Secret Data: Steganography v Steganalysis

gManZboy writes "Two researchers in China has taken a look at the steganography vs. steganalysis arms race. Steganography (hiding data) has drawn more attention recently, as those concerned about information security have recognized that illicit use of the technique might become a threat (to companies or even states). Researchers have thus increased study of steganalysis, the detection of embedded information."

Hmm

[Sparr0]

I think this is the way of the future with regards to encryption. You cant crack what you cant find.

Re:Hmm

[Anonymous Coward]

You cant crack what you cant find.

Or in the case of "The Bible Codes", you find what you want to find.

Re:Hmm

[rindeee]

Future? Steg. has been used for quite some time. I know that it was actively used during the US Civil War, and I'd imagine that it dates back much further than that.

Re:Hmm

[rokzy]

so what? just because it was a used in the past doesn't mean the original poster didn't have a point.

it may have been used for some time, but it isn't so common now. recently there's been more focus on encrypting the data, not hiding where it is.

the original poster was saying (AFAIK) that he thought it would be popular again, not popular for the fist time ever.

I think he's right with regards to encrypting data in static, passively observed things like photos. transmitted data will probably use quantum te

Re:Hmm

[Anonymous Coward]

Isn't stenography just more "security through obscurity", like using an odd ip-port to hide a service?
I recall that idea not being very popular with the slashdot crowd.

Re:Hmm

[dr_dank]

Who says a steg message has to be plaintext?

Re:Wasn't that his point? MOD PARENT DOWN

[Winkhorst]

You can actually say a lot in plaintext without actually saying openly what you mean. Aleister Crowley was a master at this. The way this works is you talk directly to those who know the context in which you are speaking and it all just looks like mere verbiage to anyone not familiar with your topic. Or you refer to your predicates in such a way that the casual observer can't tell what your final conclusion refers to. This is not steganography per se, but goes to the origins of the concept. I have done this myself and it allows you to say things you wouldn't dare say outright for fear of retribution from certain third parties.

OK I give up

[fbform]

What's the message that's hidden in your post? :-)

Re:Wasn't that his point? MOD PARENT DOWN

[nacturation]

... and so's your mother! Sheesh, you thought I wouldn't catch that insult buried in your text?

Re:Hmm

[AndyL]

It's also security through misdirection. (Ie: If you find someone's secret porn collection, you'll think you know why he's kept it secret. In truth it contains plans for an atom bomb.)

But your point is really what the article is about. A serious Steganography method must be good enough to pass automated searches (steganalysis) because if the enemy knows where your data is, then you almost might as well have not bothered.

And of course, what the other post said is implied.

Re:Hmm

[bentcd]

Cryptography is also security through obscurity in that case. The only thing protecting your information is the fact that you haven't properly documented your private key :-)

Re:Hmm

[uberdave]

The problem with "Security Through Obscurity" is that the decryption algorithm is secret. Once the algorithm is known, any message can be decrypted. Both the sender, and the receiver need to know the secret algorithm, and need to trust each other to not reveal it.

In other encryption techniques, such as Public Key Encryption, the decryption algorithm is public. The algorithm works like a box with two keyholes. One keyhole locks the box, the other unlocks it. Each person selects two keys, one is public, the other is private. If the sender wants to send a message, she locks the box with the receiver's public key. Once locked, the box can only be opened with the receiver's private key. If the Larry decides to leak his private key, it doesn't compromise the security of messages sent to other people. Heather can still send messages to Jim, using his public key, confident that the messages will remain private because they are encrypted with Jim's public key, not Larry's.

Re:Hmm

[bentcd]

Steganography is typically used within a closed group. It is typically not used between strangers. Therefore, you don't need to publicize your steganographic protocols beyond a small group of people.
Furthermore, if you take the trouble to hide your data with steganography chances are that you will also encrypt it. In this scenario, the two accomplish different goals. Steganography ensures that no-one realizes that you have communicated at all and cryptography ensures that even if the steganography is compromised, they cannot tell what it was you were sending.
Steganography is gold to any mole in need of transmitting information from inside a hostile organization to his people on the outside. So long as the hostile org cannot tell that he is communicating, he is safe. Once they figure out, he is busted.
Or for anyone transmitting information across an untrusted medium for that matter. If you use PGP to protect your Internet mail, the Feds are going to know that you have _something_ going on and that they might want to keep extra tabs on you. If you also use steganographic techniques, you'll never show up on their radar in the first place.

