×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Calculate Capacity of a Steganographic Channel

timothy posted more than 5 years ago | from the intentionally-not-left-blank dept.

Security 114

KentuckyFC writes "Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) The central problem for steganographers is how much data can be hidden without being detected. But the complexity of this problem has meant it has been largely ignored. Now two computer scientists (one working for Google) have made a major theoretical breakthrough by tackling the problem in the same way that the electrical engineer Claude Shannon calculated the capacity of an ordinary communications channel in the 1940s. In Shannon's theory, a transmission is considered successful if the decoder properly determines which message the encoder has sent. In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract). Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

114 comments

counter-intuitive results? (4, Funny)

ccguy (1116865) | more than 5 years ago | (#25626581)

The results are interesting and in some cases counter-intuitive (for example, adding noise to channel can increase its steganographic capacity

How is that counter-intuitive? Many of us regularly backup our stuff here in slashdot, and no one has complained so far (which, being the slashdot crowd what it is, is definite proof that no one has noticed).

In fact, a port of gmail drive to slashdot is already in beta.

Re:counter-intuitive results? (1)

russotto (537200) | more than 5 years ago | (#25626695)

It's not counter-intuitive at all that adding noise to a channel can increase its steganographic capacity, since steganographic data can look like noise.

Re:counter-intuitive results? (1, Insightful)

ccguy (1116865) | more than 5 years ago | (#25626819)

That's what I'm saying.

Slashdot. Noise and redundancy. Backup for nerds.

Re:counter-intuitive results? (2, Funny)

Anonymous Coward | more than 5 years ago | (#25626875)

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Maecenas non felis. Cras in ligula in odio pellentesque vehicula. Aliquam metus nulla, venenatis sit amet, feugiat nec, pharetra ut, justo. Fusce tincidunt, massa eu iaculis iaculis, lacus nisi ullamcorper orci, ac sodales arcu massa at urna. Ut mattis nulla interdum urna. Praesent consequat. Fusce pede diam, pretium tempor, egestas eget, rhoncus in, sem. Sed semper. Nam in lorem sed nisl blandit commodo. Donec tempus, eros vel fermentum dictum, nibh sem imperdiet arcu, quis porttitor pede mauris eu mi. Aenean eu dui nec ligula dapibus aliquam. Integer eget libero nec velit pellentesque facilisis. Pellentesque diam sapien, auctor sit amet, mollis et, condimentum quis, nisi. Proin in libero nec nulla suscipit varius. Vestibulum facilisis enim sed magna semper tempus. Aliquam posuere. Fusce suscipit ante at nulla tincidunt fringilla. Aliquam fringilla dui eget ante. Ut rhoncus tortor nec pede.

Aenean posuere. Suspendisse vehicula ornare lectus. Aliquam eros sem, iaculis id, consequat eu, varius ac, elit. Sed feugiat pretium est. Vivamus tellus elit, convallis et, pulvinar vitae, egestas id, justo. Vivamus id dui. Donec lacus. Phasellus placerat pharetra felis. Donec sed pede in lacus pretium porta. Maecenas semper imperdiet est. Mauris varius. Lorem ipsum dolor sit amet, consectetuer adipiscing elit.

Re:counter-intuitive results? (0)

Anonymous Coward | more than 5 years ago | (#25628175)

Where can I get your viagra again? Thank you!

Re:counter-intuitive results? (0)

Anonymous Coward | more than 5 years ago | (#25633081)

State your affiliations, my son!

Re:counter-intuitive results? (3, Insightful)

DarthJohn (1160097) | more than 5 years ago | (#25626957)

That's not what it says (somebody fixed a typo in the summary?).

in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel

More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.

Re:counter-intuitive results? (1)

russotto (537200) | more than 5 years ago | (#25627059)

It says both:

The results are interesting and in some cases counter-intuitive (for example, adding noise to channel can increase its steganographic capacity and in some cases, mounting two attacks on a channel instead of one can do the same)

I find the second counterintuitive, but the first not so. Perhaps the article-writers intended for the first to be "interesting" and the second "counter-intuitive", but to be fair to the summary-writer, it's not that clear.

Re:counter-intuitive results? (2, Funny)

Anonymous Coward | more than 5 years ago | (#25627127)

Is that what they mean? It's very counterintuitive if so.

I read it to mean that if the user (rather than the interceptor) uses various algorithms to store data he can store more data, which is not counter-intuitive at all.

Bugger, we're going to have to RTFA.

Re:counter-intuitive results? (0)

Anonymous Coward | more than 5 years ago | (#25631377)

Bugger, we're going to have to RTFA.

Good luck. Just took a look at the thing, and it's actually a Real Academic Paper, which means that the (probably singular, and probably only minorly clever, if it's anything like most papers I've read) essential nugget of logic is so severely obfuscated by mathematical technicalities that you'd have to study the damn thing for quite a while to figure out what it is - at the very least you have to read it enough to figure out what their symbols all mean. As far as math papers go, it's not that bad, but at least I don't care enough about the result to put in the hours that it would take.

Ah, for the days when I actually could afford to spend hours each day poring over research papers in fields that have nothing to do with my own...

Does anyone that does care enough to read it feel like sharing a "close enough for physics" summary?

