Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Calculate Capacity of a Steganographic Channel

Posted by timothy on from the intentionally-not-left-blank dept.

KentuckyFC writes "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) The central problem for steganographers is how much data can be hidden without being detected. But the complexity of this problem has meant it has been largely ignored. Now two computer scientists (one working for Google) have made a major theoretical breakthrough by tackling the problem in the same way that the electrical engineer Claude Shannon calculated the capacity of an ordinary communications channel in the 1940s. In Shannon's theory, a transmission is considered successful if the decoder properly determines which message the encoder has sent. In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract). Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

30 of 114 comments (clear)

  1. counter-intuitive results? by ccguy · · Score: 4, Funny

    The results are interesting and in some cases counter-intuitive (for example, adding noise to channel can increase its steganographic capacity

    How is that counter-intuitive? Many of us regularly backup our stuff here in slashdot, and no one has complained so far (which, being the slashdot crowd what it is, is definite proof that no one has noticed).

    In fact, a port of gmail drive to slashdot is already in beta.

    1. Re:counter-intuitive results? by Anonymous Coward · · Score: 2, Funny

      Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Maecenas non felis. Cras in ligula in odio pellentesque vehicula. Aliquam metus nulla, venenatis sit amet, feugiat nec, pharetra ut, justo. Fusce tincidunt, massa eu iaculis iaculis, lacus nisi ullamcorper orci, ac sodales arcu massa at urna. Ut mattis nulla interdum urna. Praesent consequat. Fusce pede diam, pretium tempor, egestas eget, rhoncus in, sem. Sed semper. Nam in lorem sed nisl blandit commodo. Donec tempus, eros vel fermentum dictum, nibh sem imperdiet arcu, quis porttitor pede mauris eu mi. Aenean eu dui nec ligula dapibus aliquam. Integer eget libero nec velit pellentesque facilisis. Pellentesque diam sapien, auctor sit amet, mollis et, condimentum quis, nisi. Proin in libero nec nulla suscipit varius. Vestibulum facilisis enim sed magna semper tempus. Aliquam posuere. Fusce suscipit ante at nulla tincidunt fringilla. Aliquam fringilla dui eget ante. Ut rhoncus tortor nec pede.

      Aenean posuere. Suspendisse vehicula ornare lectus. Aliquam eros sem, iaculis id, consequat eu, varius ac, elit. Sed feugiat pretium est. Vivamus tellus elit, convallis et, pulvinar vitae, egestas id, justo. Vivamus id dui. Donec lacus. Phasellus placerat pharetra felis. Donec sed pede in lacus pretium porta. Maecenas semper imperdiet est. Mauris varius. Lorem ipsum dolor sit amet, consectetuer adipiscing elit.

    2. Re:counter-intuitive results? by DarthJohn · · Score: 3, Insightful

      That's not what it says (somebody fixed a typo in the summary?).

      in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel

      More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.

    3. Re:counter-intuitive results? by Anonymous Coward · · Score: 2, Funny

      Is that what they mean? It's very counterintuitive if so.

      I read it to mean that if the user (rather than the interceptor) uses various algorithms to store data he can store more data, which is not counter-intuitive at all.

      Bugger, we're going to have to RTFA.

  2. Need for steganography by CRCulver · · Score: 4, Interesting

    Around the turn of the millennium steganography became a big topic, the idea being that using PGP would only draw attention from the authorities. In my Amazon review of Schneier's Applied Cryptography I even complained that Bruce didn't talk about how to hide even the use of crypto.

    But now that SSL is everywhere and the use of encrypted VPNs is a typical part of telecommuting, I don't think cryptography suggests the same anti-authoritarian counter-culture rumblings it used to. Do we need to hide crypto anymore?

    1. Re:Need for steganography by zappepcs · · Score: 4, Interesting

      Well, there may not be a pressing public need to hide cryptography usage, but if you want your data secure from prying eyes, additional measures are a good idea. Blue-Ray just got hacked (again) and it was supposed to be valid security for a decade... right?

