Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Calculate Capacity of a Steganographic Channel

Posted by timothy on from the intentionally-not-left-blank dept.

KentuckyFC writes "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) The central problem for steganographers is how much data can be hidden without being detected. But the complexity of this problem has meant it has been largely ignored. Now two computer scientists (one working for Google) have made a major theoretical breakthrough by tackling the problem in the same way that the electrical engineer Claude Shannon calculated the capacity of an ordinary communications channel in the 1940s. In Shannon's theory, a transmission is considered successful if the decoder properly determines which message the encoder has sent. In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract). Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

114 comments

  1. counter-intuitive results? by ccguy · · Score: 4, Funny

    The results are interesting and in some cases counter-intuitive (for example, adding noise to channel can increase its steganographic capacity

    How is that counter-intuitive? Many of us regularly backup our stuff here in slashdot, and no one has complained so far (which, being the slashdot crowd what it is, is definite proof that no one has noticed).

    In fact, a port of gmail drive to slashdot is already in beta.

    1. Re:counter-intuitive results? by russotto · · Score: 1

      It's not counter-intuitive at all that adding noise to a channel can increase its steganographic capacity, since steganographic data can look like noise.

    2. Re:counter-intuitive results? by ccguy · · Score: 1, Insightful

      That's what I'm saying.

      Slashdot. Noise and redundancy. Backup for nerds.

    3. Re:counter-intuitive results? by Anonymous Coward · · Score: 2, Funny

      Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Maecenas non felis. Cras in ligula in odio pellentesque vehicula. Aliquam metus nulla, venenatis sit amet, feugiat nec, pharetra ut, justo. Fusce tincidunt, massa eu iaculis iaculis, lacus nisi ullamcorper orci, ac sodales arcu massa at urna. Ut mattis nulla interdum urna. Praesent consequat. Fusce pede diam, pretium tempor, egestas eget, rhoncus in, sem. Sed semper. Nam in lorem sed nisl blandit commodo. Donec tempus, eros vel fermentum dictum, nibh sem imperdiet arcu, quis porttitor pede mauris eu mi. Aenean eu dui nec ligula dapibus aliquam. Integer eget libero nec velit pellentesque facilisis. Pellentesque diam sapien, auctor sit amet, mollis et, condimentum quis, nisi. Proin in libero nec nulla suscipit varius. Vestibulum facilisis enim sed magna semper tempus. Aliquam posuere. Fusce suscipit ante at nulla tincidunt fringilla. Aliquam fringilla dui eget ante. Ut rhoncus tortor nec pede.

      Aenean posuere. Suspendisse vehicula ornare lectus. Aliquam eros sem, iaculis id, consequat eu, varius ac, elit. Sed feugiat pretium est. Vivamus tellus elit, convallis et, pulvinar vitae, egestas id, justo. Vivamus id dui. Donec lacus. Phasellus placerat pharetra felis. Donec sed pede in lacus pretium porta. Maecenas semper imperdiet est. Mauris varius. Lorem ipsum dolor sit amet, consectetuer adipiscing elit.

    4. Re:counter-intuitive results? by DarthJohn · · Score: 3, Insightful

      That's not what it says (somebody fixed a typo in the summary?).

      in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel

      More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.

    5. Re:counter-intuitive results? by russotto · · Score: 1
      It says both:

      The results are interesting and in some cases counter-intuitive (for example, adding noise to channel can increase its steganographic capacity and in some cases, mounting two attacks on a channel instead of one can do the same)

      I find the second counterintuitive, but the first not so. Perhaps the article-writers intended for the first to be "interesting" and the second "counter-intuitive", but to be fair to the summary-writer, it's not that clear.

    6. Re:counter-intuitive results? by Anonymous Coward · · Score: 2, Funny

      Is that what they mean? It's very counterintuitive if so.

      I read it to mean that if the user (rather than the interceptor) uses various algorithms to store data he can store more data, which is not counter-intuitive at all.

      Bugger, we're going to have to RTFA.

    7. Re:counter-intuitive results? by Anonymous Coward · · Score: 0

      Where can I get your viagra again? Thank you!

    8. Re:counter-intuitive results? by Anonymous Coward · · Score: 0

      So that right-wing nutjob I've been arguing with is just a fragment of somebody's backup?

      I think that means I lost an argument. On the internet.

    9. Re:counter-intuitive results? by Golddess · · Score: 1

      More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.

      Not more people, different people. IE, say you've got a channel with two sets of hidden data intermingled with each other. One algorithm will decode the one set, while a second algorithm decodes the second.

      At least that's how it sounded to me.

      --
      "I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-
    10. Re:counter-intuitive results? by Anonymous Coward · · Score: 0

      Bugger, we're going to have to RTFA.

      Good luck. Just took a look at the thing, and it's actually a Real Academic Paper, which means that the (probably singular, and probably only minorly clever, if it's anything like most papers I've read) essential nugget of logic is so severely obfuscated by mathematical technicalities that you'd have to study the damn thing for quite a while to figure out what it is - at the very least you have to read it enough to figure out what their symbols all mean. As far as math papers go, it's not that bad, but at least I don't care enough about the result to put in the hours that it would take.

      Ah, for the days when I actually could afford to spend hours each day poring over research papers in fields that have nothing to do with my own...

      Does anyone that does care enough to read it feel like sharing a "close enough for physics" summary?

    11. Re:counter-intuitive results? by Anonymous Coward · · Score: 0

      State your affiliations, my son!

    12. Re:counter-intuitive results? by Anonymous Coward · · Score: 0

      DAMN, now why didn't i think of that?

      Thanks!

