What are the best steganalysis programs?
in [Cryptography]
|
From: Atman.Soul on 12 Mar 2006 15:05 I am looking for any type of steganalysis program, preferably for WAV and MP3 files, but Steganalysis for images is okay. Thanks.
From: Ertugrul Soeylemez on 12 Mar 2006 20:08 "Atman.Soul" <Atman.Soul(a)gmail.com> (06-03-12 12:05:25): > I am looking for any type of steganalysis program, preferably for WAV > and MP3 files, but Steganalysis for images is okay. Thanks. I assume, by 'steganalysis' you mean finding steganographically hidden content, and in the ideal case, retrieving the hidden message. You cannot do this programmatically, if it has been done properly. However, there is a little chance that you could write such a program yourself. Let's, for example, take a sound file (i.e. waves). Normally, a hidden message is itself encrypted, to make sure that even if its existence gets revealed, the actual message content doesn't. Normal sequences of wave samples can be compressed easily. But an encrypted message can't, because to the compression program it looks like random garbage. You could extract certain bits, e.g. the low bits of the samples, and try to compress them. If they compress better than the other bits, then this indicates that normal plaintext could have been steganographically integrated into the sequence, because normal plaintext tends to be highly redundant; more than real wave samples. If they don't get compressed at all, then this could indicate a hidden ciphertext. Well, it looks like you have to do this yourself. I can't find any automated program for this. By the way, if the message has been integrated properly, then you won't be able to do this. Personally I would try to add redundant (but meaningless) information into the hidden message, so it compresses as well as the innocuous container message (i.e. the wave file). By the way, you don't have to repost a message just to fix a typo. ;) Regards.
From: vedaal on 13 Mar 2006 01:18 Atman.Soul wrote: > I am looking for any type of steganalysis progrma, preferably for WAV > and MP3 files, but Steganalysis for images is okay. Thanks. don't know of any offhand for sound files, but here is a very good one for image files: http://www.outguess.org/detection.php vedaal
From: Harris on 13 Mar 2006 01:56 Ertugrul Soeylemez <never(a)drwxr-xr-x.org> wrote in news:20060313020803.26f62287(a)kill.mine.nu: > "Atman.Soul" <Atman.Soul(a)gmail.com> (06-03-12 12:05:25): > >> I am looking for any type of steganalysis program, preferably for WAV >> and MP3 files, but Steganalysis for images is okay. Thanks. > > I assume, by 'steganalysis' you mean finding steganographically hidden > content, and in the ideal case, retrieving the hidden message. You > cannot do this programmatically, if it has been done properly. However, > there is a little chance that you could write such a program yourself. > .............. > .....................But an encrypted message can't, > because to the compression program it looks like random garbage. > > You could extract certain bits, e.g. the low bits of the samples, and > try to compress them..........................If they don't get > compressed at all, then this could indicate a hidden ciphertext. > ....................... Steganographic analysis works in the same logic as steganography itself, only in reverse. When you find a way to embed a hidden message to a carrier signal (data), you always think of ways that this could be detected. In simple stego tools, the message is spread in the spatial domain using minimal content change to the carrier. In most cases, this means that you only use the LSB of each carrier byte/word. If the message is compressed or encrypted, the end result would be something like adding white noise to the original signal. However, this works the other way too: if the original carrier is "crystal-clear" and you add a LSB-stego message to it, the modification will be easily detectable by proper statistical analysis. This does not mean that every time you detect random sequences in LSB you have e stego message - it could easily mean just noise. More advanced techniques employ spread-spectrum message embedding: the modification of the carrier is conducted in the frequency spectrum (FFT, DCT, DWT, etc). This approach provides more control over the noise-like characteristics of the final signal and usually it's much harder to detect, even for increased stego message sizes. For example, an image that has been processed by LSB- stego would appear to have some random noise in the form of speckles. If the same image is processed by spread-spectrum stego, the embedded message is "encoded" as artifacts of all sizes and shapes instead of pixel-level noise. This means that the final image may look like a low-quality jpeg (blurred edges and/or block-like artifacts), but no other evidence of tampering. In this case, steganalysis is much more difficult to be successful and requires multiple levels of processing in the spectrum domain. In both cases, signal processing and statistical analysis are the only tools you have when conducting "blind" steganalysis, unless you have evidence of specific algorithms/tools used (by examining file header, stack area, etc). Also, the best stego tools are the ones nobody else knows about them - otherwise, their output may have already been examined and registered by corresponding steganalysis tools. -- Harris
From: Dave Turner on 13 Mar 2006 13:51
I don't think you'll find too many automative steganalysis programs because each steganographic embedding technique is different ... consider for example changing the least significant bit in several pixels in a bitmap vs embedding data in comment data fields in a JPEG file - if a programmatical approach is to be taken then each method needs to be addressed individually because no algorithm will work for all methods, similarly to how every encryption algorithm needs to be treated individually - on its own merits |