Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
United States

The Rise of Steganography 214

The next major battle between hackers and the Corporate Republic will almost surely involve the relatively unknown fields of steganography and digital watermarking, otherwise known as Information Hiding, a scientific discipline to take very seriously. This is where the big three digital policy issues -- privacy, security and copyright -- all collide head-on with corporatism. If they hated Napster, they'll really go nuts over rapidly evolving research into how to hide data inside data. (Read more.)

The engineers and nerds who still run the Tech Nation generally keep their noses to the grindstone. They're disinclined to ponder the long view when it comes to developing new technology, preparing for the many public-policy issues surrounding the things they create.

And policy and technology collide all the time, from the building of the Interstate Highway to the space program to the Net. Three particular hot points emerge, when it comes to civics and technology: security, privacy and intellectual property. Naturally, there's very little rational public or media discussion of any of them, beyond hysteria about violence, cracking, theft and porn.

Steganography is the means by which two or more parties may communicate using invisible communications -- even the act of communicating is disguised. This sort of Information hiding -- as opposed to traditional cryptography -- could upend conventional wisdom about copyright, intellectual property and control of data online. The very idea of digital information hiding is almost bitterly ironic: The Net is the most open information culture ever, yet encroachments by corporatism and government are spawning an entire movement and discipline devoted to new techniques for hiding rather than opening data.

Some parties already understand the import of this struggle. Several weeks ago, academic SDMI (Secure Digital Music Initiative) researchers canceled a presentation they'd planned at the Fourth Information Hiding Workshop in Pittsburgh. The reason: pressure from the Recording Industry of America (RIAA), concerned that the release of data about advances in watermarking would undermine its long, expensive and still largely unsuccessful efforts to shut down free music on the Net.

Last week, Declan McCullagh of Wired News reported from the conference that Microsoft has developed a prototype system that limits unauthorized music playback by embedding a watermark that remains permanently attached to audio files. (Note: A conventional watermark is a normally invisible pressure mark in expensive paper which can be seen only when the paper is held up to a strong light. Digital watermarks are embedded in computer files as a pattern of bits which appear to be part of the file and are not noticeable to the user. These patterns can be used to detect unauthorized copies.)

During a security panel, reported McCullagh, a Microsoft research scientist demonstrated how the hidden copyright infringement fingerprint is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded. If the recording industry begins to include watermarks in its song files, Windows would refuse to play copyrighted music that was obtained illegally (as defined by the Digital Millenium Copyright Act, written by corporate lobbyists, enthusiastically passed by a Congress besotted with corporate money, and signed by a pliant President Clinton two years ago).

Every few years, the war over control of information online seems to escalate. Cryptography suddenly became critical when businesses started to buy and build networked computer systems and people began exchanging money online. Viruses and other epidemics gained widespread national attention once substantial numbers of computer users began trading programs. When the Net exploded, manufacturing firewalls became an industry.

Now the digerati are making a lot of noise about collaborative filtering and blocking and discussions systems, from weblogs to blogs to other peer-to-peer systems, but steganography is a vastly more significant development. Information Hiding, driven by the most significant policy issues of the Digital Age -- privacy, copyright protection and state surveillance -- is the battleground. It comes as the stakes rise in the conflict between proprietary and open information systems.

This week, according to the New York Times, Microsoft will unveil a broad campaign to counter the open source and free software movements, arguing that it undermines the intellectual property of nations and businesses. The campaign, says John Markoff in the Times, is part of Microsoft's new effort to raise questions about the limits of innovation in open-source approach, to advance the idea that companies who embrace open source are putting their intellectual property at risk. In this context, as the battle lines around content and property become clear, the role of Information Hiding grows more critical.

During much of its growth, the Net escaped the attention of government and politics. That's hardly the case now. Federal law enforcement agencies want the right to track information online. Businesses are terrified about the rise in free and shared data. In the Corporate Republic, business and government both grasp the essence of copyright, security and privacy issues. The war over free music has, almost from the first, been the aspect of this Information Age conflict most visible to the public, a testing ground for new technologies and applications that bring new threats and spark the reinvention of new protection philosophies and mechanisms.