    13. Re:counter-intuitive results? by danielpauldavis · · Score: 1

      "Steganography" sounds like what God did with the Bible, leaving various messages "encoded" in the text of Scripture. The method of having only those the message is intended for find it is ironically simple: those who don't credit the Bible for reliability won't look for them in the first place. Those who do, will study the Bible and incidentally find them in that study.

      --
      Cranky educator.
  2. Need for steganography by CRCulver · · Score: 4, Interesting

    Around the turn of the millennium steganography became a big topic, the idea being that using PGP would only draw attention from the authorities. In my Amazon review of Schneier's Applied Cryptography I even complained that Bruce didn't talk about how to hide even the use of crypto.

    But now that SSL is everywhere and the use of encrypted VPNs is a typical part of telecommuting, I don't think cryptography suggests the same anti-authoritarian counter-culture rumblings it used to. Do we need to hide crypto anymore?

    1. Re:Need for steganography by zappepcs · · Score: 4, Interesting

      Well, there may not be a pressing public need to hide cryptography usage, but if you want your data secure from prying eyes, additional measures are a good idea. Blue-Ray just got hacked (again) and it was supposed to be valid security for a decade... right?

      If what you encrypt with can be broken by others, then it is not doing the intended job. If you use PGP, and the decrypted message between you and another trusted user is encrypted already, the likelihood of your message being decoded is substantially less.

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.

      Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.

      Both the PGP and this encryption (or another) can be decoded quickly on the fly. It's possible that those pesky 'terrorists' could be using v1 aGr4 spam to send messages.

      --
      Support NYCountryLawyer RIAA vs People
    2. Re:Need for steganography by Ngarrang · · Score: 5, Insightful

      Do we need to hide crypto anymore?

      Yes. There are many places in this world where freedom of information is oppressed. Having a method of communicating in the clear without raising any red flags is a Good Thing(tm).

      For example, let's say you are an evil political dissident in China, trying to spread ideas of democracy and capitalism. If you send an encrypted message to your corrupt imperialist American ally, that seems suspicious. If you have nothing to hide, then why are you hiding it?

      But, if you can send your friend a message about how you are growing corn in relatively poor conditions and how great the local government has been in supporting the effort...with a stego message hidden inside, then that is probably going to slip right through.

      The best way to not get caught is to look like there is nothing to catch.

      --
      Bearded Dragon
    3. Re:Need for steganography by lysergic.acid · · Score: 2, Interesting

      "ordinary" people don't, and never really have. but there will always be people who need to transfer information undetected--spies, for instance.

      if you're an undercover law enforcement agent, you could communicate with your agency without blowing the risk of blowing your cover by using steganography; likewise for whistleblowers who need to get information out of an organization with tight security. steganography would also be useful during wartime when cryptography isn't an option, or isn't enough.

      i'm sure there are probably much more mundane uses for steganography as well, but you get the idea.

    4. Re:Need for steganography by Vellmont · · Score: 1


      Do we need to hide crypto anymore?

      Even the strongest crypto implementation and algorithm is still subject to Rubber Host Crypt-analysis, or even "court ordered cryptanalysis". In those cases stego would have some protection against these techniques.

      --
      AccountKiller
    5. Re:Need for steganography by Ginger+Unicorn · · Score: 1

      Rubber Host

      is that some kind of dominatrix that holds swinger's parties or something?

      --
      (1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
    6. Re:Need for steganography by Ironsides · · Score: 3, Insightful

      Bluray is not a good counterpoint. Bluray is not designed to keep the contents from being read by anyone but the 'appropriate person', it is designed to keep anyone from copying it. However, it still meeds to be readable in the player. As such, it is like trying to keep someone from photocopying something while they still need to be able to read/view it. In encryption, you don't care if the 'appropriate person' copy it, you just don't want anyone else to be able to view it.

      --
      Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
    7. Re:Need for steganography by zappepcs · · Score: 2, Interesting

      While that is all true, I mentioned Blue-ray only because it was supposed to be tough encryption to break. "Supposed to be" is the key part of that sentence, and it demonstrates how fragile simple encryption really is.

      While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different. There are algorithms that can determine much of what you wrote by looking at repeating characters. Length of words etc. making ROT13 style easy to decode. It also makes the cadence or meter of your normal words decipherable. So, if a cracker can figure out PGP, even guessing brute force at the private key, there are many techniques that help them. If your text is encoded twice, those added techniques are of arguably little value.

      --
      Support NYCountryLawyer RIAA vs People
    8. Re:Need for steganography by blueskies · · Score: 1, Insightful

      You really think McPalin is going to get elected?

    9. Re:Need for steganography by Anonymous Coward · · Score: 1

      China is capitalist. Get your facts straight. It is very very capitalist. It just happens to be run by the new gen Communist Party, which allows capitalism.

    10. Re:Need for steganography by Sancho · · Score: 2, Insightful

      What was broken was not encryption. It's a form of DRM which did not rely on encryption.

      BD+ (the DRM component which they claimed would last for 10 years) is a virtual machine on which a disc can run arbitrary code. The disc can run this code to try to guess at the authenticity of the player in which it is being played. The idea is that if a player has been tampered with, it can be detected by the disc. It also means that as new attacks on players become possible, it's possible to update the checks that the disc uses BD+ to perform. If the player doesn't pass the check, the disc refuses to play.

      Surprise, surprise, it was possible to reverse engineer the virtual machine, and now unauthorized players can run the code and tamper with the results.

      So this is both a poor example of how fragile encryption can be (it's not encryption) and a bad example of keeping data from prying eyes (as the other guy pointed out, Blu-ray is designed to be viewed.)

