans on several applications, using strong encryption to secure the communication between parties. We saw a clear need for an alternative confidentiality preserving communication plat-form, working around the use of encryption. Surely these type of applications will also be used by terrorists, preventing intelligence agencies to eavesdrop.
But we have seen how these agencies monitors not only targeted suspects - but entire countries. Banning applications allowing secure communication will not remove terrorists, it will instead make them find other ways. We would also like freedom fighters to communicate securely within repressive governments, and to quote Gerald Seymour: One man’s terrorist is another man’s freedom fighter.
To solve the problem, we went with a steganographic approach, as this and cryptography are the major research topics for ensuring confidentiality. Like pedantic article by Ron rivest, Chaffing and winnowing, steganography allows to work around encryption, to solve the same goals. We had 3 overall goals:
1. Offer message confidentiality, integrity and availability, even against a strong adversary limited only by cryptography.
2. Provide users plausible deniability to any message from the system.
3. No encryption allowed.
Confidentiality, integrity and availability are key components in online commu-nication, often referred to as the CIA triad. Since they are most often achieved by cryptography and encryption, we first explored which cryptographic compo-nents we could not do without, and which we could omit in favor of steganog-raphy. Encryption schemes were instantly ruled out, but simple hash functions would take us a long way.
Plausible deniability, referring to the condition, where a person can, plausibly and legally, deny any knowledge of, or association with some specific reality, in a way that they have deliberately provided beforehand was thought in from the beginning. People could easily be threatened into giving up their keys to secure communication, users would not be secure enough. We needed to make sure that no adversary could verify if a some key is valid or fake, allowing the suspected user to plausibly provide any key.
To meet each goal, we ended up with designing and implementing StegoBlock, an extension for email client Thunderbird. Building on top of traditional emails, let us utilize an already existing and widespread communication medium. Users should have a low entry barrier, as interface and usage would change minimally from what they already know and use. By extending emails in "X-"-headers, we created a solution that still works for email clients not StegoBlock enabled.
These clients will simply ignore said headers, only with StegoBlock installed, additional processing occurs.
StegoBlock implements the idea of embedding a small message in a larger, ran-domly generated cover object, that is then permuted, only reversible with knowl-edge of some stego-key. In detail, we would generate what we called noise, and append it to the secret message and its length. We would then do a Knuth-shuffle on the entire block, but with a CSPRNG seeded with the stego-key and a seed. Only by knowing the key, one could reverse the permutation and ex-tract the secret message. Reversal without key is proved extremely hard, as the
85
number of possible permutations equals the factorial of the total block length.
We wrote our own implementation of the simple Knuth-shuffle along with a reverse-Knuth-shuffle as well. Provided with a RNG in the same state, the algo-rithms can successfully encode and decode a message. We did not use a formally validated CSPRNG, but settled for assuming one. We did however carefully ex-amine which properties are necessary for a CSPRNG and check for obvious bias in our chosen third party implementation.
To accommodate plausible deniability, we made sure that every email sent with StegoBlock installed, would embed some message. If users do not write one, a randomly generated one will be used instead. There will always be a block in emails from a StegoBlock user, but the user may always argue that no secondary message was added. There is much value in plausible deniability. If users can convince the adversary that they are not hiding anything in a particular message, the adversary may not even bother decoding the message. With traditional crypto systems, it is also possible to keep messages secure, but crude criminals may force key disclosure with threats or violence. StegoBlock prevents against these unfortunate cases.
We designed StegoBlock to have a storage for stego-keys and to have a simple user interface. The design was reasoned thoroughly about in our steganalysis.
We established how a message length limit is a necessity, but reasoned thor-oughly about said limit, and the total block length. By analyzing a large email corpus, we established a foundation on real, human written emails, for evaluat-ing how successful embeddevaluat-ing message would be. We ensured that our method of scrambling the block would permute it in such a way, that the outcome would be one in every possible permutation - and in general we sought to remove every possible shortcut to extracting the secret message. In particular, we made an effort to block the usage of statistical analysis to reveal patterns in the block, by ensuring that all blocks follow the same target distribution of letters. All blocks consist of the same amount of the same characters, we use the same FREQUENCY_ALPHABET for all blocks and we can embed roughly 90%
of all<= 200character english messages.
Our steganalysis showed that the recommended settings for block and message length, results in a very hard reversal process, if the stego-key is unknown.
We iterated possible attacks on block integrity, but which would still not affect message security in the form of enable message decoding. In particular, we saw how an adversary might alter an encoded block to look like no message was embedded. This attack and the alike, were shown preventable by simple integrity checks. Implementation was described and made easy for further development.
Our shuffle algorithm and its promise of results in the entire range of all possible permutations are formally proved in existing work. We briefly validated that along with our chosen random number generator, it did not have any obvious
bias. The security claim we gave of keeping even an adversary of Dolev-Yao type strength at the gates is met, to the best of our knowledge.
With StegoBlock and the theory and steganalysis it is based on, we consider it proven that it can indeed be used to hide users secondary communication. We strongly believe that users can display plausible deniability, especially if they agree on a fake stego-key, besides the real one. Should the adversary interrogate both communicating parties and they both reveal the same fake stego-key, their denial is even more plausible, as the adversary arrives at the same decoding result. Our solution should allow everyone to communicate in private, legally, even if encryption is considered illegal. Users may even plausibly deny that they communicated in private.
7.1 Future work
Probably the most obvious area for improvement in the current application, is the stego-key store. This is currently not secured good enough. Today, its security is based solely on the security mechanisms of the operating system.
A new version of StegoBlock must surely remedy this situation. Should an adversary gain access to the current key store, he will obviously learn all stego-keys and be able to decode all blocks formed by the user in question.
Implementing an integrity check is top priority as well. We already iterated possible attacks that can all be remedied by calculating a simple hash and validating it. We could use a SHA-256 digest of header valuesXStegoBlock+ XSBDate+ stego-key and store it in a new header,X-SBIntegrity. The receiver could then easily recalculate the digest, and discard blocks mismatching integrity values. Providing a MAC may however ruin plausible deniability. Should an adversary compel users to give up their fake keys, he can easily tell if keys are fake, by doing the same computation. We should in all aspects ensure that an empty block looks and behaves the same way, as a filled block with a fake key. A possibility could be to encode randomly chosen messages with randomly chosen keys - which our implementation already does.
StegoBlock currently has limited functionality for multiple recipients. An email with a StegoBlock can be sent to as many recipients as needed, but the block will be the same for all recipients. This means all recipients must share a key for all to decode the message. We imagine a future version to better support multiple recipients. One possibility could be to allow multiple keys for decoding messages from the same sender. We must remember that an adversary would expect all recipients to disclose keys decoding a block to the same message. This
7.1 Future work 87
might require the entire recipient group to agree on the same fake key, unless a more clever scheme can be discovered.
Future work may also be, to formally verify if our PRNG choice is in fact cryptographically secure. The workload for such an exercise could amount to a thesis in itself. It is however critical to the system, because of the hard dependance on the cryptographic primitive.
We would like to offer a dynamic FREQUENCY_ALPHABET. In a future StegoBlock version, users should be able to pick their own target character dis-tribution. This would allow them to blend their StegoBlock into the distribution of their native language. A letter frequency analysis of the StegoBlock would re-turn the same distribution as the message itself. We would also have the added benefit of allowing the characters of the users native language. The initial ver-sion only allows the default ASCII character set. Following the though stream of allowing dynamic distribution targets, we could imagine users being able to select books, emails, newspapers, tweets, basically any text on their own - then StegoBlock would analyze the character frequency of those inputs - and adjust theFREQUENCY_ALPHABETaccordingly.
Lastly we also see a future version to have some form of logging mechanism.
Currently errors will be suppressed, unless if happening when sending emails - where they will not be logged either. Debugging is near impossible, if not reproducible in a development environment. A full fledged logging mechanism, with option notifying developers would be a great addition.
Appendix A
Header example
1 R e t u r n−Path : < t o f t e g a a r d . a n d r e a s @ g m a i l . com>
2 R e c e i v e d : f r o m MacBook−Pro−2. l o c a l ( x1−6−a0−63−91−f e−b f−82. c p e . w e b s p e e d . dk . [ 2 . 1 0 4 . 2 . 5 9 ] )
3 by smtp . g m a i l . com w i t h ESMTPSA i d 8 9 s m 1 3 2 7 8 2 1 l j a . 1 6 . 2 0 1 6 . 1 1 . 1 0 . 1 1 . 0 5 . 3 4
4 f o r < t o f t e g a a r d . a n d r e a s @ g m a i l . com>
5 ( v e r s i o n=TLS1_2 c i p h e r=ECDHE−RSA−AES128−GCM−SHA256 b i t s = 1 2 8 / 1 2 8 ) ;
6 Thu , 1 0 Nov 2 0 1 6 1 1 : 0 5 : 3 5 −0800 ( PST )
7 From : A n d r e a s T o f t e g a a r d < t o f t e g a a r d . a n d r e a s @ g m a i l . com>
8 S u b j e c t : S t e g o B l o c k
9 To : A n d r e a s T o f t e g a a r d < t o f t e g a a r d . a n d r e a s @ g m a i l . com>
10 X−S t e g o b l o c k : a .%20 MttOvon%20 i y E n c o c .%20 t o 0 r y i n r r u p e o s %3 E l t E s n t i t t l n t %20.%20 o
11 %20 e m a a t h z h i r U r%2 F n s c i a i %20pOaa%20 t p i %20 o b 1 p e w l e l v a y I g o t h t %20 l o h 1 d s C r r l a %20o
12 a e a g d . _%20 r %20%20 y a h r %20 c%20%20%3Af%20%20m%20 t e r o e s e c n E c %20 v L b s s o d r D o %20%20 l
13 %20%20%20 e s a w e e n %20aho%20 m l i k d M n l %20 t l %20bmoeo%25%20 t t o i l e c g n %20 m h e s s e g %20do
14 0aFP%2Cw%20 i w i E y e e r s n 5 %20lldaebHmms ) d s A e i %20%40 e %20a%20hv%20%3E%20 s s s n %2F%20
15 D%20 r e i n %20a%20 a e %20 e i o E i F i c T %20 i e u a F e t r i y h %20d%20%20%3Ev9e%20n%20 i i v %20hPsT
16 n s a s o %20 t a e %20 e n 6 s a I c o n f d t a h T o h h %20tmaudQar%26 c %20 s y e %20ueCkotHt%20xTod0im%2
17 0 s e r t %20%3F%20 i t t l n k e k %20 o L l r N j d %3E%20 e o %20 a f i 0 t u %20 p l i t h o e t C N %20%20 s %20%20 e
18 b c c t y o w e . wr%20o o%20%20R%40 r %3D _ e n i e s e p a %20hml%20 i %20 h m t t i n a l %20 d a s o e %20 h o 4 i%
19 2 0 i d c−%20%3C%20 e%2Ca%20Ysheon (%3Diywn%20%2F r 0 %20%20gu%40sm8t%20sM%20 k C a t v t%2
20 0 a 0 a %20 i l P t a N t i f %3DwegE%20 I n e s M o i %20Aab%3Dhz%20 t e l i _ h D r %20mTea1%20 c c o l . e %20 I
21 %20ok%2C%20m.%20 s %20 t %202 n f t h t %20%20Tb%20%20%20%20 f s t a e q %20a%20 a t ’ i a %20na%3A
22 s n a 1 I l t g %20%2C o f s g e m l a p f r e E p o z m E n e i b m h e e%20−f c u o r e e p C h l j %3A u e e N S n r e o b r b%20%2
23 Bhkm%20 i 2 0 u C n p %20%20rdNg%20 t L c r e i %20 o b r o a n r w y w f o o %20 s k o h c s i %20Nr%2C%5B y d i%3C
24 _ye0%20 d s n n i t 0 a 3 r e v u P %20 i e b r r e %20%3Diehamn%20 a u a a l %20%20%20 e %200%20 s f %20 n t n t