Re:counter-intuitive results? (1)

Golddess (1361003) | more than 5 years ago | (#25629905)

More people looking for hidden data makes it possible to hide more data. I find that counter-intuitive.

Not more people, different people. IE, say you've got a channel with two sets of hidden data intermingled with each other. One algorithm will decode the one set, while a second algorithm decodes the second.

At least that's how it sounded to me.

Re:counter-intuitive results? (0)

Anonymous Coward | more than 5 years ago | (#25629713)

So that right-wing nutjob I've been arguing with is just a fragment of somebody's backup?

I think that means I lost an argument. On the internet.

Re:counter-intuitive results? (0)

Anonymous Coward | more than 5 years ago | (#25633463)

DAMN, now why didn't i think of that?

Thanks!

Need for steganography (4, Interesting)

CRCulver (715279) | more than 5 years ago | (#25626689)

Around the turn of the millennium steganography became a big topic, the idea being that using PGP would only draw attention from the authorities. In my Amazon review of Schneier's Applied Cryptography [amazon.com] I even complained that Bruce didn't talk about how to hide even the use of crypto.

But now that SSL is everywhere and the use of encrypted VPNs is a typical part of telecommuting, I don't think cryptography suggests the same anti-authoritarian counter-culture rumblings it used to. Do we need to hide crypto anymore?

Re:Need for steganography (4, Interesting)

zappepcs (820751) | more than 5 years ago | (#25627065)

Well, there may not be a pressing public need to hide cryptography usage, but if you want your data secure from prying eyes, additional measures are a good idea. Blue-Ray just got hacked (again) and it was supposed to be valid security for a decade... right?

If what you encrypt with can be broken by others, then it is not doing the intended job. If you use PGP, and the decrypted message between you and another trusted user is encrypted already, the likelihood of your message being decoded is substantially less.

In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.

Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.

Both the PGP and this encryption (or another) can be decoded quickly on the fly. It's possible that those pesky 'terrorists' could be using v1 aGr4 spam to send messages.

Re:Need for steganography (3, Insightful)

Ironsides (739422) | more than 5 years ago | (#25627775)

Bluray is not a good counterpoint. Bluray is not designed to keep the contents from being read by anyone but the 'appropriate person', it is designed to keep anyone from copying it. However, it still meeds to be readable in the player. As such, it is like trying to keep someone from photocopying something while they still need to be able to read/view it. In encryption, you don't care if the 'appropriate person' copy it, you just don't want anyone else to be able to view it.

Re:Need for steganography (2, Interesting)

zappepcs (820751) | more than 5 years ago | (#25627917)

While that is all true, I mentioned Blue-ray only because it was supposed to be tough encryption to break. "Supposed to be" is the key part of that sentence, and it demonstrates how fragile simple encryption really is.

While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different. There are algorithms that can determine much of what you wrote by looking at repeating characters. Length of words etc. making ROT13 style easy to decode. It also makes the cadence or meter of your normal words decipherable. So, if a cracker can figure out PGP, even guessing brute force at the private key, there are many techniques that help them. If your text is encoded twice, those added techniques are of arguably little value.

Re:Need for steganography (2, Insightful)

Sancho (17056) | more than 5 years ago | (#25628265)

What was broken was not encryption. It's a form of DRM which did not rely on encryption.

BD+ (the DRM component which they claimed would last for 10 years) is a virtual machine on which a disc can run arbitrary code. The disc can run this code to try to guess at the authenticity of the player in which it is being played. The idea is that if a player has been tampered with, it can be detected by the disc. It also means that as new attacks on players become possible, it's possible to update the checks that the disc uses BD+ to perform. If the player doesn't pass the check, the disc refuses to play.

Surprise, surprise, it was possible to reverse engineer the virtual machine, and now unauthorized players can run the code and tamper with the results.

So this is both a poor example of how fragile encryption can be (it's not encryption) and a bad example of keeping data from prying eyes (as the other guy pointed out, Blu-ray is designed to be viewed.)

Worse:

While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different.

Known-plaintext attacks are an understood phenomenon, and encryption algorithms are designed to thwart them. Blu-ray encryption uses AES, which is believed to be secure from this sort of attack.

Re:Need for steganography (0)

Anonymous Coward | more than 5 years ago | (#25629255)

"The disc" doesn't do anything at all. It's all in the player...

Re:Need for steganography (0)

Anonymous Coward | more than 5 years ago | (#25629717)

a bad example of keeping data from prying eyes

as many previous DRM threads have pointed out, the major failing of DRM is that it is trying to keep its data from prying eyes, but those prying eyes are yours. you are both the intended recipient of the data and the intruder, and that is why DRM can never succeed.

Re:Need for steganography (1)

complete loony (663508) | more than 5 years ago | (#25634955)

... which did not rely on encryption

Yes, and no. Some of those "traps" that the BDVM code can call are cryptography methods. However the encryption keys used will either be generated by the BDVM code, or are already known from the AACS system.

Re:Need for steganography (0)

Anonymous Coward | more than 5 years ago | (#25629211)

"Supposed to be" by whom? It was Yet Another Encryption Method Designed By Idiots Who Should Have Taken A Proper One Off The Shelf.

Same story as DVD-CSS and those Oyster cards. The fault is always that some idiot "invented" his own "encryption" and failed.

