Slashdot Mirror

← Back to Stories (view on slashdot.org)

Battling Steganography

Posted by CmdrTaco on from the why-would-you-want-to dept.

An anonymous reader submitted a fairly thin little story about a researcher who is Battling Steganography. I can certainly see the appeal of the study but it really seems like a needle in a hay stack sort of project. And when you actually can detect one technique, new and better techniques will crop up and take its place.

10 of 195 comments (clear)

  1. What about deniability? by (void*) · · Score: 3, Interesting
    Suppose one gets caught with such an image. According to him, the technique has a 90% chance of success. So what about the 10%, wherein, one has no message encoded in an image, but triggers tha alarms anyway? If you get caught by the FBI, what can you say?

    You might say that 90% is no pretty significant. But considering how many actual images are there out there with actually no steganographic message, I think you'll actually end up persecuting more innocent people.

    I just more more eveidence than this is required for a warrant to be issued.

  2. Re:battling privacy? by invenustus · · Score: 2, Interesting
    If I'm feeding a troll, I apologize, but....
    I don't see how anyone with a conscience could decide to intentionally try to destroy methods with which people can protect their privacy.
    That's the paradox that's inherent in almost all of the cryptology field. If you want to make cryptography better, trying to break cryptography is a great way to go about it. It's better if the good guys do it first. If anyone ever figures out a polynomial-time algorith to factor a big number, it's going to fsck up a whole lot of the world's cryptosystems, but whoever figures it out is going to be a well-known name in the crypto community.

    The same applies to steganography, IMHO. SOMEONE has to break it - it might as well be me.

    --
    grep -ri 'should work' /usr/src/linux | wc -l
  3. An Analogy by underwhelm · · Score: 3, Interesting

    Imagine trying to decipher the hidden messages in "The 5000 fingers of Dr. T.". It is a movie and as such contains the symbolism and iconography and messages of many individuals. Some of them are apparent, some of them covert, and some of them downright indecipherable.

    Also, think about the Blade Runner/Ridley Scott "Is Deckard a replicant" business that lasted, well, right up until he told the world the answer. It is that sort of interpretation that someone hoping to decipher steganography would have to perfect. It's not just stuff like: Hi Everyone Likes Punch!

    The only way to get messages out of such texts is intimate knowledge of the author(s) or intended recipients of the hidden meanings. By asking them, or sodium pentothal, or the NSA's computer simulation of everybody's brain.

    I'm no cryptographer, but the most reliable and cost effective way to discover a secret is likely to investigate the people that know the secret, rather than try to divine meaning from a text that came into your hands.

    --

    I don't need large brains to have a good time.

  4. Re:F u cn rd ths ... by dschuetz · · Score: 5, Interesting

    If steganography can be made "turnkey", it'll work
    for most of today's privacy requirements.

    You might think that it'd be easy to detect,
    or simple to prevent, but that's simply not true.
    Unless someone lists all the ways in which one

    can hide information, and a fantastically fast
    approach to testing any given communication on the
    net against those techniques. Otherwise, to

    read a steganographically-encoded message,
    each recipient will need to figure out which of
    all the messages intercepted even includes the
    data you're looking for, and what was used in

    this particular instance. Hell, one might even
    have two or more different techniques applied
    in a single message. Like this message does.
    Sort of.

    ....

  5. some thoughts by Proud+Geek · · Score: 3, Interesting
    First, Taco's comment about "new and better techniques" is ill-informed. This is an information-theoretic method, where the inclusion of hidden information alters the nature of the information in the original document. What this technique does not give you is any hint on how to extract the hidden information.

    Second, I'm not sure how to react to this. I don't use steganography to hide information, nor do I encrypt my email normally. I guess it's good to know if the techniques used to do this are detectable or breakable, but if it was actually used on a large scale you can bet I'd be screaming, "Big Brother!!!"

    --

    Even Slashdot wants to hide some things

  6. So this guy can predict hidden information? by Bonker · · Score: 3, Interesting

    The article stated that the guy used an algorithm to detect statistical variations and predict wether an image had steganographically hidden data 90% of the time.

