Researchers Calculate Capacity of a Steganographic Channel 114
KentuckyFC writes "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) The central problem for steganographers is how much data can be hidden without being detected. But the complexity of this problem has meant it has been largely ignored. Now two computer scientists (one working for Google) have made a major theoretical breakthrough by tackling the problem in the same way that the electrical engineer Claude Shannon calculated the capacity of an ordinary communications channel in the 1940s. In Shannon's theory, a transmission is considered successful if the decoder properly determines which message the encoder has sent. In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract). Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"
counter-intuitive results? (Score:5, Funny)
How is that counter-intuitive? Many of us regularly backup our stuff here in slashdot, and no one has complained so far (which, being the slashdot crowd what it is, is definite proof that no one has noticed).
In fact, a port of gmail drive to slashdot is already in beta.
Re: (Score:2)
It's not counter-intuitive at all that adding noise to a channel can increase its steganographic capacity, since steganographic data can look like noise.
Re: (Score:2, Insightful)
Slashdot. Noise and redundancy. Backup for nerds.
Re: (Score:2, Funny)
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Maecenas non felis. Cras in ligula in odio pellentesque vehicula. Aliquam metus nulla, venenatis sit amet, feugiat nec, pharetra ut, justo. Fusce tincidunt, massa eu iaculis iaculis, lacus nisi ullamcorper orci, ac sodales arcu massa at urna. Ut mattis nulla interdum urna. Praesent consequat. Fusce pede diam, pretium tempor, egestas eget, rhoncus in, sem. Sed semper. Nam in lorem sed nisl blandit commodo. Donec tempus, eros vel fermentum dictum, nibh
Re: (Score:3, Insightful)
That's not what it says (somebody fixed a typo in the summary?).
in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel
More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.
Re: (Score:2)
I find the second counterintuitive, but the first not so. Perhaps the article-writers intended for the first to be "interesting" and the second "counter-intuitive", but to be fair to the summary-writer, it's not that clear.
Re: (Score:2, Funny)
Is that what they mean? It's very counterintuitive if so.
I read it to mean that if the user (rather than the interceptor) uses various algorithms to store data he can store more data, which is not counter-intuitive at all.
Bugger, we're going to have to RTFA.
Re: (Score:1)
More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.
Not more people, different people. IE, say you've got a channel with two sets of hidden data intermingled with each other. One algorithm will decode the one set, while a second algorithm decodes the second.
At least that's how it sounded to me.
That's not a typo! (Score:2)
Re: (Score:1)
Comment removed (Score:5, Interesting)
Re:Need for steganography (Score:5, Interesting)
Well, there may not be a pressing public need to hide cryptography usage, but if you want your data secure from prying eyes, additional measures are a good idea. Blue-Ray just got hacked (again) and it was supposed to be valid security for a decade... right?
If what you encrypt with can be broken by others, then it is not doing the intended job. If you use PGP, and the decrypted message between you and another trusted user is encrypted already, the likelihood of your message being decoded is substantially less.
In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.
Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.
Both the PGP and this encryption (or another) can be decoded quickly on the fly. It's possible that those pesky 'terrorists' could be using v1 aGr4 spam to send messages.
Re:Need for steganography (Score:4, Insightful)
Re: (Score:3, Interesting)
While that is all true, I mentioned Blue-ray only because it was supposed to be tough encryption to break. "Supposed to be" is the key part of that sentence, and it demonstrates how fragile simple encryption really is.
While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different. There are algorithms that can determine much of what you wrote by looking at repeating characters. Length
Re: (Score:3, Insightful)
What was broken was not encryption. It's a form of DRM which did not rely on encryption.
BD+ (the DRM component which they claimed would last for 10 years) is a virtual machine on which a disc can run arbitrary code. The disc can run this code to try to guess at the authenticity of the player in which it is being played. The idea is that if a player has been tampered with, it can be detected by the disc. It also means that as new attacks on players become possible, it's possible to update the checks that
Re: (Score:2)
Yes, and no. Some of those "traps" that the BDVM code can call are cryptography methods. However the encryption keys used will either be generated by the BDVM code, or are already known from the AACS system.
Re: (Score:1)
In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate
Looks like the spam I get just about every day! The only thing missing is the cheap c14L15 ;)
Re: (Score:1, Funny)
In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.
"In short, I think you are wrong, but it's your problem."
Re: (Score:2)
Indeed, and that is a short, simply encoded message with easily discernible rules, if you know English and have a dictionary (in your head or otherwise).
