Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Blocking Steganosonic Data In Phone Calls

kdawson posted more than 6 years ago | from the could-you-repeat-that-please dept.

Encryption 185

psyced writes "Steganography is a technique to encode secret messages in the background noise of an audio recording or photograph. There have been attempts at steganalysis in the past, but scientists at FH St. Pölten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise (link is to a Google translation of the German original) on a level that stays inaudible or invisible, yet destroys any message encoded within. I wonder if this method could be applied to hiding messages in executables, too."

Sorry! There are no comments related to the filter you selected.

Not going to work.... (4, Interesting)

dgatwood (11270) | more than 6 years ago | (#22938340)

That's completely pointless. All it does is create an arms race. Any amount of noise you add can simply be dealt with by including the stego data more than once or using checksums or whatever. Any amount of damage sufficient to prevent any possibility of hidden messages would result in significant audible alteration of the sound to the point of unusability....

Re:Not going to work.... (3, Interesting)

Brian Gordon (987471) | more than 6 years ago | (#22938356)

Obviously if they modify the background noise then no amount of ECCs could recover anything from it since they're modifying all of the ECCs too.. unless you knew exactly what shifting frequencies they were using or something, but that's just reversing the damage, not working through it.

Re:Not going to work.... (4, Insightful)

Jah-Wren Ryel (80510) | more than 6 years ago | (#22938434)

Obviously if they modify the background noise then no amount of ECCs could recover anything from it since they're modifying all of the ECCs too
Who says that the people with secrets will even try to encode them in the background noise?

Maybe they will use the foreground noise -- for example, they could alter the pitch of the speaking voice to precisely fall into certain discrete frequency ranges, and then they occasionally bump a couple of samples into an 'unused' range and use those as a simple binary encoding of the secret data.

If they use enough discrete frequency ranges, the general tone of the speaker's vioce won't be noticeably different and the occasional minor shifts in frequency for the encoded data will hardly stand out.

That is just one example that I literally thought up in 30 seconds. I'm sure someone who was really concentrating could come up with much better ways to defeat the described countermeasures.

Re:Not going to work.... (4, Insightful)

badfish99 (826052) | more than 6 years ago | (#22938498)

More likely, the people with secrets would just use some other method to communicate them.

Given that this project is (according to TFA) partnered by the Ministry of Defence, this smells to me like someone spending a lot of money defending against a non-existent threat. What's the betting they used the magic word "terrorism" in their grant application?

Re:Not going to work.... (3, Insightful)

ZeroExistenZ (721849) | more than 6 years ago | (#22939288)

this smells to me like someone spending a lot of money defending against a non-existent threat

It's against the people itself. It's propaganda to keep the "terror" alive in memory, generating visions of terrorist so advanced we have to process and inspect all telecommunication, so you can feel safe.

Please, have a look at this documentary: The century of the self [bbc.co.uk] .

Re:Not going to work.... (2, Informative)

fizze (610734) | more than 6 years ago | (#22939600)

Just two facts, that noone has seemed to mention here:
a.) The project is a feasibility evaluation, and as such doesn't have to produce results.
b.) The Austrian Ministry of Defence is supporting this project.

This isn't even remotely like DARPA, so chill out ;-)

Re:Not going to work.... (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22938516)

I got exactly same idea the moment I read TF brief. Furthermore, what is required bandwidth, throughput, for stegano...phonic channel? If they insert noise, according to Shannon, they are just throttling its bandwidth down, not completely killing it. Given that speech bearing communication channels are not suitable for broadband anyway, messages delivered over it would probably be very terse and will not be hurt by a little bit of latency.

Re:Not going to work.... (2, Insightful)

Lumpy (12016) | more than 6 years ago | (#22939584)

Why waste the time. hook the cellphone to a PC, take a photo with the camera, load photo the pc, add your stenao message and then send it as a sms to the intended recipient.

Far far easier than trying to secretly encode a message in the background of my audio phone call, and no special gear needed.

Wow are the "spies" of the world getting incredibly lazy? I can come up with at least 30 ways to get around this, one of which is having several prepay disposable cellphones to get around them even tapping my phone call.

Re:Not going to work.... (2, Informative)

kreuzotter (13645) | more than 6 years ago | (#22938758)

If they add just noise you can send the message many times and avarage on the receiving end. The noise will be reduced by a factor of square_root(n), where n is the number of messages. However, the article does not say they will just add noise. It says they will in the next few month waste some research money to study the topic. Interesting is also that they think that it is positive to support DRM with steganography. Die sind richtige Arschloecher.

Twofo Fucks YOU (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22938376)

Twofo [twofo.co.uk] is Dying is Dying

It is official; GNAA [www.gnaa.us] confirms: Twofo is Dying is Dying

One more crippling bombshell hit the already beleagured slashdot trolling community when Google confirmed that Twofo troll posts had dropped yet again, now down to less that a fraction of 1 percent of all slashdot posts. Coming hot on the heels of a recent usenet survey which plainly states that Twofo trolling frequency has fallen, this news serves only to reinforce what we've known all along. Twofo troll's are collapsing in complete disarray, as fittingly exemplified by failing dead last in a recent digg.com comprehensive trolling test.

You don't need to be one of the Slashdot moderators to predict Twofo Trolling's future. The writing is on the wall: Twofo trolling faces a bleak future. In fact there won't be any future at all for Twofo trolls because Twofo trolling is dying. Things are looking very bad for Twofo trolls. As many of us are already aware, Twofo trolling continues to decline in popularity. IP bans flow like a river of feces out of this man's anus [goatse.ch] .