Re:Hmm

[bentcd]

For many employers, "you are an employee" is sufficient reason to monitor your communications. This surveillance is, however, very superficial in most cases. Superficial surveillance is unlikely to spot a half-decent steganographic effort and so such is likely to offer some protection.
If ever they develop the notion that you require extra special treatment, they might catch on to your hidden messages, of course (or perhaps not). If they do, then I agree they have all the more reason to suspect you of foul p

Re:Hmm

[bentcd]

I never said to homebrew it. You need to use algorithms developed by professionals. This means you either use custom algos developed by your organisation's maths geeks, or you use publicly available algos. Whichever it is, you will want one that can easily be hidden in a data stream that is otherwise indistinguishable from noise so that your noise-like encrypted messages can't be spotted for what they really are. Finding such a noiseful channel to utilize is another task for the maths geeks.
An alternative t

Re:Hmm

[wwest4]

I'm not neccessarily commenting on it's practical effectiveness but isn't this really the past in terms of encryption? As in, Caesar-cipher era - i.e. the method is the key.

Layered Implementation

[Kobun]

Because an encrypted stream is obviously hiding, it gives the attacker something to focus on. What a person might do instead with Steganography is embed encrypted information, so that the set of information is not only hard to detect in a field of dummy files, but that once the encrypted data is found one still has to decode it.

Re:Layered Implementation

[ediron2]

IANBS (I Am Not Bruce Schneier), but Strong Encryption beats steg plus encryption, based on my (limited, but relevant) practical experience.

That runs counterintuitive, so let me scratch the why/how:

Steg: it's incredibly hard to really hide stuff. If you stick data into the unimportant pixelbits of A/V data, statistical analysis of the sort of data that is created by the source (camera, scanner, etc) makes it *trivial* to detect that stuff is being hidden. The better you hide it, the more you sacrifice

Re:Layered Implementation

[Em Adespoton]

However, until everyone is using strong encryption to store and send all data, steganographed encrypted data is necessary. You see, often it is just as important to hide the fact that you've got something to hide as it is to secure the data. With steganographed encrypted data, you can plausibly deny that it was you who hid the data in the first place.

Re:Layered Implementation

[Minna Kirai]

IANBS (I Am Not Bruce Schneier), but Strong Encryption beats steg plus encryption, based on my (limited, but relevant) practical experience.

They shouldn't be directly compared, because steganography and encryption reach towards different goals. One conceals the fact that you're hiding information, the other protects information from someone who already knows to look for it.

In limited circumstances, each can perform the other's effect: steganography makes encryption irrelevant if they can't find the mate

Re:Layered Implementation

[Total_Wimp]

What a person might do instead with Steganography is embed encrypted information, so that the set of information is not only hard to detect in a field of dummy files, but that once the encrypted data is found one still has to decode it.

Exactly. Even if you play the record backwards, no one knows exactly what the hell the message means. Satan wants you to something, but you can only really tell if you have the code book.

TW

Re:Layered Implementation

[myowntrueself]

As A.Crowley once wrote "double and triple meanings which must be combined in order to fully understand".

Its possible to steganographically hide more than one piece of data inside something else.

The cryptographers problem then is a decision problem; even if you find something concealed, do you stop looking for more? When do you stop expending resources?

How do you know that the piece that you found wasn't the data that you were *intended* to find? So that you'd stop looking for more.

Or perhaps there are

Re:Hmm

[Minna Kirai]

As in, Caesar-cipher era - i.e. the method is the key.

No. Caesar-cipher looks like "jebsb kysal". Get caught with that, and even if they can't read it, you're obviously trying to hide something. Primitive steganography is like "Buy 7 bananas and 3 oranges on next Monday", which has plausible deniability as a grocery list, even though it's logging the movement of enemy naval units out of port.

Re:Hmm

[jamsessionjay]

Security through obscurity? Look how well it's worked for Microsoft.

Any sufficiently advanced neural net should be able to deterministically find changes in common data communication where information can be hidden. And do you truly think that your data is not being checked by big brother?
[puts on tinfoil hat]

Re:Hmm

[4of12]

Any sufficiently advanced neural net should be able to deterministically find changes in common data communication where information can be hidden. And do you truly think that your data is not being checked by big brother?

I doubt there's enough computational resources for a sufficiently advanced neural net.

If chunks of known ciphertext in something like AES-256 can't be broken in times measured in universe ages, then I can't foresee much success in wholesale scanning of all information, searching for embedded secret strings which, if properly encrypted, should be indistinguishable from random noise.

An old Slashdot story mentioned one of the most fertile fields for laying down stego messages: within spam [spammimic.com].

Re:Hmm (cracked)

[product byproduct]

I think thIs iS The way of the FutuRe
with regardS To encryPtiOn.

You've got a nicely steganographed "first post" there.

