Secret Data: Steganography v Steganalysis 280
gManZboy writes "Two researchers in China has taken a look at the steganography vs. steganalysis arms race. Steganography (hiding data) has drawn more attention recently, as those concerned about information security have recognized that illicit use of the technique might become a threat (to companies or even states). Researchers have thus increased study of steganalysis, the detection of embedded information."
Re:Hmm (Score:1, Informative)
Is this really a good article on steganalysis? (Score:3, Informative)
Reference [11] is for the F5 algorithm: Yet consider this paper: The abstract from Fridrich et al. says "... we present a steganalytic method that can reliably detect messages
So TFA article cites countermeasures from 2001, even though a method of defeating those countermeasures was published in 2002.
The above is just one example. Overall, TFA seems poor and out-of-date. This is a case where the F in "TFA" does not stand for "fine".
Re:Hiding data ...pfft (Score:5, Informative)
During the 50's and 60's the air force used a particular comic strip ("smokey stover" i think. http://www.toonopedia.com/smokey.htm [toonopedia.com], also the origin of "foo" and "foo fighter") to train recon. photo interpreters. The artist would hide his wife's name somewhere in every strip, and the new recruits would have to find it.
Re:Layered Implementation (Score:3, Informative)
That runs counterintuitive, so let me scratch the why/how:
Steg: it's incredibly hard to really hide stuff. If you stick data into the unimportant pixelbits of A/V data, statistical analysis of the sort of data that is created by the source (camera, scanner, etc) makes it *trivial* to detect that stuff is being hidden. The better you hide it, the more you sacrifice signal to noise.
Steg plus encryption: easily detected, and steg limits the data pipe. If you have a lot of steg data, creating enough host data to mask it becomes a huge damn PITA.
Strong encryption: data compresses, not expands. Detection and break costs can be reasonably calculated, and algorithms can be picked that achieve an acceptable break cost. And there are mechanisms like dvd-length one-time pads that can make the data flow utterly unassailable as long as it remains encrypted. All that you're left with is attacks outside that space (bribery, extortion, threats, wiretaps, and so on become the cheapest win).
Incidentally, W.A.S.T.E. has an design aspect that does a great job of balancing steg and encryption: encrypt everything with an algorithm that is computationally expensive to brute-force, then shove copious amounts of probably-not-significant data down the encrypted channel. It's like the shortwave number-reader frequencies: by creating a perpetual, huge stream of junk code, you get rid of the above-mentioned weaknesses, and gain the advantage of creating an encrypted and steg'd stream.
Re:Hmm (Score:5, Informative)
Furthermore, if you take the trouble to hide your data with steganography chances are that you will also encrypt it. In this scenario, the two accomplish different goals. Steganography ensures that no-one realizes that you have communicated at all and cryptography ensures that even if the steganography is compromised, they cannot tell what it was you were sending.
Steganography is gold to any mole in need of transmitting information from inside a hostile organization to his people on the outside. So long as the hostile org cannot tell that he is communicating, he is safe. Once they figure out, he is busted.
Or for anyone transmitting information across an untrusted medium for that matter. If you use PGP to protect your Internet mail, the Feds are going to know that you have _something_ going on and that they might want to keep extra tabs on you. If you also use steganographic techniques, you'll never show up on their radar in the first place.
Re:Problem with statistical analysis (Score:5, Informative)
Actually, here the fault is that they didn't understood the target. Expenses have no "natural" size, they're likely to be scale invariant. Basicly, you're looking for a distribution where C*f(x) = f(x). If you took 1..9, try C=2: 2,4,6,8,10,12,14,16,18... suddenly you have 5 leading 1s.
Turns out the right distribution is following Benford's law:
30.1% 17.6% 12.5% 9.7% 7.9% 6.7% 5.8% 5.1% 4.6%
The second example you have is that the human "RNG" is flawed.
A computer doesn't really suffer from this problem. The stenagography problem is really this.
1. Find randomness in source data
2. Replace random data with pseudorandom data
Of course, if you overwrite non-random data, you're doing it wrong. If you're going to use the LSB, you need to verfiy that it is random, or find the portion of it that is random (which is kinda what you're doing when you pick the LSB from a pixel anyway).
The biggest problem is really to hide it in a "reasonable" way.
Perfect steganography should replace all randomness with noise.
Perfect compression should eliminate all randomness.
In other words, steganography operates on the thin slice between good compression (jpg, mp3, divx) and perfect compression. It's much easier to hide information in bmp, wav, uncompressed avi, but it also looks damn obvious.
Kjella
Re:Layered Implementation (Score:3, Informative)
They shouldn't be directly compared, because steganography and encryption reach towards different goals. One conceals the fact that you're hiding information, the other protects information from someone who already knows to look for it.
In limited circumstances, each can perform the other's effect: steganography makes encryption irrelevant if they can't find the material, and encryption makes steganograph irrelevant if and only if a substantial portion of non-suspected people are also using encryption for daily correspondence.
There are governments today, however, that will rape you with a machinegun if they see you passing coded messages around, so steganography has immediate utility.
Detection? (Score:3, Informative)
You'll have to forgive me, I'm not the greatest cryptographer in the world. But let's say that Joe Shmoe takes a picture with his cheap 8-megapixel camera, with a very high ISO setting for lots of noise. Now, that's roughly 192 megabits of information.
Suppose he needs to encode a 1 kilobit message. that means that there's going to be one bit of signal for every 192 kilobits of image. Now, say he does the encoding to merely appear like more noise in the already noisy image.
Given that low of a signal-to-noise ratio, I really don't see how you could detect the message unless you had prior knowledge of the algorithm or locations.
steve
Re:Hiding data ...pfft (Score:1, Informative)
Re:Problem with statistical analysis (Score:3, Informative)
No, you eliminate some redundancy, thus *increasing* the randomness. The whole point is, with compression, if your output is less than perfectly random, then you must be able to compress more, as there are additional patterns that can be eliminated. Or, at least that was my understanding.
In support of this is fact that you can't compress a perfectly random data stream. Why? Because there is no redundancy to eliminate. And a perfect compression algorithm should output data which isn't further compressible... meaning it's indistinguishable from perfectly random noise.