1996-09-06 - Re: Steganography – Tell Tale Signs?

Header Data

From: “Joshua E. Hill” <jehill@gauss.elee.calpoly.edu>
To: cypherpunks@toad.com
Message Hash: 992707afee6e4417d135efb54ac9ba3187a9309fb4ac7e5c131b2cab093c7082
Message ID: <199609061702.KAA02054@hyperion.boxes.org>
Reply To: <Pine.LNX.3.95.960905184816.709A-100000@gak>
UTC Datetime: 1996-09-06 21:06:09 UTC
Raw Date: Sat, 7 Sep 1996 05:06:09 +0800

Raw message

From: "Joshua E. Hill" <jehill@gauss.elee.calpoly.edu>
Date: Sat, 7 Sep 1996 05:06:09 +0800
To: cypherpunks@toad.com
Subject: Re: Steganography -- Tell Tale Signs?
In-Reply-To: <Pine.LNX.3.95.960905184816.709A-100000@gak>
Message-ID: <199609061702.KAA02054@hyperion.boxes.org>
MIME-Version: 1.0
Content-Type: text/plain


> 1) If I hide some PGP encrypted data in a
> gif, jpg or wav file will there be any tell tale
> signs to the naked eye of an expert? If yes,
> what are they?
naked eye: no... but if an expert is looking (for any reason) they would
probably check out the low order bits, regardless... and although the
actual message appears random, PGP has some headers which are _defiantly_
not random... In fact, they are trivial to check for.  Look for Stealth-
PGP (A separate product for now... to be integrated with PGP 3.0)
The idea behind Stealth-PGP is that there are no headers... so the entire
data stream is random...

> 3) Are there any tools at the moment
> to expose (not crack) the hidden encrypted
> data? If none. are there tools in development?
sure enough... There are several rather accepted stego formats...
If they can use one of the known forms of stego, and extract a PGP-looking
message, you are going to be hard pressed to "plausibly deny" anything.

If you _do_ use Stealth-PGP (or some other raw encryption method), the
low ordered bits would appear to be random... Now, I'm not certain about
this, but I doubt that the low order bits of any given regular file are
really as random as a good crypto algorithm is.  I'd imagine that there
are ways of statisticly analyzing the low order bits of a file, and
seeing if they're random... If they are completely random, then there
is probably something hidden there... and if they are completely ordered,
then there is probably something hidden there... In the "next generation"
stego tools, there will probably be options to hide data in noise that
looks similar to the native noise of the medium... a sort of subliminal
channel in the noise (more so than regular stego).  Until then you'll 
have to rely on "gee... what do you mean 'completely random'" ;-)

			Joshua

-----------------------------Joshua E. Hill-----------------------------
|                    LAWS OF COMPUTER PROGRAMMING:                     |
|    X. Adding manpower to a late software project makes it later.     |
-------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------





Thread