25 n e%3AkOenrmaoeru%20−s e %20pnoSo%20%20%20yoEnh%20%20 c t %20%20Go%203aKnn%20%3Cpd
26 p a o e %20%20%20%2Cmxiane%3Daasapup%2C a f e J K e l e 9 n %20%20 e t 7 a l e a t t %20emeAecn%20 t x e
27 i e e r y . shsmm%20u%2Fv%20 s%2Ca%20 i %20 i o D e H s s m a e s t %20oe−l i e r %20 r %20o ) an%20%20 n e t
28 Ma%09 u o C s y l a e %20 r %20Ou%20 e a . u%20%20 l v s L a r e %3F o 4 n h e o e e g t m w i %20niT%20 t e %20hlM1
29 n p e a %20 t %20 n r y i %20 i . sTa%20 r u i u r T e %20 s n %09 r f %20 n r l O b s z∗%20 s d ) a e n r n T c i t %20%20 i
30 .%3 D n l p e a o e 7 B u s a o o E 1 u i o %20 s %20 o a a F s 1 d%2F a i n 6%3D p a e f n m e i a s %20 e h o%20−e t h t a a L a k
31 nn%20 t c h o e i d s l r %20%20d%3A r u r c a t h %20 f t i n u r s %20%20%22%20 l %20 l o p o t U i m t R a r %20%20
32 c d%2F l d f−r t o t o n h i S u n k O i e u u r a e g f s g h a e %2C a n e l %20 e a%2C y n Z t E o o s e n s %20 i %20 f f d p %20
33 %20 d o o t%2C u i d r %20 e t M u f t l %20%20−t o e i %20%20At%2C e n i d %20 s o %20 s t o n o %24.%20wmib%2
34 0 d n n t%2FRlo%20 p e e %20%40 e . AhneMeau%20whe%20ohn%40 a t o 0 h a e f %20%20%20o%20 s l d c e i f
35 ~h%20 d w o s r 5 %20 e p 0 c . s n t C o e w u o e t p . l i r h %20 o e a e g %20u%20 t r %20u%20Rd%2C l %20 s O k i r e i
36 %20BrluYd%20%20a%2B%20 l e l t c %20 l s o R a %20 o r a s m t o %20 h i e f d r %20(_vetom%20 y a a 8 e e a I m
37 w i i D e r _ i l r e %20 f %20 c %20 e i s h r 0 i v l e G e n b B %2Ft %207 p l E c n t %09 o s a i t e %20heAm%20 e r−c s e
38 a n r i h 4 n g 2 r a %20Do−a y a%2Ct%20%20 i l e %20lwhDr . n%20 S e d t n%3Eed%20%20h%20enm%2 C 4 i i d
39 p%3E r m e J n w b l f %20%20ehHoo7−a n a s h n n i n e h %200 h t %20%20 t r t h d W u i p r m r %20isWedn−g d r%2
40 0 n f p m e C e f u n r d %20 a i c e e e ( c %207 n o o a a o a c S i r _ %20%20 b e 0 C l s y b r %20a a %20 k n r s %20EosMe%
41 2 0 e d l h w s%3E . h d h w i i t o %20p%20 e%3E t m r r d a t 2 d %20E%20 d i %20upenm%20%20 s%2C5%2C b c r i u
42 %209 u n f i %20 s a e e d %20%20ocP . % 2 0 . p%20 d e i s s %20n%20 m i p n s a t %20 s c t a g %20 e t p c %20oh%09
43 a e E n i %20%20 t E a I i e %20%20 e e b d k%2 C o r n i s %3Dl%20%20 e e g %3AseDth%20 s %20%3D t J r n h g %20
44 l r o P C r %20 i ’ l y i d V e e %20%20%20 c G i h r a o h i a i n t l %20 s g a n u%2C0%20 t %20 h n n t %20%20 t p i S e I
45 %20%20%20webp%20%20 a r t %2C0%20 d e d t .%20 e %20hrcCw%20Fv%20%20nue%20an%20%20 s a %20
46 %20 o v t 2 n u s o a r %20 C c 1 t i n t−Gs2e%20 e g e n b p r 2 n _ i n p 6 r h t d e o g %20v%20P%20 y e t a P n i s t d 0 e o
