Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking Steganosonic Data In Phone Calls

Posted by kdawson on from the could-you-repeat-that-please dept.

psyced writes "Steganography is a technique to encode secret messages in the background noise of an audio recording or photograph. There have been attempts at steganalysis in the past, but scientists at FH St. Pölten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise (link is to a Google translation of the German original) on a level that stays inaudible or invisible, yet destroys any message encoded within. I wonder if this method could be applied to hiding messages in executables, too."

14 of 185 comments (clear)

  1. Not going to work.... by dgatwood · · Score: 4, Interesting

    That's completely pointless. All it does is create an arms race. Any amount of noise you add can simply be dealt with by including the stego data more than once or using checksums or whatever. Any amount of damage sufficient to prevent any possibility of hidden messages would result in significant audible alteration of the sound to the point of unusability....

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

    1. Re:Not going to work.... by Brian+Gordon · · Score: 3, Interesting

      Obviously if they modify the background noise then no amount of ECCs could recover anything from it since they're modifying all of the ECCs too.. unless you knew exactly what shifting frequencies they were using or something, but that's just reversing the damage, not working through it.

    2. Re:Not going to work.... by jd · · Score: 4, Interesting

      You're probably right. Block-length FEC and Turbo Codes allow you to fix errors assuming bursty data corruption of exactly this kind, which is why NASA uses them for deep space missions. You can't exactly ask a probe on the edge of the solar system or skimming geysers to repeat itself. With sound, there's also the fact that you've multiple parameters - delay, amplitude and frequency. Unless they plan to randomize all three, you can use any of the others for covert data. Data compression isolates anything either side, so whatever they are "protecting" is limited to that one side. Shouldn't be hard to use the other.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    3. Re:Not going to work.... by CastrTroy · · Score: 2, Interesting

      But by completely removing the ability for them to transmit the data, they've also lost the ability to catch people who want to transmit data this way. If you know how to break their codes, don't tell them, because they will find some other way of transmitting the data more securely.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    4. Re:Not going to work.... by ColoradoAuthor · · Score: 3, Interesting

      The jamming will also easily be defeated by an entirely new branch of coding theory using the BBC algorithm (http://crisp.cs.du.edu/frisc/baird.pdf). Error correction is distributed throughout the data stream, so even if the jammer completely obliterates parts of the signal--to the point that the original signal is unintelligible--the coded message will still get through.

      This coding theory is handy for all sorts of stuff, from military comms to cell phones to MIMO access points. And unlike most crypto stuff, it's rather simple to understand and implement.

  2. bad pre-emptive move by Anonymous Coward · · Score: 1, Interesting

    I can only see bad things coming from this.

    Imagine the worst-case scenario; Congress forces all telcos to install this sort of technology on all phone lines. Why not? If you don't put up with hissing on your phone line, you're helping a terrorist, no?

  3. Re:Can I add random noise to a .exe file...? by yoris · · Score: 5, Interesting

    Yes you can. Some examples: - replace "add 1024" with "substract -1024" - replace "if greater then 100" with "if greater then or equal to 99" - replace "copy a to b, copy c to d" by "copy c to d, copy a to b" Just have a look at any assembly language and use your imagination. To make matters even simpler, there are operators which completely ignore certain parameters (e.g. a JUMP operator which only takes 1 parameter leaves room for hidden data in the 2nd and 3rd operator field). There are plenty of instructions or combinations of instructions which leave room to such minor changes without any difference in execution. So for the steganographers, the goal would be to look for all of such instances in an executable, then agree on some kind of code (for example "add n" is a 1, "substract -n" is a 0). Semantically there is no difference, both codes will result in the exact same execution, but you found some wiggle room to leave a message. It was reported on Slashdot a few years ago.

  4. Arrogant bastards! by pla · · Score: 4, Interesting

    scientists at FH St. Polten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise

    ...And once again, they treat all of us like criminals for the sake of annoying (not even preventing or catching) the 0.0001% that really pose a threat.

    Good work, guys - Even a classic BOFH has higher efficacy and useability standards than anything related to the War on Non-Western, Non-Irish, Non-Russian (and "non-former-Soviet") Terror. At least the BOFH's systems work for him, you asshats can't even manage that despite taking all that daaaaaaangerous toothpaste away from us.

    However, even I overstate the case here - Encoding data in background noise doesn't break any laws!

