Following my email to this list, dated 29/07/2012, I direct your attention to the IACR eprint document http://eprint.iacr.org/2012/494, "Format-Transforming Encryption: More than Meets the DPI". In it, we present our framework for steganographic encoding of messages using regular languages, along with initial findings for a Python/C++ based implementation.
To briefly highlight some of the main things we deliver:
* A record-layer, powered by format-transforming encryption, that can tunnel arbitrary SOCKS streams.
* Algorithms that allow efficient and invertible mapping between bit strings and elements of a regular language L. These allow us to encode traditional encryptions of plaintexts into strings from L in a way that maximizes the number of bits that are encoded.
* A framework for the creation of good regular languages, "good" with respect to performance and security. In particular, our language-learning framework produces sets of regular expressions (compact representations of the languages) that are learned from real traffic. Our system also allows you to use off-the-shelf regular expressions, like those from appid [1] and l7-filter [2] that are designed to detect HTTP traffic.
We consider this preliminary technical report on a work-in-progress. In fact, we can already do more than what is reported (e.g. greater variety of languages, better system performance), but we will save these advances for a future release.
Cheers, Kevin P Dyer (and his co-authors)
[1] http://code.google.com/p/appid/ [2] http://l7-filter.sourceforge.net/