Study Finds Low Use Of Steganography On Internet

schnippy writes: "New Scientist reports on new study from the University of Michigan that argues that steganography (the science of obfuscating communications) is not in wide use, or at least not on the 2 million images they scanned on eBay. Earlier this year, USA Today reported that Bin Laden was using steganography to disguise his communications. Full study is available here. Wonder how long before someone sets up a distributed computing client to help search for Bin Laden's secret communications? :p" Niels Provos' research was mentioned in Slashback not long ago, and this article is based on the same research.

Re:It's not always so easy to detect!

[MadCow42]

I don't agree with you, actually...

If binary "1"s are encoded as "different than original image, and 0's are "same as original image", you could change the pixel value by +/- 1 to suit the general area of the image.

If you look closely at any scanned or digitally captured image, there's always a "noise factor", from sensor gain, etc. A value change of 1 would not be detectable due to a noise level of at least 1 pixel value.

You could also triple your data density by encoding the R, G, and B channels separately. This could potentially be a little more noticable, but not by much. You could also encode them in different orders (rgbrgb... rrrrggggbbbb, whatever order you want) to further encrypt it.

The only images that do not have noise are digitally created images (i.e. rendered, or drawn in a computer). Just JPEG compressing an image causes noise of more than 1 value.

I could write a program to encrypt/decrypt like this in less than 5 minutes... the only problem I can see is distributing the "key images", which would be susceptible to being intercepted. You could always distribute them on a hard medium (CD), and trust that noone is a spy in your group. I'd probably distribute a few hundered "refrence images".

MadCow.

Re:It's not always so easy to detect!

[ncc74656]

Unless you have the reference image, you're screwed. Changing RGB values by 0 or 1 will not be detectable, and will easily blend in with the noise of most images.

The only thing you can't do is compress the image with JPEG or other "lossy" compression routines.

Applying steganographic encoding to an image before JPEG compression wouldn't work too well, but it should be possible to apply it after compression. You could hide your data in the low bit or two of the DC coefficients without noticeable degradation. It might even be possible to use the lower-frequency AC coefficients, though I don't know if I would want to bet on it (haven't looked into it too closely). Your payload won't be too great (assuming that chroma is decimated 2:1 on both axes and that you use only the low bit of each DC component, that's only six bits per 256 pixels), but it could work well enough for short messages.

Re:It's not always so easy to detect!

[The+Pim]

I could easily encode a message into an image, and NOBODY could detect that one was there, even through careful examination.

You are so wrong. This is just like encryption: Intuitively, everyone thinks it is easy to scramble information, but eventually, cryptanalysis got sophisticated, and we learned that only mathematically sophisticated, rigorously reviewed cryptography has a chance at being safe. Similarly, amateur steganography schemes are probably worthless.

-go through the image in a certain direction, and change each pixel value by 1 to encode a binary "1", or leave it alone to encode a binary "0".

Of course the method you describe isn't detectable to the naked eye. But it would be trivial to detect it statistically. Just look at the gradients in adjacent pixels. In you image, they will be jumpier than in a normal image. Go check out stegdetect to see some of their techniques and results.

Jihad != terrorism

[yerricde]

if I was conducting a Jihad, I wouldn't trust the internet either.

Jihad is not terrorism. In fact, the Qur'an prohibits terrorism against innocent civilians. Islam is a religion of peace, and jihad does not refer to a "holy war" but merely "struggle ... such as an internal struggle to follow Islam, a struggle against oppression, or a struggle for peace" (source:).