"Twofo is Dying" trolls are the most endangered of them all, having lost 93% of their core posters. The sudden and unpleasant departures of long time trolls Daz and xyzzy only serve to underscore the point more clearly. There can no longer be any doubt: Twofo trolls are dying.

Lets keep to the facts and look and the numbers.

Twofo Trolling leader Echelon states that there are about 7000 "twofo is dying" trolls. How many "Zeus sucks cock" trolls are there? Let's see. The number of "Zeus sucks cock" trolls versus "Twofo is dying" trolls on slashdot is roughly in the ratio of 5 to 1. Therefore there are about 7000/5 = 1400 "Zeus sucks cock" trolls. "Fuck twofo" posts on slashdot are about half the volume of "Zeus sucks cock" posts. Therefore there are about 700 trolls specialising in "Fuck twofo". A recent article put "destroy twofo" at about 80% of the twofo trolling community. Therefore there are about (7000+1400+700)*4 = 36400 "destroy twofo" trolls. This is consistent with the number of "destroy twofo" slashdot posts.

Due to the troubles at Twofo, abysmal sharing, ITS, lack of IP addresses and so on, "destroy twofo" trolls stopped posting altogether and were taken over by "Zeus sucks cock" trolls who specialise in another kind of slashdot posting. Now "Zeus sucks cock" trolls are also dead, their corpses turned over to yet another charnel horse.

All major surveys show that Twofo trolls have steadily declined in slashdot posting frequency. Twofo trollers are very sick and their long term survival prospects are very dim. If Twofo trollers are to survive at all it will be among hardcore slashdot posters, hellbent on Twofo's destruction. Twofo trolls continue to decay. Nothing short of a miracle could save Twofo trolls from their fate at this point in time. For all practical purposes, Twofo trolls are dead.

Fact: Twofo trolls are dying

Re:Not going to work.... (5, Funny)

Zemran (3101) | more than 6 years ago | (#22938408)

would result in significant audible alteration of the sound to the point of unusability....

Sounds like an average mobile phone call to me...

Re:Not going to work.... (0)

OeLeWaPpErKe (412765) | more than 6 years ago | (#22938618)

Exactly ... why not encode a secret message in volume alteration. Or by a slight speedup or slowdown of the actual voice ? Having a background signal interfering would change exactly nothing (since the signals used to transmit the secret message are the same as the ones transmitting the public message, and they do not have permission for destroying the public message).

Re:Not going to work.... (4, Funny)

StuckInSyrup (745480) | more than 6 years ago | (#22938688)

(since the signals used to transmit the secret message are the same as the ones transmitting the public message, and they do not have permission for destroying the public message)
Did you just call a phone call a "public message"? Man, you are even more cynic about privacy than I am.

Re:Not going to work.... (1)

Oktober Sunset (838224) | more than 6 years ago | (#22939384)

Our Next Story: Whispering in ear declared illegal.

Re:Not going to work.... (4, Interesting)

jd (1658) | more than 6 years ago | (#22938488)

You're probably right. Block-length FEC and Turbo Codes allow you to fix errors assuming bursty data corruption of exactly this kind, which is why NASA uses them for deep space missions. You can't exactly ask a probe on the edge of the solar system or skimming geysers to repeat itself. With sound, there's also the fact that you've multiple parameters - delay, amplitude and frequency. Unless they plan to randomize all three, you can use any of the others for covert data. Data compression isolates anything either side, so whatever they are "protecting" is limited to that one side. Shouldn't be hard to use the other.

Re:Not going to work.... (0)

Anonymous Coward | more than 6 years ago | (#22939524)

You can't exactly ask a probe on the edge of the solar system or skimming geysers to repeat itself
NASA: Retransmit, please.
PROBE: Retransmit? Retransmit??!! I'm on the EDGE OF THE SOLAR SYSTEM here SKIMMING GEYSERS and you want me to RETRANSMIT??!!

Lossy sound compression even lossier (0)

Anonymous Coward | more than 6 years ago | (#22938690)

I hate to be forced to use even lossier sound formats.
Reminds me of Creative's AC3 pass-through (non existing for several years).
I want bitperfect, non-lossy sound compression. Multichannel.

Re:Not going to work.... (0, Flamebait)

timmarhy (659436) | more than 6 years ago | (#22938694)

i'm sick of people trying to shoot down idea's claiming it creates an arms race.

so fucking what, EVERYTHING is an arms race if you try and look at 2 opposing agenda.

Re:Not going to work.... (3, Funny)

SQLGuru (980662) | more than 6 years ago | (#22939248)

Unless it's a foot race.

Layne

Re:Not going to work.... (1)

Tenebrousedge (1226584) | more than 6 years ago | (#22939334)

You may have a valid point there, or at least it suggests an interesting view of the issue. If you're familiar with the concept of memes [wikipedia.org] , then assuming other evolutionary ideas are at all valid for discussing the subject, then an 'arms race', whether involving actual arms or some other form of technology, could be looked at as an example of the Red Queen Effect [wikipedia.org] .

The concept of the meme is rather intriguing. It is somewhat absurd to think that one can make comparisons between (e.g.) nuclear weapons and lolcats, and talk about them as if they were part of the same general category of things. In fact, it's absurd enough to make me tend to doubt the validity of any conclusions drawn from such a perspective. Still, it's an interesting lens to put to human history.

