Rick Smith <[EMAIL PROTECTED]> writes:
>> The basic notion of stego is that one replaces 'noise' in a document with
>> the stego'ed information. Thus, a 'good' stego system must use a crypto
>> strategy whose statistical properties mimic the noise properties of the
>> carrying document. Our favorite off the shelf crypto algorithms do *not*
>> have this property -- they are designed to generate output that looks
>> statistically random. So, can't we detect the presence of stego'ed data by
>> looking for 'noise' in the document that's *too* random?
>>
>> For example, many stego implementations involve embedding data in the low
>> order bits of a graphical image. Those low order bits undoubtedly have some
>> measurably non-random statistical properties. Once we replace those bits
>> with data, the bits will have serously random statistical properties. So,
>> we can detect stego'ed data if the implementation uses any well known
>> strong encryption algorithm.
If the picture was taken by an actual camera, the least significant
bits will be random due to the nature of the way CCDs work in the real
world. They might be biased, but it's not very hard to bias a
"random" data stream. You could have the sender look at the bias in
the odd frames, and use that in the following even frames, if the bias
is similar. The recipient could compute the bias in the odd frames,
and use that to normalize the stego in the even frames before applying
the crypto. If the scene changes drastically, the bias may change,
the sender wouldn't encode anything in that frame, and the recipient
will need to resync somehow.
Stego is subtle, but it's not impossible.
Marc
