Secret Data: Steganography v Steganalysis

gManZboy writes "Two researchers in China has taken a look at the steganography vs. steganalysis arms race. Steganography (hiding data) has drawn more attention recently, as those concerned about information security have recognized that illicit use of the technique might become a threat (to companies or even states). Researchers have thus increased study of steganalysis, the detection of embedded information."

Steganalysis has a dim future, IMHO

[fejikso]

I believe that information can be arbitrarily well obfuscated and hidden and therefore I find it difficult to imagine that there can be an effective and feasible technique to counter attack stenographic messages.

Can someone explain to me what is meant by...

[squarooticus]

"illicit use [of steganography]"? I didn't realize encrypting stuff was illegal. Land of the free and all that.

Re:Hmm

[Anonymous Coward]

Isn't stenography just more "security through obscurity", like using an odd ip-port to hide a service?
I recall that idea not being very popular with the slashdot crowd.

Re:Can someone explain to me what is meant by...

[eln]

I think they mean the use of steganography to hide illicit materials, like child pornography. At least, I hope that's what they mean.

Re:Steganalysis has a dim future, IMHO

[Anonymous Coward]

The larger problem is not how to find it but how to know where to find it. You simply have to scan all material, including material which doesn't have anything embedded. Different with cryptography where usually it is quite clear that there is something encrypted to concentrate on.

Re:Hmm

[dr_dank]

Who says a steg message has to be plaintext?

Layered Implementation

[Kobun]

Because an encrypted stream is obviously hiding, it gives the attacker something to focus on. What a person might do instead with Steganography is embed encrypted information, so that the set of information is not only hard to detect in a field of dummy files, but that once the encrypted data is found one still has to decode it.

Re:An easy way to hide information (PART 2)

[blueg3]

That doesn't serve the purpose of steganography, though. If someone is clued in to the possibility that you might be sending messages by posting them on Slashdot, it's fairly easy to check and find out that yes, in fact, you are sending messages. The idea behind steganography is not to make the message unrecoverable from the cover data, but to make it so that nobody detects that any communication is even going on.

Re:Hmm

[PDAllen]

Suppose you == info security guy at $Company. When you see a string of seemingly random bits in a file marked crypto.txt leaving $Company, you may not be able to find out exactly what trade secret your local friendly spy was leaking, but you do know there was a leak and who sent it.

On the other hand, if you see a load of random pictures leaving $Company from lots of employees, then you have to find which picture has hidden data in it before you even know you have a problem.

The point of steganography isn't to pass a message that can't be read, it's to pass a message without alerting anyone to the fact that a message has been passed.

Re:Hmm

[rokzy]

people making the point you made totally miss an important point. what if you don't want someone to know the data even exists?

for example, sending a message to someone your government doesn't like:

-you: "ha! it's encrypted really strongly! suck my balls!"
-government: "we don't give a flying fuck - even talking to them is a crime. off to jail for you, numbnuts!"

Explanation: Espionage

[Bonhamme Richard]

Many posters have addressed the idea of child pornography, but it's not just a matter of images hidden inside of images. By going through the 1s and 0s that make up an image a written message can be composed.

Method: An image is built of bytes representing shades of colors. If you go through and change the least significant bit of each byte you can encode a message. Note: this is achieved without substantially changing the image.

Example: 10001000 becomes 10001001

Significance: If two people were to set up a system, like "go to site XYZ on every 3rd Friday and download the pic of the day," it would be nearly impossible to track them. An agent in the field checks the image, noting the value of the last bit of each byte. Stringing these values together he creates a message. Two individuals can communicate from across the world without anyone else suspecting.

This can be used for anything: 1) Terrorists coordinating timed attacks 2) Americans selling national security secrets to foreign powers. 3) Communication between intelligence community agents (ours or theirs).

Land of the free yes, but all three of the above uses are illegal.

Remember Tiananmen Square

[leereyno]

The fact that this is happening in China suggests to me that this is being done on the behest of the socialist government, which is far more concerned about the threat of grass roots movements for freedom and democracy than anything else.

Make no mistake, the current chinese government may represent a "kindler, gentler" communist regime, but its mere existence is still a crime against humanity.

Lee

Re:Hmm

[AndyL]

It's also security through misdirection. (Ie: If you find someone's secret porn collection, you'll think you know why he's kept it secret. In truth it contains plans for an atom bomb.)

But your point is really what the article is about. A serious Steganography method must be good enough to pass automated searches (steganalysis) because if the enemy knows where your data is, then you almost might as well have not bothered.

And of course, what the other post said is implied.

Re:Can someone explain to me what is meant by...

[GeorgeMcBay]

*reads the other responses* Child porn.. child porn.. child porn..

Heh, there's some fuckers with dirty minds posting today...


I'm going to guess they've just had this line beaten into their heads from the "think of the children" PR machine behind funding for things like steganalysis.

Honestly, how many pervs do you think are out there hiding their child porn with methods such as this? I'd guess very close to zero. I'm not saying there aren't weirdos out there who like to collect this sort of thing, I'm just guessing it is a lot more likely to be sitting there unprotected in some directory on their harddrive or at MOST on some encrypted volume... I find it hard to believe they'd set up some fancy steganography system to hide it.

Steganography is an ultimate emperor's new clothes technology to get funding for. There's no solid proof anyone is using it to do anything illegal, but the people who want to be funded to research this bullshit can just say "well, of course there's no proof, because it is hidden in images! Images that TERRORISTS or CHILD PORNOGRAPHERS might be trading as we speak!!!"

