czl t1_jb9kzow wrote
Reply to comment by volci in A group of researchers has achieved a breakthrough in secure communications by developing an algorithm that conceals sensitive information so effectively that it is impossible to detect that anything has been hidden by thebelsnickle1991
You get images or video that you suspect may contain a message but not access to originals and you want a way to judge whether there is a message present and inside which images.
It is foolish to leave unaltered originals available if you are using stenography thus the comparison test you refer to can not be done in practice.
If you compress you message well the result is near noise and it is that noise that you then mix among the “natural noise” your media contains. Done right this is hard to decode or even detect unless you know the algorithm.
When claims are made about “encoding efficiency” that depends on (1) what you are hiding (2) inside what with (3) what chance of detection.
zortlord t1_jb9vqmd wrote
>It is foolish to leave unaltered originals available if you are using stenography thus the comparison test you refer to can not be done in practice.
This is just steganography using media files.
greenappletree t1_jb9rxv4 wrote
Wouldn’t it be even safer to encrypt the orinal anyway and then obfuscate it with stengraphy?
D_D t1_jb9x3dz wrote
But if you encrypt information everyone knows there's information to be uncovered. Not every image you come across on the internet has hidden messages.
The_Retro_Bandit t1_jbb4225 wrote
Encrypt a red herring or low value info and inside that put the sten?
TheSoup05 t1_jbc41ks wrote
That’s usually what you’d do. Typically steganography isn’t your only form of security. You’d encrypt it first, then encode it. And even if you can detect that there is a hidden message encoded in some file, that doesn’t mean you actually know how to extract it even if it’s not encrypted.
The steganography is really just there to try and avoid having people know you have something worth encrypting so that they aren’t trying to figure out what it is in the first place.
czl t1_jbbk1ar wrote
Originals are proof stenography was used. You destroy those since they are not needed for anything after you send the altered media.
green_meklar t1_jbcyt96 wrote
You don't need to keep the original at all. Just delete it. The version with the hidden message should be the only version anyone but you ever sees.
volci t1_jbbrlww wrote
> Done right this is hard to decode or even detect unless you know the algorithm.
And then you gett he problem of security by obscurity .. "as long as no one knows how we did it, it's secure!"
shponglespore t1_jbcffcx wrote
Obscurity should never be your only security measure, but it can still play an important role in your overall security strategy. You can and should encrypt anything you're hiding with steganography.
Also, steganography isn't really security through obscurity. That phrase generally refers to things like trying to keep a weak encryption algorithm secret because anyone who knows the algorithm has a huge head start on cracking it. Good crypto algorithms are designed to be secure even when an attacker knows exactly which algorithm was used.
czl t1_jbc3ne5 wrote
Is stenography used for security? No. It is used for plausible deniability. For security there is encryption. You understand the difference do you not? When you need both you use both of course.
volci t1_jbc9gjt wrote
Steganography is used for security
Maybe it shouldn't be ...but it is
czl t1_jbcli5n wrote
> Steganography is used for security
Steganography is confused for security.
Steganography can help security but it is not security. It increases the work needed for discovery and only that.
Analogous to the difference between cover and concealment: "Cover is protection from the fire of hostile weapons. Concealment is protection from observation."
Steganography is like "concealment" but not like "cover". To have "cover" you need encryption. You can have one or the other or both.
volci t1_jbcnorh wrote
Wikipedia disagrees with you ...https://en.wikipedia.org/wiki/Steganography?wprov=sfti1
Steganography is a form of security
Via obscurity :)
czl t1_jbcs10i wrote
My words above are:
>> Steganography can help security but it is not security.
To that you reply
> Wikipedia disagrees with you… Steganography is a form of security … Via obscurity
Obscurity can help security but it is not security is it? You know better than that to believe that so why do you reply to me with ‘Wikipedia disagrees with you’?
Here is what the wikipedia link you shared says:
>> Whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent and its contents.
Concealment can help you avoid detection but concealment does not offer protection does it? If someone has a gun a pile of leaves may conceal you but will it protect you? What do you suppose happens to those who confuse concealment for cover (which does offer protection)?
Do you genuinely not understand the difference between stenography vs cryptography and the different purposes (as Wikipedia explains) they have? Are you being disagreable on purpose to act like a troll? Why then are you being disagreable? What is your purpose?
green_meklar t1_jbcyzzs wrote
With proper cryptography, even if they do know your algorithm, they still can't read your message without the decryption key. Ideally, with good steganography, knowing your algorithm can't even tell them the message is present without the decryption key.
volci t1_jbae8x8 wrote
You have to have the unaltered originals somewhere, or you won't know what you hid where
czl t1_jbbjlgv wrote
> You have to have the unaltered originals somewhere, or you won't know what you hid where
You do not need originals.
Data can be encoded to look like noise yet still be decoded if you know the algorithm despite not having unaltered originals.
This is commonly done when secret messages are EM transmitted for example with turbo codes: https://en.m.wikipedia.org/wiki/Turbo_code
With stenography instead of encoding messages in the EM spectrum you encode in the media (sound, images, video, ...) you are using.
If you have data treated to look random (compressed / encrypted) you can for example encode it using the "least significant bits" of your media which are mostly sensor noise anyways.
A more sophisticated approach can spread this out across pseudo random offset pixels. Your algorithm knowing the pseudo random sequence can decode your data analogous to https://en.m.wikipedia.org/wiki/Spread_spectrum techniques for secret messages transmission and applications like: https://en.m.wikipedia.org/wiki/Low-probability-of-intercept_radar
green_meklar t1_jbcz5sf wrote
No, the idea is that you leave data in the file itself that tells the recipient how to find what's hidden in it. The recipient doesn't need to see the original, all they need is the right decryption algorithm and key.
Viewing a single comment thread. View all comments