47 rhMa−TMImnnmOir ’ g%20na%20wvt %20 ’m%3F%20%2F%20%20 G a a i 1 e t o o p n t l n t %20 a t h %20 i c h o
48 %20o%20 R 2 i n c b c c r f %2F_%20 s %206%20%20Tu%3A u a i o%3DeiC%20 t %20%20q%20pDk oi%3Dfi_u
49 a u r o r E r v o M r u i A n i y n f I b %20mnnoegmau%20%26 t n %20 s l e %20 t %3DC . p e %20 h t . n e %20H%20v%2
50 0Mc%20 o t a l a r o c s e t t s m a e E s 1 r m t o %20 u i o r d y k t ) s %20%20ado%20%20 F e e u S e n n T c d a y y t h n e%
51 2 0 n l s i d i a t a o X t s k a %09 s o r e c . y%20Nah%20osrWr%2Fe%203 e d e a e c o C %20 m o o t i a i e i %20Dnrr
52 R e a l e !%20 r %20 y i o a %20%20 ’ i r h e o m n e o 2 i l i %20 a t h %20 v t w t d o %20Jb%20sd−r s %20 e . t ’ r n%2
53 0 gtem%20%20%3Diwb%20yocw3%20p n o e d%20 t %20 e i h a d l e h %20W%2Cs%20 n r t i U y l %20a 5%20o%
54 2 0 o%20 t t n H t 2 i l %3ANn2%20 o s %20 g g e e . e %20 t a d s a g %09%20 s t N l a %20n%20 o q r r e d T n T e %20nd
55 KaeT%20 e t d e s e n b f p %20 o h 0 c o %20Pe9 cn%20%20%20 p p 4 e . l a t %20M%20%20%20 i t t n T %20 e%20%
56 20%20 r s %20W%20 h s 6%20−%20Sue%20%3Dr%20 e . e %20 f r r A g %20 c e %20%2CGt%20mt%20 o t %20 a t
57 ShAne%2F o t %20 y f o e r t a u 8 n o i r %209%20 h 3 a 5 t y a t a l V %20m%20 r p %20 e u t s i d %2CAc%20p 2 U i%2
58 0 d r d s r %20 t o .%20 u%20%20%2C s o g d e y %20 N e O f r o f e a h j C %20%20 r %20g%20 t %20 n n e B n 2 o f e h t%
59 3 FLaiRrn%23 e r l s r i b m n g %3Co e s n %202 t s o . r n 0 t i T r n O %20 P a p r n v c %20 s a i %20−t g %2Cee%20 s
60 %20c t B %20 s p %20m%20 s 8 %20%20%20 i h 3 t i E 1 t h e h %20 r l 2 s l 1 n−’ p s %20 s s %20bln_2%20n%2C%2
61 0%2Cn ’ b r m a s i ( l x i c c %20 r g %20e t o N h o p%20 h e i s %20h%20T%20 l e o a c %20 I a %20%09 t w n e o e e y I
62 o g s r b e g t w %20 c e d %20%20 l a %20 l s s−t e l i %3Dsabow%20xo%2CuRarde . t %20%3D%20%40%20nh%
63 2 0 meor%20%20%20oduwmiSsoiw%20 e n . na%3D%20 h h n t i %20%20ho0%20%2ClA%20 n s n a r t E n o o%
64 20%3Dn%20n%20 r %20n1%3D0tyeowo . o a l n %2FmSsdswAo%3A0mmoafefU%20%20%20 l n %20 e e o (W
65 s r D i m d c n e l s a %20 e %20_sp%20 i o r %20. i t h I o l e o a c a e u s P d h l i %20uS%20At%2Chr%20%2F r v e n
66 o 0 %209 e %20%09%20%20oTwParon%20%20X%20. f i %09a%20huvo%20uDnh%20h0%20 s %201%20aC
67 Rc%20%20 s n k i n a %20m%20wL%3E0%7 C i n r t l q n i o D %20 o r S a e %20 l e N m o E d v l e a o %20 n e k o f o %20U
68 gHmoy%20 l e %20 t p a %20 n l o p e n %20 s s d n e i S 0 c n i p y e %20%3EhteoTbeu%20 r t d h A t 1 %20 c a p g s k i