Oh, and I take back what I said: you don't really have a valid point there. My bad...

Re:Not going to work.... (1)

psmears (629712) | more than 6 years ago | (#22939636)

i'm sick of people trying to shoot down idea's claiming it creates an arms race.
so fucking what, EVERYTHING is an arms race if you try and look at 2 opposing agenda.

You have a good point—but the claim isn't that it creates an arms race, it's that it just creates an arms race: the important question being whether the benefit you gain by starting the race is outweighed by the cost to you of having to upgrade your 'arms' every time your adversary does.

In this particular case, it seems unlikely to be a net win: as has been pointed out elsewhere, this will only block certain types of steganography, so when you've created, tested and deployed your noise-adding filter to every node in the phone system, at great cost, your adversary can very easily move to another method, which they can test out very easily, and you won't know a thing about it.

It seems to me that, if you are sufficiently paranoid to worry about this sort of thing, and ethically OK with messing with people's private phone calls, you're far better off trying to detect such stealth communication techniques, by looking for statistical anomalies—that way, you can find out who has something to hide (and must therefore incontrovertibly be a terrorist), and you don't even have to let on how you found out...

Re:Not going to work.... (3, Funny)

The Clockwork Troll (655321) | more than 6 years ago | (#22938734)

Any amount of noise you add can simply be dealt with by including the stego data more than once or using checksums or whatever

Yes, but how to do this in real-time in a cryptographically secure manner is the subject of much ongoing research.

The feeling in the research community at the moment is that efficient stego-redundancy requires a working database of discovered steganographic synonyms, i.e. a stegosaurus [wikipedia.org] .

Re:Not going to work.... (2, Insightful)

CastrTroy (595695) | more than 6 years ago | (#22938882)

On top of this, if you have a VOIP/GSM phone, you probably have email. Why not just send encrypted email? Why jump through hoops trying to send stenographic data through the phone system.

Re:Not going to work.... (4, Insightful)

cnettel (836611) | more than 6 years ago | (#22938936)

On top of this, if you have a VOIP/GSM phone, you probably have email. Why not just send encrypted email? Why jump through hoops trying to send stenographic data through the phone system.

(More) deniability.

Re:Not going to work.... (3, Insightful)

Ortega-Starfire (930563) | more than 6 years ago | (#22938988)

If you want that, just post a one time pad code on a popular public website. I mean, that way people could post links to instructional manuals for covert materials creation for example and not get caught. Try to imagine the manpower involved to go through each lead.

I doubt the CIA will investigate every no carrier joke on slashdot, and if they di^H^H^H^H^H^ 01101000 01110100 01110100 01110000 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01111001 01101111 01110101 01110100 01110101 01100010 01100101 00101110 01100011 01101111 01101101 00101111 01110111 01100001 01110100 01100011 01101000 00111111 01110110 00111101 00101101 01011000 01101110 00111001 00110100 01100110 01110001 00111000 01000011 01010101 01101011 ^H^H NO CARRIER

Re:Not going to work.... (4, Insightful)

gstoddart (321705) | more than 6 years ago | (#22939472)

On top of this, if you have a VOIP/GSM phone, you probably have email. Why not just send encrypted email? Why jump through hoops trying to send stenographic data through the phone system.

Because, they can tell when you send an encrypted e-mail.

The whole point of steganography is to embed the secret message in something you broadcast in the clear, and have nobody be any the wiser that you are, in fact, sending hidden data. You give up your covertness when you observably send something secret. If nobody knows you sent it, they're not looking for it. They just think you were talking about your aunt's petunias.

Think of it as analogous to fieldcraft for spies -- you're supposed to be able to do something completely innocuous so that they can't ever confirm that you've actually done something nefarious.

This system is trying to preemptively just eliminate the ability to send something embedded in a clear-channel communication. Basically, take away your ability to send an encrypted sub-channel in your normal conversation.

Cheers

Re:Not going to work.... (1)

diodeus (96408) | more than 6 years ago | (#22939336)

This new process is called....DOLBY.

(not the lame Thomas kind either)

Re:Not going to work.... (2, Informative)

narrowhouse (1949) | more than 6 years ago | (#22939446)

I personally would like to thank these gentlemen for working so hard to find a way to destroy watermarks in audio ripped from various sources. Watermarks are hidden data in audio, right? So do you think adding watermarks may become an act of terror now?

Re:Not going to work.... (1)

AJH16 (940784) | more than 6 years ago | (#22939458)

That is incorrect. These types of encoding are based on determinations of a baseline and then altering the baseline in a way that will not affect the determination of the baseline or the signal itself. The method in which they are altering the background noise will distort that baseline rendering any information stored within completely unreadable if it is done effectivly. While it is true that if the method used is not well thought out it may be possible to come up with an alternate method of establishing a baseline, this would be a very complicated task and would still be easy to corrupt. Additionally, it is worth noting that there is a very similar technique called stenography which encodes messages in to images and has been used in conjunction with P2P systems and internet forums to distribute messages. Again, simple alterations to the image will destroy the data, the problem is in detecting it. Stenography and this technique provide nothing other than an effective means of concealing data. Once detected, it is very easy to destroy or even read provided that you can establish what parameters were for the baseline. (Granted the messages are normally passed through encryption before being encoded.)

Re:Not going to work.... (0)

Anonymous Coward | more than 6 years ago | (#22939676)

No need for it. You should see what GSM and CDMA vocoders do to background noise and traffic anyways.

