Re: S-Tools Stego makes an appearance in Law and Order-SVU
At 07:15 AM 3/31/03 +0200, Thomas Shaddack wrote: For very-low-bandwidth data transfers hidden in wideband streams, we could maybe use timing of packets. Wouldn't work with more congested networks, and would need some kind of REALLY heavy-duty error correction, but could be rather difficult to spot. Do some reasonable error-correction on it, and then implement IP over it. Hey, we *said* it was an unreliable transport protocol :) The signal could be transported in the intervals between the IP packets sent, or by dropping selected packets and requesting retransmissions, or by swapping the order of some packets. The constraint here is that an outsider mustn't be able to distinguish the performance of a stego-enabled system from a non-stego system. So I think you'd have to be really careful about dropping very many packets, swapping packets, etc. As a first cut, suppose I have a sort of encoding mask for two different bits, e.g. 0 == 01010101 1 == 10101010 Then I decide whether to delay packets by some very small amount based on which mask I'm using, adding a really small delay whenever there's a 1. The receiver tries both masks, and chooses the more probable one. (For the nine packets he receives, he does some statistics on the delays between packets, and assigns probabilities of 1 symbols in each location, throws out obvious outliers, etc., and then chooses the most probable decoding.) The goal here would be to get down to delays that were small enough that an attacker who didn't know the two candidate masks would have a very low probability of being able to distinguish the behavior of a stego-enabled system from a non-stego system. Sort of like having a timing attack which is impractical because the attacker must guess too much internal information before he can test his guess Has anyone done this kind of scheme in the open literature before? This seems like the sort of thing someone would have investigated as a covert channel for leaking information from a compromised system. The world is crammed full with unused communication channels. Yep. Mostly unused because they're not all that reliable, or because they offer too little bandwidth to be worthwhile, alas. ... --John Kelsey, [EMAIL PROTECTED]
Re: S-Tools Stego makes an appearance in Law and Order-SVU
As for the how, one wonders some form of fake-stego can't be incorporated somehow into non-stego programs, such as zip/compression utilities, file-sharing and so on. For very-low-bandwidth data transfers hidden in wideband streams, we could maybe use timing of packets. Wouldn't work with more congested networks, and would need some kind of REALLY heavy-duty error correction, but could be rather difficult to spot. The signal could be transported in the intervals between the IP packets sent, or by dropping selected packets and requesting retransmissions, or by swapping the order of some packets. The world is crammed full with unused communication channels. But this is just an immediate idea and I am sick and sleepy. *cough*
Re: S-Tools Stego makes an appearance in Law and Order-SVU
Mentions of anonymous remailers are now almost commonplace. Looks like stego is catching up. Implications for attempted bans on these tools, or enhanced sentencing, are left to your imagination. Steganalysis is going to be a big thing. Possible countermeasure is embedding a steganographed message (can be a random file with statistical characteristics equal to an encrypted file) into as many images as possible. The adversary will still be able to detect the data in the file, but the number of files with real messages in them could be just a fraction of the total amount. A Microsoft(R) Worm(R) could be unleashed that would steganographically embed random files into all JPEG files found on the victim machines, for diluting the stego files in a worldwide scale; possessing/transmitting such image wouldn't then be automatically a reaspon for suspicion. Another approach, less effective but also less dramatic and more difficult to do in large scale, is to put such module into some popular graphics-editing software. Opinions, comments, peer review?
Re: S-Tools Stego makes an appearance in Law and Order-SVU
Gotta give this thought a great big ditto. I've believed for a long time now that the real reason the fedz have tried to scare the public from using heavy crypto is for precisely this reason...a lot can be determined merely by the presence and form of crypto used. I am in fact starting to wonder if whether (in certain contexts) merely knowing that something is encrypted (and how) is just about as good as de-encrypting it. As for the how, one wonders some form of fake-stego can't be incorporated somehow into non-stego programs, such as zip/compression utilities, file-sharing and so on. -TD From: Thomas Shaddack [EMAIL PROTECTED] To: Tim May [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: S-Tools Stego makes an appearance in Law and Order-SVU Date: Sun, 30 Mar 2003 08:22:24 +0200 (CEST) Mentions of anonymous remailers are now almost commonplace. Looks like stego is catching up. Implications for attempted bans on these tools, or enhanced sentencing, are left to your imagination. Steganalysis is going to be a big thing. Possible countermeasure is embedding a steganographed message (can be a random file with statistical characteristics equal to an encrypted file) into as many images as possible. The adversary will still be able to detect the data in the file, but the number of files with real messages in them could be just a fraction of the total amount. A Microsoft(R) Worm(R) could be unleashed that would steganographically embed random files into all JPEG files found on the victim machines, for diluting the stego files in a worldwide scale; possessing/transmitting such image wouldn't then be automatically a reaspon for suspicion. Another approach, less effective but also less dramatic and more difficult to do in large scale, is to put such module into some popular graphics-editing software. Opinions, comments, peer review? _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
S-Tools Stego makes an appearance in Law and Order-SVU
The S-Tools stego package had an appearance in tonight's Law and Order--Special Victims Unit, with a suspected child pornographer hiding images of children in they could be images of anything--sunspots, whatever. Stego...it's mainly used by spies. Even a mention of the etymology of steganography. I recall several mentions on The Agency and similar shows, usually involving the alleged secret messages from Osama (no evidence for this has been shown, to my knowledge). Mentions of anonymous remailers are now almost commonplace. Looks like stego is catching up. Implications for attempted bans on these tools, or enhanced sentencing, are left to your imagination. --Tim May
