Simple inner transposition steganography
I'm not sure if this is novel, but it's new to me, and a lot of fun to brighten up our otherwise dull day. Some guys over on dgcchat have stumbled on a simple steganography method. What follows is their own words, but in an edited single sequence: === Ragnar: Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe. Ragnar (2): I suppose, for those that don't have encryption, a proggy can be developed to change around words (keeping the last and first letter the same) in an email before sending, based on this research. :) Ken Griffith adds: Taht wulod be an execlenlt way to sned emial msesgaes in palin txet taht cnnaot be dteetced by ehceoln. One culod tlak aoubt bmbos, trerroitss and suftf lkie taht wiohtut trgigreing the fagls. === No work on the original research though. -- iang - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
Bill Stewart wrote: > > Ian Grigg wrote: > > Ken Griffith adds: > > Taht wulod be an execlenlt way to sned emial msesgaes in palin txet taht > > cnnaot be dteetced by ehceoln. One culod tlak aoubt bmbos, trerroitss and > > suftf lkie taht wiohtut trgigreing the fagls. > > Well, it's not really any uglier than 31337 h4x0r sp33k, > and has the advantage of covering for all those folks > who don't have spelling in their list of talents :-) Indeed! (The source remains elusive, some have commented here http://www.languagehat.com/archives/000840.php but without tying it down.) Either way, the point is well made. One of the things that the 911 guys apparently did was communicate from public libraries. If they were to use such a technique, and also to use a set of pre-created email addresses on hotmail or yahoo, one could imagine that they'd pretty well stuff any massive scanning techniques. And, after the fact, there's less of an issue. So a travelling terrirost could forego their copy of PGP and instead carry around a list of email accounts and a propensity for dyslexia. Which makes an odd sort of sense; one of the things that was apparent in the payments world is that real bad guys would not use supposed anonymous electronic payment systems because they assumed out of hand that the anonymity was a lie. If such distrust was applicable across different systems, then people who really care about their secret communications might eschew crypto as well. iang PS: the other aspect is the often claimed flood of stego across the net. Now, we can measure it easily, simply run a spell checker over the emails :) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
Changing around the order of a list of items is a pretty cool way to hide information. You can hide about log_2(n!) bits of information in a list of n items. In the case of words, you can move around the inner letters as long as there are no duplicates. If you want to experiment with the basic technique, check out this web page with an applet I wrote. http://www.wayner.org/books/discrypt2/sorted.php At 9:06 PM -0400 9/17/03, Ian Grigg wrote: I'm not sure if this is novel, but it's new to me, and a lot of fun to brighten up our otherwise dull day. Some guys over on dgcchat have stumbled on a simple steganography method. What follows is their own words, but in an edited single sequence: === Ragnar: Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe. Ragnar (2): I suppose, for those that don't have encryption, a proggy can be developed to change around words (keeping the last and first letter the same) in an email before sending, based on this research. :) Ken Griffith adds: Taht wulod be an execlenlt way to sned emial msesgaes in palin txet taht cnnaot be dteetced by ehceoln. One culod tlak aoubt bmbos, trerroitss and suftf lkie taht wiohtut trgigreing the fagls. === No work on the original research though. -- iang - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
I passed this on to another list - the Link mailing list: http://mailman.anu.edu.au/pipermail/link/2003-September/thread.html#52701 A list member pointed out a Perl script by Jamie Zawinski to scramble the internal letters of words: http://www.jwz.org/hacks/marginal.html - Robinhttp://www.firstpr.com.au http://fondlyandfirmly.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
Come on, this is a terrible idea for steganography. Unless this catches on as some sort of fad, which (a) it won't and (b) even if it did it would be short-lived, then sending a message with its letters scrambled in this way would be the last thing you'd want to do for steganography. The whole point of steganography is to make the cover message look normal. Nothing would make your message more conspicuous than being filled with random letter rearrangements. In fact, this is such an obvious and forced alteration that it hardly counts as steganography at all. Maybe it works as a very, very weak form of encryption, one which can be decrypted at a glance by humans but would evade the most simplistic computer recognition systems. But stego it ain't. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
On Thu, 18 Sep 2003, edo wrote: > Maybe it works as a very, very weak form of encryption, one which can > be decrypted at a glance by humans but would evade the most simplistic > computer recognition systems. But stego it ain't. > Steganography is in the eye of the beholder. -- Viktor. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
At 4:01 PM -0400 9/18/03, [EMAIL PROTECTED] wrote: On Thu, 18 Sep 2003, edo wrote: Maybe it works as a very, very weak form of encryption, one which can be decrypted at a glance by humans but would evade the most simplistic computer recognition systems. But stego it ain't. Steganography is in the eye of the beholder. Very nice line. I have to agree. There are always two channels in steganography and its cousin watermarking. You want to make changes in one channel so the other channel isn't affected. In this case, a munged word doesn't affect the human reader but it can carry log_2(n!) bits where n=count of non-duplicate letters - 2. So we have two channels. Now, I will admit that a large number of munged words will trigger something in the human, but it's entirely possible that three or four munged words on a page WON'T EVEN BE NOTICED. Believe me. I've proof read books a number of times and it's surprising how much gets through even the best copy editors. Three or four words per page is also enough to insert more than a few bits of watermarking. A seven letter word can carry almost seven bits. So let's call it 6 bits. If you change four seven letter words on a page, you've 24 bits. Not bad. -Peter - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