Re:Hmm

[bentcd]

Cryptography is also security through obscurity in that case. The only thing protecting your information is the fact that you haven't properly documented your private key :-)

Re:Hmm

[uberdave]

The problem with "Security Through Obscurity" is that the decryption algorithm is secret. Once the algorithm is known, any message can be decrypted. Both the sender, and the receiver need to know the secret algorithm, and need to trust each other to not reveal it.

In other encryption techniques, such as Public Key Encryption, the decryption algorithm is public. The algorithm works like a box with two keyholes. One keyhole locks the box, the other unlocks it. Each person selects two keys, one is public, the other is private. If the sender wants to send a message, she locks the box with the receiver's public key. Once locked, the box can only be opened with the receiver's private key. If the Larry decides to leak his private key, it doesn't compromise the security of messages sent to other people. Heather can still send messages to Jim, using his public key, confident that the messages will remain private because they are encrypted with Jim's public key, not Larry's.

Re:how is this possible?

[beelsebob]

I can't think of a way off the top of my head, but the thought strikes me, if I start with a 10 character sequence

['h', 'e', 'l', 'l', 'o', 'w', 'o', 'r', 'l', 'd']

and I pass it through a plugboard that has trillions of different combinations, and then through a set of 4 rotors which can be started from trillions of starting points, have many different internal wiring patterns, move in different ways and can be started from different positions each time and light up a new letter each time.

How do I decode it without knowing specifically which rotors were used, how many rotors were used, where they were positioned, which plug board settings were used and which message key was used?

What I'm saying through this analogy is that cryptographic problems appear at first to be impossible to break, but they all have weaknesses (which we may or may not have spotted). It's very very plausible that stenagraphic algorithms have weaknesses too and we just need to direct enough research effort at them.

Metasteganography

[Dylan Thomas]

What strikes me as most curious is that the current debate about steganography is in itself an exercise in steganography--at least, in the sense of hiding important information in plain sight. Through the use of technical-sounding words, concerned parties manage to conceal what seems to be a genuinely frightening disrespect of the freedom of information.

Simply take "steganography" out of the equation. It's easy to scare the masses by using intimidating neologisms. But steganography is simply a manner to transmit information privately. So let's recast the sentence, "...illicit use of the technique might become a threat to the security of the worldwide information infrastructure." Let's simply say, "Individuals attempting to keep their private information private might become a threat to the security of the worldwide information infrastructure."

What used to be a preferred method for sending private information to a friend? The mail? Didn't we used to have a respect for the privacy of letters we sent via post? So how come no one said, "Sealing envelopes might become a threat to the security of the worldwide information infrastructure"?

What's being steganographically hidden in this debate is the reality that these days, quite a few people--many of them in power--simply no longer believe that a person has any right to private or personal information. Why would a technology such as this arise in the first place? Because we know that the first anthrax envelope made the private post public for everyone? Because we know our e-mail can be read, our servers can be hacked, our telephone calls recorded and our houses ransacked simply because fear of terrorists convinced us to sign over our civil liberties as if we no longer desired them?

This technology arose because some people realized that they were losing any pretense at privacy they might have had, and so were motivated to develop tools to maintain it. And now, we take the new word "steganography" and talk about how dangerous it is... perhaps because we're trying to conceal inside the hidden message that all privacy is dangerous, that anything you do, say or think should always be subject to review by the appropriate authorities.

Re:Hmm

[Anonymous Coward]

I think this is the way of the future with regards to encryption. You cant crack what you cant find.

This doesn't even make sense. It's like saying I'll substitute a boot for the eggs when making my omlet. Hiding imformation is different from encryption. Also, for it to be secure, you would have to use encryption. Relying solely on obscurity. You might as well run around outside naked depending on hiding behind trees as your only means of clothing.

Re:Hmm

[bentcd]

I never said to homebrew it. You need to use algorithms developed by professionals. This means you either use custom algos developed by your organisation's maths geeks, or you use publicly available algos. Whichever it is, you will want one that can easily be hidden in a data stream that is otherwise indistinguishable from noise so that your noise-like encrypted messages can't be spotted for what they really are. Finding such a noiseful channel to utilize is another task for the maths geeks.
An alternative to finding a noiseful channel would be to find one that is never monitored by anyone anyway so it doesn't matter that your added noise is alien to it. As an example, if I knew that the local security people don't for some reason monitor nor log ICMP, I could ping some other box in a pattern that encodes my message.
The reason that steganography has typically been used within closed groups is that it has traditionally been symmetric in the sense that if you knew how to write the message, you would also know how to read it and vice versa.

Re:Hmm

[Zoinks]

The advantage of steganography is that if done right, it can give you plausible deniability. For a really interesting read, check out the papers describing StegFS [mcdonald.org.uk] ,a steganographic file system for Linux.

Re:Hmm

[Zoinks]

If you use PGP to protect your Internet mail, the Feds are going to know that you have _something_ going on and that they might want to keep extra tabs on you. If you also use steganographic techniques, you'll never show up on their radar in the first place.

This is true. The problem with steg is that generally, you must hide the message in something else that is not message. The higher the ratio of chaff to message, the harder to find the message, but also the larger the steg messages you must exchange. At some point *this* becomes suspect.

Plain text

[shish]

If the govt found you sending plain text explanations of your terrorist plans, would they take it seriously or pass you off as a nut who's too incompetent to hide themselves?

Re:fun stuff

[Anonymous Coward]

The files header, gives clues about the signal to noise numbers, and what photoeditor saved the image. Remove or alter it.

Mobile phone and digital cameras picture sizes are original and getting bigger, and some software is cleaning up interpolation errors and signatures, meaning you could hide messages in an image(s).
So if you use steno, muck with the file headers using and obsolete model camera whose last driver stopped at NT4, and photograph natural events like beaches and waves, or colored beads, for inconclusive pictures.