If the picture was taken by an actual camera, the least significant
bits will be random due to the nature of the way CCDs work in the real
world. They might be biased, but it's not very hard to bias a
"random" data stream. You could have the sender look at the bias in
the odd frames, and use that in the following even frames, if the bias
is similar. The recipient could compute the bias in the odd frames,
and use that to normalize the stego in the even frames before applying
the crypto. If the scene changes drastically, the bias may change,
the sender wouldn't encode anything in that frame, and the recipient
will need to resync somehow.
Stego is subtle, but it's not impossible.
After thinking about this a bit, perhaps the point is that any
conversion, light-on-CCD to bits, bits to paper, etc., has a
certain amount of bias-able "random" data and hence it is
likely that any such process has a fingerprint that might even
be unique as, of course, the color copier example shows can be
made intentional.
My knowledge of media reproduction technology in the large is
near zero, but if a color copier can identify itself what is to
keep it from identifying the time of day or serial numbering
the individual copy or silently including a photo of the
operator? Larger still, what's to prevent adding such a
fingerprint to every copy of National Geographic, to every film
processing lab's printing system, to every copy of every MP3
file, to the transmission of every PCS phone, etc., etc.?
In short, is steganography the ultimate surveillance tool?
--dan
