|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Mon, 31 Aug 1998 08:41:11 +0200 From: Anonymous <nobody@replay.com> To: cryptography@c2.net -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Russell - > Anonymous writes: > > One method of steganography is to hide the embedded message by means of > > changing random elements of the cover message. For example, the cover > > message may have various words where synonyms can be substituted. > > Everywhere the word "couch" appears it could be substituted with > > "sofa" and vice versa. > I must respectfully disagree. The problem of stego is not hiding > messages. There's plenty of extant noisy bits to hide messages in > (e.g. treat the lengths of the lines of this message as the width of > pulses, and use some pulse width modulation to get your bits out). > The problem is one of detecting the presence of a message. If the > output of the stego algorithm has a signature, then an attacker can > detect the presence of the message, which means that the stego > algorithm has failed. But how do you hide messages without leaving a signature? (By which you mean not a digital signature, but some statistical anomaly which is recognizable to indicate that a message exists.) How will you modulate the lengths of the lines of a message? Here is one possibility: Use a text justification algorithm. For each line, insert extra spaces to pad the line out to a desired width. So far, this is deterministic and doesn't provide a stego channel. To add a random element, choose the inter-word locations where extra spaces will be added at random. This is now a stego channel, and it corresponds exactly to the one described. For each space to add, randomly select an inter-word location and add the space there. This random selection can be driven by the message to be embedded exactly as described. This very message has a 53 byte hidden message encoded in it using this channel. > If the output of the stego algorithm is completely random bits, then > how do you know that there's a message? Answer is, "you decode it." > But do you go around decoding every random sequence of bits that > happens into your life? No, you have a standard place to look for > messages. Well, if it's standard, then the attacker knows where to > look as well. But if the attacker knows where to look, then your > stego algorithm had better have perfectly random output. Yes, but the algorithm described does. Now, this can actually be a problem because it may look "too random". How many documents will actually have exactly 50% usage of "sofa" and "couch" in places where either might appear? This could flag the document as containing a message. A better example might be the card-playing protocol described. Then there are well defined probabilities which are being followed by the program. In this case using the embedded message to control the choices according to the probability distribution will be much harder to detect. Using this encoding system, only you can recognize that the random data will decrypt to a meaningful message. To anyone else, it looks like purely random data. > Using a shared secret list of synonyms is nice, but it suffers from > all the usual problems of key distribution. It's not supposed to be secret. Make it public. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNeokupERADbySURoEQKukgCfRzIn9wcId7zzoA08noovGBO0JrYAoKqD 09vIJFAxWTTsQNRfHg4kPhHj =CDEc -----END PGP SIGNATURE-----
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |