At 1:34 AM -0500 1/26/2000, Marc Horowitz wrote:
>Rick Smith <[EMAIL PROTECTED]> writes:
>
>>> The basic notion of stego is that one replaces 'noise' in a document with
>>> the stego'ed information. Thus, a 'good' stego system must use a crypto
>>> strategy whose statistical properties mimic the noise properties of the
>>> carrying document. Our favorite off the shelf crypto algorithms do *not*
>>> have this property -- they are designed to generate output that looks
>>> statistically random. So, can't we detect the presence of stego'ed data by
>>> looking for 'noise' in the document that's *too* random?
> >>
>>> For example, many stego implementations involve embedding data in the low
>>> order bits of a graphical image. Those low order bits undoubtedly have some
>>> measurably non-random statistical properties. Once we replace those bits
>>> with data, the bits will have serously random statistical properties. So,
>>> we can detect stego'ed data if the implementation uses any well known
> >> strong encryption algorithm.
>
Closely matching the statistical properties of a physical device
could be difficult. A different approach would be encouraging large
numbers of people with video Internet feeds to "pre-stego" their
material. This could be easily done by xor'ing low order bits with
bits generated by some strong crypto algorithm, frequently rekeyed by
dev/random. Perhaps Linux Webcam and Video chat packages could have
this feature enabled as a default. Since it would be impossible to
distinguish actual stego from pre-stegoed material, this would be a
very effective way to protest against attempts to restrict the flow
of information on the Internet. If enough people participated stego
would be undetectable.
Arnold Reinhold