      If what you encrypt with can be broken by others, then it is not doing the intended job. If you use PGP, and the decrypted message between you and another trusted user is encrypted already, the likelihood of your message being decoded is substantially less.

      In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.

      Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.

      Both the PGP and this encryption (or another) can be decoded quickly on the fly. It's possible that those pesky 'terrorists' could be using v1 aGr4 spam to send messages.

      --
      Support NYCountryLawyer RIAA vs People
    2. Re:Need for steganography by Ngarrang · · Score: 5, Insightful

      Do we need to hide crypto anymore?

      Yes. There are many places in this world where freedom of information is oppressed. Having a method of communicating in the clear without raising any red flags is a Good Thing(tm).

      For example, let's say you are an evil political dissident in China, trying to spread ideas of democracy and capitalism. If you send an encrypted message to your corrupt imperialist American ally, that seems suspicious. If you have nothing to hide, then why are you hiding it?

      But, if you can send your friend a message about how you are growing corn in relatively poor conditions and how great the local government has been in supporting the effort...with a stego message hidden inside, then that is probably going to slip right through.

      The best way to not get caught is to look like there is nothing to catch.

      --
      Bearded Dragon
    3. Re:Need for steganography by lysergic.acid · · Score: 2, Interesting

      "ordinary" people don't, and never really have. but there will always be people who need to transfer information undetected--spies, for instance.

      if you're an undercover law enforcement agent, you could communicate with your agency without blowing the risk of blowing your cover by using steganography; likewise for whistleblowers who need to get information out of an organization with tight security. steganography would also be useful during wartime when cryptography isn't an option, or isn't enough.

      i'm sure there are probably much more mundane uses for steganography as well, but you get the idea.

    4. Re:Need for steganography by Ironsides · · Score: 3, Insightful

      Bluray is not a good counterpoint. Bluray is not designed to keep the contents from being read by anyone but the 'appropriate person', it is designed to keep anyone from copying it. However, it still meeds to be readable in the player. As such, it is like trying to keep someone from photocopying something while they still need to be able to read/view it. In encryption, you don't care if the 'appropriate person' copy it, you just don't want anyone else to be able to view it.

      --
      Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
    5. Re:Need for steganography by zappepcs · · Score: 2, Interesting

      While that is all true, I mentioned Blue-ray only because it was supposed to be tough encryption to break. "Supposed to be" is the key part of that sentence, and it demonstrates how fragile simple encryption really is.

      While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different. There are algorithms that can determine much of what you wrote by looking at repeating characters. Length of words etc. making ROT13 style easy to decode. It also makes the cadence or meter of your normal words decipherable. So, if a cracker can figure out PGP, even guessing brute force at the private key, there are many techniques that help them. If your text is encoded twice, those added techniques are of arguably little value.

      --
      Support NYCountryLawyer RIAA vs People
    6. Re:Need for steganography by Sancho · · Score: 2, Insightful

      What was broken was not encryption. It's a form of DRM which did not rely on encryption.

      BD+ (the DRM component which they claimed would last for 10 years) is a virtual machine on which a disc can run arbitrary code. The disc can run this code to try to guess at the authenticity of the player in which it is being played. The idea is that if a player has been tampered with, it can be detected by the disc. It also means that as new attacks on players become possible, it's possible to update the checks that the disc uses BD+ to perform. If the player doesn't pass the check, the disc refuses to play.

      Surprise, surprise, it was possible to reverse engineer the virtual machine, and now unauthorized players can run the code and tamper with the results.

      So this is both a poor example of how fragile encryption can be (it's not encryption) and a bad example of keeping data from prying eyes (as the other guy pointed out, Blu-ray is designed to be viewed.)

      Worse:

      While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different.

      Known-plaintext attacks are an understood phenomenon, and encryption algorithms are designed to thwart them. Blu-ray encryption uses AES, which is believed to be secure from this sort of attack.

