Uninformed: Informative Information for the Uninformed

Vol 8» 2007.Sep

Encryption System

The encryption method chosen for use in the SteganRTP reference implementation is not really encryption at all. In favor of light-weight and speed, a simple bitwise exclusive-or[27] (XOR) obfuscation method was chosen as a symmetric cipher. The choice of encryption method here does not indicate that another, more robust type of encryption could not be used; rather, the modular design of the reference implementation promotes drop-in replacement of the current encryption system entirely, assuming that the replacement encryption method does not have a noticeable impact upon the latency of the overt RTP stream being used as cover-medium.

The author does not claim that the obfuscation method used by the SteganRTP reference implementation to be cryptographically secure. Rather, it is well documented in the literature that XOR against a repeating keystream is insecure[28,29,30]. The obfuscation of message data is merely meant to provide some rudimentary protections against statistical steganalysis which focuses upon perceptible properties of language within the stego-medium.

The XOR obfuscation method employed by the SteganRTP reference implementation consists of the following steps:

Create a bit-pad for use as keying information.
Choose an offset into the bit pad to begin using the keying information.
XOR the message against the bit pad, byte by byte.