      Worse:

      While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different.

      Known-plaintext attacks are an understood phenomenon, and encryption algorithms are designed to thwart them. Blu-ray encryption uses AES, which is believed to be secure from this sort of attack.

    11. Re:Need for steganography by SpurtyBurger · · Score: 1

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate

      Looks like the spam I get just about every day! The only thing missing is the cheap c14L15 ;)

    12. Re:Need for steganography by Anonymous Coward · · Score: 0

      I can get : In terse I think you are wrong

      the rest of it I can't see anythin ...

    13. Re:Need for steganography by Anonymous Coward · · Score: 0

      No, be proud!

      More seriously though, just get it mainstream (as it arguably has become with torrent encryption, gmail https, etc.) and the "if you're hiding something you must be doing something wrong" stops looking so plausible. Everyone can't be doing something wrong can they? Then again a huge % of traffic is torrents (and they're not all downloading linux isos). -g

    14. Re:Need for steganography by Anonymous Coward · · Score: 0

      There is a trend towards more "comprehensive" government. Each new piece of legislation is another right we may never see again. Last time I checked, Obama didn't promise to veto every bill that fails to repeal a previous law.

    15. Re:Need for steganography by Anonymous Coward · · Score: 1, Funny

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.

      "In short, I think you are wrong, but it's your problem."

    16. Re:Need for steganography by DingerX · · Score: 2, Informative

      Don't disrespect it. In fact, steganography has had many many uses over the years. Naming just one case, steganography is the ultima ratio of intellectual property protection. Gulliver's Travels, for example, was published pseudonymously and "signed" steganographically. Even better, it was signed at least two ways, one using a "Soft" method, the other a "Hard" one. Right on the first page, Gulliver states: "Soon after my return from Leyden, I was recommended by my good master, Mr. Bates, to be surgeon to the Swallow." Evidently, Swallow is a synonym for "Swift", and the onanistic gag is thrown in for good measure. That's the one you're supposed to catch. Really fun, however, is the incipit: "My father had a small estate in Nottinghamshire: I was the third of five sons."

      I was the third of five sons: Cross out the third and fifth words, and the first letters of the remaining words form an anagram for "swift".

      Numerous other cases abound. I'm sure many of us have little coding tricks in which we "sign" our names. A watermark on a jpeg is nice, but it's even nicer if the guy who's going to swipe your images doesn't even know they're signed.

      Sometimes it helps to publish something anonymously; at other times, you might have a legitimate worry about your work being appropriated. In those cases, steganography has always been a savior.

    17. Re:Need for steganography by DerekLyons · · Score: 1

      If what you encrypt with can be broken by others, then it is not doing the intended job.

        WRONG.
       
      Cryptography only needs to be strong enough to protect the encoded contents for as long as said contents retain value. It does not need to remain unbroken forever.
       

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.
       
      Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.

      Wrong again - if it is worth the time of those attempting to decrypt your initial message, then it is worth their time to break the second layer.

    18. Re:Need for steganography by Anonymous Coward · · Score: 0

      "Supposed to be" by whom? It was Yet Another Encryption Method Designed By Idiots Who Should Have Taken A Proper One Off The Shelf.

      Same story as DVD-CSS and those Oyster cards. The fault is always that some idiot "invented" his own "encryption" and failed.

      Every proper encryption standard from DES onwards is uncrackable as far as we know (other than by brute force). But standards like CSS have trivial plaintext attacks.

      Regardless, OP's point is that you don't have to break the encryption to break the DRM. I'm not sure to what extent the BluRay DRM has been "cracked" but it's quite possible that this has been done without providing an actual attack on the main cipher.

    19. Re:Need for steganography by Anonymous Coward · · Score: 0

      "The disc" doesn't do anything at all. It's all in the player...

    20. Re:Need for steganography by zappepcs · · Score: 1

      Indeed, and that is a short, simply encoded message with easily discernible rules, if you know English and have a dictionary (in your head or otherwise).

      It can be much more complex but stay with simple rules, and without much effort it can make any message encrypted with PGP or whatever look like and be an encrypted message when the first decryption is complete. In fact, it might make no sense at all without having received the previous message, or perhaps not until you receive the next, or until your software scans the most recent page found when searching /. for the text in the 7th sentence.

      What amazed me lately is when a social web site was named as possibly being used by 'terrorists'. Fsck, all websites could be used by terrorists to pass messages. Fox news could be used to pass messages. It's all in how you encrypt etc. When you don't have to rely on a fixed key (public or otherwise) the encryption becomes much stronger. Encrypting with a public encoding scheme after doing so with a private one of a random nature will ensure a much better security of data. Yes, this can be used on publicly stored data, as part of emails or files on Google services etc. You can encrypt messages into graphics files, or MP3 files. Or store the secondary key in such publicly available files. Straight forward encryption will get broken.

      Yes, what I'm saying will take a bit extra time/effort, but when the prying eyes of the government are having to break 114 million different codes, all of which could be as strong as 256bit encryption, gathering everyone's packets becomes a bit of a nightmare. Stenographic encryption, or hiding the message in plain site is a good way to keep it safe. It's also easy to implement forms of it:

          2 4 40 15 57 110 23 61 115 39 96 55 77 53

      Another simple one there. That is what you would have after PGP decodes with the private key. Now additional code will render this to standard text.

      --
      Support NYCountryLawyer RIAA vs People
    21. Re:Need for steganography by Anonymous Coward · · Score: 0

      While that is all true, I mentioned Blue-ray only because it was supposed to be tough encryption to break. "Supposed to be" is the key part of that sentence, and it demonstrates how fragile simple encryption really is.

