Slashdot Mirror


Secret Data: Steganography v Steganalysis

gManZboy writes "Two researchers in China has taken a look at the steganography vs. steganalysis arms race. Steganography (hiding data) has drawn more attention recently, as those concerned about information security have recognized that illicit use of the technique might become a threat (to companies or even states). Researchers have thus increased study of steganalysis, the detection of embedded information."

7 of 280 comments (clear)

  1. Hmm by Sparr0 · · Score: 5, Interesting

    I think this is the way of the future with regards to encryption. You cant crack what you cant find.

    1. Re:Hmm by 4of12 · · Score: 4, Interesting

      Any sufficiently advanced neural net should be able to deterministically find changes in common data communication where information can be hidden. And do you truly think that your data is not being checked by big brother?

      I doubt there's enough computational resources for a sufficiently advanced neural net.

      If chunks of known ciphertext in something like AES-256 can't be broken in times measured in universe ages, then I can't foresee much success in wholesale scanning of all information, searching for embedded secret strings which, if properly encrypted, should be indistinguishable from random noise.

      An old Slashdot story mentioned one of the most fertile fields for laying down stego messages: within spam.

      --
      "Provided by the management for your protection."
  2. fun stuff by Darth_brooks · · Score: 5, Interesting

    I tinkered with this for a while. Start up gnucleus, do a search for *.jpg, and grab a bunch of files to scan. Not surprisingly, many of the images were porn (it's for research purposes, I swear!)

    The biggest problems were 1. most (actually, all) of the images that came back as good candidates for having embedded images came back as false positives and 2. lack of a brute-force steg break utility.

    number 2 is probably a result of poor searching on my part, but I honestly couldn't find a recent, (and free) tool that would do a brute force crack on embedded images. At the time (a few months back) I was using stegbreak and stegdetect.

    So, is there anything better? anyone else have any luck?

    --
    There are some people that if they don't know, you can't tell 'em.
  3. Passwords by White+Roses · · Score: 4, Interesting
    I played around with this for a time. Stored all my various passwords in one of my desktop pictures at work. In the end, while it was certainly interesting, I didn't see a personally practical use for it. Perhaps integration with a keyring type of application? A replacement for the DB file that is used to store the passwords? I send so few iamges to my friends that a sudden influx of images being sent back and forth with hidden communications would draw more attention to anyone seriously interested in my boring life. I feel secure because I am obscure.

    I can certainly see the use in espionage, hiding the real message in the static, as it were (Didn't a Tom Clancy book use this plot device? I think the message was sent in the connect noises for the modem). And NS's Baroque Cycle had some interesting steganographic bits in it (excessively long and boring letters about the nobility's obsession with fashion hiding an encrypted message for all to see). But on a day to day basis, I doubt this will affect most people.

    --
    Do not touch -Willie
  4. Problem with statistical analysis by grahamsz · · Score: 4, Interesting

    The suggestion is that if data is being hidden in the LSB of a photo then you can use statistical analysis to spot this anomoly.

    The problem here seems to be that if you were to compress your hidden data prior to hiding it, then the data inserted would appear random and should thwart statistical analysis. You'd need some redundancy there if you intent to jpeg compress the image, but it might work.

    I've toyed with the idea of hiding data in the vectors used in a mpeg file. Exploiting the nature of the compression algorithm rather than the source data.

  5. Re:An easy way to hide information (PART 2) by zoloto · · Score: 4, Interesting

    actually this is a really good thing. not just on slashdot, but on other sites where you can search the documents for key words.

    Heck, post as ac with a unique subject and post encrypted (gpg) ascii in multiple parts. the data will be here still next year or five (plausible) and you can retrieve it, and decrypt (assuming you have the public key or password if it's symmetric

  6. Re:Wasn't that his point? MOD PARENT DOWN by Winkhorst · · Score: 4, Interesting

    You can actually say a lot in plaintext without actually saying openly what you mean. Aleister Crowley was a master at this. The way this works is you talk directly to those who know the context in which you are speaking and it all just looks like mere verbiage to anyone not familiar with your topic. Or you refer to your predicates in such a way that the casual observer can't tell what your final conclusion refers to. This is not steganography per se, but goes to the origins of the concept. I have done this myself and it allows you to say things you wouldn't dare say outright for fear of retribution from certain third parties.

    --
    "Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."