Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (leaves 61-62).Steganography, the hiding of covert messages inside innocuous communication, is an active area of cryptographic research. Recent research has shown that provably undetectable steganography is possible in a wide variety of settings. We believe that the existence of such undetectable steganography will have far reaching implications. In this thesis, we investigate the impact of steganography on the design of cryptographic protocols. In particular, we show that that all existing cryptographic protocols allow malicious players to collude and coordinate their actions by steganographicly hiding covert messages inside legitimate protocol traffic. Such collusion is devastating in many settings, and thus we argue that it's elimination is an important direction for cryptographic research. Defeating such steganographic collusion requires not only new cryptographic protocols, but also a new notion of protocol security. Traditional notions of protocol security attempt to minimize the injuries to privacy and correctness inflicted by malicious participants who collude during run-time. They do not, however, prevent malicious parties from colluding and coordinating their actions in the first place! We therefore put forward the notion of a collusion-free protocol which guarantees that no set of players can use the protocol to maliciously coordinate their actions.(cont.) As should be expected, such a strong notion of security is very difficult to achieve. We show that achieving collusion-free security is impossible in a model with only broadcast communication and that even with physically private communication (e.g. physical envelopes) there are still many ideal functionalities that have no collusion-free protocols. Fortunately, under natural assumptions collusion-free protocols exist for an interesting class of ideal functionalities. Assuming the existence of trapdoor permutations, we construct collusion-free protocols, in a model with both broadcast messages and physical envelopes, for every finite ideal functionality in which all actions are public.by Matthew LepinskiPh.D