(too lazy to create an account)

Subliminal white-noise? (1)

Zymergy (803632) | more than 6 years ago | (#22938360)

Could this just be subliminal white noise? (as opposed to superliminal).

I guess its one way to prevent getting the alien infection from over the phone (anyone remember Threshold)... might mitigate some people's fears of harmful sensation. http://en.wikipedia.org/wiki/Motif_of_harmful_sensation [wikipedia.org]

I wonder if it will foil over the phone lie-detectors like this one: http://www.liarcard.com/ [liarcard.com] ?

bad pre-emptive move (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22938362)

I can only see bad things coming from this.

Imagine the worst-case scenario; Congress forces all telcos to install this sort of technology on all phone lines. Why not? If you don't put up with hissing on your phone line, you're helping a terrorist, no?

Re:bad pre-emptive move (1)

Sterrance (1257342) | more than 6 years ago | (#22938380)

"...on a level that stays inaudible or invisible, yet destroys any message encoded within."

I think only dogs and bats would be affected. And we all know that our fellow mammals have been trying go higher on the food chain.

Re:bad pre-emptive move (1)

mr100percent (57156) | more than 6 years ago | (#22938884)

That's only the first round of an arms race. Imagine if the earlier threads came true, and then there was poking into the audible range. By that point you'd need to start introducing a hiss or some audible sound to disrupt such communications. Consider a 1984 scenario where all steganography is blocked. Heck, the US government pushed for key escrow for a long time, this sounds like a logical next step.

Re:bad pre-emptive move (1)

geminidomino (614729) | more than 6 years ago | (#22939526)

"...on a level that stays inaudible or invisible, yet destroys any message encoded within."

I think only dogs and bats would be affected. And we all know that our fellow mammals have been trying go higher on the food chain.
Riight, because when someone in the government says "This won't be noticeable" or "This is only a problem for terrorists" or "I'm not a total smeghead", well, by gum, you can take that to the bank!

Re:bad pre-emptive move (1)

Ortega-Starfire (930563) | more than 6 years ago | (#22939238)

Telcos used to install this in rural areas, annoying bastard devices called load coils. They also pulled most of them because they interfere with the DSL signals. At least, I seem to remember that from my previous life as a call center escalations monkey.

Re:bad pre-emptive move (1)

sm62704 (957197) | more than 6 years ago | (#22939436)

What I'm trying to figure out (and what I'm diggibg through these comments for, maybe I should just RTFA?) is why wnyone would need or even want to block stegnographic data? Don't I have the right to keep my own secrets? Don't I have the right to keep my private phone calls private?

Doesn't the Constitution [kuro5hin.org] have any meaning whatever any more? [slashdot.org]

Not a secret message. (5, Funny)

Creepy Crawler (680178) | more than 6 years ago | (#22938374)

The butterfly flaps its wings twice.

I repeat, the butterfly flaps its wings twice.

Re:Not a secret message. (1)

Thanshin (1188877) | more than 6 years ago | (#22938492)

The butterfly flaps its wings twice.
Oh dear God no! Quick, everybody to the shelter. Micky, take the tinfoil, Becky, the red ink. John, the condenser and the racket.

Just hope we're not too late.

Re:Not a secret message. (0)

Anonymous Coward | more than 6 years ago | (#22938714)

Relax. The rain is light in Morocco this year. I repeat, the rain is light in Morocco.

Re:Not a secret message. (2, Funny)

CmdrGravy (645153) | more than 6 years ago | (#22938860)

Are you Mr Xaviar, Mr Francis Xaviar of Mile End Road, London ?

Just need to check because that looked like one of the secret code words I am supposed to be watching out for, anyway if that is you Francis ( there is a code word for this somewhere but I think it's in the basement somewhere so I'll just give you the gist ) the "materials", you know what I mean eh - one ends the barrel and they're "easily triggered", anyway the "materials" will be loaded onto the Builders Merchants truck which will then be parked on Lincoln Street, outside the curry house ( quite a nice one actually I have an account there the food is delicious ) where you can go and "steal it". The keys will above the wheel. Usual time, tomorrow 11:25AM.

Remember, absolute secrecy is required. One false word and all will be blown.

Yours,

Commander Jaun Gravy

PS, this e-mail system of yours is great. All that nonsensical spam you fill it with is bound to throw off the man if he comes a looking. Good work.

Re:Not a secret message. (2, Funny)

Alsee (515537) | more than 6 years ago | (#22938594)

After anti-steganographic transformation:

I saw a bug.

-

Re:Not a secret message. (4, Funny)

Chrisq (894406) | more than 6 years ago | (#22938638)

The butterfly flaps its wings twice.

I repeat, the butterfly flaps its wings twice.


Please clarify immediately. Is that just a repetition or does the butterfly flap its wings four times. This could be the difference between a gang of naked teenagers invading Prime Minister's question time and the defacing of Nelson's column.

Re:Not a secret message. (1)

Oktober Sunset (838224) | more than 6 years ago | (#22939146)

No defacing nelson's column is: The pigeon flies at midnight.

Re:Not a secret message. (0)

Anonymous Coward | more than 6 years ago | (#22938650)

And to think I just left a couple mod points expire that could have been used to mod up parent as 'Funny' even though the parent's sig is annoying, hackneyed, stupid, redundant, and (did I already say this?) annoying.

Hint: It's not 'insightful', it's 'funny' or, if it existed, "annoying, yet amusing"! In any event, "Well Played, mate!"