Re:Hmm (cracked)

[waveclaw]

You've got a nicely steganographed "first post" there.

Yeah, well thanks to this article, I'm trying to find hidden information in the fortune cookie at the bottom of this very same article:

In /users3 did Kubla Kahn A stately pleasure dome decree, Where /bin, the sacred river ran Through Test Suites measureless to Man Down to a sunless C.

So far all I've got is that either puns on computing terms or directions to asassinate Bill Gates while he sunbathes by a middle-eastern riverbank during a total eclip

Re:Hmm

[l4m3z0r]

What you mean to say is that this was the way of the past and now that now we know that security through obscurity is ultimately too risky for crucial data.

It needs to be plainly shown once and for all that this model of "encryption" is too dangerous to be used and thus force the government to encourage open standards that can be tried and found true.

Re:Hmm

[PDAllen]

Suppose you == info security guy at $Company. When you see a string of seemingly random bits in a file marked crypto.txt leaving $Company, you may not be able to find out exactly what trade secret your local friendly spy was leaking, but you do know there was a leak and who sent it.

On the other hand, if you see a load of random pictures leaving $Company from lots of employees, then you have to find which picture has hidden data in it before you even know you have a problem.

The point of steganography isn't to pass a message that can't be read, it's to pass a message without alerting anyone to the fact that a message has been passed.

Re:Hmm

[rokzy]

people making the point you made totally miss an important point. what if you don't want someone to know the data even exists?

for example, sending a message to someone your government doesn't like:

-you: "ha! it's encrypted really strongly! suck my balls!"
-government: "we don't give a flying fuck - even talking to them is a crime. off to jail for you, numbnuts!"

Already was an issue

[Sierpinski]

This came out a long time ago with the idea of hiding child pornography in files containing what appeared to be pictures of art, or other benign picture files.

There was even an episode of Law and Order about this. Its nothing new, but I agree it does pose many questions about security. (Security through obscurity is really good if the level of obscurity is paramount.)

I'm quite certain...

[Kjella]

...that this has already been used, at least to get around free website restrictions. Many of them rejected uploads of zip/rar/.001-.00X etc. types of files, often even with header checks. Make it a picture gallery and well... what can you say, it's a popular gallery ;)

Kjella

Can someone explain to me what is meant by...

[squarooticus]

"illicit use [of steganography]"? I didn't realize encrypting stuff was illegal. Land of the free and all that.

Re:Can someone explain to me what is meant by...

[eln]

I think they mean the use of steganography to hide illicit materials, like child pornography. At least, I hope that's what they mean.

Re:Can someone explain to me what is meant by...

[AndyChrist]

If I had mod points every one of you in this little line would get Redundant.

GOURANGA!

Re:Can someone explain to me what is meant by...

[Bagels]

*cough* Chinese researchers. Perhaps not illegal in the US, but almost certainly extremely illegal over in our favorite semi-communist autocracy...

Re:Can someone explain to me what is meant by...

[js7a]

HTTPort [htthost.com] has got to be the best steg browsing solution out there. I hear it's very popular in Saudi Aribia, which is much worse than China.

Explanation: Espionage

[Bonhamme Richard]

Many posters have addressed the idea of child pornography, but it's not just a matter of images hidden inside of images. By going through the 1s and 0s that make up an image a written message can be composed.

Method: An image is built of bytes representing shades of colors. If you go through and change the least significant bit of each byte you can encode a message. Note: this is achieved without substantially changing the image.

Example: 10001000 becomes 10001001

Significance: If two people were to s

Re:Explanation: Espionage

[myowntrueself]

"noting the value of the last bit of each byte."

This makes me wonder if it might even be possible to *find* pre-existing images (eg) that satisfy the requirements of the code without any modification at all.

If that were possible then good luck finding it with steganalysis...

Re:Can someone explain to me what is meant by...

[GeorgeMcBay]

*reads the other responses* Child porn.. child porn.. child porn..

Heh, there's some fuckers with dirty minds posting today...


I'm going to guess they've just had this line beaten into their heads from the "think of the children" PR machine behind funding for things like steganalysis.

Honestly, how many pervs do you think are out there hiding their child porn with methods such as this? I'd guess very close to zero. I'm not saying there aren't weirdos out there who like to collect this sort of thing, I'

Great movie title!

[Guano_Jim]

Secret Data: Steganography v Steganalysis

Throw in a Stegosaurus [kdsi.net] and we've got a real Destroy All Monsters [imdb.com] vibe going.

Run! It's Steganalysis!

/crushes Tokyo

This reply is funny, inciteful and informative

[Silver Sloth]

But it's hidden

Extinct?

