Secret Data: Steganography v Steganalysis

gManZboy writes "Two researchers in China has taken a look at the steganography vs. steganalysis arms race. Steganography (hiding data) has drawn more attention recently, as those concerned about information security have recognized that illicit use of the technique might become a threat (to companies or even states). Researchers have thus increased study of steganalysis, the detection of embedded information."

Hmm

[Sparr0]

I think this is the way of the future with regards to encryption. You cant crack what you cant find.

Re:Hmm

You cant crack what you cant find.

Or in the case of "The Bible Codes", you find what you want to find.

Re:Hmm

[jamsessionjay]

Security through obscurity? Look how well it's worked for Microsoft.

Any sufficiently advanced neural net should be able to deterministically find changes in common data communication where information can be hidden. And do you truly think that your data is not being checked by big brother?
[puts on tinfoil hat]

Re:Hmm

[4of12]

Any sufficiently advanced neural net should be able to deterministically find changes in common data communication where information can be hidden. And do you truly think that your data is not being checked by big brother?

I doubt there's enough computational resources for a sufficiently advanced neural net.

If chunks of known ciphertext in something like AES-256 can't be broken in times measured in universe ages, then I can't foresee much success in wholesale scanning of all information, searching for embedded secret strings which, if properly encrypted, should be indistinguishable from random noise.

An old Slashdot story mentioned one of the most fertile fields for laying down stego messages: within spam.

Re:Hmm

[bentcd]

For many employers, "you are an employee" is sufficient reason to monitor your communications. This surveillance is, however, very superficial in most cases. Superficial surveillance is unlikely to spot a half-decent steganographic effort and so such is likely to offer some protection.
If ever they develop the notion that you require extra special treatment, they might catch on to your hidden messages, of course (or perhaps not). If they do, then I agree they have all the more reason to suspect you of foul play. It's something of a trade-off.

Already was an issue

[Sierpinski]

This came out a long time ago with the idea of hiding child pornography in files containing what appeared to be pictures of art, or other benign picture files.

There was even an episode of Law and Order about this. Its nothing new, but I agree it does pose many questions about security. (Security through obscurity is really good if the level of obscurity is paramount.)

fun stuff

[Darth_brooks]

I tinkered with this for a while. Start up gnucleus, do a search for *.jpg, and grab a bunch of files to scan. Not surprisingly, many of the images were porn (it's for research purposes, I swear!)

The biggest problems were 1. most (actually, all) of the images that came back as good candidates for having embedded images came back as false positives and 2. lack of a brute-force steg break utility.

number 2 is probably a result of poor searching on my part, but I honestly couldn't find a recent, (and free) tool that would do a brute force crack on embedded images. At the time (a few months back) I was using stegbreak and stegdetect.

So, is there anything better? anyone else have any luck?

Re:fun stuff

[BillyBlaze]

Don't know what you're talking about, but I remember when graphics hardware used to suck, and the most common way to make something selected was to overlay it with a halftone of blue. So what you would do is, figure out where that halftone would go, and in the pixels that remain exposed, mix in your porn image, at say about 25% opacity. Now, on the pixels that are obscured by the halftone, mix in the inverse of your porn image at the same opacity. When the halftone is gone, it would be hard to notice the change - the most you would notice is a subtle checkerboard effect where the porn was contrasting with the flowers. But when the halftone obscured the negative that previously was balancing the positive porn image in adjacent pixels, you would see the porn in much higher contrast.

Passwords

[White+Roses]

I played around with this for a time. Stored all my various passwords in one of my desktop pictures at work. In the end, while it was certainly interesting, I didn't see a personally practical use for it. Perhaps integration with a keyring type of application? A replacement for the DB file that is used to store the passwords? I send so few iamges to my friends that a sudden influx of images being sent back and forth with hidden communications would draw more attention to anyone seriously interested in my boring life. I feel secure because I am obscure.

I can certainly see the use in espionage, hiding the real message in the static, as it were (Didn't a Tom Clancy book use this plot device? I think the message was sent in the connect noises for the modem). And NS's Baroque Cycle had some interesting steganographic bits in it (excessively long and boring letters about the nobility's obsession with fashion hiding an encrypted message for all to see). But on a day to day basis, I doubt this will affect most people.

Problem with statistical analysis

[grahamsz]

The suggestion is that if data is being hidden in the LSB of a photo then you can use statistical analysis to spot this anomoly.

The problem here seems to be that if you were to compress your hidden data prior to hiding it, then the data inserted would appear random and should thwart statistical analysis. You'd need some redundancy there if you intent to jpeg compress the image, but it might work.

I've toyed with the idea of hiding data in the vectors used in a mpeg file. Exploiting the nature of the compression algorithm rather than the source data.

Re:Problem with statistical analysis

[wirelessbuzzers]

The suggestion is that if data is being hidden in the LSB of a photo then you can use statistical analysis to spot this anomoly.

The problem here seems to be that if you were to compress your hidden data prior to hiding it, then the data inserted would appear random and should thwart statistical analysis.

The problem is, the LSBs of a photo do not appear to be random; there are many subtle correlations between them, some of them human-visible and some of them computer-visible. A given known machine-visible one can be foiled with enough statistics (see Outguess), but when a new one comes along the steg will be broken (as is Outguess).

In any case, it is assumed that you are compressing the data to save space and protect your cipher, and then encrypting it (stripping any headers added by your encryption program) to give data that would be difficult to prove non-random. The question remains how to find places in the file which appear sufficiently random to hide your data.