Corporate lobbyists have successfully advanced the idea -- via an expensive, sophisticated media and political campaign -- that new laws and initiatives (from the SDMI to the Sonny Bono Copyright Act to the Digital Millenium Copyright Act) -- are necessary to protect intellectual property from pirates online. It's not so simple. These laws, some horrific in their impact on free speech and the fluid movements of creative works, primarily protect corporate revenues, not intellectual freedom or the rights of creators and artists.

Hiding information in modern media, sometimes in plain sight, has cropped up in music and DVD battles, especially regarding DeCSS, the program developed to allow the descrambling of DVD movies. (The writers of the program reverse-engineered the CSS scrambling methods that the Motion Picture Association of America uses to prevent DVD's from playing on unlicensed player.)

There's little published material about steganography, and what has been written costs a fortune. Information Hiding: Techniques for Steganography and Digital Watermarking edited by Stefan Katzenbeisse and Fabien A.P. Petitcolas, published by Artech House, costs nearly $100. But for anyone whose future work in the future involves information, privacy, security or copyright, you couldn't spend the money more wisely. Steganography manuals may be essential tools of the hacker nation in the coming years, as they fend off corporate and government regulations and intrusions.

The book provides an authorative overview of steganography and digital watermarking. Steganography, the book explains, studies ways to make communication invisible by hiding secrets in innocuous messages, whereas watermarking originates from the perceived need for copyright protection of digital media.

Until recently, traditional cryptography received much more attention in the tech world, but that's changing quickly. The first academic conference on stenography took place in l996, driven by concern over copyright and the growing corporate panic over the ease of making perfect digital copies of audio, video and other works. Katzenbeisse and Petitcolas have assembled reports that describe the new field of information hiding and its many possible applications, and describes watermarking systems and digital fingerprinting. The book also talks about the increasingly complex legal implications of copyright.

Anyone interested in the future of open media, or in issues related to privacy, copyright or security, will be particularly mesmerized by the chapter "Fingerprinting," written by John-Hyeon Lee. In this context, "fingerprints" are characteristics of an object that tend to distinguish it from similiar objects. The primary application of digital fingerprints is copyright protection. The techniques Lee describes don't prevent users from copying data or works, but they enable owners to track down users distributing them illegally.

Since corporate lobbyists have re-defined what is and isn't legal when it comes to copyright in the 21st Century, this kind of fingerprinting has stunning civil liberties implications. This technology goes well beyond the software programs tracking Web use and pages; it gives governments, lawyers and corporations a way to follow and identify, thus control, almost every kind of digitally transmitted information. Fingerprints can also be used for high speed searching.

"Fingerprinting," writes Lee, "is not designed to reveal the exact relationship between the copyrighted product and the product owner unless he or she violates its legal use. Compared with cryptography, this property may look incomplete and imprecise, but it may appeal to users and markets." It sure will.

Fingerprinting may not be designed to reveal relationships between copyrighted products and owners, but there's no reason it wouldn't be used for that purpose. That seems inevitable given the high priority billion dollar media and entertainment conglomerates have put on enforcing copyright online.

Information hiding arises against a backdrop of growing confusion and confrontation about security and copyright, which has no global standard. In China, intellectual property is owned by the state. In the United States, copyright is being redefined by corporatists to grant businesses total contol over ideas in perpetuity, a perversion of the original American idea, which was to give creators and the public both acess to intellectual property, never intended to fall exclusively and in perpetuity into private hands. How can these legal and technical applicatiions be handled rationally, let alone democratically, when every country that hosts the Net sets different standards for privacy and security?

Different cultures not only have radically different notions about copyright, but view culture itself very differently. What the United States considers pornographic might be perfectly acceptable in saner countries like Holland or Finland. Conversely, what is protected as free speech here isn't protected at all in much of the world.