[Chappy01]

I thought the Steganalysis was extinct...that's public school education for you.

Hiding data ...pfft

[pronobozo]

As if you can hide information in places that nobody would find, just doesn't seem like a plausible direction for security.

Re:Hiding data ...pfft

[justforaday]

I don't get it...Could someone please tell me what the secret message is?

Re:Hiding data ...pfft

[Darth_brooks]

There's some truth to the idea of a hidden message in comic strips.

During the 50's and 60's the air force used a particular comic strip ("smokey stover" i think. http://www.toonopedia.com/smokey.htm [toonopedia.com], also the origin of "foo" and "foo fighter") to train recon. photo interpreters. The artist would hide his wife's name somewhere in every strip, and the new recruits would have to find it.

Re:Hiding data ...pfft

[jafac]

. . . wasn't the same true for the "hidden-bunny" on the Playboy Magazine covers?

An easy way to hide information

[Anonymous Coward]

Hide it on slashdot by posting at level 0. No one will think to look, and there's an unlimited storage potential.

Re:An easy way to hide information (PART 2)

[zoloto]

actually this is a really good thing. not just on slashdot, but on other sites where you can search the documents for key words.

Heck, post as ac with a unique subject and post encrypted (gpg) ascii in multiple parts. the data will be here still next year or five (plausible) and you can retrieve it, and decrypt (assuming you have the public key or password if it's symmetric

Re:An easy way to hide information (PART 2)

[blueg3]

That doesn't serve the purpose of steganography, though. If someone is clued in to the possibility that you might be sending messages by posting them on Slashdot, it's fairly easy to check and find out that yes, in fact, you are sending messages. The idea behind steganography is not to make the message unrecoverable from the cover data, but to make it so that nobody detects that any communication is even going on.

correct you are!

[zoloto]

I was only replying to the somewhat offtopic comment. And I know what stenography is. I've used it myself through websites that let you use "avatars" or post pictures such as fark.com photoshop contests. It is fun, is it not?

*cheers*

Re:An easy way to hide information (PART 2)

[YrWrstNtmr]

Heck, post as ac with a unique subject and post encrypted (gpg) ascii in multiple parts. the data will be here still next year or five (plausible) and you can retrieve it, and decrypt (assuming you have the public key or password if it's symmetric

ahhh...so THAT's what all that incessant GNAA crap is.

Re:An easy way to hide information

[Soporific]

I hide my data in a deep, moist place.

Your basement? :)

~S

fun stuff

[Darth_brooks]

I tinkered with this for a while. Start up gnucleus, do a search for *.jpg, and grab a bunch of files to scan. Not surprisingly, many of the images were porn (it's for research purposes, I swear!)

The biggest problems were 1. most (actually, all) of the images that came back as good candidates for having embedded images came back as false positives and 2. lack of a brute-force steg break utility.

number 2 is probably a result of poor searching on my part, but I honestly couldn't find a recent, (and free) tool that would do a brute force crack on embedded images. At the time (a few months back) I was using stegbreak and stegdetect.

So, is there anything better? anyone else have any luck?

Re:fun stuff

[carlmenezes]

Well, how do you know that what you found wasn't more hidden information? Double-layer steganography maybe? I mean, what better way to hide info than as a false positive?

Re:fun stuff

[javatips]

Double layer staganography will not be very practical. When you hide someting, you need a lot more data than what you are hiding. For example, if you can hide 1 byte of data within 8 bytes of data, your will require 64 bytes of data to hide the same information in two layers.

It far more practical to encrypt the data you want to hide (making it look random), then you hide it use steganography. This has the added benefit of making it more difficult to find a pattern (encrypted data should appear random) in t

Re:fun stuff

[SlayerofGods]

It's hard to brute force something when you don't know how it was hidden in the first place.
You can only design a brute force attack once you know how it was hidden in the first place. And the amount of different ways to do that right now precludes such an attack.
Maybe once a standard for steganography is agreed on we can get started on ways to crack it ;)

Re:fun stuff

[Darth_brooks]

I should have been a little more clear on that. Steg detect would decide that an image may have had something embedded using one of the programs that it looked for.

But, using stegbreak, you could only do a dictionary attack against the image even though you had an idea of what what used to embed the file.

Re:fun stuff

[blueg3]

If there was a standard for steganography, it wouldn't be steganography any more.

It's kind of like hiding your key under the doormat. Everyone knows that's where people hide keys, so nobody hides keys there because it's useless now.

Unfortunately, the problem of coming up with such a generic pattern-finding algorithm that it'd be truly useful for trying to detect steganography in general is not an easy problem. It should be quite possible to try a lot of popular methods, though.