I like parent's sig (2, Insightful)

aepervius (535155) | more than 6 years ago | (#22938902)

"though the parent's sig is annoying, hackneyed, stupid, redundant, and (did I already say this?) annoying."

I see the parents sig as a sort of darwinian filter on how careful one is the slashdot reader at clicking link.

Re:Not a secret message. (1)

baboonlogic (989195) | more than 6 years ago | (#22938670)

What is this a reference to? Whatever it is, it doesn't appear to be that popular [google.co.in] . If this is a sci-fi movie quote... I wanna see the movie it's in...

Re:Not a secret message. (1)

jeepien (848819) | more than 6 years ago | (#22938910)

I wanna see the movie it's in...


Sorry, this is real life. :-(

Re:Not a secret message. (1)

grusin (1112113) | more than 6 years ago | (#22938674)

I hear that strawberries are good this year

Re:Not a secret message. (1)

Oktober Sunset (838224) | more than 6 years ago | (#22939368)

Untill they go wrong. Oh shit, wrong response!

Re:Not a secret message. (1)

Tenebrousedge (1226584) | more than 6 years ago | (#22939380)

For some odd reason this post reminded me of a short story by Borges called The Garden of Forking Paths [cybergrain.com] (which is short and well worth the read). It's an unusual solution to the problem of how to communicate using a limited and noisy channel...

Re:Not a secret message. (1)

ozbird (127571) | more than 6 years ago | (#22939456)

Ah! The tobacconist [wikipedia.org] flaps its wings twice.

Can I add random noise to a .exe file...? (1)

Joce640k (829181) | more than 6 years ago | (#22938382)

Um, no.

Re:Can I add random noise to a .exe file...? (0)

Anonymous Coward | more than 6 years ago | (#22938422)

That was my first thought but it's not infeasible. You could pre hide a message in suitable embedded audio, video or image data. Possibly even encode data in the executable by generating specific native code (morse code as jmp instructions?).

Yes, you can, sort of. (2, Informative)

archeopterix (594938) | more than 6 years ago | (#22938460)

You can add "random noise" to an .exe file - most processors have at least some opcodes with "don't care" bits. You can alter those bits without affecting the semantics of the code.

Or.. (1)

Chrisq (894406) | more than 6 years ago | (#22938654)

Or just jump over a group of random bytes that will never be executed. In a high level language have some unused variable

myString = "FooFoogh234h2j4hj23hj";

search the executable for FooFoo then read the following bytes.

Re:Or.. (3, Informative)

kvezach (1199717) | more than 6 years ago | (#22938836)

Or perturb the logic. The easy way is just to look at how polymorphic viruses did it. The hard way is to get out your disassembler and change

cmp eax, edx
jle offset

to
cmp edx, eax
jae offset

(insert your own variation here). Have a program read all cmp eax, edx (or cmp edx, eax) opcodes and output 0 for the first and 1 for the second.

Re:Can I add random noise to a .exe file...? (2, Informative)

Anonymous Coward | more than 6 years ago | (#22938482)

Um, yes you can. Many instruction combinations are interchangeable. You merely need to be certain the result is same in all relevant cases for both instruction sequences. In the easy cases it might mean just to swap two instructions. See polymorphic viruses.

Additionally you can use empty areas in executable formats, in the headers or padding. Or even add an extra data segment... If file size is no issue, you can typically just concatenate some extra data in the end of file.

However, instruction sequence alteration might be the closest option in executable "steganography", because data in the headers or padding sticks out like a sore thumb.

Re:Can I add random noise to a .exe file...? (0)

Anonymous Coward | more than 6 years ago | (#22938510)

It's been a while since I looked into it, but IIRC, most executable formats have a bit of extra space. For example, some executable formats require data and code segments with sizes that are multiples of some multiple of 2. I think 1024 or 4096. In other words, even if your code only occupies 100 bytes, you still have to fill out the full 4096 byte segment. I think most formats have checksums, but I don't think anybody actually checks them.

Re:Can I add random noise to a .exe file...? (1)

utnapistim (931738) | more than 6 years ago | (#22938544)

Of course you can. Just don't expect it to still execute. If we're talking here about steganography (stegano-[something else?]), you can still carry the file as an .exe file and go: "I don't know why it doesn't execute ... I guess it's corrupted!"

Re:Can I add random noise to a .exe file...? (2, Informative)

hairyfeet (841228) | more than 6 years ago | (#22938878)

Uh, they actually had an article on slashdot a few years back about a program that would let you hide stuff in executables. And they still worked fine. Here is the article [slashdot.org] and the link to where you can get the code still works.


I personally think this is just another government handout. There are so many much easier ways to hide a secret message than using a phone. Hell, they could just post one of those stupid lolcat pictures on the web with the message inside. The operative would only have to know something like "check all pictures of brown kittens on website X" or some such. All it takes is a single face to face meeting for the bad guy to have all the info he'll need to get orders through the web. I think they are trying to push technology as the answer when what they need is more field agents in hostile countries. But that's my 02c, YMMV.