So Information Hiding becomes politically important, as well as technologically central. Steganographers may ultimately decide whether movements like open source and free software can prosper and grow in the face of well-funded and organized attacks by corporations like Microsoft and industries like the record companies. They may give music lovers a way to defy powerful corporations and retain the right of access to the culture they've experienced freely for years. They may preserve the idea of security against state surveillance, intrusive educational systems, or even the private businesses forever collecting personal data.

It's not a huge stretch to say that steganographers may determine whether the Net -- and much of the data that moves through it -- stays free or not. All the more important to understand what they do.

This discussion has been archived. No new comments can be posted.

Steganography

Comments Filter:
  • by Anonymous Coward
    a collision between technology and corporate greed. The bottom line here is that this discussion IS a POLITICAL discussion no matter how much we techeads don't want it to be. On one side there are those who believe that technology should be used to make things more accessible to the masses and at the same time offer anonimity. The other side believes that technology should be used to make things LESS available with no anonimity. Look at how this whole issue is shaking out. The government is scared to death of the 'net. So is corporate America. They want it only where it benefits THEM. This isn't about fair use, copyrights or DCMA. It's about GREED. For years the corporate world had been bitching about how much the average citizen 'robs' them. They complained about the radio, TV, reel to reel tape, cassettes, VCR's and now digital storage. This hasn't changed at all. What HAS changed is the political climate in the world, which now embraces corporate greed. Nothing's changed except the LAWS in place. The 'net gave them another reason to complain and this time the courts and politicians (read: REPUBLICANS) were ready to listen! This is the reason why things are as screwed up as they are. Those that say that politics don't factor into this are simply wrong. It isn't technology, it's simply politics as usual.
  • China isn't sane and that isn't the point of Jon's article. The point is more about corporate America.

    This country IS NOT the country that originally gave us those rights.

    Unfortunately Shivetya you and many others who are helplessly trapped and inundated with the system don't remember your history very well.

    Perhaps you haven't realized that this country and the rights put down over 200 years ago were placed there when some very pissed off, very intelligent, and very far seeing individuals. These individuals got enough power and support to cast aside the oppression of a tyrannical government whose only interest was in preserving the empire of imperialism that it had created through taxation and staunch laws. When those brilliant men had enough of being told what they could and could not do from a government that did not understand or care what they wanted they got rid of it.

    I liken the current state of our country and its lobbyist controlled government to the Imperialist court of King George III and the days of the revolution. Except for the fact that we see a revolution coming but outright upheaval of the system is not really an option so we must use the means at out disposal, i.e. the digital universe as WE MAKE IT.

    In the eternal memory of the Founding Fathers I think I will develop some methods that will allow me to hide information inside of various pictures of the American flag.

    F__k Corporate America!

    Long live the Digital American Revolution!!!

  • by Anonymous Coward
    I wish people would stop spending their time on Slashdot trying to prove others wrong, and instead perhaps try and give their own insight about a certain topic.

    I'll play:

    If Sam posts opinion A, which is factually incorrect, and Jane posts opinion B, which is factually correct, how does Jane 'give her own insight about a certain topic' without 'trying to prove others wrong.'?

    It seems like we have another 'play well with others' utopianist ideal which falls apart upon rational inspection.

    It would definitely make for a much better experience. And who would the beneficiary of this better experience be? Obviously not those seeking truth.

  • by Anonymous Coward
    http://ban.joh.cam.ac.uk/~adm36/StegFS/ you basically set multiple pwds. each pwd unlocks more directories in the filesystem. essentially allows you to plausably deny the existence of certian files. very cool...
  • by Anonymous Coward on Tuesday May 08, 2001 @07:49AM (#237649)
    Get it here [tripod.com].
  • The Bombe design and code breaking happened here in the UK. Desch et al built faster code breakers (and Turing's criticisms of the devices were valid; they hit the problems he suspected)....

    http://www.turing.org.uk/turing/bio/part4.html

  • Katz starts off by getting a little overexcited here. Sure, Steganography is interesting, but this breathless "if they hated Napster, they'll really go nuts about this" hype is just silly.