    7. Re:Need for steganography by DingerX · · Score: 2, Informative

      Don't disrespect it. In fact, steganography has had many many uses over the years. Naming just one case, steganography is the ultima ratio of intellectual property protection. Gulliver's Travels, for example, was published pseudonymously and "signed" steganographically. Even better, it was signed at least two ways, one using a "Soft" method, the other a "Hard" one. Right on the first page, Gulliver states: "Soon after my return from Leyden, I was recommended by my good master, Mr. Bates, to be surgeon to the Swallow." Evidently, Swallow is a synonym for "Swift", and the onanistic gag is thrown in for good measure. That's the one you're supposed to catch. Really fun, however, is the incipit: "My father had a small estate in Nottinghamshire: I was the third of five sons."

      I was the third of five sons: Cross out the third and fifth words, and the first letters of the remaining words form an anagram for "swift".

      Numerous other cases abound. I'm sure many of us have little coding tricks in which we "sign" our names. A watermark on a jpeg is nice, but it's even nicer if the guy who's going to swipe your images doesn't even know they're signed.

      Sometimes it helps to publish something anonymously; at other times, you might have a legitimate worry about your work being appropriated. In those cases, steganography has always been a savior.

  3. Google is the perfect example by NotQuiteReal · · Score: 4, Insightful

    hiding a message in such a way that only the sender and receiver realize it is there

    I ignore lots of ads served up by them. They might as well not be there, I can't name one.

    --
    This issue is a bit more complicated than you think.
  4. Were's Waldo's message? by Ostracus · · Score: 2, Informative

    "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) "

    There's a secret message in this post. Can anyone find it?

    --
    Shai Schticks:"You don't make peace with friends, you make peace with enemies"
    1. Re:Were's Waldo's message? by Anonymous Coward · · Score: 5, Funny

      stegan O graphy i S T he a R t of hiding A message in su C h a way that only the sender and receiver realize it is there. (by contrast, cryptography disg U i S es the content of a message but makes no attempt to h I de it.)

      there' S a secret messa G e in this post. c A n an Y one find it?

  5. Already in use by xmarkd400x · · Score: 5, Funny

    In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract).

    When my girlfriend is talking on the phone, I am almost never aware that a message is being sent. She is so effective, in fact, that often when I am the intended recipient I am not aware that a message is being sent!

    1. Re:Already in use by ceoyoyo · · Score: 3, Insightful

      That's the part about noise increasing the capacity of a cryptographic channel.

  6. Abstract misinterpreted the paper. by argent · · Score: 3, Insightful

    Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

    That's not what the paper claims. It claims that when there are multiple detectors, adding noise to the channel between the two detectors can increase the available bandwidth. This isn't really all that counter-intuitive when you think about it.

  7. Stenography FTW by yttrstein · · Score: 3, Interesting

    I've always had a warm spot for stenography, and it's actually much handier for certain types of communications than others. For example, in the two nights preceeding the last Democratic National Convention that was held in Chicago (1996), a subversive media organization, armed with clunky digital cameras and a T-1 on the south side donated by the Teamsters photographed and filmed more than a hundred instances of police brutality, uploading them to the web with about a 30 minute delay.

    You had to actually drive downtown to where the T-1 terminated to upload things in those days, see.

    But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography. It went like this:

    I have a number, that number is 356-32395510. I tell you that number. Then I take an image file and UUencode it. (for those who don't remember what that does, it's great for turning a binary file into a flat text file without losing any data). Then I take the message that I want to give you and drop it manually into the UUencoded file, like this:

    Every third character on every second line starting from line 910, (the third, fifth and sixth digits of the are decoys) counting whitespace. The numbers always changed and had to be memorized when received as they were never written down. Everything to the left of the dash tells you what digits to the right of the dash are decoys. Use the number to find the characters and you have the message. Pull them out and you can UUdecode your picture again and look at it. Leave them in and the file looks merely corrupt. Email the stenographed file to the recipient who's memorized your number and there you have it.

