Battling Steganography

An anonymous reader submitted a fairly thin little story about a researcher who is Battling Steganography. I can certainly see the appeal of the study but it really seems like a needle in a hay stack sort of project. And when you actually can detect one technique, new and better techniques will crop up and take its place.

What about deniability?

[(void*)]

Suppose one gets caught with such an image. According to him, the technique has a 90% chance of success. So what about the 10%, wherein, one has no message encoded in an image, but triggers tha alarms anyway? If you get caught by the FBI, what can you say?

You might say that 90% is no pretty significant. But considering how many actual images are there out there with actually no steganographic message, I think you'll actually end up persecuting more innocent people.

I just more more eveidence than this is required for a warrant to be issued.

An Analogy

[underwhelm]

Imagine trying to decipher the hidden messages in "The 5000 fingers of Dr. T.". It is a movie and as such contains the symbolism and iconography and messages of many individuals. Some of them are apparent, some of them covert, and some of them downright indecipherable.

Also, think about the Blade Runner/Ridley Scott "Is Deckard a replicant" business that lasted, well, right up until he told the world the answer. It is that sort of interpretation that someone hoping to decipher steganography would have to perfect. It's not just stuff like: Hi Everyone Likes Punch!

The only way to get messages out of such texts is intimate knowledge of the author(s) or intended recipients of the hidden meanings. By asking them, or sodium pentothal, or the NSA's computer simulation of everybody's brain.

I'm no cryptographer, but the most reliable and cost effective way to discover a secret is likely to investigate the people that know the secret, rather than try to divine meaning from a text that came into your hands.

Re:F u cn rd ths ...

[dschuetz]

If steganography can be made "turnkey", it'll work
for most of today's privacy requirements.

You might think that it'd be easy to detect,
or simple to prevent, but that's simply not true.
Unless someone lists all the ways in which one

can hide information, and a fantastically fast
approach to testing any given communication on the
net against those techniques. Otherwise, to

read a steganographically-encoded message,
each recipient will need to figure out which of
all the messages intercepted even includes the
data you're looking for, and what was used in

this particular instance. Hell, one might even
have two or more different techniques applied
in a single message. Like this message does.
Sort of.

....

some thoughts

[Proud+Geek]

First, Taco's comment about "new and better techniques" is ill-informed. This is an information-theoretic method, where the inclusion of hidden information alters the nature of the information in the original document. What this technique does not give you is any hint on how to extract the hidden information.

Second, I'm not sure how to react to this. I don't use steganography to hide information, nor do I encrypt my email normally. I guess it's good to know if the techniques used to do this are detectable or breakable, but if it was actually used on a large scale you can bet I'd be screaming, "Big Brother!!!"

So this guy can predict hidden information?

[Bonker]

The article stated that the guy used an algorithm to detect statistical variations and predict wether an image had steganographically hidden data 90% of the time.

How about a GIMP or Photoshop plugin to randomly insert junk data in any JPEG saved in order to make this technique useless? It'd be fun to the the NSA sit and fret over an image that apparently had a list of Warez traders and DMCA violators but instead contained the lyrics to 'Penny Lane'.

Better yet, how about an Apache module that does this same thing to every JPG it serves?

The point is, that as soon as it becomes common procedure to intercept images to check for steganography, those who use steganography will switch methods. I bet PGP data encoded in a JPG is a lot harder to detect, and infinitely harder to extract.

How can you detect random noise?

[Contact]

Dislaimer: I'm not an encryption expert by any stretch of the imagination...

This is an interesting idea, but surely any good encryption produces an output which is indistinguishable from random noise. So, how can the algorithms mentioned in the article (which is interesting, but rather short on facts...) distinguish between the noise added by a steganographically embedded encrypted message and the noise caused by a slightly underspecced A to D converter?

I'm honestly curious... has anyone got any links to a more detailed report on this?

Resource Intensive

[Gregoyle]

I agree with the "needle in a haystack" idea. It doesn't seem like this technique would be practical given the relation between bandwidth and image size.

Given a certain state of network bandwidth, the quality of images transferred over the network is likely to increase as the ability to transmit that data increases. This means that anyone trying a large scale data mining for steganographic data, for example in a Carnivore-type application, would need to have many times the bandwidth of ALL the senders/recievers in order to analyze that much data.

That would make it so the only real application of this method would be for people you already suspect of sending steganographic data. You could direct the search toward them. However, then it is still trial and error to find which steganographic protocol they used, etc., and you're back to square one.

Maybe if the steganographic checking system was actually *intergrated* to the Carnivore system you could get somewhere. It might be a good way to search for messages that were "suspicious".

It is interesting, though, that this method is possible without knowing the individual steganographic protocols. It just seems that it would be too resource-intensive to deploy on a wide scale, and a wide scale is the only place it would be really more useful than trial and error.