Re:fun stuff

[shawn(at)fsu]

speaking of JPG's I once saw a picturew of flowers that if you selected the picture in say a web page (or highlighted it) you could see a hidden image (pr0n. I would love to know how to do this.
Anyone know what I'm talking about.

Re:fun stuff

[BillyBlaze]

Don't know what you're talking about, but I remember when graphics hardware used to suck, and the most common way to make something selected was to overlay it with a halftone of blue. So what you would do is, figure out where that halftone would go, and in the pixels that remain exposed, mix in your porn image, at say about 25% opacity. Now, on the pixels that are obscured by the halftone, mix in the inverse of your porn image at the same opacity. When the halftone is gone, it would be hard to notice the change - the most you would notice is a subtle checkerboard effect where the porn was contrasting with the flowers. But when the halftone obscured the negative that previously was balancing the positive porn image in adjacent pixels, you would see the porn in much higher contrast.

Passwords

[White Roses]

I played around with this for a time. Stored all my various passwords in one of my desktop pictures at work. In the end, while it was certainly interesting, I didn't see a personally practical use for it. Perhaps integration with a keyring type of application? A replacement for the DB file that is used to store the passwords? I send so few iamges to my friends that a sudden influx of images being sent back and forth with hidden communications would draw more attention to anyone seriously interested in my boring life. I feel secure because I am obscure.

I can certainly see the use in espionage, hiding the real message in the static, as it were (Didn't a Tom Clancy book use this plot device? I think the message was sent in the connect noises for the modem). And NS's Baroque Cycle had some interesting steganographic bits in it (excessively long and boring letters about the nobility's obsession with fashion hiding an encrypted message for all to see). But on a day to day basis, I doubt this will affect most people.

Re:Passwords

[pjt33]

Stego can also be used for storage. You may not send many images, but you probably have some sitting around - or if not images then PDFs or something. (I don't know how good PDF is for stego, but I suspect they're usable. Throw in an unncessary font definition or something).

Finding hidden messages?

[wfberg]

Dear Friend , Your email address has been submitted
to us indicating your interest in our newsletter .
If you no longer wish to receive our publications simply
reply with a Subject: of "REMOVE" and you will immediately
be removed from our mailing list . This mail is being
sent in compliance with Senate bill 2116 , Title 3
; Section 304 ! This is different than anything else
you've seen . Why work for somebody else when you can
become rich within 56 MONTHS . Have you ever noticed
more people than ever are surfing the

Re:Finding hidden messages?

[Mitchell Mebane]

-----BEGIN PGP MESSAGE----- Charset: ISO-8859-1 Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org VGhhbmtzISBJIG5lZWQgYWxsIHRoZSBsdWNrIEkgY2FuIGdldC 4gOkQ= -----END PGP MESSAGE-----

Let's try that again...

[Mitchell Mebane]

-----BEGIN PGP MESSAGE-----
Charset: ISO-8859-1
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

VGhhbmtzISBJIG5lZWQgYWxsIHRoZSBsdWNrIEkgY2FuIGdl dC 4gOkQ=
-----END PGP MESSAGE-----

...which is base64 encoded for ...

[mccrew]

$ echo -n VGhhbmtzISBJIG5lZWQgYWxsIHRoZSBsdWNrIEkgY2FuIGdldC 4gOkQ=|mimencode -u
Thanks! I need all the luck I can get. :D

Problem with statistical analysis

[grahamsz]

The suggestion is that if data is being hidden in the LSB of a photo then you can use statistical analysis to spot this anomoly.

The problem here seems to be that if you were to compress your hidden data prior to hiding it, then the data inserted would appear random and should thwart statistical analysis. You'd need some redundancy there if you intent to jpeg compress the image, but it might work.

I've toyed with the idea of hiding data in the vectors used in a mpeg file. Exploiting the nature of the compression algorithm rather than the source data.

Re:Problem with statistical analysis

[wirelessbuzzers]

The suggestion is that if data is being hidden in the LSB of a photo then you can use statistical analysis to spot this anomoly.

The problem here seems to be that if you were to compress your hidden data prior to hiding it, then the data inserted would appear random and should thwart statistical analysis.

The problem is, the LSBs of a photo do not appear to be random; there are many subtle correlations between them, some of them human-visible and some of them computer-visible. A given known machine-visibl

Re:Problem with statistical analysis

[blueg3]

That's only true if the original data in the LSB plane was also random. However, chances are that it isn't exactly random. Data, encrypted or no, may have different statistical characteristics than the original data.