      Most DRM schemes package the key with the encrypted content; or the key in the player. If you don't have a copy of the key, you can't see the data that you payed for. While breaking the encryption on most DRM would take a very long time, finding where the keys are hidden doesn't. This is a flaw intrinsic to DRM as it currently implemented, and the very premise is flawed.

      Encryption is only as secure as the keys are secret.

      The people making claims about DRMs security and length are not generally the same experts who deal with the most common types encryption.

      While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different.

      This isn't how most DRMs are cracked, because most types of encryption have guards against this angle of attack. Moreover, if it were vulnerable this would require an identical version in clear. Thus, you don't need to unencrypted it, since you'd already have it in the clear.

      There are algorithms that can determine much of what you wrote by looking at repeating characters. Length of words etc. making ROT13 style easy to decode.

      ROT13, rotate 13, isn't a form of strong encryption. It is infact one of the weakest. Cryptogram replacement in general is not secure.

      So, if a cracker can figure out PGP, even guessing brute force at the private key, there are many techniques that help them.

      There are fundamental differences between ROT13 and PGP (or GPG as it is now called since being turned over to the FSF). Every time you encrypt with GPG or PGP to a public key a "session key" is created, the message is encrypted to that key (I think this usees AES), (then signed if you chose to sign the message), then the key is encrypted with an asymmetric encryption (RSA or that ilk) to the public key. The only one able to decrypt the session is the person(s) with the private key. If you manage to break the AES, which would get you much fame and glory (and likely job offers from the NSA), then you have the message and session keys only, not the GPG or PGP (RSA or that ilk) keys.

      Brute forcing the RSA keys is possible... Just not probable. The NSA, banking institutions, SSL, SSH and many other institutions and technology use RSA specifically because the probability of brute forcing the RSA key in a life time (more less the time at which the data is relevant) has a limit approaching zero.

      Brute forcing someones pass phrase if you have the other part of their key is more likely, but even that would take a considerable amount of time with a reasonably secure pass phrase.

      When I say brute force, I'm not talking about a person typing either, I mean a large cluster chugging at it.

    22. Re:Need for steganography by billcopc · · Score: 1

      That entirely depends on how you define right vs wrong.

      If something is disliked or unfavorable to the wealthy minority "wrong" ?

      Is doing something because everyone else doing it "right" ?

      The answer to both those questions should be: "Who cares!?" Right and wrong should be a personal thing. You don't like what someone else does ? Ok, your problem!

      --
      -Billco, Fnarg.com
    23. Re:Need for steganography by RulerOf · · Score: 1

      While that's interesting, how did you come to that conclusion?

      --
      Boot Windows, Linux, and ESX over the network for free.
    24. Re:Need for steganography by Anonymous Coward · · Score: 0

      a bad example of keeping data from prying eyes

      as many previous DRM threads have pointed out, the major failing of DRM is that it is trying to keep its data from prying eyes, but those prying eyes are yours. you are both the intended recipient of the data and the intruder, and that is why DRM can never succeed.

    25. Re:Need for steganography by element-o.p. · · Score: 1

      "ordinary" people don't [need steganography], and never really have.

      You're on acid (sorry, couldn't resist).

      "Ordinary" people *do* have a need for encryption and even steganography. I don't particularly want the government, my employer, or anyone else for that matter to know the private details of my life. They don't need to know what medications I take, for what conditions, what my personal finances are, etc. Suppose I am out of town on a trip, and I need to use a credit card that I left at home. Should I have my wife e-mail the number, the expiration date and the CCV code in the clear?

      When dealing with their own security, the government calls this "need to know." Other people don't need to know these details of my life, and therefore it is reasonable that I encrypt or hide these details in steganography when I use an insecure channel (like the Internet).

      --
      MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
    26. Re:Need for steganography by AttillaTheNun · · Score: 1
      Of course, you have to pick your carrier carefully or you will still raise suspicion.

      For example, it's obvious that any television show hosted by Bob Saget is nothing more than a carrier for stenographic communication between earth and our intergalactic overlords.

      Don't try to convince me that Full House and America's Funniest Home Videos survive on merit of ratings alone.

    27. Re:Need for steganography by Anonymous Coward · · Score: 0

      Places in the world where the freedom of information is oppressed? You mean like the current-day US or England?

      Regardless of whether the data you want to hide is, or could be considered, subversive the fact that you don't want it known or spread around is simple privacy. It's a sad state of affairs when the simple fact of wanting to keep something personal is considered questionable and subversive. China, among other countries, is long known for suppression of information. Sadly, it may be the future where the democratic societies outdo the supposed repressive societies for this type of thing.

      Steganography provides for a way to keep something private without drawing undue attention to itself. Searching for a stenographic message is more difficult than standard cryptography in that you have to detect whether it is there in the first place.

    28. Re:Need for steganography by Anonymous Coward · · Score: 0

      You really think McPalin is going to get elected?

      You really think whomever sits in that position has any clue whatsoever as to the most of the questionable activities of [insert 3-letter agency under their "control" here] at any given moment? Fucking please.

      Trust me, we have a need to protect our privacy in as many subtle ways as possible. Give it another few years of terrorism paranoia, and ANYONE using encryption on a regular basis for communications will be flagged as a terrorist and interrogated as such.

    29. Re:Need for steganography by lysergic.acid · · Score: 1

      um, read the post i was replying to. i never said normal people don't need cryptography. i was responding to the comment that there's no longer a need for steganography anymore just because encryption is commonplace.

      also, you gave no examples of when an ordinary person would need steganography instead of encryption.