69 −%402 i t %20da%20 r %20 e n s o %20 f %20 e e . t 5 h t %200 o h t u%3Fcd%20 v e%2F%20 t %20−e s r %20 n a t e
70 e n e b S %20 o a %20 o i 7 t E %20umtr%3Dds%20 e c 9 w a e a r R%3A e l a %20u%20n%20%20∗i %20 l %20 u i %3E
71 y a a %20dK%20 i O I i l %20 c %20%20 l g 2 y e %3Ba%3 D l I C o 4 t d n i r s 1 w i t g l v e h %2F%2C c i %20H%22 c t n
72 a∗s %20n%20 h 0 l e e t t t %20 h s e h 3 e w c 2 x f d e %20 g c %20mvotno%20orreaea_gW%20 e t e o r f−u l t t y
73 %20%2F%20wnhm%20 a S h o i a %3D%20 c u a 4 n %20dA%20 l r e y . kgpn . s c h d %20%2F3n%20 o o u r l %20%2
74 CBm%20g%20aS%20Wh%3At%20p%2C a F e E t r o g t L y s d y t %20uo%20 n i y 9 a t o %20 t c . r %20%20 p a s n o
75 a e e c a %20 S e t %20 a f h e u i e l u i p o a n %20o%20ow%2CS%20 r a t 6 i t g o %20no%20%20b%20%20 i 2 L %20
76 kh%20eyOh%20 t n k .%20 t o e b s E o d %20%20%20 i i %20 g t u S i t a %20%20 r u %20d%20 e r G c %20 a e l y l l
77 n o l p n %20Fwh5%20.−r n a−%20%20o n t%3 F o l s s %20%3 D d v f i t E t t n r u a r %20 v T e r e %20 s%3B) e e o h
78 e j n o t l I ’ uo%20%20 t t %20 o r a r e m w t t r %20ya%20Rb%20%20%20Ep%20%20 f a c p u t %20%20wgBh%2
79 0 o i e %24%20 e s f %20%2F%20 v i s %20 t y c s %20 e i %2F r u y n c B s o e %20 c i c %20 a e . e o l H 3 w e e i c a %3De
80 % 2 0 . % 2 0 . e %20 s 7%3 E f r i r I p D i %20.%20 eegamu ’−d l e r a o d a e o 0 P r o %20 d c %20 N i a o v e u %20%20 e
81 e i s e 2 %20 l t y o %2C c f e a T %20 f e %20 l C T e u t %20 s ! uE%20a%20 r r %20 n c %40 t b%5D%20 x o F f 8 %20 s t
82 t %20%20RJ%20%20 n n l l n V r %20 r t r c n a e i a s i i l n A %20o%20 t %20 s e l n %20 g t %20 l r c S r c i s %20 u s
83 o t r m a e h %20%20 i a r V r y %26 l %20p%20 s e %20 t e %2F t s c e e r w s k E m p i %20 k c f o e %20 s e e a l r f I l h %2
84 0 l t l %20 e e %20B%20 g d o o d n r s t _ n n %20 i e e l s n t s l−%20 n i n e n i g t 0 %20 t 3 %20 n e x e t n %20 v r a i 2%
85 2 0 . d e n t g d s t f r %20gdE1yNo%20eC%20C%3 F l t t l t %3A%3D1A%20o%20 n o r %20 e i p %20 c %20pmrua
86 m3s . y I d i e e t h f e t f %20 o s a w u i . o 3 %20g 8%2 C c a e e o i e %20. g t a %20 e g i a e t 0 _ %3D%20 a o c c %20%2
87 0 t %20OtGfed%20 O s o v e t−%20)%20 r y c o %20%2C%20%20a%20 s i e t s y 0 %20 u e n i i o a n i %20w%20 n i
88 c h i y %20 m t s c 5 %20 r %20 f %20 d e s %20 t r d r n %5Cims%20%20%20Cto .%3 BMost%20 h o e s−e n %20%20
89 nto_%20M0ntYrtynNyPwl .%20 g b d s e %20%20 w a s e %20%202−%20%200 i J a e 0 %20%20ygawmT−0 t t
90 t r %20−Eatbu%3 D o a t t a 1 A s u r l A i r u c c m r d i %20 v k r i %20 l a a %20 i o−r %20 s%3Fb
