From a spatial/fft perspective I imagined that this is where stego'd information goes. I also imagined that if it were done in a very simple way,
Variola wrote... "How do you know the signature of the unaltered carrier-medium? E.g., have you measured the LSBit noise from my camera recently? Under which lighting conditions?" Well, having done some optical signal processing (and getting a patent in that area, come to think of it), I imagined that most photos will naturally have some image noise in certain frequency bands...this noise would not have to have anything to do with your camera or whatever, but is probably a function of what's in the image. For instance, a picture of a naked girl standing in front of drywall probably has very little useful image energy in spatial frequencies represented down at the length of a pixel. In a spatial fft there's probably a lot of low frequency white noise for a while, until you get to the level of the shorter body hairs and whatnot. And then there may be spatial freuency bands between that and her height that are nearly unoccupied with image energy. the stegoed info will be fairly obvious to someone knowledgeable and looking at the spatial fft of the image. I imagine that it will look obvious because, to an expert, it won't look like the authentic kind of noise expected there. If the information is encrypted, I consider it possible that the noise may even look too "perfect" perhaps. If that's true, then I suspect it's often possible to determine that a photo's stego has been removed. Or at least, there will be cases where stego removal will be "obvious". Come to think of it, I bet TLA operatives are given precise instructions about what kinds of photos make for undiscernable stego (I'd bet where the spatial image information is not well-concentrated into "bands"). In other words, a photo with all different-sized objects in it. Perhaps they even travel with some photos for just this purpose. Hum. I wonder if photos of "clouds" work well for this purpose. That would actually explain something I encountered recently.... -TD
From: "Major Variola (ret)" <mv@cdc.gov> To: "cypherpunks@lne.com" <cypherpunks@lne.com> Subject: Re: Has this photo been de-stegoed? (and Anonymity) Date: Thu, 11 Dec 2003 10:26:16 -0800
At 06:22 PM 12/10/03 +0200, Anatoly Vorobey wrote:
On Tue, Dec 09, 2003 at 04:20:20PM -0600, Declan McCullagh wrote:
We have anonymity in Web browsing (more or less, thanks to Lance & co). It's not NSA-proof, but it's probably subpoena-proof.
We have anonymity in email thanks to remailers (to the extent they're
still around).
...
alt.anonymous.messages has a healthy amount of traffic.
One could count some fraction of all the *.binaries.* on usenet as anonymous communications (via stego), but then you'd have to know how many are stego'd, and that is the game after all.
At 02:24 PM 12/8/03 -0500, Tyler Durden wrote:
Is it possible to determine that the photo 'originally' (ie, when it was sent to me) contained stegoed information, but that it was intercepted in transit and the real message overwritten with noise or whatever?
Yes. Trivially, If your correspondent told you, but that's out of band. Otherwise, If there *remains* info which was not washed out "in transit", then that
would be an inband way. Maybe all the pictures with a red flower in them are carriers, and this content isn't washed out. Maybe its a more subtle crypto-watermark, independent of the stego'd message.
Now I know pretty much nothing about this subject, but I would suppose that de-stegoing a photo must like some kind of spatial spectral fingerprint that should be visible after the photo is FFT'd (is there freeware software out there?).
1. How do you know the signature of the unaltered carrier-medium? E.g., have you measured the LSBit noise from my camera recently? Under which lighting conditions?
2. Don't you think I can measure the properties of my carrier and shape the stego'd info to match? (This does get into an arms race over what properties to measure.)
Now I IMAGINE that a sophisticated interceptor could substitute 'believable' de-stego-ing noise so that it would look like the photo never had any stego in the first place. OR...is this actually 'impossible' to do perfectly?
You don't just put your message in the LSBits or whatever. You compress, encrypt, and possibly redundantly code them. Then you shape the noise to match the bits you're replacing.
And then, what if the interceptor tried to put an alternate message in there instead? Is there a way to tell that there was originallya different message there?
Depends on the coding.
My assumption first of all is that nothing was done to prepare the photo against these possibilities.
Just make sure you did the original analog recording and destroy the original after you stego it. Best also if you never post unstego'd messages so the Adversary can't measure your raw carrier.
A simple stego message was placed without real
thought about whether it might be intercepted and altered.
You shouldn't stego life-critical messages without proper training in the use of your tools. (That training may vary with personality, see _Silk and Cyanide_. Some like "why", some like "do this".)
----- "You can have democracy when you vote for the people we approve of" King George to the Colony of Iraq
_________________________________________________________________ Cell phone switch rules are taking effect find out more here. http://special.msn.com/msnbc/consumeradvocate.armx