Slashdot Mirror
Blocking Steganosonic Data In Phone Calls
psyced writes "Steganography is a technique to encode secret messages in the background noise of an audio recording or photograph. There have been attempts at steganalysis in the past, but scientists at FH St. Pölten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise (link is to a Google translation of the German original) on a level that stays inaudible or invisible, yet destroys any message encoded within. I wonder if this method could be applied to hiding messages in executables, too."
You can add "random noise" to an .exe file - most processors have at least some opcodes with "don't care" bits. You can alter those bits without affecting the semantics of the code.
Um, yes you can. Many instruction combinations are interchangeable. You merely need to be certain the result is same in all relevant cases for both instruction sequences. In the easy cases it might mean just to swap two instructions. See polymorphic viruses.
Additionally you can use empty areas in executable formats, in the headers or padding. Or even add an extra data segment... If file size is no issue, you can typically just concatenate some extra data in the end of file.
However, instruction sequence alteration might be the closest option in executable "steganography", because data in the headers or padding sticks out like a sore thumb.
If they add just noise you can send the message many times and avarage on the receiving end. The noise will be reduced by a factor of square_root(n), where n is the number of messages. However, the article does not say they will just add noise. It says they will in the next few month waste some research money to study the topic. Interesting is also that they think that it is positive to support DRM with steganography. Die sind richtige Arschloecher.
Or perturb the logic. The easy way is just to look at how polymorphic viruses did it. The hard way is to get out your disassembler and change
cmp eax, edx
jle offset
to
cmp edx, eax
jae offset
(insert your own variation here). Have a program read all cmp eax, edx (or cmp edx, eax) opcodes and output 0 for the first and 1 for the second.
I personally think this is just another government handout. There are so many much easier ways to hide a secret message than using a phone. Hell, they could just post one of those stupid lolcat pictures on the web with the message inside. The operative would only have to know something like "check all pictures of brown kittens on website X" or some such. All it takes is a single face to face meeting for the bad guy to have all the info he'll need to get orders through the web. I think they are trying to push technology as the answer when what they need is more field agents in hostile countries. But that's my 02c, YMMV.
ACs don't waste your time replying, your posts are never seen by me.
I personally would like to thank these gentlemen for working so hard to find a way to destroy watermarks in audio ripped from various sources. Watermarks are hidden data in audio, right? So do you think adding watermarks may become an act of terror now?
Insert pithy comment here.
Just two facts, that noone has seemed to mention here:
;-)
a.) The project is a feasibility evaluation, and as such doesn't have to produce results.
b.) The Austrian Ministry of Defence is supporting this project.
This isn't even remotely like DARPA, so chill out
Powerful is he who overpowers his temptations.
I couldn't read TFA as Google translation was hung, but I question the summary's definition of steganography as hiding data in the "background noise".
If you read wikipedia's steganography entry, you'll see no mention of background/foreground noise in the definition. My understanding is that steganography generally alters the lowest order bits in a audio/video/image files so that pixels/samples are indistinguishably altered. Trivial example with RGB values...you will probably not notice the difference between #FFFFFF and #FEFEFE or #FFFEFF, so if you simply overwrite the lowest bit of each R, G and B value with the data you wish to hide, you can store 3 bits per RGB pixel without visibly changing the appearance of the image. At least in this instance, background/foreground noise is not part of the equation.
The only reason it might make sense to focus on background noise is if they are only looking to embed a message in the actual analog audio signal; for instance, clicks and pops sequenced in such a way as to be decipherable as data. That seems to me like a pretty narrow avenue to focus on, and I wonder if anyone is even known to use such a method these days.
Momentarily, the need for the construction of new light will no longer exist.
http://www.youtube.com/watch?v=-Xn94fq8CUk is what his ascii breaks down to if anybody else was curious...
:wq