Re: Steganography -- Tell Tale Signs?
Hi there! I'd appreciate some help from you experts in steganography. 1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? 2) Would it better to hide the data in a jpg with black and white image rather than a color one? 3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? If this is off-topic please accept my apologies. and if necessary, please email replies to me directly. Thank you. Makofi
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 4 Sep 1996, makofi wrote:
1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they?
I don't think so. Especially for jpg which uses a lossy compression scheme. Any random noise could be attributed to the compression. There is already enough noise in wav files that inverting one bit won't make much of a difference.
3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development?
The whole point of steganography is plausible denial. The data that someone could de-stego from a file should just be random garbage, in which case there would be no way of telling whether there was an encrypted file stegoed in the data file. If PGP files are used, a utility like Stealth is a must. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMi9aFCzIPc7jvyFpAQFyUggAkBekMcImimtOOtXMavb+YFj6uNLnlgKu leuX37PwQn9ROHjYBiZvhLpTWo8vn5cATI6apN0HUHW81Iy9bss67KkWY/x1tb34 qqR1KMYpEF8MexyiqKxFkOC9Zy/OcufPFIauV2TVlxPXY9m6whH8LPLV81EMYB0M kAYLGfbDkgQFEgP8prm7AAqArSL7jt80t6OQWOVJU4CebBK5P0onR+9tujhyxrdX N/GjpeW4cIdn+C3pW6bdxlwgRne9b9dAPcbEeLCOhFwnhBtO1tvg+OyKzPrmVuEh OaKBwfwSRiGbBCaGv9EXmTIxEGqFfFGioEhRwwCvKsL9JW3NZevSKg== =CuOh -----END PGP SIGNATURE-----
1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? naked eye: no... but if an expert is looking (for any reason) they would
probably check out the low order bits, regardless... and although the actual message appears random, PGP has some headers which are _defiantly_ not random... In fact, they are trivial to check for. Look for Stealth- PGP (A separate product for now... to be integrated with PGP 3.0) The idea behind Stealth-PGP is that there are no headers... so the entire data stream is random...
3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? sure enough... There are several rather accepted stego formats... If they can use one of the known forms of stego, and extract a PGP-looking message, you are going to be hard pressed to "plausibly deny" anything.
If you _do_ use Stealth-PGP (or some other raw encryption method), the low ordered bits would appear to be random... Now, I'm not certain about this, but I doubt that the low order bits of any given regular file are really as random as a good crypto algorithm is. I'd imagine that there are ways of statisticly analyzing the low order bits of a file, and seeing if they're random... If they are completely random, then there is probably something hidden there... and if they are completely ordered, then there is probably something hidden there... In the "next generation" stego tools, there will probably be options to hide data in noise that looks similar to the native noise of the medium... a sort of subliminal channel in the noise (more so than regular stego). Until then you'll have to rely on "gee... what do you mean 'completely random'" ;-) Joshua -----------------------------Joshua E. Hill----------------------------- | LAWS OF COMPUTER PROGRAMMING: | | X. Adding manpower to a late software project makes it later. | -------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------
participants (3)
-
Joshua E. Hill -
makof@alias.cyberpass.net -
Mark M.