    The whole reason Napster was (a) successful and (b) hated by the corporations is that it allowed people to freely and easily trade with strangers. People have always traded warez with their friends and acquaintances, and they've always gotten away with it. The only people who ever catch any grief for their piracy are those who make it too publically available. Like Napster.

    So.. the use of steganography allows two people to trade warez very, very safely indeed. Not only will eavesdroppers not know what they're sending, they won't even know that there's something they don't know! But two people can do that now! Email an mp3 to a friend, I guarantee the RIAA won't see you and send a lawyer after you.

    Luckily Katz then abandons this foolishness to talk about watermarking, which obviously has much in common technically with using steganography for secret communications. I'll leave this one for the peanut gallery, with a prediction that Chris Johnson is right now laughing gleefully at the prospect of the RIAA adopting a watermarking system which "is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded". Good one!

  • Not that I am implying this is trivial, but what is to stop those trying to circumvent copy protection from writing the watermark equivalent of a virus scanner? For watermarking to work, there would have to be a pattern that is recongnizable by the control software, no? Even if it gets incredibly sophisticated (i.e. subtle shifts of bits at certain points), if a program can recognize it, it means another would also be able to.

    So, as long as we have the software to use (i.e. play with and study) and we have the music, can't we just reverse engineer what the watermark is? At that point, it could be removed or added, as the need dictates.

    Of course, I could be completely clueless on this. So please chime in and correct me if you know more on this issue ;-)

  • Your privacy rights exist to the extent that you can defend them, and not beyond.
  • Every now and again there's a relatively long Jon Katz article, followed by a predicatable flood of responses complaining about the lack of real content in it (with some exceptions).
    So we have a lot of words, with relatively little overt content. What's the _real_ content? And is the covert channel the articles, the repetitive flames, or both?

    --
  • by Angst Badger ( 8636 ) on Tuesday May 08, 2001 @10:04AM (#237655)
    Jon Katz -- among many others -- promote a dangerous idea in arguing that our primary defense against arbitrary authority lies in technology. This might be true in wars between nations, but it is most definitely not the case in struggles between citizenry and their government. We live in a democracy, however deeply flawed it might be, and the most potent weapons available to us are political activism and the right to vote. Whatever problems we now face are the result of a failure to organize and act.

    The other side -- governments and corporations -- have most of the lawyers, trillions of dollars, and the world's most extensive network of law enforcement organizations. The idea that random bands of hackers and mathematicians could overcome all that just by dint of good code is ludicrous. The most we can do with code is annoy the enemy; the least they can do is imprison and impoverish us.

    This isn't to say that technology can't assist the cause of liberty, but for every genius floating around in the OSS community, the NSA alone employs ten more. Write your congressmen, organize your causes, buy only from ethical companies, and vote. Therein lies our hope.

    --

  • Bacon used one of the very first instances of a binary system to hide messages [hiwaay.net] in ordinary text by using two similar but distinguishible fonts.

    Where A B C D E F G H I ... = 0 1 2 3 4 5 6 7 8 ...
    and normal is 0 and bold is 1, then:

    the quick br... is code for 'hi'

    00111 = 7 = h
    01000 = 8 = i

  • I think you fail to see a major point of steganography:

    If Alice passes an encrypted message to Bob, there has been a provable exchange of encrypted data. Alice and Bob can be forced by law to decrypt that data if it is known to contain legally relevant information.

    Steganography provides plausible deniability. That is, Alice and Bob can state that no encrypted message passed between them and not be proved wrong beyond reasonable doubt.

    In this case, the benefits of steganography are undeniable. Just as there is no such thing as 100% secure, there's no such thing as 100% hidden, but (in this instance) steganography only has to provide plausible deniability.

    Please reply by email if you want to reply - I don't have time to check this thread very often. matt at lazycat dot org (let's not mention the irony of hiding my email address :)

  • The purpose of steganography is not to be diffucult to break, but rather to be difficult to notice. Ever play hide the thimble.

