1996-10-21 - Re: Stego via TCP/IP (was Re: crypto wish list)

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: af1c4e04645b8ab93d125bedb05980d05fa2743235d14bcd1c7aa75c3fe3da42
Message ID: <199610210018.RAA20993@dfw-ix5.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1996-10-21 00:19:06 UTC
Raw Date: Sun, 20 Oct 1996 17:19:06 -0700 (PDT)

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 20 Oct 1996 17:19:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Stego via TCP/IP (was Re: crypto wish list)
Message-ID: <199610210018.RAA20993@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>Where is highly sophisticated stego?
>>What are our options?
>>- Stego in english text.
>>- Stego in audio and graphic file formats
>>- Stego in Internet Phone protocols.
>>- Stego in Internet video conference formats

My experience with CU-SeeMe has been that it loses
huge quantities of data, though that's partly because
I've only used it over 14.4 modem, which isn't really
fast enough.  If the data formats are documented,
it wouldn't be hard to add a few frames of "pictures"
every second or ten that are designed to get sidetracked.
CU-SeeMe can talk one-to-one, but is generally used through
"reflectors", which are conference bridges.
One technique is to stego-equip both the client and
reflector; a more generally useful but harder method would
be to see what you could get to pass through a reflector
between two stego clients.

Motion pictures in general give you a lot of slack;
not only do they have high data rates from uncheckable sources,
but you can hide data in ways you correct later,
e.g. for Frame1 ... Frame2 ... Frame3, 
where the values for a given pixel change between Frame1 and Frame3,
you can encode some bits by picking whether the change happened
between Frame1 and Frame2 or Frame2 and Frame3, and your output
is perfectly valid video, readable by anybody, only a bit fuzzier
than it might have been from that cheap $89 camera you're using
in bad lighting with the ceiling fan going in the background.

Stego in innocuous-looking data is another approach.
Send those spreadsheets of traffic data or SNMP stats
or daily sales of products from your supermarket or whatever!

I've been wondering about _un_sophisticated stego,
for cases where you're trying to slip below the radar
of simple bots or dumber eavesdropping thugs.  For instance,
you could send that DOS executable .exe or animated GIF
which really _does_ expand into the cover-traffic file or 
generate the annoying flaming background for your web page,
but which also drags along a bunch of stegobits that
the executable thinks are just data it's ignoring or the
GIF thinks is past the last frame.

Then there are pictures which have inherently high entropy,
so you can get away with a lot more stego - like the
animated cloud picture movie you interpolated from the
weather satellite photos, or the photo of the wheelbarrow of sawdust.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.






Thread