    30. Re:Need for steganography by blueskies · · Score: 1

      Each new piece of legislation is another right we may never see again. Last time I checked, Obama didn't promise to veto every bill that fails to repeal a previous law.

      You are absolutely correct. Obama also didn't promise to fight for the rights of reindeer or promise to bring world peace.

      I hope you are confused as I am, because none of those things have anything to do with socialism--just like your post (although your sentence construction makes me think you are Palin *wink*)

    31. Re:Need for steganography by Whiteox · · Score: 1

      When was that discovered?
      Strangely (although typically), I did a thesis on Gulliver's Travels pointing out the various attacks on Newton and his physics. This was an historical work.
      At the same time, I modified a subset of it and turned it in as an English Lit. paper. Neither disciplines saw eye-to-eye on the same content!
      I was a bit bemused at the time and realised that truth and objectivity doesn't exist as far as historians and English literature are concerned.
      In my research (mid 1970's), I had never come across the steganographical aspect of Dean Swift's work(s). So I'm intrigued about your sources and knowledge about him.

      --
      Don't be apathetic. Procrastinate!
    32. Re:Need for steganography by complete+loony · · Score: 1

      ... which did not rely on encryption

      Yes, and no. Some of those "traps" that the BDVM code can call are cryptography methods. However the encryption keys used will either be generated by the BDVM code, or are already known from the AACS system.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    33. Re:Need for steganography by AmberBlackCat · · Score: 1

      The people, who really need cryptography, basically need the rest of us to use it even though we don't need it, so we will become the noise that keeps them from standing out.

    34. Re:Need for steganography by DingerX · · Score: 1

      I've got no idea. As an undergraduate, I took a bunch of courses with a crazed philologist (long before I realized that all philologists are crazed, and that I must bury somewhere in the apparatus the note that I am an historian), and he'd spout out random "facts," most of which I found out later were false. But Swift worked pretty well, and I have no idea where he picked that one out. He followed it up with one that claimed that if you take the opening of Lazarillo de Tormes and play acrostic with the first lines, you can bring out the name of Hurtado de Mendoza. I wasn't convinced by that one then.

    35. Re:Need for steganography by soliptic · · Score: 1

      Well it mostly looks like he mostly uses the first and last letter of each word, or the whole word if it's 3 letters. But I haven't figured out what goes on with "young" etc?

    36. Re:Need for steganography by Thaelon · · Score: 1

      The best way to not get caught is to look like there is nothing to catch.

      No, the best way to not get caught is to convince those watching you belong.

      --

      Question everything

    37. Re:Need for steganography by element-o.p. · · Score: 1

      'Kay...how about this: having data encrypted implies that there is something about the data that the originator doesn't want others to see. Curiosity causes others to want to know what exactly is so secret. Or perhaps, a script-kiddie wants to crack the data, just to see if he can. Or, in a more Orwellian vein, the NSA decides to crack the encryption because 1) "if you are encrypting you obviously have something to hide", or 2) just for practice.

      By hiding the data in your vacation pictures with steganography, no one even bothers to look.

      --
      MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
  3. Google is the perfect example by NotQuiteReal · · Score: 4, Insightful

    hiding a message in such a way that only the sender and receiver realize it is there

    I ignore lots of ads served up by them. They might as well not be there, I can't name one.

    --
    This issue is a bit more complicated than you think.
  4. Were's Waldo's message? by Ostracus · · Score: 2, Informative

    "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) "

    There's a secret message in this post. Can anyone find it?

    --
    Shai Schticks:"You don't make peace with friends, you make peace with enemies"
    1. Re:Were's Waldo's message? by Anonymous Coward · · Score: 5, Funny

      stegan O graphy i S T he a R t of hiding A message in su C h a way that only the sender and receiver realize it is there. (by contrast, cryptography disg U i S es the content of a message but makes no attempt to h I de it.)

      there' S a secret messa G e in this post. c A n an Y one find it?

    2. Re:Were's Waldo's message? by Anonymous Coward · · Score: 0

      You missed an *I* there old chap.

      But it's not a nice thing to talk about an ex lover like that.

      Didn't your mother tell you not to air your dirty laundry in public?

    3. Re:Were's Waldo's message? by taucross · · Score: 1

      Your and idiot :/

      --
      "In the absence of the ability to establish the attribute of truth they tried to establish the noble attributes."
  5. Already in use by xmarkd400x · · Score: 5, Funny

    In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract).

    When my girlfriend is talking on the phone, I am almost never aware that a message is being sent. She is so effective, in fact, that often when I am the intended recipient I am not aware that a message is being sent!

    1. Re:Already in use by Anonymous Coward · · Score: 0

      what girlfriend? First of all, you're on slashdot. No one believes you. Second of all, if you ignore her, she goes away... so, I ask again..
       
      What girlfriend?

    2. Re:Already in use by ceoyoyo · · Score: 3, Insightful

      That's the part about noise increasing the capacity of a cryptographic channel.

    3. Re:Already in use by jsalbre · · Score: 1

      See? She's so good at you you can't even tell she's there!

      --
      Jeremy http://alucinari.net
    4. Re:Already in use by Anonymous Coward · · Score: 0

      I find my new and improved version of PC new speak significantly improves my understanding!

  6. stego vs crypto vs compression by Anonymous Coward · · Score: 1, Interesting

    "for example, adding noise to channel can increase its steganographic capacity and in some cases, mounting two attacks on a channel instead of one can do the same)."

    Umm. Duh.