    Yes, you had better have a good reason for exchanging those large binary files. But if you do, then they won't necessarily be obviously messages. This is one reason that pictures are good. Hand-doctored erotica has an obvious reason for being exchanges (and if you edit the picture to be more "exotic", then it can't be compared against the original). And everyone has an obvious reason for not wanting to talk about it, too.

    I suppose political cartoons could be equally useful for the purpose, but they require more creative energy per copy, where the erotica could be a quick edit of something off the web.

    Tourist home-movies would also be good. Use your digicam. Or anything that you scan in. The problem is with making it obvious. Any most of them should just be things that you are really sharing, of course. Which is another reason that digicam home movies are a good choice.

    The purpose it to be so boring, or at least usual, that you aren't noticed. This is probably more difficult than strong crypto.

    Caution: Now approaching the (technological) singularity.
  • Have you notice that the funding for public libraries has been decreasing? And that licenses are being written that make it illegal to lend works of art? And that textbooks are including essential components on an included CD (so that they'll be covered by the DMCA)? And that there is talk of putting an expiration date on new media, so that you won't be able to play it after it's pull date?

    This is no minor issue. At all. My suspicion is that it will be some country that doesn't fall into this morass that becomes the next world power, if anybody manages to escape.

    I have some 7-track 200 BPI tapes on 10.5 inch reels. Can you read them? What about my 6250 STP encoded tapes? If you can't copy something to new media, it DIES!


    Caution: Now approaching the (technological) singularity.
  • Jon's made an insightful point here by noting the MS attack on OS/FS and the secure music initiatives that MS has bought into. The OS/OF attack is more than "don't use this software because IP made this nation great and we want to own the IP on our software". It's also "IP made this nation great and these OS hackers will steal your music and books and patents and any other IP that you have". This is a much broader attack and one which is much more sophisticated than I would expect from MS.

    Thanks, Jon.
  • One more time, since I've already posted some replies to other posts containing this observation, but I want to make sure this gets through to everybody:

    The problem is that Katz is preaching to the choir. To a fair bit of the Slashdot audience, who already understand the ideas that Katz presents, the news is banal and the writing seems to be mere repackaging.

    The reason things really heat up, though, is because a large portion of the slashdot audience is proud. They can't stand being told something already know. And their reaction to it is to belittle the person who tells them. Which they will do by:

    1) proclaiming that it old news, that they already knew it and so did anyone who really knows what's up

    2) arguing with them, especially over more trivial points

    How many well-writen, cogent, and erudite rebuttals do you find to a Katz article? Maybe 2. How many
    in category #1 and #2 do you find? Start counting.....

    If Katz published these stories in the Reader's Digest, this wouldn't happen.

    --
  • Good gracious, there are so many potentially spurious and actually spurious ideas lurking in your post I don't know where to start.

    Excellent perspective - if more slashdotters would read and try to understand rather than flaming posts like this, they might come to understand why the JonKatz's of the world rarely make it out of the academic world (who else would have them, since they produce nothing of value).

    I don't think Jon counts as an academic. He's been a professional writer for a while. He actually has a writing life outside of slashdot, too.

    Furthermore, there well may be a number of worthless academics, but the fact is, academia produces some fantastic stuff. You're using the invention of an academic named Tim Berners-Lee right now. Thank him while you're thinking of the number of useless people in business -- PHBs and incompetent plebes alike.

    In many respects, Katz is an aspiring Monk Toohey. In fact, the behavior is so consistent that you'd have to believe he's using the reference as his formula (hard as it is to believe, but there are many on the fringe left that aspire to the anti-hero mythology, such as Kaczynski, McVeigh, etc).

    Ellsworth Monkton Toohey, if you are refering to the character from Ayn Rand's The Fountainhead as your link seems to suggest, is the correct name of the character. There's got to be a serious amount of hubris involved in the assumption that you can read Katz motives as well as Toohey's are marked up by Rand (then again, Rand fans may tend to mistake hubris for her doctrine of ego/integrity). I find it highly unlikely that Katz is a collectivist. True, he's not laisez-faire, but in just about every other respect, he seems to defend the rights and glory of the individual as opposed to the groups. So why didn't you compare him to Austin Heller? And get Toohey's name wrong? Have you READ the Fountainhead?