Every proper encryption standard from DES onwards is uncrackable as far as we know (other than by brute force). But standards like CSS have trivial plaintext attacks.

Regardless, OP's point is that you don't have to break the encryption to break the DRM. I'm not sure to what extent the BluRay DRM has been "cracked" but it's quite possible that this has been done without providing an actual attack on the main cipher.

Re:Need for steganography (0)

Anonymous Coward | more than 5 years ago | (#25629557)

While that is all true, I mentioned Blue-ray only because it was supposed to be tough encryption to break. "Supposed to be" is the key part of that sentence, and it demonstrates how fragile simple encryption really is.

Most DRM schemes package the key with the encrypted content; or the key in the player. If you don't have a copy of the key, you can't see the data that you payed for. While breaking the encryption on most DRM would take a very long time, finding where the keys are hidden doesn't. This is a flaw intrinsic to DRM as it currently implemented, and the very premise is flawed.

Encryption is only as secure as the keys are secret.

The people making claims about DRMs security and length are not generally the same experts who deal with the most common types encryption.

While the hacker can find an unencrypted version of a movie and more or less determine what the encryption should look like when decoded, your common text messages are not much different.

This isn't how most DRMs are cracked, because most types of encryption have guards against this angle of attack. Moreover, if it were vulnerable this would require an identical version in clear. Thus, you don't need to unencrypted it, since you'd already have it in the clear.

There are algorithms that can determine much of what you wrote by looking at repeating characters. Length of words etc. making ROT13 style easy to decode.

ROT13, rotate 13, isn't a form of strong encryption. It is infact one of the weakest. Cryptogram replacement in general is not secure.

So, if a cracker can figure out PGP, even guessing brute force at the private key, there are many techniques that help them.

There are fundamental differences between ROT13 and PGP (or GPG as it is now called since being turned over to the FSF). Every time you encrypt with GPG or PGP to a public key a "session key" is created, the message is encrypted to that key (I think this usees AES), (then signed if you chose to sign the message), then the key is encrypted with an asymmetric encryption (RSA or that ilk) to the public key. The only one able to decrypt the session is the person(s) with the private key. If you manage to break the AES, which would get you much fame and glory (and likely job offers from the NSA), then you have the message and session keys only, not the GPG or PGP (RSA or that ilk) keys.

Brute forcing the RSA keys is possible... Just not probable. The NSA, banking institutions, SSL, SSH and many other institutions and technology use RSA specifically because the probability of brute forcing the RSA key in a life time (more less the time at which the data is relevant) has a limit approaching zero.

Brute forcing someones pass phrase if you have the other part of their key is more likely, but even that would take a considerable amount of time with a reasonably secure pass phrase.

When I say brute force, I'm not talking about a person typing either, I mean a large cluster chugging at it.

Re:Need for steganography (1)

SpurtyBurger (1400111) | more than 5 years ago | (#25628335)

In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate

Looks like the spam I get just about every day! The only thing missing is the cheap c14L15 ;)

Re:Need for steganography (0)

Anonymous Coward | more than 5 years ago | (#25628429)

I can get : In terse I think you are wrong

the rest of it I can't see anythin ...

Re:Need for steganography (1, Funny)

Anonymous Coward | more than 5 years ago | (#25628733)

In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.

"In short, I think you are wrong, but it's your problem."

Re:Need for steganography (1)

zappepcs (820751) | more than 5 years ago | (#25629481)

Indeed, and that is a short, simply encoded message with easily discernible rules, if you know English and have a dictionary (in your head or otherwise).

It can be much more complex but stay with simple rules, and without much effort it can make any message encrypted with PGP or whatever look like and be an encrypted message when the first decryption is complete. In fact, it might make no sense at all without having received the previous message, or perhaps not until you receive the next, or until your software scans the most recent page found when searching /. for the text in the 7th sentence.

What amazed me lately is when a social web site was named as possibly being used by 'terrorists'. Fsck, all websites could be used by terrorists to pass messages. Fox news could be used to pass messages. It's all in how you encrypt etc. When you don't have to rely on a fixed key (public or otherwise) the encryption becomes much stronger. Encrypting with a public encoding scheme after doing so with a private one of a random nature will ensure a much better security of data. Yes, this can be used on publicly stored data, as part of emails or files on Google services etc. You can encrypt messages into graphics files, or MP3 files. Or store the secondary key in such publicly available files. Straight forward encryption will get broken.

Yes, what I'm saying will take a bit extra time/effort, but when the prying eyes of the government are having to break 114 million different codes, all of which could be as strong as 256bit encryption, gathering everyone's packets becomes a bit of a nightmare. Stenographic encryption, or hiding the message in plain site is a good way to keep it safe. It's also easy to implement forms of it:

    2 4 40 15 57 110 23 61 115 39 96 55 77 53

Another simple one there. That is what you would have after PGP decodes with the private key. Now additional code will render this to standard text.

Re:Need for steganography (1)

DerekLyons (302214) | more than 5 years ago | (#25629015)

If what you encrypt with can be broken by others, then it is not doing the intended job.

  WRONG.
 
Cryptography only needs to be strong enough to protect the encoded contents for as long as said contents retain value. It does not need to remain unbroken forever.
 

In south or terse, I touch in kelp. You are wrought on girls, but it's young urine poor obese ladle mate.
 