edo wrote: > > Come on, this is a terrible idea for steganography. Unless this catches > on as some sort of fad, which (a) it won't and (b) even if it did it > would be short-lived, then sending a message with its letters scrambled > in this way would be the last thing you'd want to do for steganography. > > The whole point of steganography is to make the cover message look normal. > Nothing would make your message more conspicuous than being filled with > random letter rearrangements. In fact, this is such an obvious and > forced alteration that it hardly counts as steganography at all. > > Maybe it works as a very, very weak form of encryption, one which can > be decrypted at a glance by humans but would evade the most simplistic > computer recognition systems. But stego it ain't. One could declare such a simple trick to be "not stego." Or, even, worthless, and beneath the contempt of the serious student of cryptography. That would be too harsh. The elegance of the idea is that it shows how little one needs to do to achieve some security from observation. How much is then the question - is it good enough? Well, that comes down to the threat. And the costs you are willing to bear. There are those that say that unless you are using 128 bit blah blah with 1024 RSA acronymstandardwhatsits, you haven't got a thing. They are wrong, and, luckily, we can now see that the market place ignores that as much as its permitted. They are wrong because they didn't ask what the threat was, and didn't ask how much the user wanted to spend. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
At 08:21 PM 9/18/03 +0200, edo wrote:
>Come on, this is a terrible idea for steganography. Unless this catches
>on as some sort of fad, which (a) it won't and (b) even if it did it
>would be short-lived, then sending a message with its letters scrambled
>in this way would be the last thing you'd want to do for steganography.
Are you forgetting:
1. the stego'ed bits are already noise (ie, encrypted),
possibly shaped noise?
2. you don't have to make a mistake on every word?
Ie, you model what human mispellers do and you can still have
deniable bandwidth.
...
Speaking of which, but aside: An alexic (due to MS disconnecting a certain
visual-to-linguistic path) "hunt-and-peck" friend makes lettershape-based
errors when typing, vs. the spatial qwerty-finger-position-fumble errors
that I (an inaccurate touch typist) make, or the spelling errors ("I"
before "E" yadda yadda) that visually-literate, careful authors make.
[Some text-to-speech software is helping him regain functionality. As does
Google's _did you mean?_, spellchecking, and his diary's (Excel, actually)
search ability. GPS might help with his navigation problems.]
Anyway, there's a human-error-distribution which can be used to
shape the stego'd misspellings. Just like one's digital camera noise can be
characterized before using images from it to broadcast stego'd messages.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
edo wrote: > Come on, this is a terrible idea for steganography. Unless this > catches on as some sort of fad, which (a) it won't and (b) even if it > did it > would be short-lived, then sending a message with its letters > scrambled > in this way would be the last thing you'd want to do for > steganography. Oh, I wouldn't be too sure about that. as the order of the letters can be itself a binary channel, you could probably obtain 3-4 bits of channel space per word for an *additional* message that can be decoded by comparing the correct letter order to the "encoded" letter order. obviously , this means going though the entire letter as a machine-assisted "spellcheck" as the odds of getting an accurate machine decode are low (the spellchecker is going to miss most of the contextual cues humans would use to decode the text) > The whole point of steganography is to make the cover message look > normal. Nothing would make your message more conspicuous than being > filled with random letter rearrangements. In fact, this is such an > obvious and > forced alteration that it hardly counts as steganography at all. it has two functions. it makes mechanical recognition of the content much, much more difficult it provides a covert channel for the real message. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple inner transposition steganography
edo wrote: > One could declare such a simple trick to be "not stego." Or, even, worthless, and beneath the contempt of the serious student of cryptography. That would be too harsh. The elegance of the idea is that it shows how little one needs to do to achieve some security from observation. You're kind, but still missing some of the nuance. It's possible to encode these bits in a secure way that would be worthy of any student of cryptography. I believe it's possible to encode bits in the order of things in a way that is JUST AS SECURE as the hash function being used. The code below uses MD5, but it could use any hash function. If we assume the random oracle model, I think it's pretty obvious that one can't extract the message without finding a way to put a crack in the hash function. http://www.wayner.org/books/discrypt2/sorted.php The example only uses disco songs, but it applies to any list of things. Obviously rearranging the letters creates spelling mistakes, but I think there are plenty of lists of objects with no obvious ordering. That's why I chose disco songs. -Peter - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
