Domain: petitcolas.net
Stories and comments across the archive that link to petitcolas.net.
Comments · 10
-
MP3stego
http://www.petitcolas.net/steg...
"MP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then hidden in the MP3 bit stream. Although MP3Stego has been written with steganographic applications in mind it might be used as a copyright marking system for MP3 files (weak but still much better than the MPEG copyright flag defined by the standard). Any opponent can uncompress the bit stream and recompress it; this will delete the hidden information â" actually this is the only attack we know yet â" but at the expense of severe quality loss.
The hiding process takes place at the heart of the Layer III encoding process namely in the inner_loop. The inner loop quantizes the input data and increases the quantiser step size until the quantized data can be coded with the available number of bits. Another loop checks that the distortions introduced by the quantization do not exceed the threshold defined by the psycho acoustic model. The part2_3_length variable contains the number of main_data bits used for scalefactors and Huffman code data in the MP3 bit stream. We encode the bits as its parity by changing the end loop condition of the inner loop. Only randomly chosen part2_3_length values are modified; the selection is done using a pseudo random bit generator based on SHA-1.
We have discussed earlier the power of parity for information hiding. MP3Stego is a practical example of it. There is still space for improvement but I thought that some people might be interested to have a look at it."
-
Re:Embedded Codes
One small beef though: Most steganography/watermarking I've seen focuses on the artist using the software to add a hidden mark in the image, and then verifying that the hidden mark also exists in an alleged rip-off.
It says nothing about entity doing metadata cataloguing automatically extracting the marks and putting the decoded marks in an easy-to-query database. You know, making the data searchable. Even if that's data that is supposed to be hidden, you know, to ward against this "watermark tampering" thing that's listed in Image Plagiarism for Dummies, page 3.
Now, what makes you think that steganography/watermarking vendors would willingly share the methods they use to hide the marks?
Further, the history has shown that both steganography and watermarking markets are full of products that are utter and pure snake oil. Telling apart the real thing and snake oil is sometimes difficult in computer security in general, and on this field in particular. The products that are being used might not lend themselves to be accurate detection to begin with...
-
Re:Human?
True, if you rip your own from CD. If you are purchasing online music though it will already be compressed
... some existing audio stego techniques are integrated into the compressors, e.g. mp3stego:"The hiding process takes place at the heart of the Layer III encoding process namely in the inner_loop. The inner loop quantizes the input data and increases the quantiser step size until the quantized data can be coded with the available number of bits. Another loop checks that the distortions introduced by the quantization do not exceed the threshold defined by the psycho acoustic model."
-
Steganography in MP3'sI used to use a DOS program called mp3stego that would convert
.wav files to .mp3 and hide whatever data you specified in it.here's a link
-
Idea for Griffin's next big product
Griffin is incredible, they've come up with so many neat ideas! Actually, I've got another one for them: my idea on how to playback pictures through the iPod onto a television! Quick Griffin, do it before the next gen picture iPod comes out
:)
Anyways, I "bumped" that post for three reasons: to get the idea more attention, to relate that I discovered a steganography program that could be useful for this project and also to plea for help in finding a program that can generate modem audio. Unfortunately google has yet to produce anything useful, besides this funny site. I think the people discussed in this article would probably be a good resource for it, but I think, for example, that the members of the band Information Society would be hard to track down now. So I figured that after Google I should appeal to Slashdot. So anyone got any leads? -
Have they heard of steganography?
You can hide a lot of information between in your music.
-
It has nothing to do with the circles. Anymore.
*laughs*
OK. The last time this came up, it consumed about twelve straight hours of hackery. You can go ahead and play with some of the black boxed code using the demo version of Paint Shop Pro (or the latest Photoshops). Let me tell you: This has nothing to do with the circles. I was actually quite saddened by this fact, as I was planning to print up a "secure t-shirt" that would be unphotographable and unprintable by modern image manipulators. (It'd be a great excuse to talk at Black Hat wearing a T-Shirt *laughs*).
Alas, such adventures were not to be had. Experimenting with copy/paste between an unprotected app and the demo PSP, it quickly became clear that while some old copiers might indeed trigger on the inter-circle distances, counterfeiters now had a vastly more difficult system to fight. What there seems to be is some sort of size and position invariant image fingerprint function, probably wavelet based, that receives the full image after every large scale image transform, executes a fingerprint matching vs. a confidence value, and returns true or false depending on what the confidence threshold is set to. It's not perfect -- Stirmark does seem to cause the algorithm to occasionally stumble, though not consistently (see this gallery for details) -- but it's very good work nonetheless.
Certainly, it does not appear possible to manipulate the watermarking system to create new and unique images that appear, computationally, to still be money. That's a very good thing. And while it's somewhat problematic to have code refusing to obey its controller, the integrity of the financial system really is an important thing. Remember the privacy case for cash -- if paper money becomes something we all distrust, what exactly are we left with? The fault with the RFID approach is that it forces us to carry a reader to validate funds. If we cannot self-validate, we cannot trust (notably, the biggest weakness with the metal strip approach is that we cannot quickly notice that the metal strip has been removed -- the wealth is actually thus represented not by the bill but by an invisible strip of iron and plastic!).
I do not think that image manipulation software is the right place to put this code, specifically because it's too easy to write an image editor from scratch (what are you going to do, ban compilers?). Scanners and printers are however sufficiently single sourced that they're far superior places to trust that anti-counterfeiting logic will be in place. But then, that's just IMHO.
--Dan
-
Re:Duh
No, the solution here is to allow screeners, but to digitally mark each one of them such that they can be identified
This is already being done. However, most release-groups remove the serials (by blurring or just placing a black box) on the movies they release.We're not talking about obvious visual watermarks like a serial number burned into the corner of the video---that is too easily circumvented. This should instead be implemented with modern steganography techniques that encode uniquely identifying information within the media in a manner that can be detected only by a corresponding decoder.
-
Re:gee?
Agreed. I don't understand why they are bothering with this since they are suing her for sharing RIAA owned files, for uploading them, not for downloading them. I don't see how showing that her files have a particular md5 hash helps their case at all. Whether she actually owns the CD or not, they can still (try to) nail her for uploading them.
Although it's pointless in this context, embedding a message like "RIAA sucks" or "Boycott RIAA labels" with steganographic mp3 encoders like stego-lame or mp3stego should alter the MD5 quite significantly. I seriously may start doing this. -
Re:This is stupid
Personally I think the FPP post saying "This is comical in one sense, but to be read by a hosting company who does not know any better can be frightening," is considerably overstating the case. The file is easily certifiable as non-infringing. (Pretty much) end of story.
No it isn't and no, it isn't. With good steganography it's possible to hide pretty much anything in pretty much anything else (provided the thing you're trying to hide is sufficiently smaller than the thing you're trying to hide it in). It's extremely difficult to certify that a given file does not contain, steganographically, an encoding of another. You could easily hide an 8 bit game in the whitespace of a bundle of documentation, and, unless you knew the algorithm of the encoding, it would be pretty hard to prove it wasn't there.