Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Calculate Capacity of a Steganographic Channel

Posted by timothy on from the intentionally-not-left-blank dept.

KentuckyFC writes "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) The central problem for steganographers is how much data can be hidden without being detected. But the complexity of this problem has meant it has been largely ignored. Now two computer scientists (one working for Google) have made a major theoretical breakthrough by tackling the problem in the same way that the electrical engineer Claude Shannon calculated the capacity of an ordinary communications channel in the 1940s. In Shannon's theory, a transmission is considered successful if the decoder properly determines which message the encoder has sent. In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract). Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

12 of 114 comments (clear)

  1. Google is the perfect example by NotQuiteReal · · Score: 4, Insightful

    hiding a message in such a way that only the sender and receiver realize it is there

    I ignore lots of ads served up by them. They might as well not be there, I can't name one.

    --
    This issue is a bit more complicated than you think.
  2. Re:counter-intuitive results? by ccguy · · Score: 1, Insightful

    That's what I'm saying.

    Slashdot. Noise and redundancy. Backup for nerds.

  3. Re:counter-intuitive results? by DarthJohn · · Score: 3, Insightful

    That's not what it says (somebody fixed a typo in the summary?).

    in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel

    More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.

  4. Re:Need for steganography by Ngarrang · · Score: 5, Insightful

    Do we need to hide crypto anymore?

    Yes. There are many places in this world where freedom of information is oppressed. Having a method of communicating in the clear without raising any red flags is a Good Thing(tm).

    For example, let's say you are an evil political dissident in China, trying to spread ideas of democracy and capitalism. If you send an encrypted message to your corrupt imperialist American ally, that seems suspicious. If you have nothing to hide, then why are you hiding it?

    But, if you can send your friend a message about how you are growing corn in relatively poor conditions and how great the local government has been in supporting the effort...with a stego message hidden inside, then that is probably going to slip right through.

    The best way to not get caught is to look like there is nothing to catch.

    --
    Bearded Dragon
  5. Re:Already in use by ceoyoyo · · Score: 3, Insightful

    That's the part about noise increasing the capacity of a cryptographic channel.

  6. Abstract misinterpreted the paper. by argent · · Score: 3, Insightful

    Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

    That's not what the paper claims. It claims that when there are multiple detectors, adding noise to the channel between the two detectors can increase the available bandwidth. This isn't really all that counter-intuitive when you think about it.

  7. How much info can you hide in a scientific paper? by petes_PoV · · Score: 3, Insightful
    Well, I've read the published paper, and I still don't have a clue what the answer is. I suppose hoping for a cut and dried figure like "1%" was too optimistic, afterall.

    If there's going to be a practical use for this (and the conclusions don't say they've calculated "the answer", just that they've developed a framework, gaaah!) then my gut tells me that the answer is "not very much" - somehwere around the rounding-errors of the encoding mechanism.

    So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  8. Re:Need for steganography by Ironsides · · Score: 3, Insightful

    Bluray is not a good counterpoint. Bluray is not designed to keep the contents from being read by anyone but the 'appropriate person', it is designed to keep anyone from copying it. However, it still meeds to be readable in the player. As such, it is like trying to keep someone from photocopying something while they still need to be able to read/view it. In encryption, you don't care if the 'appropriate person' copy it, you just don't want anyone else to be able to view it.

    --
    Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
  9. Re:Need for steganography by blueskies · · Score: 1, Insightful

    You really think McPalin is going to get elected?

  10. Re:Need for steganography by Sancho · · Score: 2, Insightful

    What was broken was not encryption. It's a form of DRM which did not rely on encryption.

    BD+ (the DRM component which they claimed would last for 10 years) is a virtual machine on which a disc can run arbitrary code. The disc can run this code to try to guess at the authenticity of the player in which it is being played. The idea is that if a player has been tampered with, it can be detected by the disc. It also means that as new attacks on players become possible, it's possible to update the checks that the disc uses BD+ to perform. If the player doesn't pass the check, the disc refuses to play.

    Surprise, surprise, it was possible to reverse engineer the virtual machine, and now unauthorized players can run the code and tamper with the results.

    So this is both a poor example of how fragile encryption can be (it's not encryption) and a bad example of keeping data from prying eyes (as the other guy pointed out, Blu-ray is designed to be viewed.)

    Worse:

    While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different.

    Known-plaintext attacks are an understood phenomenon, and encryption algorithms are designed to thwart them. Blu-ray encryption uses AES, which is believed to be secure from this sort of attack.

  11. How to answer "if you're hiding something ..." by JetScootr · · Score: 2, Insightful

    The cop says, "If you're doing nothing wrong, you have nothing to hide."
    Answer: "Why are you wearing clothes? Got something to hide?"

    --
    Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
  12. Messages that aren't really there by CustomDesigned · · Score: 2, Insightful

    Sometimes people think there is a steganographic message, when there isn't. The Bible Codes are an example. The idea is that God hid secret messages in the Bible which are revealed by equidistant letter spacing. Never mind that such "messages" can be found by ELS in any sufficient large work. Practitioners never seem to find the messages until after they become relevant...