It can be much more complex but stay with simple rules, and without much effort it can make any message encrypted with PGP or whatever look like and be an encrypted message when the first decryption is complete. In fact, it might make no sense at all without having received the previous message, or perhaps not until you receive the next, or until your softw
Re: (Score:1)
Re: (Score:2)
Well it mostly looks like he mostly uses the first and last letter of each word, or the whole word if it's 3 letters. But I haven't figured out what goes on with "young" etc?
Re: (Score:2)
WRONG.
Cryptography only needs to be strong enough to protect the encoded contents for as long as said contents retain value. It does not need to remain unbroken forever.
Re:Need for steganography (Score:5, Insightful)
Do we need to hide crypto anymore?
Yes. There are many places in this world where freedom of information is oppressed. Having a method of communicating in the clear without raising any red flags is a Good Thing(tm).
For example, let's say you are an evil political dissident in China, trying to spread ideas of democracy and capitalism. If you send an encrypted message to your corrupt imperialist American ally, that seems suspicious. If you have nothing to hide, then why are you hiding it?
But, if you can send your friend a message about how you are growing corn in relatively poor conditions and how great the local government has been in supporting the effort...with a stego message hidden inside, then that is probably going to slip right through.
The best way to not get caught is to look like there is nothing to catch.
Re: (Score:1)
China is capitalist. Get your facts straight. It is very very capitalist. It just happens to be run by the new gen Communist Party, which allows capitalism.
Re: (Score:2)
For example, it's obvious that any television show hosted by Bob Saget is nothing more than a carrier for stenographic communication between earth and our intergalactic overlords.
Don't try to convince me that Full House and America's Funniest Home Videos survive on merit of ratings alone.
Re: (Score:2)
The best way to not get caught is to look like there is nothing to catch.
No, the best way to not get caught is to convince those watching you belong.
Re: (Score:2, Insightful)
You really think McPalin is going to get elected?
Re: (Score:2)
You are absolutely correct. Obama also didn't promise to fight for the rights of reindeer or promise to bring world peace.
I hope you are confused as I am, because none of those things have anything to do with socialism--just like your post (although your sentence construction makes me think you are Palin *wink*)
Re: (Score:3, Interesting)
"ordinary" people don't, and never really have. but there will always be people who need to transfer information undetected--spies, for instance.
if you're an undercover law enforcement agent, you could communicate with your agency without blowing the risk of blowing your cover by using steganography; likewise for whistleblowers who need to get information out of an organization with tight security. steganography would also be useful during wartime when cryptography isn't an option, or isn't enough.
i'm sure
Re: (Score:2)
"ordinary" people don't [need steganography], and never really have.
You're on acid (sorry, couldn't resist).
"Ordinary" people *do* have a need for encryption and even steganography. I don't particularly want the government, my employer, or anyone else for that matter to know the private details of my life. They don't need to know what medications I take, for what conditions, what my personal finances are, etc. Suppose I am out of town on a trip, and I need to use a credit card that I left at home. Should I have my wife e-mail the number, the expiration dat
Re: (Score:2)
um, read the post i was replying to. i never said normal people don't need cryptography. i was responding to the comment that there's no longer a need for steganography anymore just because encryption is commonplace.
also, you gave no examples of when an ordinary person would need steganography instead of encryption.
Re: (Score:2)
By hiding the data in your vacation pictures w
Re: (Score:2)
Do we need to hide crypto anymore?
Even the strongest crypto implementation and algorithm is still subject to Rubber Host Crypt-analysis, or even "court ordered cryptanalysis". In those cases stego would have some protection against these techniques.
Re: (Score:2)
Rubber Host
is that some kind of dominatrix that holds swinger's parties or something?
Re: (Score:2)
That entirely depends on how you define right vs wrong.
If something is disliked or unfavorable to the wealthy minority "wrong" ?
Is doing something because everyone else doing it "right" ?
The answer to both those questions should be: "Who cares!?" Right and wrong should be a personal thing. You don't like what someone else does ? Ok, your problem!
How to answer "if you're hiding something ..." (Score:3, Insightful)
Answer: "Why are you wearing clothes? Got something to hide?"
Re: (Score:2, Funny)
It is generally a bad idea to play a smartass in front of a cop on duty.
In a friendly debate with a moderately drunk chick in the bar, that may be appropriate.
Re: (Score:2)
Re: (Score:3, Informative)
Re: (Score:2)
When was that discovered?
Strangely (although typically), I did a thesis on Gulliver's Travels pointing out the various attacks on Newton and his physics. This was an historical work.
At the same time, I modified a subset of it and turned it in as an English Lit. paper. Neither disciplines saw eye-to-eye on the same content!