Encrypting is not hard, but if what you decrypt looks like this above, it may be hard to decipher and not worth the effort. BTW, that is decipherable.

Wrong again - if it is worth the time of those attempting to decrypt your initial message, then it is worth their time to break the second layer.

Re:Need for steganography (5, Insightful)

Ngarrang (1023425) | more than 5 years ago | (#25627107)

Do we need to hide crypto anymore?

Yes. There are many places in this world where freedom of information is oppressed. Having a method of communicating in the clear without raising any red flags is a Good Thing(tm).

For example, let's say you are an evil political dissident in China, trying to spread ideas of democracy and capitalism. If you send an encrypted message to your corrupt imperialist American ally, that seems suspicious. If you have nothing to hide, then why are you hiding it?

But, if you can send your friend a message about how you are growing corn in relatively poor conditions and how great the local government has been in supporting the effort...with a stego message hidden inside, then that is probably going to slip right through.

The best way to not get caught is to look like there is nothing to catch.

Re:Need for steganography (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25627849)

And the American ally would reply, "Don't ask us for help, we're electing a socialist over here, we don't believe in capitalism anymore."

Re:Need for steganography (1, Insightful)

blueskies (525815) | more than 5 years ago | (#25628005)

You really think McPalin is going to get elected?

Re:Need for steganography (0)

Anonymous Coward | more than 5 years ago | (#25628539)

There is a trend towards more "comprehensive" government. Each new piece of legislation is another right we may never see again. Last time I checked, Obama didn't promise to veto every bill that fails to repeal a previous law.

Re:Need for steganography (1)

blueskies (525815) | more than 5 years ago | (#25632913)

Each new piece of legislation is another right we may never see again. Last time I checked, Obama didn't promise to veto every bill that fails to repeal a previous law.

You are absolutely correct. Obama also didn't promise to fight for the rights of reindeer or promise to bring world peace.

I hope you are confused as I am, because none of those things have anything to do with socialism--just like your post (although your sentence construction makes me think you are Palin *wink*)

Re:Need for steganography (0)

Anonymous Coward | more than 5 years ago | (#25630257)

You really think McPalin is going to get elected?

You really think whomever sits in that position has any clue whatsoever as to the most of the questionable activities of [insert 3-letter agency under their "control" here] at any given moment? Fucking please.

Trust me, we have a need to protect our privacy in as many subtle ways as possible. Give it another few years of terrorism paranoia, and ANYONE using encryption on a regular basis for communications will be flagged as a terrorist and interrogated as such.

Re:Need for steganography (1)

Anonymous Coward | more than 5 years ago | (#25628085)

China is capitalist. Get your facts straight. It is very very capitalist. It just happens to be run by the new gen Communist Party, which allows capitalism.

Re:Need for steganography (1)

AttillaTheNun (618721) | more than 5 years ago | (#25629739)

Of course, you have to pick your carrier carefully or you will still raise suspicion.

For example, it's obvious that any television show hosted by Bob Saget is nothing more than a carrier for stenographic communication between earth and our intergalactic overlords.

Don't try to convince me that Full House and America's Funniest Home Videos survive on merit of ratings alone.

Re:Need for steganography (0)

Anonymous Coward | more than 5 years ago | (#25629975)

Places in the world where the freedom of information is oppressed? You mean like the current-day US or England?

Regardless of whether the data you want to hide is, or could be considered, subversive the fact that you don't want it known or spread around is simple privacy. It's a sad state of affairs when the simple fact of wanting to keep something personal is considered questionable and subversive. China, among other countries, is long known for suppression of information. Sadly, it may be the future where the democratic societies outdo the supposed repressive societies for this type of thing.

Steganography provides for a way to keep something private without drawing undue attention to itself. Searching for a stenographic message is more difficult than standard cryptography in that you have to detect whether it is there in the first place.

Re:Need for steganography - in US next week (0)

Anonymous Coward | more than 5 years ago | (#25630447)

Or in the US under the new administration, you might need to communicate much like those "evil political dissidents in China".

Re:Need for steganography (2, Interesting)

lysergic.acid (845423) | more than 5 years ago | (#25627241)

"ordinary" people don't, and never really have. but there will always be people who need to transfer information undetected--spies, for instance.

if you're an undercover law enforcement agent, you could communicate with your agency without blowing the risk of blowing your cover by using steganography; likewise for whistleblowers who need to get information out of an organization with tight security. steganography would also be useful during wartime when cryptography isn't an option, or isn't enough.

i'm sure there are probably much more mundane uses for steganography as well, but you get the idea.

Re:Need for steganography (1)

element-o.p. (939033) | more than 5 years ago | (#25629731)

"ordinary" people don't [need steganography], and never really have.

You're on acid (sorry, couldn't resist).

"Ordinary" people *do* have a need for encryption and even steganography. I don't particularly want the government, my employer, or anyone else for that matter to know the private details of my life. They don't need to know what medications I take, for what conditions, what my personal finances are, etc. Suppose I am out of town on a trip, and I need to use a credit card that I left at home. Should I have my wife e-mail the number, the expiration date and the CCV code in the clear?

When dealing with their own security, the government calls this "need to know." Other people don't need to know these details of my life, and therefore it is reasonable that I encrypt or hide these details in steganography when I use an insecure channel (like the Internet).