There's a good story on something vaugely related that has to do with the frequency of digits in measured numbers. (That is, it isn't equally probable to see every digit -- earlier digits in a number favor lower digits, like "1".) People who were falsifying accounting records were caught becaus

Re:Problem with statistical analysis

[Kjella]

There's a good story on something vaugely related that has to do with the frequency of digits in measured numbers. (That is, it isn't equally probable to see every digit -- earlier digits in a number favor lower digits, like "1".) People who were falsifying accounting records were caught because the numbers they used were "too random".

Actually, here the fault is that they didn't understood the target. Expenses have no "natural" size, they're likely to be scale invariant. Basicly, you're looking for a distribution where C*f(x) = f(x). If you took 1..9, try C=2: 2,4,6,8,10,12,14,16,18... suddenly you have 5 leading 1s.

Turns out the right distribution is following Benford's law:

30.1% 17.6% 12.5% 9.7% 7.9% 6.7% 5.8% 5.1% 4.6%

The second example you have is that the human "RNG" is flawed.

A computer doesn't really suffer from this problem. The stenagography problem is really this.

1. Find randomness in source data
2. Replace random data with pseudorandom data

Of course, if you overwrite non-random data, you're doing it wrong. If you're going to use the LSB, you need to verfiy that it is random, or find the portion of it that is random (which is kinda what you're doing when you pick the LSB from a pixel anyway).

The biggest problem is really to hide it in a "reasonable" way.

Perfect steganography should replace all randomness with noise.

Perfect compression should eliminate all randomness.

In other words, steganography operates on the thin slice between good compression (jpg, mp3, divx) and perfect compression. It's much easier to hide information in bmp, wav, uncompressed avi, but it also looks damn obvious.

Kjella

Re:Problem with statistical analysis

[blueg3]

Thanks. The name I was looking for is Benford's Law, which is a scale-invariant digit distribution, as any such distribution must be (as well as being applicable to bases other than 10).

Yes, in order to do good steganography you have to replace something that already looks random with something else that looks equally random.

The problem with what was referred to originally is that the least significant bits of an image are not necessarily uncorrelated to (a) position in the image (b) values of neighboring

Re:Problem with statistical analysis

[Abcd1234]

also eliminate (some) randomness.

No, you eliminate some redundancy, thus *increasing* the randomness. The whole point is, with compression, if your output is less than perfectly random, then you must be able to compress more, as there are additional patterns that can be eliminated. Or, at least that was my understanding. :)

In support of this is fact that you can't compress a perfectly random data stream. Why? Because there is no redundancy to eliminate. And a perfect compression algorithm should ou

Re:Problem with statistical analysis

[pclminion]

You're assuming the LSB of each pixel of image data is perfectly random to begin with. In practice there are usually correlations between the subbands in image data (at least, any data which isn't pure noise). Inserting random data changes the degree of correlation between subbands, revealing the hidden message.

Re:Problem with statistical analysis

[Dracolytch]

I've done some of my own research in this area... Basically put, the LSB isn't nearly as random as people would like to think it is... If you hide a compressed/encrypted file in the LSB of an image, you'll still be able to look at a b&w LSB map, and tell that there's data hidden there. For example: A picture with a black cat should leave ~most~ of that cat with the same LSB. If you extract JUST the LSBs, and the cat shows up totally random, you know something is wrong.

Also, if you're doing LSB hiding

Re:Problem with statistical analysis

[Jeff DeMaagd]

There is a subsection of JPEG where it allows you to make lossless JPEG files. It is rarely used though, and I think support is hard to find. I don't know how support and file sizes compare against PNG though.

DCT + spread spectrum

[dangil]

I have done a small experiment in steganography using DCT coefficients and spread spectrum technique, spreading a 4 bit number in 4 high frequency coeficients in a DCT transformed image

It works pretty well.. but I did it in PHP+GD, so it's pretty slow...

if anyone is interested, I have a paper that describes the methods, the PSNR and everything else... you can reach me at my gmail server, under the dangil alias

Secret Stuff

[Anonymous Coward]

I hide all my secret information in fake research papers on steganalysis. They never think to look there.

how is this possible?

[Anonymous Coward]

If I take a payload -- say a text file. If I compress the file, then encrypt the compressed data then finally hide it.

Excecpt when I hide it I use the least significant bit of every n bytes where n is a 10 digit sequence.

[1,2,3,4,3,2,1,2,6,7]

the first source bit is stored in the lsb of the first image byte.

the second source bit is stored in the lsb of the [1+2] image byte.

the third source bit is stored in the lsb of the [1+2+3] image byte. ... and on and on...

If the end of the image file is reached be

Re:how is this possible?