    The upside to this method is plausible deniability. If the fuzz finds a corrupt file called "FATLADYSEXHAHA.uue" on your computer, they have nothing. However, if they find a PGP file that you refuse to open for them, there can be issues.

    Of course it's possible to break that kind of thing, but the point of stenography is that the man does not know it's a message of any kind, let alone a radical one all about how awesome cuba is.

    1. Re:Stenography FTW by zindorsky · · Score: 4, Informative

      I've always had a warm spot for stenography

      ...

      But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography.

      ...

      Of course it's possible to break that kind of thing, but the point of stenography

      So you hid your messages with stenography? The action of process of writing in shorthand or taking dictation? This word you keep using ... I do not think it means what you think it means.

      --
      If the geiger counter does not click, the coffee, she is not thick.
  8. How much info can you hide in a scientific paper? by petes_PoV · · Score: 3, Insightful
    Well, I've read the published paper, and I still don't have a clue what the answer is. I suppose hoping for a cut and dried figure like "1%" was too optimistic, afterall.

    If there's going to be a practical use for this (and the conclusions don't say they've calculated "the answer", just that they've developed a framework, gaaah!) then my gut tells me that the answer is "not very much" - somehwere around the rounding-errors of the encoding mechanism.

    So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  9. Re:How much info can you hide in a scientific pape by kamochan · · Score: 2, Funny

    So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?

    700 MB, if you do it in the dark.

  10. Steganography?? Whaddya know... by Binge · · Score: 3, Funny

    I always thought Steganography was the act of writing on large, plate-backed dinosaurs. Ya learn something new every day here!

    --
    http://photobombers.com/ Funny pix
  11. Sorry try again by shadow_slicer · · Score: 2, Informative

    That's not steganography. That's encryption, and a crappy one at that. If you take your PGP file (and remove any unnecessary header stuff), it will also look like a corrupt file, just like your UUencoded image. Steganography is hiding some data inside something else, like hiding a message in an image. For example, the police see an image of kittens, but you hid your child porn in the LSBs of the image, they can't see it.

  12. Hiding in a JPEG ... by PPH · · Score: 2, Funny

    ... of Pamela Anderson. There appears to be quite a bit of excess capacity available.

    --
    Have gnu, will travel.
  13. Too many unknowns by bokmann · · Score: 2, Funny

    Calculating this with any accuracy would require knowledge of both the width of a Stegasaur (which can be approximated from their fossils), but also how fast they ran. Given other arguments about the unknowns of dinosaurs, the figures we can guesstimate for their speed are just to varied to calculate this capacity to any meaningful value.

  14. How to answer "if you're hiding something ..." by JetScootr · · Score: 2, Insightful

    The cop says, "If you're doing nothing wrong, you have nothing to hide."
    Answer: "Why are you wearing clothes? Got something to hide?"

    --
    Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
    1. Re:How to answer "if you're hiding something ..." by Katatsumuri · · Score: 2, Funny

      It is generally a bad idea to play a smartass in front of a cop on duty.

      In a friendly debate with a moderately drunk chick in the bar, that may be appropriate.

  15. Simple by TheSync · · Score: 2, Funny

    The The secure capacity C (W, g, A) of a stego-channel give W [noise], g [steganalyzer], and A [attack] is given by C (W, g, A) = sup I(X;Z) for X an element of S0.

    I is the spectral inf-mutual information rate for the pair of general sequences.

    Z is the stego channel after encoding, noise, and attack (before decoding).

    S0 is the secure input set, the set of encoded data that remains impossible to steganalyze after the addition of noise (but not necessarily attack).

    I think mathematicians like to make their papers overly complex.

  16. Messages that aren't really there by CustomDesigned · · Score: 2, Insightful

    Sometimes people think there is a steganographic message, when there isn't. The Bible Codes are an example. The idea is that God hid secret messages in the Bible which are revealed by equidistant letter spacing. Never mind that such "messages" can be found by ELS in any sufficient large work. Practitioners never seem to find the messages until after they become relevant...