    Crypto and compressed data both tend to look like white noise. That makes them ideal stego candidates. When the data itself has a uniform distribution, it's really hard to to spot. It gets even harder if you apply a one time pad of random low-order bits to the stego medium and then modulate your signal in those bits. Thus, the actual channel capacity is nearly identical to the bitrate of the low order pre-wash bits. QED. No fancy assumptions needed.

    p.s. Nabalzbhf Pbjneq sbe Cerfvqrag!

  7. Abstract misinterpreted the paper. by argent · · Score: 3, Insightful

    Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

    That's not what the paper claims. It claims that when there are multiple detectors, adding noise to the channel between the two detectors can increase the available bandwidth. This isn't really all that counter-intuitive when you think about it.

    1. Re:Abstract misinterpreted the paper. by Anonymous Coward · · Score: 0

      When you boil everything down, nothing is counter-intuitive because once you realize why something is the way it is, then it makes sense. However, when you only see the cause and effect and not the underlying reason, sometimes its counterintuitive, such as, the more people looking, the more places there are to hide.

    2. Re:Abstract misinterpreted the paper. by argent · · Score: 1

      When you boil everything down, nothing is counter-intuitive

      Except quantum physics, voting paradoxes, and why the guy in the car in front of you doesn't close the gap in front of him before... oh god, there he goes again, let some jerk driving down the breakdown lane sneak in front of him. I tell you, some people...

    3. Re:Abstract misinterpreted the paper. by Anonymous Coward · · Score: 0

      "It isn't really all that counter-intuitive when you think about it"...Um...if you have to think about it, then by definition it is counter-intuitive...

    4. Re:Abstract misinterpreted the paper. by Onymous+Coward · · Score: 1

      And on page 8 of the arXiv PDF, "Composite steganalyzers", it says explicitly that the capacity of the composite channel (using multiple steganalyzers) is less than that of channels using any one of the analyzers alone.

      KFC at the arXiv blog got it wrong and the /. eds passed it on.

      Maybe there's a hidden message in the mistake?

      Probably not.

    5. Re:Abstract misinterpreted the paper. by argent · · Score: 1

      You're in a balloon.

  8. Stenography FTW by yttrstein · · Score: 3, Interesting

    I've always had a warm spot for stenography, and it's actually much handier for certain types of communications than others. For example, in the two nights preceeding the last Democratic National Convention that was held in Chicago (1996), a subversive media organization, armed with clunky digital cameras and a T-1 on the south side donated by the Teamsters photographed and filmed more than a hundred instances of police brutality, uploading them to the web with about a 30 minute delay.

    You had to actually drive downtown to where the T-1 terminated to upload things in those days, see.

    But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography. It went like this:

    I have a number, that number is 356-32395510. I tell you that number. Then I take an image file and UUencode it. (for those who don't remember what that does, it's great for turning a binary file into a flat text file without losing any data). Then I take the message that I want to give you and drop it manually into the UUencoded file, like this:

    Every third character on every second line starting from line 910, (the third, fifth and sixth digits of the are decoys) counting whitespace. The numbers always changed and had to be memorized when received as they were never written down. Everything to the left of the dash tells you what digits to the right of the dash are decoys. Use the number to find the characters and you have the message. Pull them out and you can UUdecode your picture again and look at it. Leave them in and the file looks merely corrupt. Email the stenographed file to the recipient who's memorized your number and there you have it.

    The upside to this method is plausible deniability. If the fuzz finds a corrupt file called "FATLADYSEXHAHA.uue" on your computer, they have nothing. However, if they find a PGP file that you refuse to open for them, there can be issues.

    Of course it's possible to break that kind of thing, but the point of stenography is that the man does not know it's a message of any kind, let alone a radical one all about how awesome cuba is.

    1. Re:Stenography FTW by zindorsky · · Score: 4, Informative

      I've always had a warm spot for stenography

      ...

      But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography.

      ...

      Of course it's possible to break that kind of thing, but the point of stenography

      So you hid your messages with stenography? The action of process of writing in shorthand or taking dictation? This word you keep using ... I do not think it means what you think it means.

      --
      If the geiger counter does not click, the coffee, she is not thick.
    2. Re:Stenography FTW by yttrstein · · Score: 0

      Wow, what a thoroughly embarrassing error that is. Thank goodness the rest of my post stands quite reasonably on it's own and contains no logical or factual errors, otherwise it may have been relevant to some sort of point to point out my consistent mistake.

    3. Re:Stenography FTW by Anonymous Coward · · Score: 0

      Your scheme provides little in the way of plausible deniability. For one thing it's trivial to notice that all your data is "corrupted" which sends up a giant red flag. Secondly, your encryption scheme totally sucks and could be broken by automated means within a few seconds.

      Next time do a little research and use proven techniques invented by people smarter than you.

    4. Re:Stenography FTW by Anonymous Coward · · Score: 0

      s/stenography/steganography/g

      There, fixed it for you.

    5. Re:Stenography FTW by Anonymous Coward · · Score: 0

      You could say you had a Palin moment!

    6. Re:Stenography FTW by yttrstein · · Score: 1

      I don't think I deserve that down-mod along with "zindorsky's" judgment here.

      Let me explain.

      This "zindorsky" person decided to pass no judgment or comment on the content of the post itself, but only stopped to correct my spelling and word usage, implying that not only was he already privy to the information contained in the post, but also that I'd misspelled the word in question--or more probably that I didn't know what the word was to begin with.

      So this next part is for you, "zindorsky":

      I have an agraphia aphemia, more precisely a Wernicke aphasia in morbid coupling with an ideomotor apraxia as a result of a brain injury some years ago. The result is interesting and bizarre---while I'm capable of typing well in excess of 120wpm on a low-travel keyboard, there are some words which are not accessible to my mind in written form. That means that I am capable of thinking of the word in my head, I can say it to myself, but I cannot imagine it spelled with letters at all, and I cannot even begin to type it. However, I've trained myself to cope with this minor issue by using very similar words and hope that context does the rest. And for about five years, up until now actually, it has.