[beelsebob]

I can't think of a way off the top of my head, but the thought strikes me, if I start with a 10 character sequence

['h', 'e', 'l', 'l', 'o', 'w', 'o', 'r', 'l', 'd']

and I pass it through a plugboard that has trillions of different combinations, and then through a set of 4 rotors which can be started from trillions of starting points, have many different internal wiring patterns, move in different ways and can be started from different positions each time and light up a new letter each time.

How do I decode

Re:how is this possible?

[B1ackDragon]

If I compress the file, then encrypt the compressed data then finally hide it.

I will try every possible algorithm I know

Ok, so you've found the data from the noise, not an easy task by itself. Then what? Brute force the encryption?

Steganography isn't "security through obscurity," its just obscurity. Which can be useful when not only do you need security, but you don't want people (easily and obviously) knowing you are needing the security. I know the world shouldn't work this way, but sending an

Is this really a good article on steganalysis?

[Sara Chan]

From the conclusion of TFA:

... countermeasures against steganalysis are also emerging [11].

Reference [11] is for the F5 algorithm:

11. Westfeld A. (2001), "F5-Steganographic algorithm: High capacity despite better steganalysis",

Lecture Notes in Computer Science 2137 289-302 (Springer-Verlag).

Yet consider this paper:

Fridrich J., Goljan M., Hogea D. (2002), "

Steganalysis of JPEG Images: Breaking the F5 Algorithm [binghamton.edu]", 5th Information Hiding Workshop 310-323 (Noordwijkerhout, The Netherlands).

The abstract from Fridrich et al. says "... we present a steganalytic method that can reliably detect messages ... hidden in JPEG images using the steganographic algorithm F5".

So TFA article cites countermeasures from 2001, even though a method of defeating those countermeasures was published in 2002.

The above is just one example. Overall, TFA seems poor and out-of-date. This is a case where the F in "TFA" does not stand for "fine".

v Stegosaurus!

[Mustang Matt]

I'll put my money on the dinosaur

Googlefight

[Anonymous Coward]

Googlefight! [googlefight.com]

Steganography wins.

Possibilities

[grandmstrofall]

I think that steg provides the opportunity to increase security of already existing crypto. Wouldn't it be plausable to take already encrypted data, and then hide it? Sure, it's not foolproof, but it's no worse than having the encrypted data sent as is.

At the same time however, it seems like steganography has some inherent flaws in it. That is to say, the more people use is, the quicker people will be able to determine patterns in the method. This would allow people/groups/countries/etc. to find the mess

A stego method that actually works

[Synli]

Hiding ciphertext within pictures or sounds does not work. They are mathematical methods to detect that a picture or a sound contains encrypted data (unusual noise). There is currently only one steganographic method I am aware of that really works. It is hiding ciphertext within ciphertext. I know only of one open source and free program that realises this scheme: TrueCrypt [sourceforge.net]. And here [sourceforge.net] is how they do it.

Remember the post 9/11 image-messaging concern?

[ScentCone]

This reminds me of a concern that surfaced in the immediate wake of 9/11: that the bad guys were shunning traditional net-based communication (e-mail, forum/newsgroup postings, etc.) and might be using codes or signals embedded in images in common places (eBay, for example).

I seem to recall a distributed screen-saver type app that was being used to crunch through millions of hosted images. Not much to find online about this, but there are articles like this one [newscientist.com] at NewScientist.com suggesting that the effort was a washout. here [xtdnet.nl] are some more stats from a study that came up dry, but there always this reference [xtdnet.nl] to "first stenographic image in the wild" as reported by ABC back when.

Remember Tiananmen Square

[leereyno]

The fact that this is happening in China suggests to me that this is being done on the behest of the socialist government, which is far more concerned about the threat of grass roots movements for freedom and democracy than anything else.

Make no mistake, the current chinese government may represent a "kindler, gentler" communist regime, but its mere existence is still a crime against humanity.

Lee

Re:

[account_deleted]

Comment removed based on user account deletion

I have used this technique for decades!

[museumpeace]

hidden somewhere "in plain sight" in the code I turn in, is a program that actually works and has no bugs.

Application more important than Technique?

[Clod9]

In the past I've focused my thoughts primarily on techniques, but reading this article, it occurred to me that the most important part of using steganography is using it the right way, and constructing the right cover -- not necessarily the technique itself.

Using statistical methods, most steganography can be broken either now or in the near future if the steganalyst can spend a lot of time and computing resources on each candidate bit collection, and if you're hiding a lot of bits in each collection. The consequence: don't hide very many bits, and widen the search space by hiding your trees in a forest of significant size, so that the amount of CPU the analyst can use on any particular tree is low.