    - he subjectively declares numerous items to be of extreme classification - e.g. "revolutionary", "crisis," etc. (what katz declares as reality /is/ reality)

    You don't think that there is anything revolutionary about the internet?

    You don't think that there aren't a few potential crises in the growing view of some policy makers and
    most corps that place economics over individual freedoms?

    Katz may exaggerate, and wax a bit too prosaically flowery at times, but he's not that far off.

    - he posts tirades that are thousands of words, but can't find the time to engage in a dialog (only katz's reality is of interest and should be studied and absorbed by the masses; katz already knows reality as he has declared it, and doesn't need to waste time discussing it with others).

    You're dead wrong. I've seen Katz jump into discussions spawned by his own articles. I've seen him acknowledge points that others made -- including some of my own comments.

    - he opposes concepts consistent with predominant slashdot philosophy (free speech & free press ala areopagetica, free software, individual achievement overcoming conspiracy of the masses e.g. microsoft, etc.) and yet presents himself as the self-declared spokesperson for the slashdot community (much through the failure to engage in dialog - e.g. "my thoughts /are/ the view of slashdot and require no further introspection from me").

    Ahh... you're smoking crack. He seems pretty pro free speech, free press, free, uh (don't know what areopagetica means), free software, and individualist. AND: he does NOT present himself as the spokesman for the community. He repeatedly says that he is NOT a geek himself... just interested in things tech/geek and how they affect society at large.

    I've said it before and I'll say it again: Jon Katz is merely unpopular around here because he's preaching to the choir, and if there's one thing that offends a geek, it's being told something they already know.

    --
  • The problem with this and many of Katz's other editorials is that while they profess "insight" they usually offer nothing more than spun spin that lacks...

    Wrong. The problem is that Katz is preaching to the choir. You already know half the ideas he discusses, so to you it seems a bit banal. And you're a proud geek, so you can't stand being told something you already know. And your reaction to that is to belittle the person who tells you by proclaiming that it's old news, that you already knew it, that anyone who really knows what's up already knew it, and that also, the person telling you missed several important details.

    This is a perfect example. The *rise* of steganography? Come on. Just because it's new to Katz doesn't mean that it's *new*.

    There may be someone in the audience who didn't know the term or understand the underlying concepts.
    I've been reading amateur cryptography books since 1980. I didn't run into the term steganography until 1994. Like everyone else, I understood the concept -- one of the hidden-message strategies that was used in my grade school was using the nth letter of every word in an aribitrary message to get the real message.I just didn't know the term, and didn't quite understand the implications. I doubt a lot of people did. I doubt a lot of people do. I do know that the number of slashdotters that "get it" is probably higher than most, but I'll be there's a few readers who still don't really get steganography. And I'll bet there's even more who didn't ever think it was something that big business might get upset over. I'd even be willing to bet you're one of those people. Because rather than writing a reasoned response (indicating thought) stating why you don't think businesses/people/governments will react negatively to it, you just posted a knee-jerk criticism of the author and loudly declared that you knew about steganography all along.

    Steganography is a fundamental part of encryption. There's neither nothing "new" about it nor anything that indicates -- BANG! out of nowhere! -- that it's on the "rise."

    Its use is on the rise because there's more data to hide things in and more data that people want to hide.

    Moreover, most of Katz's essays feel like they're the result of getting a "review copy" in the mail. Katz gets a free book -- maybe reads the whole thing, skims it, or just reads the last few chapters -- and then writes an essay.

    Katz publishes articles about social implications of technical things. Not detailed expositions of the technical things. In one sense, you are correct -- Katz probably doesn't deeply grok technical things and therefore often doesn't see the right implications.

    For Katz, everything is new, earth-shattering, revolutionary, and dangerous. We're always all living at the beginning of a revolution.

    The web revolution, The computer revolution, The napster revolution, The corporate revolution, The democratic revolution.