Re:Can I add random noise to a .exe file...? (5, Interesting)

yoris (776276) | more than 6 years ago | (#22938604)

Yes you can. Some examples: - replace "add 1024" with "substract -1024" - replace "if greater then 100" with "if greater then or equal to 99" - replace "copy a to b, copy c to d" by "copy c to d, copy a to b" Just have a look at any assembly language and use your imagination. To make matters even simpler, there are operators which completely ignore certain parameters (e.g. a JUMP operator which only takes 1 parameter leaves room for hidden data in the 2nd and 3rd operator field). There are plenty of instructions or combinations of instructions which leave room to such minor changes without any difference in execution. So for the steganographers, the goal would be to look for all of such instances in an executable, then agree on some kind of code (for example "add n" is a 1, "substract -n" is a 0). Semantically there is no difference, both codes will result in the exact same execution, but you found some wiggle room to leave a message. It was reported on Slashdot a few years ago.

Re:Can I add random noise to a .exe file...? (0)

Anonymous Coward | more than 6 years ago | (#22939058)

I don't think it is possible to write a program to do this generically (ie the problem would seem not to be Turing computable).

As the tag says: encryption. (4, Insightful)

Rah'Dick (976472) | more than 6 years ago | (#22938390)

I wonder if we will ever have widespread end-to-end encryption for all of our private communication, so that "service providers" cannot mess with our actual message and/or data stream. I guess there will always be someone making a profit by preventing this on a legal level, sadly. When will the "mindless consumer" finally wake up and kick the government that allows all this?

Re:As the tag says: encryption. (1)

monsted (6709) | more than 6 years ago | (#22938438)

You can use SRTP [networksorcery.com] . It's been available in many VoIP implementations for years. For lawful interception, the call controller (cisco call manager or such) usually holds the key to the stream, but if you're in control of both ends and the controller, you're safe.

Microsoft uses that. (4, Funny)

SharpFang (651121) | more than 6 years ago | (#22938420)

I wonder if this method could be applied to hiding messages in executables, too.

Yes, a similar method has been employed by Microsoft to all the executables it ever released, ever since the times of MS-DOS.
After compilation they run the program through a special utility that modifies a few bits in the executable at random. Then they run the resulting executable through some tests and if it passes, they release it, if it crashes, they try with a different random bits.

Re:Microsoft uses that. (0)

Anonymous Coward | more than 6 years ago | (#22938642)

Oh! I saw where the stability problem was!!

Re:Microsoft uses that. (1)

plasmacutter (901737) | more than 6 years ago | (#22939010)

Then they run the resulting executable through some tests and if it passes, they release it, if it fails to randomly crash, they try with a different random bits.

fixed

Re:Microsoft uses that. (1)

thegrassyknowl (762218) | more than 6 years ago | (#22939138)

Then run the resulting executable through some tests and if it passes, they try different random bits, if it crashes unpredictably they charge a fortune for it and release it. If it completely fucks your system beyond all hope of repair they charge a real fortune for it and call it the next best OS.

FIXED!

Re:Microsoft uses that. (1)

Arancaytar (966377) | more than 6 years ago | (#22939174)

That is what they call an evolutionary algorithm, I guess...

How exacty? (0)

Anonymous Coward | more than 6 years ago | (#22938442)

I wonder if this method could be applied to hiding messages in executables, too.

Eh? A programme does not have white noise.

Steganography in program files (1)

Beryllium Sphere(tm) (193358) | more than 6 years ago | (#22938466)

It doesn't have white noise, but a program has enough places where you can replace code by a functional equivalent that you can pass messages in modified executables: http://www.crazyboy.com/hydan/ [crazyboy.com] .

It's either mismarketed or not working (0)

Anonymous Coward | more than 6 years ago | (#22938468)

If they can detect and change the patterns of car sounds and honks while you're making a phone call in Manhattan (in case it's steganography) then it means the same technology could *remove* the honks and make our conversations clearer, which would be much more useful and economically valuable.

If on the contrary they're unable to change background traffic sounds, then that's how people will do steganography and their method fails to block it.

A solution looking for a problem ? (0)

Anonymous Coward | more than 6 years ago | (#22938534)

Truely, If I want to get info secretly from me to you, then why would I use background noise in a phone message ? That leaves a clear record that we spoke.

Why not post a high iso (noisey) picture on flickr with a hidden message in the noise.

Then it's harder to even verify that we had any comunication, never mind figure out what was transmitted.

IS THIS A REAL PROBLEM ?

Or has someone just been paid to find a solution to the problem of chocolate teacups melting.

D

Arms race (1)

PhireN (916388) | more than 6 years ago | (#22938600)

Simply, this just takes a known method for steganography and encodes random noise, wiping out any messages already there.
It can only block known steganography methods, so simply think up another method and your safe... Its just one big arms race

Arrogant bastards! (4, Interesting)

pla (258480) | more than 6 years ago | (#22938712)

scientists at FH St. Polten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise

...And once again, they treat all of us like criminals for the sake of annoying (not even preventing or catching) the 0.0001% that really pose a threat.

Good work, guys - Even a classic BOFH has higher efficacy and useability standards than anything related to the War on Non-Western, Non-Irish, Non-Russian (and "non-former-Soviet") Terror. At least the BOFH's systems work for him, you asshats can't even manage that despite taking all that daaaaaaangerous toothpaste away from us.

However, even I overstate the case here - Encoding data in background noise doesn't break any laws!

We all have every right to send hidden data, or even to use hard encryption right in plain sight. However, exercising that right may lead to some undue scrutiny, and thus we expose the real reason for techniques like this... Erosion of plausible deniability, which The Powers That Be loathe far, far more than any actual threat. It looks bad to just deport and torture someone with no evidence. But if you can demonstrate that he had (gasp!) something he didn't want the whole world to know about (because only criminals have secrets, of course), well then the sheep will approve of going all Jack Bauer on him.