91 X−S b d a t e : Thu Nov 1 0 2 0 1 6 2 0 : 0 5 : 3 4 GMT+0100 (CET)
92 M e s s a g e−ID : <d 4 9 6 c 8 e 5−8d87−f c 4 c−86e8−e 2 d 8 f c a a d 6 6 5 @ g m a i l . com>
93 Date : Thu , 1 0 Nov 2 0 1 6 2 0 : 0 5 : 3 4 +0100
94 U s e r−Agent : M o z i l l a / 5 . 0 ( M a c i n t o s h ; I n t e l Mac OS X 1 0 . 1 1 ; r v : 4 5 . 0 )
95 Gecko / 2 0 1 0 0 1 0 1 T h u n d e r b i r d / 4 5 . 4 . 0
96 MIME−V e r s i o n : 1 . 0
97 C o n t e n t−Type : t e x t / p l a i n ; c h a r s e t=u t f−8; f o r m a t=f l o w e d
98 C o n t e n t−T r a n s f e r−E n c o d i n g : 7 b i t
91
99
100 N o t h i n g t o s e e h e r e
Listing A.1: Source code of email with StegoBlock
Appendix B
Installation
For development, unzip and place the provided source in the Thunderbird ex-tensions folder:
Windows %APPDATA%/Thunderbird/Profiles/<Profile Name>/extensions Linux ~/.thunderbird/<Profile Name>/extensions/
MAC ~/Library/Thunderbird/Profiles/<Profile Name>/extensions/
StegoBlock can then be selected and installed from the Extensions menu within Thunderbird.
For simple end user installation, use the Extensions menu within Thunderbird to select the stegoblock.xpi file directly. Go to the Extensions tab, click the gears icon, then select "Install extension from a file...".
StegoBlock has been tested on Thunderbird 45.4.0, running on a Macbook Pro with OS X El Capitan (10.11.6).
Appendix C
StegoBlock extension files
< ? xml v e r s i o n =" 1.0 "? >
< RDF x m l n s=" h t t p :// www . w3 . org / 1 9 9 9 / 0 2 / 2 2 - rdf - syntax - ns # " x m l n s:em="
h t t p :// www . m o z i l l a . org / 2 0 0 4 / em - rdf # ">
< D e s c r i p t i o n a b o u t =" urn : m o z i l l a : install - m a n i f e s t ">
<em:id> s t e g o b l o c k @ t o f t e g a a r d . it < /em:id>
<em:n a m e> S t e g o B l o c k < /em:n a m e>
<em: d e s c r i p t i o n > E n c r y p t e d s e c o n d a r y m e s s a g e s in e m a i l s . < /em:
d e s c r i p t i o n >
< !- - The S t e g o B l o c k e x t e n s i o n a l l o w s for e m b e d d i n g s m a l l s e c o n d a r y and e n c r y p t e d m e s s a g e s in e m a i l headers, k n o w n as a S t e g o B l o c k . If no m e s s a g e is added , a r a n d o m l y g e n e r a t e d on w i l l be i n s e r t e d . A d v e r s a r i e s c a n n o t d e s t i n g u i s h b e t w e e n S t e g o B l o c k s c o n t a i n i n g r e a l m e s s a g e s and o n e s c o n t a i n i n g r a n d o m t e k s t . T h i s
p r o v i d e s the s e n d e r w i t h p l a u s i b l e d e n i a b i l i t y of c o m m u n i c a t i n g in s e c r e t w i t h any r e c i p i e n t .