Re:Need for steganography (1)

lysergic.acid (845423) | more than 5 years ago | (#25630989)

um, read the post i was replying to. i never said normal people don't need cryptography. i was responding to the comment that there's no longer a need for steganography anymore just because encryption is commonplace.

also, you gave no examples of when an ordinary person would need steganography instead of encryption.

Re:Need for steganography (1)

Vellmont (569020) | more than 5 years ago | (#25627423)


Do we need to hide crypto anymore?

Even the strongest crypto implementation and algorithm is still subject to Rubber Host Crypt-analysis, or even "court ordered cryptanalysis". In those cases stego would have some protection against these techniques.

Re:Need for steganography (0)

Anonymous Coward | more than 5 years ago | (#25628459)

No, be proud!

More seriously though, just get it mainstream (as it arguably has become with torrent encryption, gmail https, etc.) and the "if you're hiding something you must be doing something wrong" stops looking so plausible. Everyone can't be doing something wrong can they? Then again a huge % of traffic is torrents (and they're not all downloading linux isos). -g

Re:Need for steganography (1)

billcopc (196330) | more than 5 years ago | (#25629585)

That entirely depends on how you define right vs wrong.

If something is disliked or unfavorable to the wealthy minority "wrong" ?

Is doing something because everyone else doing it "right" ?

The answer to both those questions should be: "Who cares!?" Right and wrong should be a personal thing. You don't like what someone else does ? Ok, your problem!

How to answer "if you're hiding something ..." (2, Insightful)

JetScootr (319545) | more than 5 years ago | (#25630315)

The cop says, "If you're doing nothing wrong, you have nothing to hide."
Answer: "Why are you wearing clothes? Got something to hide?"

Re:How to answer "if you're hiding something ..." (2, Funny)

Katatsumuri (1137173) | more than 5 years ago | (#25631407)

It is generally a bad idea to play a smartass in front of a cop on duty.

In a friendly debate with a moderately drunk chick in the bar, that may be appropriate.

Tazer:zap! zap! zap!(n/t) (0)

Anonymous Coward | more than 5 years ago | (#25632139)

I said, no text!

Re:Need for steganography (2, Informative)

DingerX (847589) | more than 5 years ago | (#25628745)

Don't disrespect it. In fact, steganography has had many many uses over the years. Naming just one case, steganography is the ultima ratio of intellectual property protection. Gulliver's Travels, for example, was published pseudonymously and "signed" steganographically. Even better, it was signed at least two ways, one using a "Soft" method, the other a "Hard" one. Right on the first page, Gulliver states: "Soon after my return from Leyden, I was recommended by my good master, Mr. Bates, to be surgeon to the Swallow." Evidently, Swallow is a synonym for "Swift", and the onanistic gag is thrown in for good measure. That's the one you're supposed to catch. Really fun, however, is the incipit: "My father had a small estate in Nottinghamshire: I was the third of five sons."

I was the third of five sons: Cross out the third and fifth words, and the first letters of the remaining words form an anagram for "swift".

Numerous other cases abound. I'm sure many of us have little coding tricks in which we "sign" our names. A watermark on a jpeg is nice, but it's even nicer if the guy who's going to swipe your images doesn't even know they're signed.

Sometimes it helps to publish something anonymously; at other times, you might have a legitimate worry about your work being appropriated. In those cases, steganography has always been a savior.

Re:Need for steganography (1)

Whiteox (919863) | more than 5 years ago | (#25634155)

When was that discovered?
Strangely (although typically), I did a thesis on Gulliver's Travels pointing out the various attacks on Newton and his physics. This was an historical work.
At the same time, I modified a subset of it and turned it in as an English Lit. paper. Neither disciplines saw eye-to-eye on the same content!
I was a bit bemused at the time and realised that truth and objectivity doesn't exist as far as historians and English literature are concerned.
In my research (mid 1970's), I had never come across the steganographical aspect of Dean Swift's work(s). So I'm intrigued about your sources and knowledge about him.

Re:Need for steganography (1)

DingerX (847589) | more than 5 years ago | (#25635603)

I've got no idea. As an undergraduate, I took a bunch of courses with a crazed philologist (long before I realized that all philologists are crazed, and that I must bury somewhere in the apparatus the note that I am an historian), and he'd spout out random "facts," most of which I found out later were false. But Swift worked pretty well, and I have no idea where he picked that one out. He followed it up with one that claimed that if you take the opening of Lazarillo de Tormes and play acrostic with the first lines, you can bring out the name of Hurtado de Mendoza. I wasn't convinced by that one then.

Re:Need for steganography (1)

AmberBlackCat (829689) | more than 5 years ago | (#25635303)

The people, who really need cryptography, basically need the rest of us to use it even though we don't need it, so we will become the noise that keeps them from standing out.

Google is the perfect example (4, Insightful)

NotQuiteReal (608241) | more than 5 years ago | (#25626711)

hiding a message in such a way that only the sender and receiver realize it is there

I ignore lots of ads served up by them. They might as well not be there, I can't name one.

Were's Waldo's message? (2, Informative)

Ostracus (1354233) | more than 5 years ago | (#25626713)

"Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) "

There's a secret message in this post. Can anyone find it?