I think you may have uncovered the REAL reason! (1)

plasmacutter (901737) | more than 6 years ago | (#22939024)

Encoding data in background noise doesn't break any laws!


It just occurred to me with the recent release of "fully unlimited" voice plans by major carriers(at least in the US) this practice actually would break something.. mobile data carrier pocket books.

Imagine if someone were smart enough to re-invent the accoustic modem for modern thrifties on the go. Slow but otherwise free methods to check email while evading mobile broadband fees? yes please.

Re:I think you may have uncovered the REAL reason! (1)

bhtooefr (649901) | more than 6 years ago | (#22939448)

Problem is, with the compression used... 9600 baud is probably the most you could reliably do... which is not enough for things like Exchange.

Besides, I'm on Sprint, and unlimited EvDO is $15/mo. Unlimited 1xRTT is $7.50/mo.

Fundamentally flawed (3, Insightful)

Anonymous Coward | more than 6 years ago | (#22938724)

Data can only be defined as varying bits of a defined pattern. So if the pattern is defined as 'a bunch of numbers that are either 0s or 1s', then the data stored within it is defined as varying the positions of 0s and 1s.

Obscuring data equals obscuring the patterns. So, to obscure the data within a 0 and 1 pattern, you might switch around the 0s and 1s.

For a message embedded in the background noise in a phone call, data may be modulated as 'loudness of background noise within a certain frequency range' or whatever. Obscuring this would be to add random data in the frequency range or whatever.

But that actually takes knowledge of the pattern used. If the pattern is rather the speaker knocking on a table, then any method designed to obscure background noise wouldn't register it or obscure it. It's similar to a scrambling technique that randomizes the 0s and 1s on a diskette sent in the post, while the actual message may be morse code holes punched in the plastic.

Conclusion: To void steganographic data, you need to know the method used to embed it.

Vocoders don't encode background noise accurately (1)

Peter Simpson (112887) | more than 6 years ago | (#22939246)

It's been a while since I did any of this, but I checked, and GSM, like most of the low-bit-rate systems, uses a vocoder-based codec. Vocoders do one thing well, encode the human voice (they do this by using a vocal tract model and transmitting the time-varying parameters of this model). They typically don't handle background noise well, if at all, because it can't be reproduced using a model of the vocal tract.

So, anyone trying to use a modern cellular phone to transmit steganosonic background noise, is going to find that they have an abysmally small data throughput rate.

I'm thinking that the earlier poster is right, this is someone solving a problem that doesn't exist (and probably getting a nice chunk of grant money for their trouble). The cell phone itself will garble any background noise quite well enough!

Hiding information in an executable is easy (2, Insightful)

Terje Mathisen (128806) | more than 6 years ago | (#22938770)

They key to hiding data in executables is to realize that there are many instructions with multiple possible encodings.

You can also reverse the order of many comparison operations as long as you also modify the following branch/set instructions.

If you want to jam such a channel you would have to do the same job, first identifying all the possible locations for such transformations, then randomly flip half of them.

(Un?)fortunately neither the encoding nor the jamming process can be totally secure, because you can check (or know up front) which compiler had generated the original executable, then decompile/recompile and check which encodings the compiler tend to use.

Terje

Governmental impact (1)

erc (38443) | more than 6 years ago | (#22938868)

I've been wondering when the governments of the world would start doing something like this. No need to overtly outlaw encryption, just arm-twist the folks on the backbone to drop or block encrypted traffic or just modify it so that it can't be decrypted.

Re:Governmental impact (1)

MichaelSmith (789609) | more than 6 years ago | (#22939054)

No need to overtly outlaw encryption, just arm-twist the folks on the backbone to drop or block encrypted traffic or just modify it so that it can't be decrypted.

So what is the difference between highly compressed traffic and highly encrypted traffic?

Wow, more money spent on foolishness (3, Interesting)

kurt555gs (309278) | more than 6 years ago | (#22938932)

This could be better spent on more cell towers, or not allowing bastard fone companies to charge $200.00 termination fees.

Stopping secret messages? , puleeese.

"John has a long mustache"
"The chair is against the wall"

Stop that!

The message is often not important (1)

houghi (78078) | more than 6 years ago | (#22938954)

They can send a 'secret' message if they so desire. That can be by asking if aunt Lilly is still sick. This could trigger an event or it could be that aunt Lilly was sick. Or even both.

What is more important very often is being able to link people. To see who is talking to who. The fact that a secret message is send will highten the importance.

So what could a wannabe terrerist do to avaid that? Usenet! No direct connection between the two and everybody can connect from everywhere and post to any group. As long as you keep to the rules of a (binary) group, you should be OK.
Even when caught, the person sending might not even KNOW who the reciever might be.

Disadvatage is that there is no or only slow interaction possible.

Steganography and watermarking. (5, Insightful)

MartinG (52587) | more than 6 years ago | (#22938964)

I'm sure someone will correct me if I have missed something, but it seems to me that the desire by some to hide irremovable watermarks within digital streams is a similar technical challenge to adding steganographic content. Similarly, those attempting to destroy watermarks will face the same problems as those wishing to remove or destroy steganographic content.

The interesting thing is who is on which side of the battle.

Generally it's corporations who like the idea of watermarks, and individuals who don't. Individuals do however like steganography, but the authorities don't. It will be interesting to see who develops what technologies and who, if anyone, wins this arms race.

