secure data export

secure data export

Nadav Har'El nyh at math.technion.ac.il
Sun Jun 26 09:44:16 IDT 2011 

On Sun, Jun 26, 2011, Orna Agmon Ben-Yehuda wrote about "Re: secure data export":
> I am currently thinking about text, but If the text contains lots of
> numbers, then I cannot trust the person to recognize the errors by reading
> the file. Oleg - I did not consider steganographic methods in my original
> mail, before you raised the issue.

Another issue to consider is that except for us die-hard Unix fans, when
most computer users think of "text", they don't think of ASCII text, but
rather of formats like PDF, MS-Word, and so on. With these, it is trivial
to insert an almost-unlimited amount of leaked information into the "text"
file, and a person who reads it on an ordinary word processor will not notice
any difference.

Orna, I think that unfortunately as time goes on the sort of problem you're
thinking about gets harder and harder to solve to any satisfaction.
There might be good solutions for short ASCII text files (Shachar's idea of
*copying* the data on the clean machine, not just *reading* it, was a good
one). But what if you do want to send a word-processor document? Or some
relatively-large source code? Or some numerical data that nobody can seriously
verify? Or photos? Or videos?

For the specific case of word-processor documents, there might be a simpler
(and more accurate) solution than printing and OCR: The copying machine (as
suggested by Shachar based on your verifying machine) can, instead of making
an accurate copy of the file, extract only the *visible* information the file,
e.g., the text and fonts, and copy it to a new file, while losing other
"hidden" information which might be present in the file. A trivial (though
perhaps suboptimal) way to do this is for that machine to export the document
to PDF; Presumably this conversion will lose all invisible information, and
if you assume your human verifier can verify the visible information somehow
(it isn't clear how...), you're safe.


-- 
Nadav Har'El                        |       Sunday, Jun 26 2011, 24 Sivan 5771
nyh at math.technion.ac.il             |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |Seen on a box of animal crackers: "Do not
http://nadav.harel.org.il           |eat if seal is broken."

More information about the Linux-il mailing list