Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking Steganosonic Data In Phone Calls

Posted by kdawson on from the could-you-repeat-that-please dept.

psyced writes "Steganography is a technique to encode secret messages in the background noise of an audio recording or photograph. There have been attempts at steganalysis in the past, but scientists at FH St. Pölten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise (link is to a Google translation of the German original) on a level that stays inaudible or invisible, yet destroys any message encoded within. I wonder if this method could be applied to hiding messages in executables, too."

16 of 185 comments (clear)

  1. Not going to work.... by dgatwood · · Score: 4, Interesting

    That's completely pointless. All it does is create an arms race. Any amount of noise you add can simply be dealt with by including the stego data more than once or using checksums or whatever. Any amount of damage sufficient to prevent any possibility of hidden messages would result in significant audible alteration of the sound to the point of unusability....

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

    1. Re:Not going to work.... by Zemran · · Score: 5, Funny

      would result in significant audible alteration of the sound to the point of unusability....

      Sounds like an average mobile phone call to me...

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    2. Re:Not going to work.... by Jah-Wren+Ryel · · Score: 4, Insightful

      Obviously if they modify the background noise then no amount of ECCs could recover anything from it since they're modifying all of the ECCs too Who says that the people with secrets will even try to encode them in the background noise?

      Maybe they will use the foreground noise -- for example, they could alter the pitch of the speaking voice to precisely fall into certain discrete frequency ranges, and then they occasionally bump a couple of samples into an 'unused' range and use those as a simple binary encoding of the secret data.

      If they use enough discrete frequency ranges, the general tone of the speaker's vioce won't be noticeably different and the occasional minor shifts in frequency for the encoded data will hardly stand out.

      That is just one example that I literally thought up in 30 seconds. I'm sure someone who was really concentrating could come up with much better ways to defeat the described countermeasures.
      --
      When information is power, privacy is freedom.
    3. Re:Not going to work.... by jd · · Score: 4, Interesting

      You're probably right. Block-length FEC and Turbo Codes allow you to fix errors assuming bursty data corruption of exactly this kind, which is why NASA uses them for deep space missions. You can't exactly ask a probe on the edge of the solar system or skimming geysers to repeat itself. With sound, there's also the fact that you've multiple parameters - delay, amplitude and frequency. Unless they plan to randomize all three, you can use any of the others for covert data. Data compression isolates anything either side, so whatever they are "protecting" is limited to that one side. Shouldn't be hard to use the other.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    4. Re:Not going to work.... by badfish99 · · Score: 4, Insightful

      More likely, the people with secrets would just use some other method to communicate them.

      Given that this project is (according to TFA) partnered by the Ministry of Defence, this smells to me like someone spending a lot of money defending against a non-existent threat. What's the betting they used the magic word "terrorism" in their grant application?

    5. Re:Not going to work.... by StuckInSyrup · · Score: 4, Funny

      (since the signals used to transmit the secret message are the same as the ones transmitting the public message, and they do not have permission for destroying the public message) Did you just call a phone call a "public message"? Man, you are even more cynic about privacy than I am.
      --
      Ni.
    6. Re:Not going to work.... by cnettel · · Score: 4, Insightful

      On top of this, if you have a VOIP/GSM phone, you probably have email. Why not just send encrypted email? Why jump through hoops trying to send stenographic data through the phone system.
      (More) deniability.
    7. Re:Not going to work.... by gstoddart · · Score: 4, Insightful

      On top of this, if you have a VOIP/GSM phone, you probably have email. Why not just send encrypted email? Why jump through hoops trying to send stenographic data through the phone system.

      Because, they can tell when you send an encrypted e-mail.

      The whole point of steganography is to embed the secret message in something you broadcast in the clear, and have nobody be any the wiser that you are, in fact, sending hidden data. You give up your covertness when you observably send something secret. If nobody knows you sent it, they're not looking for it. They just think you were talking about your aunt's petunias.

      Think of it as analogous to fieldcraft for spies -- you're supposed to be able to do something completely innocuous so that they can't ever confirm that you've actually done something nefarious.

      This system is trying to preemptively just eliminate the ability to send something embedded in a clear-channel communication. Basically, take away your ability to send an encrypted sub-channel in your normal conversation.

      Cheers
      --
      Lost at C:>. Found at C.
  2. Not a secret message. by Creepy+Crawler · · Score: 5, Funny

    The butterfly flaps its wings twice.

    I repeat, the butterfly flaps its wings twice.

    --
    1. Re:Not a secret message. by Chrisq · · Score: 4, Funny

      The butterfly flaps its wings twice.

      I repeat, the butterfly flaps its wings twice.

      Please clarify immediately. Is that just a repetition or does the butterfly flap its wings four times. This could be the difference between a gang of naked teenagers invading Prime Minister's question time and the defacing of Nelson's column.

  3. As the tag says: encryption. by Rah'Dick · · Score: 4, Insightful

    I wonder if we will ever have widespread end-to-end encryption for all of our private communication, so that "service providers" cannot mess with our actual message and/or data stream. I guess there will always be someone making a profit by preventing this on a legal level, sadly. When will the "mindless consumer" finally wake up and kick the government that allows all this?

  4. Microsoft uses that. by SharpFang · · Score: 4, Funny

    I wonder if this method could be applied to hiding messages in executables, too.

    Yes, a similar method has been employed by Microsoft to all the executables it ever released, ever since the times of MS-DOS.
    After compilation they run the program through a special utility that modifies a few bits in the executable at random. Then they run the resulting executable through some tests and if it passes, they release it, if it crashes, they try with a different random bits.

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  5. Re:Can I add random noise to a .exe file...? by yoris · · Score: 5, Interesting

    Yes you can. Some examples: - replace "add 1024" with "substract -1024" - replace "if greater then 100" with "if greater then or equal to 99" - replace "copy a to b, copy c to d" by "copy c to d, copy a to b" Just have a look at any assembly language and use your imagination. To make matters even simpler, there are operators which completely ignore certain parameters (e.g. a JUMP operator which only takes 1 parameter leaves room for hidden data in the 2nd and 3rd operator field). There are plenty of instructions or combinations of instructions which leave room to such minor changes without any difference in execution. So for the steganographers, the goal would be to look for all of such instances in an executable, then agree on some kind of code (for example "add n" is a 1, "substract -n" is a 0). Semantically there is no difference, both codes will result in the exact same execution, but you found some wiggle room to leave a message. It was reported on Slashdot a few years ago.

  6. Arrogant bastards! by pla · · Score: 4, Interesting

    scientists at FH St. Polten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise

    ...And once again, they treat all of us like criminals for the sake of annoying (not even preventing or catching) the 0.0001% that really pose a threat.

    Good work, guys - Even a classic BOFH has higher efficacy and useability standards than anything related to the War on Non-Western, Non-Irish, Non-Russian (and "non-former-Soviet") Terror. At least the BOFH's systems work for him, you asshats can't even manage that despite taking all that daaaaaaangerous toothpaste away from us.

    However, even I overstate the case here - Encoding data in background noise doesn't break any laws!

    We all have every right to send hidden data, or even to use hard encryption right in plain sight. However, exercising that right may lead to some undue scrutiny, and thus we expose the real reason for techniques like this... Erosion of plausible deniability, which The Powers That Be loathe far, far more than any actual threat. It looks bad to just deport and torture someone with no evidence. But if you can demonstrate that he had (gasp!) something he didn't want the whole world to know about (because only criminals have secrets, of course), well then the sheep will approve of going all Jack Bauer on him.

  7. Steganography and watermarking. by MartinG · · Score: 5, Insightful

    I'm sure someone will correct me if I have missed something, but it seems to me that the desire by some to hide irremovable watermarks within digital streams is a similar technical challenge to adding steganographic content. Similarly, those attempting to destroy watermarks will face the same problems as those wishing to remove or destroy steganographic content.

    The interesting thing is who is on which side of the battle.

    Generally it's corporations who like the idea of watermarks, and individuals who don't. Individuals do however like steganography, but the authorities don't. It will be interesting to see who develops what technologies and who, if anyone, wins this arms race.

    --
    -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
  8. The real question is.. by lakiw · · Score: 5, Interesting
    How often do people hide data in the background noise of their phones? Is this a big enough problem that we should care about solving it? I mean, first of all you need a program to do the stego, (short of having someone talk really softly in the background). Then you would need to play back the recording during your conversation. Wouldn't it be easier for the criminal to send an encrypted e-mail instead? Given a choice, I'll pick strong crypto over stegonography any day. The only good thing about stego is it's useful if whatever authority in charge blocks all unauthorized messages.

    It's along the lines of "How do you tell if there are stego images on someone's computer?"

    Answer:You find the stego converter tool on their harddrive.