Viewing a single comment thread. View all comments

Mr_Locke t1_jb9yj7e wrote

Nail on the head here. Where is their evidence. Also "perfectly secure" isn't a thing and if it's undetectable then the tool you use to pull the data out of your image wouldn't see it to pull it out.

Also to break stego down a bit here is an example. Let's say I have a picture called Ducky.jpg that is exactly 100Mb in size. If I use traditional stego and hide a message in that image it will change it's size to let's say 101Mbs. Now, if this new technique makes it undetectable by also altering the size by removing blank space like compression does but I only the exact amount then we could get our file down to 100Mb. However, if you hashed both images, our nor all ducky.jpg and our ducky.jpg with our stego message inside, even tho they are the same size their hashes will be different.

What am I missing here fellow nerds?

135

DoktoroKiu t1_jbats40 wrote

Nobody but you has access to the original, so unless you can detect the steganography without the original it is "perfectly secure".

I didn't read anything on this, but I'm guessing the only real advance is that the encoding is not discernable from noise.

72

zalgorithmic t1_jbb400v wrote

Isnt one of the main points of good cryptography to have the message already be indistinguishable from noise? Just build up enough entropy that it seems like noise unless you have the proper key.

31

Mechasteel t1_jbbh94i wrote

Cryptography is so when they see your message they can't understand it. Steganography is so they don't see your message. Shannon entropy is how much your message looks like noise, which is coincidentally the same as data density.

52

Mindless_Consumer t1_jbc3kej wrote

Most (all?) Steganogeaphy can be detected.

For example, one technique is to hide data in a jpeg. Open the file it looks like a regular image. Run the binary through a decryption process, get a secret message.

We may not be able to crack the message. But we can find out it is there. Then hit you until you decrypt it.

9

ImmoralityPet t1_jbckhzb wrote

That's what they're saying the advancement is here. The presence of the message is undetectable. The alterations that are done to the image are indistinguishable from other probabilistic filters that the file type is typically subjected to.

9

Mindless_Consumer t1_jbcnplo wrote

If true - its actually a big deal.

Consider a hostile universe and we need to send a signal across the galaxy, the presence of a signal alone is enough information to get you xenocided. Being about to mask the existence of a signal will be vital.

−5

ImmoralityPet t1_jbcqx9l wrote

That's not what they're claiming though. The presence of a signal is known. The presence of a second message embedded in the signal is what is undetectable because the encoding process is embedded in probabilistic filters that the signal was subjected to anyway. And the output signal is indistinguishable from a signal that went through such a filter with no embedded message.

6

Mindless_Consumer t1_jbcs38u wrote

Yea. So match the signal to that of a local star or some other natural phenomenon.

The point is - if this is impossible which it may be. Long communication in a hostile galaxy may be impossible. If it is possible an explanation for not detecting signals is they are hidden and undetectable.

−1

CrispyRussians t1_jbddq3v wrote

I love that you went right to space travel. I don't think this is applicable but I like where your mind is at

3

Mindless_Consumer t1_jbdfyzb wrote

Yea, like, I thought we were on futurology.

1

CrispyRussians t1_jbdg2sf wrote

I think the sun focuses more on the next 50-100 years not the next 1000

1

Mindless_Consumer t1_jbdggmu wrote

Like I said - its a big deal.

If it is actually hard undetectable, this is how we're going to do it. That's pretty cool.

1

green_meklar t1_jbcyjm2 wrote

The problem with encrypted data that looks like noise is that noise also looks like encrypted data. If someone sees you sending noise to suspicious recipients, they can guess that you're sending encrypted messages. Governments that want to ban encryption or some such can detect this and stop you.

The advantage of steganography is that you can hide not only the message itself, but even the fact that any encryption is happening. Your container no longer looks like noise; it's legitimate, normal-looking data with a tiny amount of noisiness in its structure that your recipient knows how to extract and decrypt. It gives you plausible deniability that you were ever sending anything other than an innocent cat video or whatever; even people who want to ban encryption can't tell that you're doing it.

6

zalgorithmic t1_jbczvnb wrote

In my mind it’s best to do:

Data->compress->encrypt->steganography

Not saying steg is bad and cryptography is good, just that I don’t quite see how encrypting the data properly in the first place such that it shows up as some random distribution before embedding it with steganography is a wildly new concept.