Re:Steganography and watermarking. (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22939008)

Generally it's corporations who like the idea of watermarks, and individuals who don't. Individuals do however like steganography, but the authorities don't. It will be interesting to see who develops what technologies and who, if anyone, wins this arms race.
It's like that with everything privacy-related.

DRM - bad
Encryption - good

User tracking - bad
Browser history - good

"Phoning home" - bad
Automatic updates - good

Rootkits - bad
Game anti-cheat sytems - good

Re:Steganography and watermarking. (0)

Anonymous Coward | more than 6 years ago | (#22939020)

Well.. steganography and watermarking are really the exact same thing.

Not much of an arms race really, more like nuclear non-proliferation. The "good" guys get nukes, everyone else is destabilizing the world.

Re:Steganography and watermarking. (1)

Arancaytar (966377) | more than 6 years ago | (#22939204)

Exactly, minus the whole millions-of-people-killed aspect that is inherent in nuclear weapons.

All in all, since both technologies can be used for good and evil, I say let them evolve until they become equivalent to magic. Other fields of technology may benefit from the research - it's an arms race that won't kill or irradiate anyone.

Re:Steganography and watermarking. (0)

Anonymous Coward | more than 6 years ago | (#22939398)

You are right, it is almost the same.

The only thing you have missed is that they know it, and, at the same time, they want to block steganographic content AND preserve DRM watermarks.

The real question is.. (5, Interesting)

lakiw (1039502) | more than 6 years ago | (#22938978)

How often do people hide data in the background noise of their phones? Is this a big enough problem that we should care about solving it? I mean, first of all you need a program to do the stego, (short of having someone talk really softly in the background). Then you would need to play back the recording during your conversation. Wouldn't it be easier for the criminal to send an encrypted e-mail instead? Given a choice, I'll pick strong crypto over stegonography any day. The only good thing about stego is it's useful if whatever authority in charge blocks all unauthorized messages.

It's along the lines of "How do you tell if there are stego images on someone's computer?"

Answer:You find the stego converter tool on their harddrive.

frist Psot (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22939002)

Not going to playg for trOlls'

Snoops (2, Interesting)

Detritus (11846) | more than 6 years ago | (#22939046)

How about not monitoring my calls in the first place? I am at a loss to understand the mindset of a person who thought that this was a problem that needed a solution.

I want end-to-end encryption on all my calls. This could be added to cell phones with some modest changes. Not having it on VOIP is just inexcusable. If the FBI wants to tap my phone, why don't they get off their lazy asses, obtain a warrant, and do some actual work, rather than expecting everything to be handed to them on a silver platter, complete with booze and hookers. I'm under no obligation to make it easy for them.

GSM already *has* crypto on the calls (2, Insightful)

Peter Simpson (112887) | more than 6 years ago | (#22939270)

Your problem is not interception of the radio signals, your problem is the (US) federally mandated CALEA interface on every switch in the network.
A mobile-to-mobile call almost always (unless you're both on the same tower) needs to pass over a landline, and to do that, it needs to be unencrypted.

Re:GSM already *has* crypto on the calls (1)

Detritus (11846) | more than 6 years ago | (#22939410)

It doesn't have to be unencrypted. There's no reason that encrypted frames of GSM data can't be packetized and shipped off to another GSM base station. From what I've read GSM only offers link encryption, of questionable strength, for the mobile-to-base link. Since modern cell phone networks are already switching packets between end-user nodes, why not treat them as dumb networks and let the cell phones directly negotiate protocols and communicate with each other.

DRM (1)

jackjeff (955699) | more than 6 years ago | (#22939250)

I guess the same kind of technique could be applied to steganographic data contained in HD playback or mp3s.

Nice to know someone is actually looking for a way to destroy these :P

Bad Idea (1)

Oktober Sunset (838224) | more than 6 years ago | (#22939348)

Well, I think this is a really bad idea, and is going to cause massive trouble. If you stop stegosaurs using the phone, they are going to get really pissed off, and well, have you ever seen a pissed off stegosaurus? Trust me you don't want to, those spiky tails, eek!

Steganosonic? (0)

Anonymous Coward | more than 6 years ago | (#22939378)

Steganosonic? Sounds like a really fast dinosaur.

Why block? (2, Insightful)

redelm (54142) | more than 6 years ago | (#22939424)

First and foremost, I'm not sure it is moral or ethical to block any form of communications, crypto or stego. One might well claim certain communications are illegal and facilitate harm. But that is for already-illegal and incontrovertibly harmful activities apart from the communications. Police authorities are grasping at communications because they are otherwise impotent (by design). Fighting against stego or crypto seriously risks causing greater, even if less-spectacular, harm. Baby out with the bathwater.

That said, it is relatively easy to disrupt stego by lossy compression/decompression or vice-versa if the source is compressed. Low-order bits will get stripped in JPEGs & MP3s. This obviously doesn't work for loss-less compression as is needed for binaries. If hash or other non-compressibles found, just rehash. Once you've decided to meddle inthe datastream, some eggs will get broken. You'll have both alpha and beta errors (misses and false postives).

Hiding messages in executables? (1)

saforrest (184929) | more than 6 years ago | (#22939614)

I wonder if this method could be applied to hiding messages in executables, too."

Um, no, because the two technologies are completely different?

Yes, there is an analogue for "background noise" in an executable, and there is a lot of redundancy there too. But I can't imagine how any approach to removing encoded data there could share anything except on the most basic conceptual level.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?