Slashdot Mirror

← Back to Stories (view on slashdot.org)

Battling Steganography

Posted by CmdrTaco on from the why-would-you-want-to dept.

An anonymous reader submitted a fairly thin little story about a researcher who is Battling Steganography. I can certainly see the appeal of the study but it really seems like a needle in a hay stack sort of project. And when you actually can detect one technique, new and better techniques will crop up and take its place.

11 of 195 comments (clear)

  1. Wait a minute by imAck · · Score: 5, Insightful

    Was it just me, or did the article make it seem like anyone that would use steganography would be a criminal? Since when in a 'free' country should the ability to hide a message be of interest to the "legal community"?

    --

    It's hard to tell the cool to chill, my favorite hotel room has a view to an ill.

    1. Re:Wait a minute by DeadVulcan · · Score: 4, Insightful

      Was it just me, or did the article make it seem like anyone that would use steganography would be a criminal?

      The article didn't say this at all. In fact, the types of criminal activity that were mentioned were "political and corporate espionage or illegal pornography."

      Talking on the phone is not criminal, but wiretaps are used all the time in fighting organized crime.

      --
      Accountability on the heads of the powerful.
      Power in the hands of the accountable.
    2. Re:Wait a minute by twitter · · Score: 4, Insightful
      You are right, the article did have that feeling.

      We might expect this of a promotional article. Breaking crypto to fight perverts sounds more exciting than studying paterns to detect private messages. Others have proposed better promotion, like making crypto stronger by breaking weak methods.

      A good analogy to fight the underlying assumption of the negative promotion is cloathing. The assumption is that only criminals have something to hide. Bull. Try working words like "naked" and "bare" into your thoughts. Examples: "What, are you still sending naked email?", "Are you foolish enough to trust bare telnet logins?". People will get the idea.

      Society does not work, and it's individuals are debassed when privacy is eliminated. It's impossible to have frank disscusions when you may be overheard by people who may missuderstand. It's impossible to invest or plan without privacy.

      --

      Friends don't help friends install M$ junk.

  2. pointless by mj6798 · · Score: 2, Insightful

    Good steganography is essentially the same as adding random noise to an image. You can structure the noise any way you like. There are lots of images that plausibly contain lots of noise, for example images taken in low light and images scanned from film. As long as you don't insist on a very efficient steganographic embedding, there are undetectable steganographic methods. Farid's research is pointless, and it is scary to think that courts may start relying on it.

  3. Not Quite Useless by lblack · · Score: 3, Insightful

    While it's true that human beings can interpret images to mean something that a machine could never pick up on, that's not the thrust of the research being done here.

    He is doing research into a very particular kind of steganography, whereby messages are concealed within an image via slightly altering the least significant bits of an image.

    When you encode information in this way, somebody knowing how to extract it can pull out a message which is not subjective (as in the example of interpreted images given by another poster), but rather is very concrete.

    There is some evidence that this form of encoding has been used to communicate information throughout terrorist cells.

    What the researcher is doing is developing a method to detect when the LSB's in an image have been manipulated slightly. He is not trying to decode the message, but only to flag particular images as being suspicious.

    Decoding would be a matter for someone completely different -- like the FBI, for instance.

    His method does have applications, and if it is through alteration of LSB that a message is embedded in an image, it will apparently detect such 90% of the time.

    This is a vast improvement over any existing methods I know of for detecting LSB manipulation.

    So he's not quite looking for a needle in a haystack. He's examining millions of haystacks, and pinpointing the ones that probably *do* have needles in them.

    Quite a large difference, really.

    -l

  4. battling privacy? by Anonymous Coward · · Score: 1, Insightful
    So is this guy also battling privacy?

    I don't see how anyone with a conscience could decide to intentionally try to destroy methods with which people can protect their privacy.

  5. This is Wonderful News by crisco · · Score: 5, Insightful
    The reason we have effective encryption (when it is implemented right) available to use is because of the large amount of research that has gone into breaking encryption. Because of the community of mathematicians and others actively trying to break weak algorithms we know the strengths and weaknesses of various ways to encrypt data.

    Now we have more people looking at steganography. This can only make it more effective. Sure, the methods we have now might be broken but what about the next ones, the ones that don't show up on the statistical analysis that he appears to be using.

    --

    Bleh!

  6. guns kill more people than steganography by Anonymous Coward · · Score: 1, Insightful

    How come Dr. Farid is not
    battling Guns?
    Sounds like someone who should work for
    a totalitarian government.

  7. Re:Patterns in lowest bits by Lumpy · · Score: 3, Insightful

    Nice idea, but it is easily thwarted.
    I and my friends generate every image with random trash in it (the output of /dev/random) we do this to EVERY image and generate several versions of each image with trash in it. we make a neat-o plugin for the gimp that does this quietly without the user's info and we do the same for photoshop. over a years time 5-10 people could spread hundres-of-thousands false positive images onto the net. now.. you send a message, a real one. there is no way to detect if it is a decoy or the real thing.

    and this is where prof-bean's idea falls on it's face. as anyone using this system for real work is doing what I just mentioned or something that is generating massive amounts of decoys in a more effient manner. (hell the decoys now become perfect carriers too! espically if you generated several version of the decoys with different junk in them.)

    It's simple to defeat stenography detection. you saturate the detector to the point where the real items get through.

    --
    Do not look at laser with remaining good eye.
  8. Re:What about deniability? by Anonymous Coward · · Score: 2, Insightful

    A 10% miss rate doesn't mean that there is also a 10% false alarm rate.

  9. Very clever... by Anonymous Coward · · Score: 2, Insightful
    I must commend you. For those not tallented enough (and those who wish to not take the time) to find the hidden message"s":

    1) Take the first letter of each line.

    2) Take the first work of each paragraph.