I was a bit bemused at the time and realised that truth and objectivity doesn't exist as far as historians and English literature are concerned.
In my research (mid 1970's), I had never co
Re: (Score:2)
Knitting code (Score:2)
In Sorcery and Cecelia [amazon.com] (or maybe it started in the sequel), the heroines knit fashionable items for each other, and code the message in the pattern of knits and purls.
Re: (Score:2)
Google is the perfect example (Score:5, Insightful)
I ignore lots of ads served up by them. They might as well not be there, I can't name one.
Were's Waldo's message? (Score:3, Informative)
"Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) "
There's a secret message in this post. Can anyone find it?
Re:Were's Waldo's message? (Score:5, Funny)
stegan O graphy i S T he a R t of hiding A message in su C h a way that only the sender and receiver realize it is there. (by contrast, cryptography disg U i S es the content of a message but makes no attempt to h I de it.)
there' S a secret messa G e in this post. c A n an Y one find it?
Re: (Score:1)
Already in use (Score:5, Funny)
In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract).
When my girlfriend is talking on the phone, I am almost never aware that a message is being sent. She is so effective, in fact, that often when I am the intended recipient I am not aware that a message is being sent!
Re: (Score:1)
Re:Already in use (Score:4, Insightful)
That's the part about noise increasing the capacity of a cryptographic channel.
stego vs crypto vs compression (Score:1, Interesting)
Umm. Duh.
Crypto and compressed data both tend to look like white noise. That makes them ideal stego candidates. When the data itself has a uniform distribution, it's really hard to to spot. It gets even harder if you apply a one time pad of random low-order bits to the stego medium and then modulate your signal in those bits. Thus, the actual ch
Re: (Score:2)
Abstract misinterpreted the paper. (Score:4, Insightful)
Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"
That's not what the paper claims. It claims that when there are multiple detectors, adding noise to the channel between the two detectors can increase the available bandwidth. This isn't really all that counter-intuitive when you think about it.
Re: (Score:2)
When you boil everything down, nothing is counter-intuitive
Except quantum physics, voting paradoxes, and why the guy in the car in front of you doesn't close the gap in front of him before... oh god, there he goes again, let some jerk driving down the breakdown lane sneak in front of him. I tell you, some people...
Re: (Score:2)
You're in a balloon.
Re: (Score:1)
And on page 8 of the arXiv PDF [arxiv.org], "Composite steganalyzers", it says explicitly that the capacity of the composite channel (using multiple steganalyzers) is less than that of channels using any one of the analyzers alone.
KFC at the arXiv blog got it wrong and the /. eds passed it on.
Maybe there's a hidden message in the mistake?
Probably not.
Stenography FTW (Score:4, Interesting)
You had to actually drive downtown to where the T-1 terminated to upload things in those days, see.
But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography. It went like this:
I have a number, that number is 356-32395510. I tell you that number. Then I take an image file and UUencode it. (for those who don't remember what that does, it's great for turning a binary file into a flat text file without losing any data). Then I take the message that I want to give you and drop it manually into the UUencoded file, like this:
Every third character on every second line starting from line 910, (the third, fifth and sixth digits of the are decoys) counting whitespace. The numbers always changed and had to be memorized when received as they were never written down. Everything to the left of the dash tells you what digits to the right of the dash are decoys. Use the number to find the characters and you have the message. Pull them out and you can UUdecode your picture again and look at it. Leave them in and the file looks merely corrupt. Email the stenographed file to the recipient who's memorized your number and there you have it.
The upside to this method is plausible deniability. If the fuzz finds a corrupt file called "FATLADYSEXHAHA.uue" on your computer, they have nothing. However, if they find a PGP file that you refuse to open for them, there can be issues.
Of course it's possible to break that kind of thing, but the point of stenography is that the man does not know it's a message of any kind, let alone a radical one all about how awesome cuba is.
Re:Stenography FTW (Score:4, Informative)
I've always had a warm spot for stenography
...
But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography.
...
Of course it's possible to break that kind of thing, but the point of stenography
So you hid your messages with stenography? The action of process of writing in shorthand or taking dictation? This word you keep using ... I do not think it means what you think it means.
Re: (Score:1)
Re: (Score:2)
Let me explain.
This "zindorsky" person decided to pass no judgment or comment on the content of the post itself, but only stopped to correct my spelling and word usage, implying that not only was he already privy to the information contained in the post, but also that I'd misspelled the word in question--or more probably that I didn't know what the word was to begin with.
So this next part is for you, "zindorsky":
I have an agraphia
Re: (Score:2)
Re: (Score:2)
But hell, it's not like it's got a better use these days.
