Blocking Steganosonic Data In Phone Calls 185
psyced writes "Steganography is a technique to encode secret messages in the background noise of an audio recording or photograph. There have been attempts at steganalysis in the past, but scientists at FH St. Pölten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise (link is to a Google translation of the German original) on a level that stays inaudible or invisible, yet destroys any message encoded within. I wonder if this method could be applied to hiding messages in executables, too."
Not going to work.... (Score:5, Interesting)
That's completely pointless. All it does is create an arms race. Any amount of noise you add can simply be dealt with by including the stego data more than once or using checksums or whatever. Any amount of damage sufficient to prevent any possibility of hidden messages would result in significant audible alteration of the sound to the point of unusability....
Re:Not going to work.... (Score:4, Interesting)
bad pre-emptive move (Score:1, Interesting)
Imagine the worst-case scenario; Congress forces all telcos to install this sort of technology on all phone lines. Why not? If you don't put up with hissing on your phone line, you're helping a terrorist, no?
Re:Not going to work.... (Score:5, Interesting)
Re:Can I add random noise to a .exe file...? (Score:5, Interesting)
Arrogant bastards! (Score:5, Interesting)
Good work, guys - Even a classic BOFH has higher efficacy and useability standards than anything related to the War on Non-Western, Non-Irish, Non-Russian (and "non-former-Soviet") Terror. At least the BOFH's systems work for him, you asshats can't even manage that despite taking all that daaaaaaangerous toothpaste away from us.
However, even I overstate the case here - Encoding data in background noise doesn't break any laws!
We all have every right to send hidden data, or even to use hard encryption right in plain sight. However, exercising that right may lead to some undue scrutiny, and thus we expose the real reason for techniques like this... Erosion of plausible deniability, which The Powers That Be loathe far, far more than any actual threat. It looks bad to just deport and torture someone with no evidence. But if you can demonstrate that he had (gasp!) something he didn't want the whole world to know about (because only criminals have secrets, of course), well then the sheep will approve of going all Jack Bauer on him.
Wow, more money spent on foolishness (Score:4, Interesting)
Stopping secret messages? , puleeese.
"John has a long mustache"
"The chair is against the wall"
Stop that!
The real question is.. (Score:5, Interesting)
It's along the lines of "How do you tell if there are stego images on someone's computer?"
Answer:You find the stego converter tool on their harddrive.
Snoops (Score:3, Interesting)
I want end-to-end encryption on all my calls. This could be added to cell phones with some modest changes. Not having it on VOIP is just inexcusable. If the FBI wants to tap my phone, why don't they get off their lazy asses, obtain a warrant, and do some actual work, rather than expecting everything to be handed to them on a silver platter, complete with booze and hookers. I'm under no obligation to make it easy for them.
Sounds impossibly (Score:3, Interesting)
Unfortunately, I don't real have anything to go on other than a Google translated abstract, a Slashdot headline, and armchair knowledge of electronics. Anyone care to correct me?
Re:Not going to work.... (Score:3, Interesting)
Re:The real question is.. (Score:3, Interesting)
The nice thing was precisely that it wasn't encrypted so the messages didn't just disappear, as so many others we sent did. (We started serializing our messages so we could tell when ones were going missing.)
So while it's unclear that this particular setup is useful, I can say that homebrew implementations of stego exist and are being used, particularly if a lame amateur coder like me has made one.
And yes, someone looking on her computer could've found the deconverter, but unless you know what you're looking for, you probably don't know that you've found a deconverter, when it's one of dozens of big complicated programs. Security through obscurity isn't reliable, but it can work.
A background noise jammer... how quaint (Score:1, Interesting)
Without giving away too may secrets (from the 1990s, even though the state of the art is now significantly more advanced), think about the temporal and spatial information is transmitted by the act and protocol of initiating one phone call (from or to a cellular or landline endpoint). Think about the possibilities with initiating and (optionally not) terminating a series of phone calls. Any Asterisk admins lurking here will be familiar with the type of instrumentation required to execute this technique, putting as much or as little in the clear as desired. Now recall that some organizations using these techniques also use particular codebooks which need not be hidden and carry very specific meanings in context understood only by members of a specific group.
And remember: sometimes the most important part of a message is that which is not said.
Re:Not going to work.... (Score:3, Interesting)
The jamming will also easily be defeated by an entirely new branch of coding theory using the BBC algorithm (http://crisp.cs.du.edu/frisc/baird.pdf [du.edu]). Error correction is distributed throughout the data stream, so even if the jammer completely obliterates parts of the signal--to the point that the original signal is unintelligible--the coded message will still get through.
This coding theory is handy for all sorts of stuff, from military comms to cell phones to MIMO access points. And unlike most crypto stuff, it's rather simple to understand and implement.