{"id":93,"date":"2009-07-27T19:53:24","date_gmt":"2009-07-27T19:53:24","guid":{"rendered":"http:\/\/www.piglets.org\/?p=93"},"modified":"2009-07-27T19:53:24","modified_gmt":"2009-07-27T19:53:24","slug":"steganography-prevention-before-is-better-that-detection-after","status":"publish","type":"post","link":"https:\/\/www.piglets.org\/blog\/2009\/07\/27\/steganography-prevention-before-is-better-that-detection-after\/","title":{"rendered":"Steganography, prevention before is better that detection after"},"content":{"rendered":"<p><a href=\"http:\/\/www.newscientist.com\">New Scientist<\/a> recently ran an <a href=\"http:\/\/www.newscientist.com\/article\/mg20327176.300-hidden-messages-in-images-leave-telltale-trail.html\">article<\/a> about <a href=\"http:\/\/en.wikipedia.org\/wiki\/Steganography\">steganography<\/a>. If you don't already know, steganography is essentially encryption with a difference. Specifically, encryption is usually obvious. It may be that the data Alice sends via email to Bob with <a href=\"http:\/\/en.wikipedia.org\/wiki\/Public_key_cryptography\">public key cryptography<\/a> is entirely secure from eves-dropping by <a href=\"http:\/\/xkcd.com\/177\/\">Eve<\/a> (pun intended, sorry), but Eve will <strong>know<\/strong> data is being sent that she might be interested in. Steganography, by contrast, seeks to hide the encrypted data so Eve is not aware of its very existence.<\/p>\n<p> It's a very ancient idea, stretching back to ancient Greece. In modern times a common way to perform the trick is to hide data in an image. One of my more gifted undergraduate students did a final year project on this with me. We used a known password as a seed for a pseudo-random number generator to determine which pixels of the image we would embed the data in. By playing with the least significant bit of one colour in randomly spaced pixels, you can very effectively hide data.<\/p>\n<p>The New Scientist article suggests that <strong>if<\/strong> you detect the steganography, and <strong>if<\/strong> we obtain the computer of the suspect and <strong>if<\/strong> they have carelessly wiped the software, there <strong>might be<\/strong> traces that tell you this was done. Now let's remember the whole point of steganography is that the first step is improbable, you most likely won't detect it.<\/p>\n<p>The issue is, in today's geopolitical situation, reasonably serious. It has been suggested (see the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Steganography\">wikipedia<\/a> article I linked above), that such techniques were used to exchange data on site like ebay to plan major terrorist attacks. With lots of analysis software only playing with known algorithms, or relying on comparing modified images with the original (where the original may not be available) what can such a major website do to prevent such abuse? Well, I thought an approach would be to essentially employ the same techniques with random data. That is, randomly poking data into bits in pixels here and there will, up to a certain point, not affect image clarity to the naked eye, but unless the encrypted data is loaded with huge amounts of error correcting code, it will destroy the payload. You could easily automatically run such a filter over uploaded data. I'm sure similar approaches would work for digital sound.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>New Scientist recently ran an article about steganography. If you don't already know, steganography is essentially encryption with a difference. Specifically, encryption is usually obvious. It may be that the data Alice sends via email to Bob with public key cryptography is entirely secure from eves-dropping by Eve (pun intended, sorry), but Eve will know [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"vkexunit_cta_each_option":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[],"tags":[],"class_list":["post-93","post","type-post","status-publish","format-standard","hentry"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"jetpack_shortlink":"https:\/\/wp.me\/p52I4w-1v","_links":{"self":[{"href":"https:\/\/www.piglets.org\/blog\/wp-json\/wp\/v2\/posts\/93","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.piglets.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.piglets.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.piglets.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.piglets.org\/blog\/wp-json\/wp\/v2\/comments?post=93"}],"version-history":[{"count":0,"href":"https:\/\/www.piglets.org\/blog\/wp-json\/wp\/v2\/posts\/93\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.piglets.org\/blog\/wp-json\/wp\/v2\/media?parent=93"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.piglets.org\/blog\/wp-json\/wp\/v2\/categories?post=93"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.piglets.org\/blog\/wp-json\/wp\/v2\/tags?post=93"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}