Re:Were's Waldo's message? (5, Funny)

Anonymous Coward | more than 5 years ago | (#25627063)

stegan O graphy i S T he a R t of hiding A message in su C h a way that only the sender and receiver realize it is there. (by contrast, cryptography disg U i S es the content of a message but makes no attempt to h I de it.)

there' S a secret messa G e in this post. c A n an Y one find it?

Re:Were's Waldo's message? (0)

Anonymous Coward | more than 5 years ago | (#25633311)

You missed an *I* there old chap.

But it's not a nice thing to talk about an ex lover like that.

Didn't your mother tell you not to air your dirty laundry in public?

Already in use (5, Funny)

xmarkd400x (1120317) | more than 5 years ago | (#25626977)

In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract).

When my girlfriend is talking on the phone, I am almost never aware that a message is being sent. She is so effective, in fact, that often when I am the intended recipient I am not aware that a message is being sent!

Re:Already in use (0)

Anonymous Coward | more than 5 years ago | (#25627103)

what girlfriend? First of all, you're on slashdot. No one believes you. Second of all, if you ignore her, she goes away... so, I ask again..
 
What girlfriend?

Re:Already in use (3, Insightful)

ceoyoyo (59147) | more than 5 years ago | (#25627219)

That's the part about noise increasing the capacity of a cryptographic channel.

Re:Already in use (0)

Anonymous Coward | more than 5 years ago | (#25632137)

I find my new and improved version of PC new speak significantly improves my understanding!

stego vs crypto vs compression (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25627161)

"for example, adding noise to channel can increase its steganographic capacity and in some cases, mounting two attacks on a channel instead of one can do the same)."

Umm. Duh.

Crypto and compressed data both tend to look like white noise. That makes them ideal stego candidates. When the data itself has a uniform distribution, it's really hard to to spot. It gets even harder if you apply a one time pad of random low-order bits to the stego medium and then modulate your signal in those bits. Thus, the actual channel capacity is nearly identical to the bitrate of the low order pre-wash bits. QED. No fancy assumptions needed.

p.s. Nabalzbhf Pbjneq sbe Cerfvqrag!

Re: mods on crack (0)

Anonymous Coward | more than 5 years ago | (#25627905)

How is the parent worthy of -1? Humorous on-topic rot-13 postscripts are not a license to downmod.

Re: mods on crack (1)

MrMr (219533) | more than 5 years ago | (#25630441)

Sorry, but I mod subsequent anonymous posts to -1 or 0 to encode my secret messages.

Abstract misinterpreted the paper. (3, Insightful)

argent (18001) | more than 5 years ago | (#25627553)

Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel"

That's not what the paper claims. It claims that when there are multiple detectors, adding noise to the channel between the two detectors can increase the available bandwidth. This isn't really all that counter-intuitive when you think about it.

Re:Abstract misinterpreted the paper. (0)

Anonymous Coward | more than 5 years ago | (#25629305)

When you boil everything down, nothing is counter-intuitive because once you realize why something is the way it is, then it makes sense. However, when you only see the cause and effect and not the underlying reason, sometimes its counterintuitive, such as, the more people looking, the more places there are to hide.

Re:Abstract misinterpreted the paper. (1)

argent (18001) | more than 5 years ago | (#25629675)

When you boil everything down, nothing is counter-intuitive

Except quantum physics, voting paradoxes, and why the guy in the car in front of you doesn't close the gap in front of him before... oh god, there he goes again, let some jerk driving down the breakdown lane sneak in front of him. I tell you, some people...

Re:Abstract misinterpreted the paper. (0)

Anonymous Coward | more than 5 years ago | (#25629895)

"It isn't really all that counter-intuitive when you think about it"...Um...if you have to think about it, then by definition it is counter-intuitive...

Re:Abstract misinterpreted the paper. (1)

Onymous Coward (97719) | more than 5 years ago | (#25630075)

And on page 8 of the arXiv PDF [arxiv.org], "Composite steganalyzers", it says explicitly that the capacity of the composite channel (using multiple steganalyzers) is less than that of channels using any one of the analyzers alone.

KFC at the arXiv blog got it wrong and the /. eds passed it on.

Maybe there's a hidden message in the mistake?

Probably not.

Stenography FTW (3, Interesting)

yttrstein (891553) | more than 5 years ago | (#25627581)

I've always had a warm spot for stenography, and it's actually much handier for certain types of communications than others. For example, in the two nights preceeding the last Democratic National Convention that was held in Chicago (1996), a subversive media organization, armed with clunky digital cameras and a T-1 on the south side donated by the Teamsters photographed and filmed more than a hundred instances of police brutality, uploading them to the web with about a 30 minute delay.

You had to actually drive downtown to where the T-1 terminated to upload things in those days, see.

But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography. It went like this:

I have a number, that number is 356-32395510. I tell you that number. Then I take an image file and UUencode it. (for those who don't remember what that does, it's great for turning a binary file into a flat text file without losing any data). Then I take the message that I want to give you and drop it manually into the UUencoded file, like this:

Every third character on every second line starting from line 910, (the third, fifth and sixth digits of the are decoys) counting whitespace. The numbers always changed and had to be memorized when received as they were never written down. Everything to the left of the dash tells you what digits to the right of the dash are decoys. Use the number to find the characters and you have the message. Pull them out and you can UUdecode your picture again and look at it. Leave them in and the file looks merely corrupt. Email the stenographed file to the recipient who's memorized your number and there you have it.