S t e g o B l o c k s are e n c r y p t e d w i t h 256 bit AES . - ->
<em: v e r s i o n > 1 . 0 . 1 < /em: v e r s i o n >
<em: c r e a t o r > A n d r e a s T o f t e g a a r d < /em: c r e a t o r >
<em: o p t i o n s U R L > c h r o m e :// s t e g o b l o c k / c o n t e n t / o p t i o n s . xul < /em:
o p t i o n s U R L >
<em: i c o n U R L > c h r o m e :// s t e g o b l o c k / c o n t e n t / i c o n . png < /em: i c o n U R L >
<em: t a r g e t A p p l i c a t i o n >
< D e s c r i p t i o n >
<em:id> { 3 5 5 0 f703 - e582 -4 d05 -9 a08 - 4 5 3 d 0 9 b d f d c 6 } < /em:id>
<em: m i n V e r s i o n > 1 . 5 . 0 . * < /em: m i n V e r s i o n >
<em: m a x V e r s i o n > 5 1 . 0 < /em: m a x V e r s i o n >
<em:t y p e> 2 < /em:t y p e>
< / D e s c r i p t i o n >
< /em: t a r g e t A p p l i c a t i o n >
< / D e s c r i p t i o n >
< / RDF >
Listing C.1: StegoBlock extension install.rdf file
c o n t e n t s t e g o b l o c k c h r o m e / c o n t e n t /
o v e r l a y c h r o m e :// m e s s e n g e r / c o n t e n t / m e s s e n g e r . xul c h r o m e ://
s t e g o b l o c k / c o n t e n t / m e s s e n g e r . xul
o v e r l a y c h r o m e :// m e s s e n g e r / c o n t e n t / m e s s e n g e r c o m p o s e / m e s s e n g e r c o m p o s e . xul c h r o m e :// s t e g o b l o c k / c o n t e n t / m e s s e n g e r c o m p o s e . xul
Listing C.2: StegoBlock extension chrome.manifest file
1 var S B C o m m o n = f u n c t i o n () { 2
3 // g e t s the S t e g o B l o c k e x t e n s i o n p r e f e r e n c e s . 4 var i n i t P r e f e r e n c e s = f u n c t i o n ( obj ) {
5
6 if ( obj . p r e f s )
7 r e t u r n;
8
9 obj . p r e f s = C o m p o n e n t s . c l a s s e s [’ @ m o z i l l a . org / p r e f e r e n c e s -s e r v i c e ;1 ’]
10 . g e t S e r v i c e ( C o m p o n e n t s . i n t e r f a c e s . n s I P r e f S e r v i c e ) 11 . g e t B r a n c h (’ s t e g o b l o c k . ’) ;
12 };
13
14 r e t u r n { 15
16 // s h o r t c u t for the e x t e n s i o n s p r e f e r e n c e s
17 p r e f s : null,
18
19 // s t o r e s c a l l b a c k s for the p r e f e r e n c e o b s e r v e r 20 o b s e r v e C a l l b a c k s : {} ,
21
22 // c o n v e n i e n c e u t i l i t i e s
23 u t i l s : {
24
25 // n a t i v e JS i m p l e m e n t a t i o n for e x t e n d i n g o b j e c t s . s o m e w h a t s i m i l a r to j Q u e r y . e x t e n d ()
26 e x t e n d : f u n c t i o n e x t e n d () { 27
28 if (t y p e o f( a r g u m e n t s [ 0 ] ) === u n d e f i e n d )
29 a r g u m e n t s [0] = {};
30
31 for (let i = 1; i < a r g u m e n t s . l e n g t h ; i ++) {