Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking Steganosonic Data In Phone Calls

Posted by kdawson on from the could-you-repeat-that-please dept.

psyced writes "Steganography is a technique to encode secret messages in the background noise of an audio recording or photograph. There have been attempts at steganalysis in the past, but scientists at FH St. Pölten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise (link is to a Google translation of the German original) on a level that stays inaudible or invisible, yet destroys any message encoded within. I wonder if this method could be applied to hiding messages in executables, too."

8 of 185 comments (clear)

  1. Not going to work.... by dgatwood · · Score: 4, Interesting

    That's completely pointless. All it does is create an arms race. Any amount of noise you add can simply be dealt with by including the stego data more than once or using checksums or whatever. Any amount of damage sufficient to prevent any possibility of hidden messages would result in significant audible alteration of the sound to the point of unusability....

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

    1. Re:Not going to work.... by Brian+Gordon · · Score: 3, Interesting

      Obviously if they modify the background noise then no amount of ECCs could recover anything from it since they're modifying all of the ECCs too.. unless you knew exactly what shifting frequencies they were using or something, but that's just reversing the damage, not working through it.

    2. Re:Not going to work.... by jd · · Score: 4, Interesting

      You're probably right. Block-length FEC and Turbo Codes allow you to fix errors assuming bursty data corruption of exactly this kind, which is why NASA uses them for deep space missions. You can't exactly ask a probe on the edge of the solar system or skimming geysers to repeat itself. With sound, there's also the fact that you've multiple parameters - delay, amplitude and frequency. Unless they plan to randomize all three, you can use any of the others for covert data. Data compression isolates anything either side, so whatever they are "protecting" is limited to that one side. Shouldn't be hard to use the other.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    3. Re:Not going to work.... by ColoradoAuthor · · Score: 3, Interesting

      The jamming will also easily be defeated by an entirely new branch of coding theory using the BBC algorithm (http://crisp.cs.du.edu/frisc/baird.pdf). Error correction is distributed throughout the data stream, so even if the jammer completely obliterates parts of the signal--to the point that the original signal is unintelligible--the coded message will still get through.

      This coding theory is handy for all sorts of stuff, from military comms to cell phones to MIMO access points. And unlike most crypto stuff, it's rather simple to understand and implement.

  2. Re:Can I add random noise to a .exe file...? by yoris · · Score: 5, Interesting

    Yes you can. Some examples: - replace "add 1024" with "substract -1024" - replace "if greater then 100" with "if greater then or equal to 99" - replace "copy a to b, copy c to d" by "copy c to d, copy a to b" Just have a look at any assembly language and use your imagination. To make matters even simpler, there are operators which completely ignore certain parameters (e.g. a JUMP operator which only takes 1 parameter leaves room for hidden data in the 2nd and 3rd operator field). There are plenty of instructions or combinations of instructions which leave room to such minor changes without any difference in execution. So for the steganographers, the goal would be to look for all of such instances in an executable, then agree on some kind of code (for example "add n" is a 1, "substract -n" is a 0). Semantically there is no difference, both codes will result in the exact same execution, but you found some wiggle room to leave a message. It was reported on Slashdot a few years ago.

  3. Arrogant bastards! by pla · · Score: 4, Interesting

    scientists at FH St. Polten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise

    ...And once again, they treat all of us like criminals for the sake of annoying (not even preventing or catching) the 0.0001% that really pose a threat.

    Good work, guys - Even a classic BOFH has higher efficacy and useability standards than anything related to the War on Non-Western, Non-Irish, Non-Russian (and "non-former-Soviet") Terror. At least the BOFH's systems work for him, you asshats can't even manage that despite taking all that daaaaaaangerous toothpaste away from us.

    However, even I overstate the case here - Encoding data in background noise doesn't break any laws!

    We all have every right to send hidden data, or even to use hard encryption right in plain sight. However, exercising that right may lead to some undue scrutiny, and thus we expose the real reason for techniques like this... Erosion of plausible deniability, which The Powers That Be loathe far, far more than any actual threat. It looks bad to just deport and torture someone with no evidence. But if you can demonstrate that he had (gasp!) something he didn't want the whole world to know about (because only criminals have secrets, of course), well then the sheep will approve of going all Jack Bauer on him.

  4. Wow, more money spent on foolishness by kurt555gs · · Score: 3, Interesting

    This could be better spent on more cell towers, or not allowing bastard fone companies to charge $200.00 termination fees.

    Stopping secret messages? , puleeese.

    "John has a long mustache"
    "The chair is against the wall"

    Stop that!

    --
    * Carthago Delenda Est *
  5. The real question is.. by lakiw · · Score: 5, Interesting
    How often do people hide data in the background noise of their phones? Is this a big enough problem that we should care about solving it? I mean, first of all you need a program to do the stego, (short of having someone talk really softly in the background). Then you would need to play back the recording during your conversation. Wouldn't it be easier for the criminal to send an encrypted e-mail instead? Given a choice, I'll pick strong crypto over stegonography any day. The only good thing about stego is it's useful if whatever authority in charge blocks all unauthorized messages.

    It's along the lines of "How do you tell if there are stego images on someone's computer?"

    Answer:You find the stego converter tool on their harddrive.