    How about a GIMP or Photoshop plugin to randomly insert junk data in any JPEG saved in order to make this technique useless? It'd be fun to the the NSA sit and fret over an image that apparently had a list of Warez traders and DMCA violators but instead contained the lyrics to 'Penny Lane'.

    Better yet, how about an Apache module that does this same thing to every JPG it serves?

    The point is, that as soon as it becomes common procedure to intercept images to check for steganography, those who use steganography will switch methods. I bet PGP data encoded in a JPG is a lot harder to detect, and infinitely harder to extract.

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
    1. Re:So this guy can predict hidden information? by Remote · · Score: 2, Interesting

      How about a GIMP or Photoshop plugin to randomly insert junk data in any JPEG saved in order to make this technique useless?

      You can't do that. JPEG/DCT (as is the norm with files adhering to the JIFF) is a lossy compression scheme, which means LSB's are lost in the process.

      This is one reason why I think it is not practical to embed messages in images files posted over the Internet. De-facto standards are JPEG and GIF's, and although LZW is lossless, you don't want to mess with LSB's in a 256-color palleted image (except if you "color" pallete is an ordered grayscale pallet). A TIFF file with either grayscale, RGB or CMY/CMYK data would do the trick, but who sends TIFF's? If someone already has an eye on you, that would definitely look suspicious.

  7. How can you detect random noise? by Contact · · Score: 3, Interesting
    Dislaimer: I'm not an encryption expert by any stretch of the imagination...

    This is an interesting idea, but surely any good encryption produces an output which is indistinguishable from random noise. So, how can the algorithms mentioned in the article (which is interesting, but rather short on facts...) distinguish between the noise added by a steganographically embedded encrypted message and the noise caused by a slightly underspecced A to D converter?

    I'm honestly curious... has anyone got any links to a more detailed report on this?

  8. False Hits by Anonymous Coward · · Score: 1, Interesting

    What this researcher is not mentioning is the false positive rate. This means how often the algorithm reports that a file contains steg when it actually doesnt. There are many tools out there for detecting steg, but their false positive rates render them useless for practicle use. I havent seen any tools under 10%, but I have seen some as high as 65%. This means that the tool says that 65% of all images are steg'd!
    False positives are often simply a property of the mechanism that created the image in the first place. For example, certain graphic programs and digital camera's will ALWAYS produce files that look like they contain steg.
    Some of the other posts here have mentioned using a carnivore like system with steg detection. With a modest false positive rate of 10%, imagine how many false positives you would have by searching just your office for a month. Not to mention the fact that once you have all of files, what do you do then? arrest everyone you sent a file that has a remote possiblity of being steg? You guys and gals can sleep a little safer because I seriously doubt the government has enough resources to look through 10% of every graphic or sound file that gets transmitted via email.

  9. Resource Intensive by Gregoyle · · Score: 3, Interesting
    I agree with the "needle in a haystack" idea. It doesn't seem like this technique would be practical given the relation between bandwidth and image size.

    Given a certain state of network bandwidth, the quality of images transferred over the network is likely to increase as the ability to transmit that data increases. This means that anyone trying a large scale data mining for steganographic data, for example in a Carnivore-type application, would need to have many times the bandwidth of ALL the senders/recievers in order to analyze that much data.

    That would make it so the only real application of this method would be for people you already suspect of sending steganographic data. You could direct the search toward them. However, then it is still trial and error to find which steganographic protocol they used, etc., and you're back to square one.

    Maybe if the steganographic checking system was actually *intergrated* to the Carnivore system you could get somewhere. It might be a good way to search for messages that were "suspicious".

    It is interesting, though, that this method is possible without knowing the individual steganographic protocols. It just seems that it would be too resource-intensive to deploy on a wide scale, and a wide scale is the only place it would be really more useful than trial and error.

    --

    "He's more machine now than man, twisted and evil."