    We all have every right to send hidden data, or even to use hard encryption right in plain sight. However, exercising that right may lead to some undue scrutiny, and thus we expose the real reason for techniques like this... Erosion of plausible deniability, which The Powers That Be loathe far, far more than any actual threat. It looks bad to just deport and torture someone with no evidence. But if you can demonstrate that he had (gasp!) something he didn't want the whole world to know about (because only criminals have secrets, of course), well then the sheep will approve of going all Jack Bauer on him.

  5. Wow, more money spent on foolishness by kurt555gs · · Score: 3, Interesting

    This could be better spent on more cell towers, or not allowing bastard fone companies to charge $200.00 termination fees.

    Stopping secret messages? , puleeese.

    "John has a long mustache"
    "The chair is against the wall"

    Stop that!

    --
    * Carthago Delenda Est *
  6. The real question is.. by lakiw · · Score: 5, Interesting
    How often do people hide data in the background noise of their phones? Is this a big enough problem that we should care about solving it? I mean, first of all you need a program to do the stego, (short of having someone talk really softly in the background). Then you would need to play back the recording during your conversation. Wouldn't it be easier for the criminal to send an encrypted e-mail instead? Given a choice, I'll pick strong crypto over stegonography any day. The only good thing about stego is it's useful if whatever authority in charge blocks all unauthorized messages.

    It's along the lines of "How do you tell if there are stego images on someone's computer?"

    Answer:You find the stego converter tool on their harddrive.

    1. Re:The real question is.. by smellsofbikes · · Score: 2, Interesting

      I don't know how often people have done this with phones. I've done stego in noise in pictures, when I was exchanging email with a friend who was living in China; we used a Matlab function. (It relied on her getting pictures from me and comparing them to the originals posted on a US-based website.)
      The nice thing was precisely that it wasn't encrypted so the messages didn't just disappear, as so many others we sent did. (We started serializing our messages so we could tell when ones were going missing.)
      So while it's unclear that this particular setup is useful, I can say that homebrew implementations of stego exist and are being used, particularly if a lame amateur coder like me has made one.

      And yes, someone looking on her computer could've found the deconverter, but unless you know what you're looking for, you probably don't know that you've found a deconverter, when it's one of dozens of big complicated programs. Security through obscurity isn't reliable, but it can work.

      --
      Nostalgia's not what it used to be.
  7. Snoops by Detritus · · Score: 2, Interesting
    How about not monitoring my calls in the first place? I am at a loss to understand the mindset of a person who thought that this was a problem that needed a solution.

    I want end-to-end encryption on all my calls. This could be added to cell phones with some modest changes. Not having it on VOIP is just inexcusable. If the FBI wants to tap my phone, why don't they get off their lazy asses, obtain a warrant, and do some actual work, rather than expecting everything to be handed to them on a silver platter, complete with booze and hookers. I'm under no obligation to make it easy for them.

    --
    Mea navis aericumbens anguillis abundat
  8. Sounds impossibly by MobyDisk · · Score: 2, Interesting

    If you could detect and modify the background noise, then you could simply eliminate it. But I don't think that is possible, since what makes something "background noise" is the fact that it can't really be removed without damaging the foreground signal. If it could, you would have a perfect signal-to-noise ratio. Such a technology could be used to improve the bandwidth, compression ratios, etc. - which is something far more useful than fearmongering.

    Unfortunately, I don't real have anything to go on other than a Google translated abstract, a Slashdot headline, and armchair knowledge of electronics. Anyone care to correct me?

  9. A background noise jammer... how quaint by Anonymous Coward · · Score: 1, Interesting

    It is slightly amusing that state is so far behind in this one area of surveillance. The method proposed here to futz with the voice content aspect of the call would have been effective up to, say, 1988, after which point it became easier to encode and retrieve the juicy bits in some other aspects of the call.

    Without giving away too may secrets (from the 1990s, even though the state of the art is now significantly more advanced), think about the temporal and spatial information is transmitted by the act and protocol of initiating one phone call (from or to a cellular or landline endpoint). Think about the possibilities with initiating and (optionally not) terminating a series of phone calls. Any Asterisk admins lurking here will be familiar with the type of instrumentation required to execute this technique, putting as much or as little in the clear as desired. Now recall that some organizations using these techniques also use particular codebooks which need not be hidden and carry very specific meanings in context understood only by members of a specific group.

    And remember: sometimes the most important part of a message is that which is not said.