Yes - Stenography (Score:2)
She was a secretary, back in the day. When you saw some scribbling on a note, you knew it was the chrismas shopping list or something, but who the hell knows what it said - even if you had a copy of Gregg's [wikipedia.org] you'd be hard pressed to figure it out, unless you really wanted to spoil the surprise.
Sorry try again (Score:3, Informative)
That's not steganography. That's encryption, and a crappy one at that. If you take your PGP file (and remove any unnecessary header stuff), it will also look like a corrupt file, just like your UUencoded image. Steganography is hiding some data inside something else, like hiding a message in an image. For example, the police see an image of kittens, but you hid your child porn in the LSBs of the image, they can't see it.
Re: (Score:2)
"encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge"
What I'm talking about is the following:
The art and science of writing hidden messages in such a way that no-one apart from the sender and intended recipient even realizes there is a hidden message.
What I described is *precisely* correct under definition. Let me be more clear, using the exam
Re: (Score:2)
There are other forms of hidden text or more correctly, 'meanings'.
One that comes to mind is the Pesher technique which is used to re-interpret holy texts.
The other is termed 'Legominism' also gnostic, as described by Gurdjieff who showed that missing or incorrectly ordered information, compared to correctly orderd information can also pass on meaning. That using a 'mask'.
For example as there are 7 days in the week - SMTWTF, and if the message reads SMTTWTFS then a message has passed on.
Legominisms can be p
Re: (Score:2)
Re: (Score:1)
How much info can you hide in a scientific paper? (Score:4, Insightful)
If there's going to be a practical use for this (and the conclusions don't say they've calculated "the answer", just that they've developed a framework, gaaah!) then my gut tells me that the answer is "not very much" - somehwere around the rounding-errors of the encoding mechanism.
So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?
A little, to the majority of the file size. (Score:2)
Anywhere between 0 and a bit less than 700MB of data, depending on desired quality of video. A one frame video stream with an unrecognized FOURCC tag as an alternate stream is valid AVI - the alternate stream is ignored by players, and can contain encrypted data. It is 'invisible' to non-uber users, and could concievably be an "experimental audio codec" for plausable deniability.
Re:How much info can you hide in a scientific pape (Score:3, Funny)
So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?
700 MB, if you do it in the dark.
Re: (Score:2)
No idea, but it is probably a lot less than you can stuff undetectably on a 700MB WAV file ;)
You can hide as much data as there is noise on your file (granted it is compressed and cryptographed), so when you record that WAV file, be sure to do that in a noisy anvironment. By the way, I didn't RTFA, to see what those people really discovered (obviously, not what the sumary say they did), I'm here to see if it is worth i
Re: (Score:2)
Steganography?? Whaddya know... (Score:3, Funny)
Re: (Score:1)
I think the email you are about to receive inviting you for a walk in the woods, may have a hidden message in it.
ducks? (Score:1)
Hiding in a JPEG ... (Score:3, Funny)
Too many unknowns (Score:3, Funny)
Calculating this with any accuracy would require knowledge of both the width of a Stegasaur (which can be approximated from their fossils), but also how fast they ran. Given other arguments about the unknowns of dinosaurs, the figures we can guesstimate for their speed are just to varied to calculate this capacity to any meaningful value.
Simple (Score:3, Funny)
The The secure capacity C (W, g, A) of a stego-channel give W [noise], g [steganalyzer], and A [attack] is given by C (W, g, A) = sup I(X;Z) for X an element of S0.
I is the spectral inf-mutual information rate for the pair of general sequences.
Z is the stego channel after encoding, noise, and attack (before decoding).
S0 is the secure input set, the set of encoded data that remains impossible to steganalyze after the addition of noise (but not necessarily attack).
I think mathematicians like to make their papers overly complex.
Messages that aren't really there (Score:3, Insightful)
Sometimes people think there is a steganographic message, when there isn't. The Bible Codes [biblecodedigest.com] are an example. The idea is that God hid secret messages in the Bible which are revealed by equidistant letter spacing. Never mind that such "messages" can be found by ELS in any sufficient large work [anu.edu.au]. Practitioners never seem to find the messages until after they become relevant...
Re: (Score:2)
Those were skip codes. You take a massive large block of text, then set your encoded message to be a particular starting offset from within this text, skip distance (or stride) between characters, and the length of the message.
From these three values (starting offset skip distance, length) you could extract a message.
I always wondered whether you could encode/extract an mp3 file from a suitably large ISO file (eg. Linux DVD ISO file) by defining a list of such messages.