The upside to this method is plausible deniability. If the fuzz finds a corrupt file called "FATLADYSEXHAHA.uue" on your computer, they have nothing. However, if they find a PGP file that you refuse to open for them, there can be issues.

Of course it's possible to break that kind of thing, but the point of stenography is that the man does not know it's a message of any kind, let alone a radical one all about how awesome cuba is.

Re:Stenography FTW (4, Informative)

zindorsky (710179) | more than 5 years ago | (#25627821)

I've always had a warm spot for stenography

...

But how did we communicate our plans and schemes to actually be present at "hotspots" when the shit really went down? Stenography.

...

Of course it's possible to break that kind of thing, but the point of stenography

So you hid your messages with stenography? The action of process of writing in shorthand or taking dictation? This word you keep using ... I do not think it means what you think it means.

Re:Stenography FTW (0)

yttrstein (891553) | more than 5 years ago | (#25628199)

Wow, what a thoroughly embarrassing error that is. Thank goodness the rest of my post stands quite reasonably on it's own and contains no logical or factual errors, otherwise it may have been relevant to some sort of point to point out my consistent mistake.

Re:Stenography FTW (0)

Anonymous Coward | more than 5 years ago | (#25629583)

You could say you had a Palin moment!

Re:Stenography FTW (1)

yttrstein (891553) | more than 5 years ago | (#25630537)

I don't think I deserve that down-mod along with "zindorsky's" judgment here.

Let me explain.

This "zindorsky" person decided to pass no judgment or comment on the content of the post itself, but only stopped to correct my spelling and word usage, implying that not only was he already privy to the information contained in the post, but also that I'd misspelled the word in question--or more probably that I didn't know what the word was to begin with.

So this next part is for you, "zindorsky":

I have an agraphia aphemia, more precisely a Wernicke aphasia in morbid coupling with an ideomotor apraxia as a result of a brain injury some years ago. The result is interesting and bizarre---while I'm capable of typing well in excess of 120wpm on a low-travel keyboard, there are some words which are not accessible to my mind in written form. That means that I am capable of thinking of the word in my head, I can say it to myself, but I cannot imagine it spelled with letters at all, and I cannot even begin to type it. However, I've trained myself to cope with this minor issue by using very similar words and hope that context does the rest. And for about five years, up until now actually, it has.

You'll notice a few consistently wrong words in many of my posts---but which are phonetically close to the inaccessible word. You'll also see inexplicably missing words in many of my posts, which happens when I end my frustration by picking up typing speed. If I don't have a word ready to go at 120wpm or more, no word gets used in its place. The sentence goes on without it.

So, "zindorsky", do try to understand that sometimes it isn't so much that you have a superior intellect, but that you don't have enough information.

Re:Stenography FTW (0)

Anonymous Coward | more than 5 years ago | (#25632585)

You can't spell, you got called on it (in a jocular way). Get over yourself already.

Re:Stenography FTW (0)

Anonymous Coward | more than 5 years ago | (#25631059)

it's == it is. Oh and your post sucks, your idea is stupid.

Re:Stenography FTW (1)

yttrstein (891553) | more than 5 years ago | (#25631287)

You're fired, Thomas. You know the drill. You have 300 seconds to say your goodbyes and bitch about how evil I am to fire you via Slashdot reply.

But hell, it's not like it's got a better use these days.

Yes - Stenography (1)

NotQuiteReal (608241) | more than 5 years ago | (#25628793)

My mom used to hide notes from the rest of the family, in plain sight, using short hand.

She was a secretary, back in the day. When you saw some scribbling on a note, you knew it was the chrismas shopping list or something, but who the hell knows what it said - even if you had a copy of Gregg's [wikipedia.org] you'd be hard pressed to figure it out, unless you really wanted to spoil the surprise.

Re:Stenography FTW (0)

Anonymous Coward | more than 5 years ago | (#25629369)

s/stenography/steganography/g

There, fixed it for you.

Sorry try again (2, Informative)

shadow_slicer (607649) | more than 5 years ago | (#25628495)

That's not steganography. That's encryption, and a crappy one at that. If you take your PGP file (and remove any unnecessary header stuff), it will also look like a corrupt file, just like your UUencoded image. Steganography is hiding some data inside something else, like hiding a message in an image. For example, the police see an image of kittens, but you hid your child porn in the LSBs of the image, they can't see it.

Re:Sorry try again (1)

yttrstein (891553) | more than 5 years ago | (#25630645)

Encryption is the following:

"encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge"

What I'm talking about is the following:

The art and science of writing hidden messages in such a way that no-one apart from the sender and intended recipient even realizes there is a hidden message.

What I described is *precisely* correct under definition. Let me be more clear, using the example I used to offer students:

One is a process of conversion, the other is a process of obfuscation.

Combining the two is of course beyond the scope of this post, but is also an incredibly interesting discipline in itself.

