|
|||
Steganography does not operate the same way. In steganography there may not even be a key. Once your opponent even detects that a particular form of steganography is in use, it is probably defeated. During WWII, German agents working in the US and elsewhere in the Americas used very sophisticated cameras to take photographs of things like major newspapers and lists of ships and photographically reduced them to pieces of film the size of a pin head. These were fixed but not developed, which meant that they were clear, and were then glued to paper on the periods at the ends of ordinary sentences about meaningless subjects. These were known as microdots. The resulting letters would be mailed to intermediaries in neutral nations (especially Spain and Portugal) who would then forward them to Germany. They would be removed from the letters, developed and then photographically expanded again to recover the original information. This was never completely prevented, but a lot of it was stopped by fairly-routine screening of mail and by examination of suspicious activity to certain mail addresses. One of the things about steganography is that the less information it carries, the more difficult it is to detect. Some reactions to the WTC bombing were legitimate but some have been a bit knee-jerk on both side. An immediate upcry was that people were using images on the web to send steganographic information to their comrades elsewhere in the world -- and it may be true. This article claims to have proved that it isn't happening, but I don't find their proof convincing. The main reason is that they're making some assumptions about how the data is encoded, and more important about the information density, which may not be valid. They provide two example pictures one of which apparently contains no secret information, while the other contains the first chapter of a classic book, in order to show that to the naked eye there is no apparent difference. That part's fine; there is no question that what they describe can be done. But I question whether they are capable of finding whether someone else has actually been doing what they say; I don't believe in their means of detection. Their statistical approach (an analysis of the amount of redundancy in the images) detects the difference in their synthetic exmple, but the second image carries a few kilobytes of hidden data. I question whether an image carrying fifty bytes of hidden data (in a 300K file) would be statistically significantly enough different to stand out from the background using their approach to analysis. Equally, I find their claim to have used a dictionary attack on a large number of images suspect, because it assumes they know how the information was encoded. The difficulty is that it is far easier to find the data in a modified image if you have the original to compare it against, such as in their synthetic example. Clearly the steganographically modified image will have lower redundancy. But like so many other things, the amount of redundancy in a population of JPG files will tend to land on a bell curve. Their screening algorithm calculates the redundancy ("entropy", a concept from Information Theory) and looks for images which are stastically abnormal. Implicitly they assume that an image whose redundancy lands in the normal range hasn't been tampered with. To go outside the normal range, a substantial amount of extra information would have to be added, and there's no guarantee that those hiding the data actually would put that much in each one -- why not spread it out over a few dozen pictures and put less information in each one? A picture which originally would have landed on the low-side of the normal zone could be specially chosen for that very reason, and only have enough additional information added to it to move it to the high side while still remaining within the normal range. Such an approach could not be detected by their sieve because it would not look statistically anomalous; it would not stand out because it would have the same degree of redundancy as numerous legitimate images which were not carrying secret information. The likelihood is that the Internet is indeed one of many ways in which surreptitious communication takes place among bad guys. I have no doubt that drug smugglers have been using it for years, for example. But the whole point of steganography in a medium as rich as this one is that there are just too many places to hide. This study doesn't even convincingly prove that there are no messages in JPG files p |