RSA Laboratories

7.15 What are covert channels?

Covert communication channels (also called subliminal channels) are often motivated as being solutions to the ``prisoners' problem.'' Consider two prisoners in separate cells who want to exchange messages, but must do so through the warden, who demands full view of the messages (that is, no encryption). A covert channel enables the prisoners to exchange secret information through messages that appear to be innocuous.A covert channel requires prior agreement on the part of the prisoners. For example if an odd length word corresponds to ``1'' and an even length word corresponds to ``0'', then the previous sentence contains the subliminal message ``101011010011''.

An important use of covert channels is in digital signatures. If such signatures are used, a prisoner can both authenticate the message and extract the subliminal message. Gustavus Simmons [Sim93a]devised a way to embed a subliminal channel in DSA (see Section 3.4) that uses all of the available bits (that is, those not being used for the security of the signature), but requires the recipient to have the sender's secret key. Such a scheme is called broadband and has the drawback that the recipient is able to forge the sender's signature. Simmons [Sim93b] also devised schemes that use fewer of the available bits for a subliminal channel (called narrowband schemes) but do not require the recipient to have the sender's secret key.

Top of the page