Researchers Calculate Capacity of a Steganographic Channel

KentuckyFC writes "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) The central problem for steganographers is how much data can be hidden without being detected. But the complexity of this problem has meant it has been largely ignored. Now two computer scientists (one working for Google) have made a major theoretical breakthrough by tackling the problem in the same way that the electrical engineer Claude Shannon calculated the capacity of an ordinary communications channel in the 1940s. In Shannon's theory, a transmission is considered successful if the decoder properly determines which message the encoder has sent. In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract). Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

counter-intuitive results?

[ccguy]

The results are interesting and in some cases counter-intuitive (for example, adding noise to channel can increase its steganographic capacity

How is that counter-intuitive? Many of us regularly backup our stuff here in slashdot, and no one has complained so far (which, being the slashdot crowd what it is, is definite proof that no one has noticed).

In fact, a port of gmail drive to slashdot is already in beta.

Need for steganography

[CRCulver]

Around the turn of the millennium steganography became a big topic, the idea being that using PGP would only draw attention from the authorities. In my Amazon review of Schneier's Applied Cryptography I even complained that Bruce didn't talk about how to hide even the use of crypto.

But now that SSL is everywhere and the use of encrypted VPNs is a typical part of telecommuting, I don't think cryptography suggests the same anti-authoritarian counter-culture rumblings it used to. Do we need to hide crypto anymore?

Re:Need for steganography

[zappepcs]

Well, there may not be a pressing public need to hide cryptography usage, but if you want your data secure from prying eyes, additional measures are a good idea. Blue-Ray just got hacked (again) and it was supposed to be valid security for a decade... right?

If what you encrypt with can be broken by others, then it is not doing the intended job. If you use PGP, and the decrypted message between you and another trusted user is encrypted already, the likelihood of your message being decoded is substantially less.

In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.

Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.

Both the PGP and this encryption (or another) can be decoded quickly on the fly. It's possible that those pesky 'terrorists' could be using v1 aGr4 spam to send messages.

Re:Need for steganography

[Ngarrang]

Do we need to hide crypto anymore?

Yes. There are many places in this world where freedom of information is oppressed. Having a method of communicating in the clear without raising any red flags is a Good Thing(tm).

For example, let's say you are an evil political dissident in China, trying to spread ideas of democracy and capitalism. If you send an encrypted message to your corrupt imperialist American ally, that seems suspicious. If you have nothing to hide, then why are you hiding it?

But, if you can send your friend a message about how you are growing corn in relatively poor conditions and how great the local government has been in supporting the effort...with a stego message hidden inside, then that is probably going to slip right through.

The best way to not get caught is to look like there is nothing to catch.

Google is the perfect example

[NotQuiteReal]

hiding a message in such a way that only the sender and receiver realize it is there

I ignore lots of ads served up by them. They might as well not be there, I can't name one.

Already in use

[xmarkd400x]

In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract).

When my girlfriend is talking on the phone, I am almost never aware that a message is being sent. She is so effective, in fact, that often when I am the intended recipient I am not aware that a message is being sent!

Re:Were's Waldo's message?

stegan O graphy i S T he a R t of hiding A message in su C h a way that only the sender and receiver realize it is there. (by contrast, cryptography disg U i S es the content of a message but makes no attempt to h I de it.)

there' S a secret messa G e in this post. c A n an Y one find it?

Re:Stenography FTW

[zindorsky]

I've always had a warm spot for stenography

...

But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography.

...

Of course it's possible to break that kind of thing, but the point of stenography

So you hid your messages with stenography? The action of process of writing in shorthand or taking dictation? This word you keep using ... I do not think it means what you think it means.