[6516] in cryptography@c2.net mail archive
Re: The problem with Steganography
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Thu Jan 27 10:55:53 2000
Mime-Version: 1.0
Message-Id: <v0421010bb4b535e80609@[24.218.56.92]>
In-Reply-To: <t53k8kxbata.fsf@horowitz.ne.mediaone.net>
Date: Wed, 26 Jan 2000 22:43:30 -0500
To: Marc Horowitz <marc@mit.edu>, Rick Smith <rick_smith@securecomputing.com>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cryptography@c2.net
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 1:34 AM -0500 1/26/2000, Marc Horowitz wrote:
>Rick Smith <rick_smith@securecomputing.com> writes:
>
>>> The basic notion of stego is that one replaces 'noise' in a document with
>>> the stego'ed information. Thus, a 'good' stego system must use a crypto
>>> strategy whose statistical properties mimic the noise properties of the
>>> carrying document. Our favorite off the shelf crypto algorithms do *not*
>>> have this property -- they are designed to generate output that looks
>>> statistically random. So, can't we detect the presence of stego'ed data by
>>> looking for 'noise' in the document that's *too* random?
> >>
>>> For example, many stego implementations involve embedding data in the low
>>> order bits of a graphical image. Those low order bits undoubtedly have some
>>> measurably non-random statistical properties. Once we replace those bits
>>> with data, the bits will have serously random statistical properties. So,
>>> we can detect stego'ed data if the implementation uses any well known
> >> strong encryption algorithm.
>
Closely matching the statistical properties of a physical device
could be difficult. A different approach would be encouraging large
numbers of people with video Internet feeds to "pre-stego" their
material. This could be easily done by xor'ing low order bits with
bits generated by some strong crypto algorithm, frequently rekeyed by
dev/random. Perhaps Linux Webcam and Video chat packages could have
this feature enabled as a default. Since it would be impossible to
distinguish actual stego from pre-stegoed material, this would be a
very effective way to protest against attempts to restrict the flow
of information on the Internet. If enough people participated stego
would be undetectable.
Arnold Reinhold