Re:Sorry try again (1)

Whiteox (919863) | more than 5 years ago | (#25634629)

There are other forms of hidden text or more correctly, 'meanings'.
One that comes to mind is the Pesher technique which is used to re-interpret holy texts.
The other is termed 'Legominism' also gnostic, as described by Gurdjieff who showed that missing or incorrectly ordered information, compared to correctly orderd information can also pass on meaning. That using a 'mask'.
For example as there are 7 days in the week - SMTWTF, and if the message reads SMTTWTFS then a message has passed on.
Legominisms can be part of architecture, statues, inscriptions, carpets, musical notation, dances and so on.
Both these techniques are very old and most have not been decoded yet.

Re:Stenography FTW (0)

Anonymous Coward | more than 5 years ago | (#25629165)

Your scheme provides little in the way of plausible deniability. For one thing it's trivial to notice that all your data is "corrupted" which sends up a giant red flag. Secondly, your encryption scheme totally sucks and could be broken by automated means within a few seconds.

Next time do a little research and use proven techniques invented by people smarter than you.

this is useful for the election today (0, Offtopic)

circletimessquare (444983) | more than 5 years ago | (#25627611)

brave republican real american patriot-scientists working with paper ballots in swing states have found that there are thousands of votes that have a big clear black checkmark next to the name obama. but if you use steganographic analysis of various coffee stains, fingerprint smears, and other seemingly random marks on the ballot, you can deduce the voter actually intended to vote for mccain

these voters were under duress from the deranged liberal commie fascist media we are all familiar with, in such a way that they had to hide their true intentions via steganographic voting. luckily, these brave republican patriot real american cryptographers have been able to rescue tens of thousands of votes for mccain that seemingly say obama with a big bold X

How much info can you hide in a scientific paper? (3, Insightful)

petes_PoV (912422) | more than 5 years ago | (#25627625)

Well, I've read the published paper, and I still don't have a clue what the answer is. I suppose hoping for a cut and dried figure like "1%" was too optimistic, afterall.

If there's going to be a practical use for this (and the conclusions don't say they've calculated "the answer", just that they've developed a framework, gaaah!) then my gut tells me that the answer is "not very much" - somehwere around the rounding-errors of the encoding mechanism.

So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?

A little, to the majority of the file size. (1)

DarthStrydre (685032) | more than 5 years ago | (#25627995)

Anywhere between 0 and a bit less than 700MB of data, depending on desired quality of video. A one frame video stream with an unrecognized FOURCC tag as an alternate stream is valid AVI - the alternate stream is ignored by players, and can contain encrypted data. It is 'invisible' to non-uber users, and could concievably be an "experimental audio codec" for plausable deniability.

Re:How much info can you hide in a scientific pape (2, Funny)

kamochan (883582) | more than 5 years ago | (#25628019)

So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?

700 MB, if you do it in the dark.

Re:How much info can you hide in a scientific pape (1)

marcosdumay (620877) | more than 5 years ago | (#25628757)

"So, does anyone know how much data can be stuffed, undetectably, into a 700MB AVI file?"

No idea, but it is probably a lot less than you can stuff undetectably on a 700MB WAV file ;)

You can hide as much data as there is noise on your file (granted it is compressed and cryptographed), so when you record that WAV file, be sure to do that in a noisy anvironment. By the way, I didn't RTFA, to see what those people really discovered (obviously, not what the sumary say they did), I'm here to see if it is worth it.

Re:How much info can you hide in a scientific pape (1)

temcat (873475) | more than 5 years ago | (#25634069)

Well, I've read the published paper, and I still don't have a clue what the answer is.

That's steganography at work! The answer is hidden.

Steganography?? Whaddya know... (3, Funny)

Binge (780857) | more than 5 years ago | (#25628075)

I always thought Steganography was the act of writing on large, plate-backed dinosaurs. Ya learn something new every day here!

Steganography/Cryptography (0)

Anonymous Coward | more than 5 years ago | (#25628253)

Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.

There's one even more important method of data protection, it's the first thing they teach new recruits in the CIA, NSA, MI-6, etc.

Shutting the HELL UP in the first place.

You can't intercept what isn't being communicated.

Re:Steganography/Cryptography (1)

kj_in_ottawa (838840) | more than 5 years ago | (#25628783)

I think the email you are about to receive inviting you for a walk in the woods, may have a hidden message in it.

Hiding in a JPEG ... (2, Funny)

PPH (736903) | more than 5 years ago | (#25629313)

... of Pamela Anderson. There appears to be quite a bit of excess capacity available.

Too many unknowns (2, Funny)

bokmann (323771) | more than 5 years ago | (#25629915)

Calculating this with any accuracy would require knowledge of both the width of a Stegasaur (which can be approximated from their fossils), but also how fast they ran. Given other arguments about the unknowns of dinosaurs, the figures we can guesstimate for their speed are just to varied to calculate this capacity to any meaningful value.

Simple (2, Funny)

TheSync (5291) | more than 5 years ago | (#25630911)

The The secure capacity C (W, g, A) of a stego-channel give W [noise], g [steganalyzer], and A [attack] is given by C (W, g, A) = sup I(X;Z) for X an element of S0.

I is the spectral inf-mutual information rate for the pair of general sequences.

Z is the stego channel after encoding, noise, and attack (before decoding).

S0 is the secure input set, the set of encoded data that remains impossible to steganalyze after the addition of noise (but not necessarily attack).

I think mathematicians like to make their papers overly complex.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...