      You'll notice a few consistently wrong words in many of my posts---but which are phonetically close to the inaccessible word. You'll also see inexplicably missing words in many of my posts, which happens when I end my frustration by picking up typing speed. If I don't have a word ready to go at 120wpm or more, no word gets used in its place. The sentence goes on without it.

      So, "zindorsky", do try to understand that sometimes it isn't so much that you have a superior intellect, but that you don't have enough information.

    7. Re:Stenography FTW by Anonymous Coward · · Score: 0

      it's == it is. Oh and your post sucks, your idea is stupid.

    8. Re:Stenography FTW by yttrstein · · Score: 1

      You're fired, Thomas. You know the drill. You have 300 seconds to say your goodbyes and bitch about how evil I am to fire you via Slashdot reply.

      But hell, it's not like it's got a better use these days.

    9. Re:Stenography FTW by Anonymous Coward · · Score: 0

      You can't spell, you got called on it (in a jocular way). Get over yourself already.

    10. Re:Stenography FTW by yttrstein · · Score: 1

      Why don't you furnish me with your identity and email address and we can discuss the issue, if you're actually interested and not just being a jerk.

  9. this is useful for the election today by circletimessquare · · Score: 0, Offtopic

    brave republican real american patriot-scientists working with paper ballots in swing states have found that there are thousands of votes that have a big clear black checkmark next to the name obama. but if you use steganographic analysis of various coffee stains, fingerprint smears, and other seemingly random marks on the ballot, you can deduce the voter actually intended to vote for mccain

    these voters were under duress from the deranged liberal commie fascist media we are all familiar with, in such a way that they had to hide their true intentions via steganographic voting. luckily, these brave republican patriot real american cryptographers have been able to rescue tens of thousands of votes for mccain that seemingly say obama with a big bold X

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:this is useful for the election today by srussia · · Score: 1

      Actually, TFA is a steganographic message to the Manchurian candidate.

      --
      Set your phasers on "funky"!
  10. How much info can you hide in a scientific paper? by petes_PoV · · Score: 3, Insightful
    Well, I've read the published paper, and I still don't have a clue what the answer is. I suppose hoping for a cut and dried figure like "1%" was too optimistic, afterall.

    If there's going to be a practical use for this (and the conclusions don't say they've calculated "the answer", just that they've developed a framework, gaaah!) then my gut tells me that the answer is "not very much" - somehwere around the rounding-errors of the encoding mechanism.

    So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  11. Re: mods on crack by Anonymous Coward · · Score: 0

    How is the parent worthy of -1? Humorous on-topic rot-13 postscripts are not a license to downmod.

  12. A little, to the majority of the file size. by DarthStrydre · · Score: 1

    Anywhere between 0 and a bit less than 700MB of data, depending on desired quality of video. A one frame video stream with an unrecognized FOURCC tag as an alternate stream is valid AVI - the alternate stream is ignored by players, and can contain encrypted data. It is 'invisible' to non-uber users, and could concievably be an "experimental audio codec" for plausable deniability.

    1. Re:A little, to the majority of the file size. by Anonymous Coward · · Score: 0

      Anywhere between 0 and a bit less than 700MB of data, d

      Actually, it can be nearly infinite, depending on the data & compression method, and the competence of whomever is doing the 'detecting'.

      For example, if your source file is simply all 0's, and the searcher is a complete idiot, you should be able to get a file that is 2^(734,003,200)bytes in size, minus a little change for the file header, stuffed into 700MB.

  13. Re:How much info can you hide in a scientific pape by kamochan · · Score: 2, Funny

    So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?

    700 MB, if you do it in the dark.

  14. Steganography?? Whaddya know... by Binge · · Score: 3, Funny

    I always thought Steganography was the act of writing on large, plate-backed dinosaurs. Ya learn something new every day here!

    --
    http://photobombers.com/ Funny pix
  15. Steganography/Cryptography by Anonymous Coward · · Score: 0

    Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.

    There's one even more important method of data protection, it's the first thing they teach new recruits in the CIA, NSA, MI-6, etc.

    Shutting the HELL UP in the first place.

    You can't intercept what isn't being communicated.

    1. Re:Steganography/Cryptography by kj_in_ottawa · · Score: 1

      I think the email you are about to receive inviting you for a walk in the woods, may have a hidden message in it.

  16. Sorry try again by shadow_slicer · · Score: 2, Informative

    That's not steganography. That's encryption, and a crappy one at that. If you take your PGP file (and remove any unnecessary header stuff), it will also look like a corrupt file, just like your UUencoded image. Steganography is hiding some data inside something else, like hiding a message in an image. For example, the police see an image of kittens, but you hid your child porn in the LSBs of the image, they can't see it.

    1. Re:Sorry try again by yttrstein · · Score: 1

      Encryption is the following:

      "encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge"

      What I'm talking about is the following:

      The art and science of writing hidden messages in such a way that no-one apart from the sender and intended recipient even realizes there is a hidden message.

      What I described is *precisely* correct under definition. Let me be more clear, using the example I used to offer students:

      One is a process of conversion, the other is a process of obfuscation.

      Combining the two is of course beyond the scope of this post, but is also an incredibly interesting discipline in itself.

