Slashdot Mirror


Researchers Calculate Capacity of a Steganographic Channel

KentuckyFC writes "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) The central problem for steganographers is how much data can be hidden without being detected. But the complexity of this problem has meant it has been largely ignored. Now two computer scientists (one working for Google) have made a major theoretical breakthrough by tackling the problem in the same way that the electrical engineer Claude Shannon calculated the capacity of an ordinary communications channel in the 1940s. In Shannon's theory, a transmission is considered successful if the decoder properly determines which message the encoder has sent. In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract). Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

2 of 114 comments (clear)

  1. Need for steganography by CRCulver · · Score: 4, Interesting

    Around the turn of the millennium steganography became a big topic, the idea being that using PGP would only draw attention from the authorities. In my Amazon review of Schneier's Applied Cryptography I even complained that Bruce didn't talk about how to hide even the use of crypto.

    But now that SSL is everywhere and the use of encrypted VPNs is a typical part of telecommuting, I don't think cryptography suggests the same anti-authoritarian counter-culture rumblings it used to. Do we need to hide crypto anymore?

    1. Re:Need for steganography by zappepcs · · Score: 4, Interesting

      Well, there may not be a pressing public need to hide cryptography usage, but if you want your data secure from prying eyes, additional measures are a good idea. Blue-Ray just got hacked (again) and it was supposed to be valid security for a decade... right?

      If what you encrypt with can be broken by others, then it is not doing the intended job. If you use PGP, and the decrypted message between you and another trusted user is encrypted already, the likelihood of your message being decoded is substantially less.

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.

      Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.

      Both the PGP and this encryption (or another) can be decoded quickly on the fly. It's possible that those pesky 'terrorists' could be using v1 aGr4 spam to send messages.