At 08:09 PM 12/11/03 -0500, Tyler Durden wrote: ..
As for Variola's comment, you might be right. I just assumed there's some kind of relationship between LSB and those spatial freuencies wherein image information might be stored. Actually, I would still think there's a relationship, in which case an Echelon-like approach based on ffts and "noise templates" might be going on (hence the usefulness of jamming).
Well, you're going to have a model for your covertext. Maybe that's the statistical distribution of low-order bits in the image file, maybe that's the distribution of packet arrival times. You encode messages in your covertext by making up new covertexts (maybe from existing or old ones) that fit the same model. If an attacker has no better a model than you do, he can't tell stegoed covertext from unstegoed covertext. If an attacker has a better model, he may be able to tell the difference.
Let's make this concrete. Suppose I decide to encode my real message to you in the time I send this e-mail. If I have 24 hours in which I'm willing to send this message, I can encode one of about 80,000 messages to you, since the timestamp goes down to the second.
Now imagine an attacker who doesn't know anything about me. He has no reason to be surprised at any time I might be sending messages to you, so to him, this isn't a terrible scheme.
Now imagine an attacker who knows I work a 9-5 job. He ought to be quite surprised at seeing e-mail from me at 10:30 AM on Friday, because I'm supposed to be in the office then. He ought to be pretty surprised at seeing e-mail from me at 4 AM, because that will make it hard for me to make it to work in the morning. He has a better model of what the covertext (the time I send the e-mail) should look like, so he can see a couple of innocent-looking e-mails from me to you with weird timestamps, and have some reason to suspect something interesting is going on.
..
-TD
--John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