Key exchange is a great candidate for steganography. And to make sure the population of innocuous bit collections around yours is high, find a place where a lot of people around you are dealing in large quantities of bits: music collections at a university, or spam messages on an e-mail relay.

multiple channels

[new death barbie]

It would be interesting to investigate the use of steganography to provide for multiple channels for your encrypted message -- for example, you could divide the bits of your message across more than one image on a website. Harder to detect, and if detected, harder to decrypt.

Just a thought...

Steganographed DeCSS?

[Spy der Mann]

I was just reading the DeCSS Haiku noticing how the guy managed to use a mnemonic encryption of PI (words with 3,1,4,1,5,9,2,6,5 length), and I wondered.

How about doing the same thing like say... encoding the full DeCSS source code in plaintext steganography, using words' length?

For example:
a) Encode to octal. 010205000506030102
b) Add 1. 2/3/6/1/6/4/2/3
c) Encode. "My fav. mangas: I wonder what is erm..." etc.

Just a thought.

But has it ever actually been detected?

[dpbsmith]

I know there was a big fuss about these possibilities a couple of years ago--IIRC there were assertions that Al Qaeda was using it--and I thought some researchers had done a careful study and found no evidence for it whatsoever.

Is steganography in multimedia images really being used, or is it just a paranoid fantasy?

(Yes, I know--if it has never been detected, thatproves that it works....)

Real Application

[Gyorg_Lavode]

While steganography is wonderful and all applied to images and music, it really isn't applicable to most of our work.

What I want to know is how is steganography, (and more importantly steganalysis), applied to network communication? If I have a network that has very defined traffic, how could someone embed their own data in our normal traffic. And how could I detect it?

Metasteganography

[Dylan Thomas]

What strikes me as most curious is that the current debate about steganography is in itself an exercise in steganography--at least, in the sense of hiding important information in plain sight. Through the use of technical-sounding words, concerned parties manage to conceal what seems to be a genuinely frightening disrespect of the freedom of information.

Simply take "steganography" out of the equation. It's easy to scare the masses by using intimidating neologisms. But steganography is simply a manner to transmit information privately. So let's recast the sentence, "...illicit use of the technique might become a threat to the security of the worldwide information infrastructure." Let's simply say, "Individuals attempting to keep their private information private might become a threat to the security of the worldwide information infrastructure."

What used to be a preferred method for sending private information to a friend? The mail? Didn't we used to have a respect for the privacy of letters we sent via post? So how come no one said, "Sealing envelopes might become a threat to the security of the worldwide information infrastructure"?

What's being steganographically hidden in this debate is the reality that these days, quite a few people--many of them in power--simply no longer believe that a person has any right to private or personal information. Why would a technology such as this arise in the first place? Because we know that the first anthrax envelope made the private post public for everyone? Because we know our e-mail can be read, our servers can be hacked, our telephone calls recorded and our houses ransacked simply because fear of terrorists convinced us to sign over our civil liberties as if we no longer desired them?

This technology arose because some people realized that they were losing any pretense at privacy they might have had, and so were motivated to develop tools to maintain it. And now, we take the new word "steganography" and talk about how dangerous it is... perhaps because we're trying to conceal inside the hidden message that all privacy is dangerous, that anything you do, say or think should always be subject to review by the appropriate authorities.

give it up, guys

[jeif1k]

If the embedded data rate is low enough, it's completely impossible to detect even if it was constructed using simple steganographic techniques.

Governments, companies, and everybody else simply have to get used to the fact that if anybody cares, they can hide and transmit information to anyone. I'm not sure that's a good thing--it also interferes with things like whistleblowing--but it's just the way it is.

Detection?

[NerveGas]

You'll have to forgive me, I'm not the greatest cryptographer in the world. But let's say that Joe Shmoe takes a picture with his cheap 8-megapixel camera, with a very high ISO setting for lots of noise. Now, that's roughly 192 megabits of information.

Suppose he needs to encode a 1 kilobit message. that means that there's going to be one bit of signal for every 192 kilobits of image. Now, say he does the encoding to merely appear like more noise in the already noisy image.

Given that low of a signal-to-noise ratio, I really don't see how you could detect the message unless you had prior knowledge of the algorithm or locations.

steve

Plain text

[shish]

If the govt found you sending plain text explanations of your terrorist plans, would they take it seriously or pass you off as a nut who's too incompetent to hide themselves?

Re:stegnography is security through obscurity

[pjt33]

Eh? If you can transmit a signed and encrypted message, you can use stego with a signed and encrypted message. If the encryption's any good, your data should be indistinguishable from noise.