    2. Re:Sorry try again by Whiteox · · Score: 1

      There are other forms of hidden text or more correctly, 'meanings'.
      One that comes to mind is the Pesher technique which is used to re-interpret holy texts.
      The other is termed 'Legominism' also gnostic, as described by Gurdjieff who showed that missing or incorrectly ordered information, compared to correctly orderd information can also pass on meaning. That using a 'mask'.
      For example as there are 7 days in the week - SMTWTF, and if the message reads SMTTWTFS then a message has passed on.
      Legominisms can be part of architecture, statues, inscriptions, carpets, musical notation, dances and so on.
      Both these techniques are very old and most have not been decoded yet.

      --
      Don't be apathetic. Procrastinate!
    3. Re:Sorry try again by shadow_slicer · · Score: 1

      I just fail to see how having a slightly corrupt uuencoded file is the same as not having a file. In the case of an encrypted file, you also have a file that appears corrupt. And it is obvious to everyone that there is a message (the file), even if they can't decode it. I'm sorry I just fail to see how the scheme you proposed could be considered stenography.

  17. ducks? by SilentResistance · · Score: 1

    Kaylee: Although I'm getting some weird chatter on the the official two-six-two. Sounds like they're talking about... ducks?

  18. Re:How much info can you hide in a scientific pape by marcosdumay · · Score: 1

    "So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?"

    No idea, but it is probably a lot less than you can stuff undetectably on a 700MB WAV file ;)

    You can hide as much data as there is noise on your file (granted it is compressed and cryptographed), so when you record that WAV file, be sure to do that in a noisy anvironment. By the way, I didn't RTFA, to see what those people really discovered (obviously, not what the sumary say they did), I'm here to see if it is worth it.

    --
    Rethinking email
  19. Yes - Stenography by NotQuiteReal · · Score: 1

    My mom used to hide notes from the rest of the family, in plain sight, using short hand.

    She was a secretary, back in the day. When you saw some scribbling on a note, you knew it was the chrismas shopping list or something, but who the hell knows what it said - even if you had a copy of Gregg's you'd be hard pressed to figure it out, unless you really wanted to spoil the surprise.

    --
    This issue is a bit more complicated than you think.
  20. Hiding in a JPEG ... by PPH · · Score: 2, Funny

    ... of Pamela Anderson. There appears to be quite a bit of excess capacity available.

    --
    Have gnu, will travel.
  21. Too many unknowns by bokmann · · Score: 2, Funny

    Calculating this with any accuracy would require knowledge of both the width of a Stegasaur (which can be approximated from their fossils), but also how fast they ran. Given other arguments about the unknowns of dinosaurs, the figures we can guesstimate for their speed are just to varied to calculate this capacity to any meaningful value.

  22. How to answer "if you're hiding something ..." by JetScootr · · Score: 2, Insightful

    The cop says, "If you're doing nothing wrong, you have nothing to hide."
    Answer: "Why are you wearing clothes? Got something to hide?"

    --
    Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
    1. Re:How to answer "if you're hiding something ..." by Katatsumuri · · Score: 2, Funny

      It is generally a bad idea to play a smartass in front of a cop on duty.

      In a friendly debate with a moderately drunk chick in the bar, that may be appropriate.

    2. Re:How to answer "if you're hiding something ..." by mdmkolbe · · Score: 1

      Answer: "If you have no reason to suspect I have something to hide, why do you insist on prying?"

  23. Re: mods on crack by MrMr · · Score: 1

    Sorry, but I mod subsequent anonymous posts to -1 or 0 to encode my secret messages.

  24. Re:Need for steganography - in US next week by Anonymous Coward · · Score: 0

    Or in the US under the new administration, you might need to communicate much like those "evil political dissidents in China".

  25. Simple by TheSync · · Score: 2, Funny

    The The secure capacity C (W, g, A) of a stego-channel give W [noise], g [steganalyzer], and A [attack] is given by C (W, g, A) = sup I(X;Z) for X an element of S0.

    I is the spectral inf-mutual information rate for the pair of general sequences.

    Z is the stego channel after encoding, noise, and attack (before decoding).

    S0 is the secure input set, the set of encoded data that remains impossible to steganalyze after the addition of noise (but not necessarily attack).

    I think mathematicians like to make their papers overly complex.

  26. Tazer:zap! zap! zap!(n/t) by Anonymous Coward · · Score: 0

    I said, no text!

  27. Re:How much info can you hide in a scientific pape by temcat · · Score: 1

    Well, I've read the published paper, and I still don't have a clue what the answer is.

    That's steganography at work! The answer is hidden.

  28. Knitting code by CustomDesigned · · Score: 1

    In Sorcery and Cecelia (or maybe it started in the sequel), the heroines knit fashionable items for each other, and code the message in the pattern of knits and purls.

  29. Messages that aren't really there by CustomDesigned · · Score: 2, Insightful

    Sometimes people think there is a steganographic message, when there isn't. The Bible Codes are an example. The idea is that God hid secret messages in the Bible which are revealed by equidistant letter spacing. Never mind that such "messages" can be found by ELS in any sufficient large work. Practitioners never seem to find the messages until after they become relevant...

    1. Re:Messages that aren't really there by mikael · · Score: 1

      Those were skip codes. You take a massive large block of text, then set your encoded message to be a particular starting offset from within this text, skip distance (or stride) between characters, and the length of the message.

      From these three values (starting offset skip distance, length) you could extract a message.

      I always wondered whether you could encode/extract an mp3 file from a suitably large ISO file (eg. Linux DVD ISO file) by defining a list of such messages.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  30. Yet again... by Anonymous Coward · · Score: 0

    ...redefining the whole "invisible" genre at LOLcats. Am I right?

  31. That's not a typo! by RMH101 · · Score: 1

    It's part of a hidden, encrypted data stream!