If the distribution of encrypted data is that of noise, the image would just appear slightly noisy, especially if doing least significant bit shenanigans

0

green_meklar t1_jc51rar wrote

>I don’t quite see how encrypting the data properly in the first place such that it shows up as some random distribution before embedding it with steganography is a wildly new concept.

It's not. I was getting at the converse idea: Given your encrypted data, steganography allows you to hide the fact that any encryption is even being used.

>If the distribution of encrypted data is that of noise, the image would just appear slightly noisy

Only by the broadest definitions of 'noise' and 'appear'. The image does not need to actually have visual static like a dead TV channel. That's a very simple way of embedding extraneous data into an image, but not the only way.

1

jobe_br t1_jbc7axo wrote

Exactly. Say, posting a selfie to Instagram. It’s on your phone and on Instagram, but if in that process a message has been encoded, nobody has anything else to hash against.

6

tomrlutong t1_jbcuwvj wrote

heres the paper. Anything is detectable if the adversary has the original. This technique claims to result in files that are statistically indistinguishable from unaltered files of the same type. E.g. you can't build a filter to examine all the videocalls going over a wire and find the one carrying stenography.

9

SatanLifeProTips t1_jbc10wq wrote

Take a new picture, encode info, destroy original picture so no one can compare it.

Or if the process requires comparison of the original you could simply use wily different methods of sending the original and the doctored image. Send both via sneaker net and thumb drives with self destruct buttons.

But the main one being don’t let the same people see the good and doctored image for comparison.

5

so_good_so_far t1_jbc1mp0 wrote

A lot of stego doesn't increase size at all. You might change the least significant bits of each pixel to your encoded value. The visual difference of the image is nearly undetectable, size is the same, but encoded data has replaced the least important parts of the image data.

Still would fail hash checks, and their claim is still patently false (haven't read it, but if that's actually their claim it's about on par with a perpetual motion machine so don't really need to).

5

nybble41 t1_jbdba8a wrote

Any steganography system will assume that the adversary doesn't have access to the original file to check the hash. Obviously if they do then the fact that the file was altered in some fashion can't be hidden, though you might be able to provide some other plausible excuse for the changes (e.g. compression).

The claim here is that it's impossible to distinguish the files containing messages from others of the same type. In other words given two images, one with a message and one without, there is no analysis which could say which one contained the message without the decoding key. There is nothing inherently impossible about this on par with perpetual motion machines; it's just extremely difficult to get right when you don't have control over the encoding you're trying to blend in with.

A simpler task would be to hide a message in a highly redundant format of your choosing. For example, any data can be encoded in 2x the original space as interleaved bits from two bitstreams A and B where A consists of strong (pseudo-)random bits and B is the original data XOR A. Both A and B will appear random, but A XOR B gives the original data. (One plausible reason to do this might be to avoid long runs of 0's or 1's in electronic signals or radio transmissions.) Given such an encoding you could replace the random bits (A) with the ciphertext of your hidden message, which should be indistinguishable from noise, and compute B as usual. For anyone without the key there is no way to tell whether the interleaving of A and B contains a hidden message, but someone with the key can simply apply it to the "random" bits.

Of course for this to function as steganography people would need to use this encoding when they weren't sending hidden messages, which is not very likely, or else the encoding itself would give it away. However, real data formats can have similar properties where there is an element of randomness in the encoding. The trick is to substitute random-seeming ciphertext in place of natural noise without leaving any traces. This is the same basic principle as replacing low-order bits in an image with ciphertext, except it's actually not that easy to blend in since natural low-order bits aren't completely devoid of patterns and bias.

5

so_good_so_far t1_jbdd5pu wrote

For one, steganography systems do not universally assume that. There are plenty of use cases for hiding data in plain sight, commonly used images, etc. Hiding data in a common image might be plenty to slip it past a censor or authority even if a later cryptanalysis might detect it.

But please link me the mathematical proof that backs up their claim that this is "perfectly secure" (whatever that actually means). "Random seeming" is not random. Even tiny biases can tip off attackers that there may be encrypted data, no matter how many times you XOR it. Random is random, everything else has patterns. No matter how cleverly they intermingle it with other structured data, it is not random and I'm not buying it unless they have a peer reviewed proof that backs their claim up.

0