You'd need some redundancy there if you intent to jpeg compress the image, but it might work.

No, you'd just fudge the low-order bits (after quantization) of the coefficients of the discrete cosine transform. Of course, these also have correlations that you'd have to watch out for.

Re:An easy way to hide information (PART 2)

[zoloto]

actually this is a really good thing. not just on slashdot, but on other sites where you can search the documents for key words.

Heck, post as ac with a unique subject and post encrypted (gpg) ascii in multiple parts. the data will be here still next year or five (plausible) and you can retrieve it, and decrypt (assuming you have the public key or password if it's symmetric

DCT + spread spectrum

[dangil]

I have done a small experiment in steganography using DCT coefficients and spread spectrum technique, spreading a 4 bit number in 4 high frequency coeficients in a DCT transformed image

It works pretty well.. but I did it in PHP+GD, so it's pretty slow...

if anyone is interested, I have a paper that describes the methods, the PSNR and everything else... you can reach me at my gmail server, under the dangil alias

stegnography is security through obscurity

[user317]

as soon as a method for stegnography is discovered it basically looses any advantage. the only way it could work is if the number of methods would increase at a exponential or higher rate. otherwise any interested party can just brute force your data for every possible stegnoraphy method. even if one that you use hasn't been discovered yet they can store that data and check it later. in either case if you got something to hide from they you are screwed. a much better way for secure communication is http://www.xelerance.com/mirror/otr/

how is this possible?

If I take a payload -- say a text file. If I compress the file, then encrypt the compressed data then finally hide it.

Excecpt when I hide it I use the least significant bit of every n bytes where n is a 10 digit sequence.

[1,2,3,4,3,2,1,2,6,7]

the first source bit is stored in the lsb of the first image byte.

the second source bit is stored in the lsb of the [1+2] image byte.

the third source bit is stored in the lsb of the [1+2+3] image byte. ... and on and on...

If the end of the image file is reached before the source file is embedded then wrap around and repeat using the second lest significant bit.

Using a unique noisy image source such as a crappy web cam taking a picture of a TV displaying white noise (to thwart a compressability test used for detecting images with hidden data), how could you detect this hidden message much less decode it without know specificaly how the algo works?

Possibilities

[grandmstrofall]

I think that steg provides the opportunity to increase security of already existing crypto. Wouldn't it be plausable to take already encrypted data, and then hide it? Sure, it's not foolproof, but it's no worse than having the encrypted data sent as is.

At the same time however, it seems like steganography has some inherent flaws in it. That is to say, the more people use is, the quicker people will be able to determine patterns in the method. This would allow people/groups/countries/etc. to find the message faster. Doesn't sound like too reasonable of an idea.

Additionally....I'd be interested to see what DJB has to say about steganography...

Re:Can someone explain to me what is meant by...

[Bagels]

*cough* Chinese researchers. Perhaps not illegal in the US, but almost certainly extremely illegal over in our favorite semi-communist autocracy...

A stego method that actually works

[Synli]

Hiding ciphertext within pictures or sounds does not work. They are mathematical methods to detect that a picture or a sound contains encrypted data (unusual noise). There is currently only one steganographic method I am aware of that really works. It is hiding ciphertext within ciphertext. I know only of one open source and free program that realises this scheme: TrueCrypt. And here is how they do it.

Remember the post 9/11 image-messaging concern?

[ScentCone]

This reminds me of a concern that surfaced in the immediate wake of 9/11: that the bad guys were shunning traditional net-based communication (e-mail, forum/newsgroup postings, etc.) and might be using codes or signals embedded in images in common places (eBay, for example).

I seem to recall a distributed screen-saver type app that was being used to crunch through millions of hosted images. Not much to find online about this, but there are articles like this one at NewScientist.com suggesting that the effort was a washout. here are some more stats from a study that came up dry, but there always this reference to "first stenographic image in the wild" as reported by ABC back when.

Application more important than Technique?

[Clod9]

In the past I've focused my thoughts primarily on techniques, but reading this article, it occurred to me that the most important part of using steganography is using it the right way, and constructing the right cover -- not necessarily the technique itself.

Using statistical methods, most steganography can be broken either now or in the near future if the steganalyst can spend a lot of time and computing resources on each candidate bit collection, and if you're hiding a lot of bits in each collection. The consequence: don't hide very many bits, and widen the search space by hiding your trees in a forest of significant size, so that the amount of CPU the analyst can use on any particular tree is low.

Key exchange is a great candidate for steganography. And to make sure the population of innocuous bit collections around yours is high, find a place where a lot of people around you are dealing in large quantities of bits: music collections at a university, or spam messages on an e-mail relay.

Re:Layered Implementation

[Em+Adespoton]

However, until everyone is using strong encryption to store and send all data, steganographed encrypted data is necessary. You see, often it is just as important to hide the fact that you've got something to hide as it is to secure the data. With steganographed encrypted data, you can plausibly deny that it was you who hid the data in the first place.

Re:Wasn't that his point? MOD PARENT DOWN

[Winkhorst]

You can actually say a lot in plaintext without actually saying openly what you mean. Aleister Crowley was a master at this. The way this works is you talk directly to those who know the context in which you are speaking and it all just looks like mere verbiage to anyone not familiar with your topic. Or you refer to your predicates in such a way that the casual observer can't tell what your final conclusion refers to. This is not steganography per se, but goes to the origins of the concept. I have done this myself and it allows you to say things you wouldn't dare say outright for fear of retribution from certain third parties.