Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secret Data: Steganography v Steganalysis

Posted by CmdrTaco on from the fight-of-the-year dept.

gManZboy writes "Two researchers in China has taken a look at the steganography vs. steganalysis arms race. Steganography (hiding data) has drawn more attention recently, as those concerned about information security have recognized that illicit use of the technique might become a threat (to companies or even states). Researchers have thus increased study of steganalysis, the detection of embedded information."

10 of 280 comments (clear)

  1. Hmm by Sparr0 · · Score: 5, Interesting

    I think this is the way of the future with regards to encryption. You cant crack what you cant find.

    1. Re:Hmm by PDAllen · · Score: 5, Insightful

      Suppose you == info security guy at $Company. When you see a string of seemingly random bits in a file marked crypto.txt leaving $Company, you may not be able to find out exactly what trade secret your local friendly spy was leaking, but you do know there was a leak and who sent it.

      On the other hand, if you see a load of random pictures leaving $Company from lots of employees, then you have to find which picture has hidden data in it before you even know you have a problem.

      The point of steganography isn't to pass a message that can't be read, it's to pass a message without alerting anyone to the fact that a message has been passed.

  2. Great movie title! by Guano_Jim · · Score: 5, Funny
    Secret Data: Steganography v Steganalysis

    Throw in a Stegosaurus and we've got a real Destroy All Monsters vibe going.

    Run! It's Steganalysis!

    /crushes Tokyo

    --
    3D Printing Tips and Tricks at Zheng3.com
  3. This reply is funny, inciteful and informative by Silver+Sloth · · Score: 5, Funny

    But it's hidden

    --
    init 11 - for when you need that edge.
  4. Hiding data ...pfft by pronobozo · · Score: 5, Funny

    As if you can hide information in places that nobody would find, just doesn't seem like a plausible direction for security.

    --
    ------
    insert sig here,here, and here
    1. Re:Hiding data ...pfft by Darth_brooks · · Score: 5, Informative

      There's some truth to the idea of a hidden message in comic strips.

      During the 50's and 60's the air force used a particular comic strip ("smokey stover" i think. http://www.toonopedia.com/smokey.htm, also the origin of "foo" and "foo fighter") to train recon. photo interpreters. The artist would hide his wife's name somewhere in every strip, and the new recruits would have to find it.

      --
      There are some people that if they don't know, you can't tell 'em.
  5. An easy way to hide information by Anonymous Coward · · Score: 5, Funny

    Hide it on slashdot by posting at level 0. No one will think to look, and there's an unlimited storage potential.

  6. fun stuff by Darth_brooks · · Score: 5, Interesting

    I tinkered with this for a while. Start up gnucleus, do a search for *.jpg, and grab a bunch of files to scan. Not surprisingly, many of the images were porn (it's for research purposes, I swear!)

    The biggest problems were 1. most (actually, all) of the images that came back as good candidates for having embedded images came back as false positives and 2. lack of a brute-force steg break utility.

    number 2 is probably a result of poor searching on my part, but I honestly couldn't find a recent, (and free) tool that would do a brute force crack on embedded images. At the time (a few months back) I was using stegbreak and stegdetect.

    So, is there anything better? anyone else have any luck?

    --
    There are some people that if they don't know, you can't tell 'em.
  7. Re:Problem with statistical analysis by Kjella · · Score: 5, Informative

    There's a good story on something vaugely related that has to do with the frequency of digits in measured numbers. (That is, it isn't equally probable to see every digit -- earlier digits in a number favor lower digits, like "1".) People who were falsifying accounting records were caught because the numbers they used were "too random".

    Actually, here the fault is that they didn't understood the target. Expenses have no "natural" size, they're likely to be scale invariant. Basicly, you're looking for a distribution where C*f(x) = f(x). If you took 1..9, try C=2: 2,4,6,8,10,12,14,16,18... suddenly you have 5 leading 1s.

    Turns out the right distribution is following Benford's law:

    30.1% 17.6% 12.5% 9.7% 7.9% 6.7% 5.8% 5.1% 4.6%

    The second example you have is that the human "RNG" is flawed.

    A computer doesn't really suffer from this problem. The stenagography problem is really this.

    1. Find randomness in source data
    2. Replace random data with pseudorandom data

    Of course, if you overwrite non-random data, you're doing it wrong. If you're going to use the LSB, you need to verfiy that it is random, or find the portion of it that is random (which is kinda what you're doing when you pick the LSB from a pixel anyway).

    The biggest problem is really to hide it in a "reasonable" way.

    Perfect steganography should replace all randomness with noise.

    Perfect compression should eliminate all randomness.

    In other words, steganography operates on the thin slice between good compression (jpg, mp3, divx) and perfect compression. It's much easier to hide information in bmp, wav, uncompressed avi, but it also looks damn obvious.

    Kjella

    --
    Live today, because you never know what tomorrow brings
  8. Metasteganography by Dylan+Thomas · · Score: 5, Insightful

    What strikes me as most curious is that the current debate about steganography is in itself an exercise in steganography--at least, in the sense of hiding important information in plain sight. Through the use of technical-sounding words, concerned parties manage to conceal what seems to be a genuinely frightening disrespect of the freedom of information.

    Simply take "steganography" out of the equation. It's easy to scare the masses by using intimidating neologisms. But steganography is simply a manner to transmit information privately. So let's recast the sentence, "...illicit use of the technique might become a threat to the security of the worldwide information infrastructure." Let's simply say, "Individuals attempting to keep their private information private might become a threat to the security of the worldwide information infrastructure."

    What used to be a preferred method for sending private information to a friend? The mail? Didn't we used to have a respect for the privacy of letters we sent via post? So how come no one said, "Sealing envelopes might become a threat to the security of the worldwide information infrastructure"?

    What's being steganographically hidden in this debate is the reality that these days, quite a few people--many of them in power--simply no longer believe that a person has any right to private or personal information. Why would a technology such as this arise in the first place? Because we know that the first anthrax envelope made the private post public for everyone? Because we know our e-mail can be read, our servers can be hacked, our telephone calls recorded and our houses ransacked simply because fear of terrorists convinced us to sign over our civil liberties as if we no longer desired them?

    This technology arose because some people realized that they were losing any pretense at privacy they might have had, and so were motivated to develop tools to maintain it. And now, we take the new word "steganography" and talk about how dangerous it is... perhaps because we're trying to conceal inside the hidden message that all privacy is dangerous, that anything you do, say or think should always be subject to review by the appropriate authorities.

    --
    What he wants is more important that what I want. What he wants is also more important that what you want.