    You don't think these are part of something revolutionary?

    I could go on, but you get the point. Katz's vision often lacks coherence from one essay to another. In essay #1 the web is revolutionary. In essay #2 napster is revolutionary.

    The coherence is there, if you look. It's all about the conflict between the fact that technology is eliminating some scarcities that used to create lucrative markets. And at the same time, the popular ideology in american business and policy is that economics take prioriy over individual rights and innovation. Those are most of Katz's threads. Well, there are some about hostility of the majority to minorities, but that about covers it.

    The final point is Katz's arrogance. He will not respond to posts. Period. Katz's uses Slashdot as a mouthpiece but doesn't join in the chorus of voices. It's an arrogance that I find quite stunning -- and something that I'm surprised more people don't find offensive.

    He doesn't respond to *your* posts, I bet... what's the point? But he has responded to a few of mine. And I've seen others as well.

    Maybe you'll have to try reason instead of largely unfounded criticism. I find that helps to draw a response.



    --
  • How so? I'm not attempting to dispute your claim about these socialist european countries controlling people. But frankly most of the things I've heard about the freedoms granted to people in those countries makes me think very highly of them and increases my dissapointment with this country. So I ask you, in what way do they control them? No society is perfect so I'm sure they have some issues, but what are they?

    ---

  • I don't follow your logic...

    You become a prositute and then later become a burden on society. You could just as easily become a software developer and then later become a burden on society. What do you see as a social cost associated with this?

    And as for your drug comment, you are free to choose that lifestyle or not, just as you are free to do so here in the US. The only difference is that in the US we will try to force you to not be an addict by having criminal laws. Of course this doesn't cure you and just further alienates you by labeling you a criminal.

    ---

  • Will every piece of data transmitted across the net be subjected to brute force analysis? I think it unlikely.

    You're missing the point. If you've never sent a picture to person A, and you suddenly send a picture, you've changed your pattern, which would make that picture worthy of checking for hidden data.

    To be safe, you'd need to make a habit of sending a picture to this person, for a long while, then send the secret message, then continue sending pictures with no data. That way, there's no way to detect there's been a change in behavior.

    -jon

  • "This week, according to the New York Times, Microsoft will unveil a broad campaign to counter the open source and free software movements, arguing that it undermines the intellectual property of nations and businesses. The campaign, says John Markoff in the Times, is part of Microsoft's new effort to raise questions about the limits of innovation in open-source approach, to advance the idea that companies who embrace open source are putting their intellectual property at risk."

    The above initiative seems to be based on the premise that freedom to innovate threatens companies and nations, and is therefore bad. This kind of works against the 'Freedom to Innovate [microsoft.com]' position Microsoft took during the antitrust trial.

    To quote from Microsoft's Freedom to Innovate policy sheet [microsoft.com]:

    "The government should continue to exercise great restraint in regulating this industry, which has brought such remarkable advances to consumers and such unprecedented benefits to the economy. Congress should likewise resist the efforts of companies that seek unfair advantage through the political process to counter legitimate competition in the marketplace."

    It seems that Microsoft's policy on fundamental issues is based by the biggest threat against its monopoly at any given moment.
    Kevin Fox
    --
  • Steganography - hope I spelled it right this time - is the attempt to hide a signal

    I am hiding a signal. If Alice does what I described and sends the output to Bob, then Bob, provided he knows how the streams were mixed and has a copy of the OTP, can extract the original information from the seemingly-white-noise message.

    On the other hand, Eve, should she happen to intercept the message, cannot prove that there is anything but white noise in the message.

    Q.E.D.

    Kaa
  • I still don't see your point.

    Alice's signal, to any observer that lacks the proper OTP, looks like white noise. It is still a signal because Bob, having the proper OTP, can decode it into useful information.

    You are mixing up two concepts: "true" white noise on the one hand, and something that cannot be proven NOT to be white noise, on the other hand. Algorithms A and A' are irrelevant -- they can be simple XOR for argument's sake.

    Alice's algorithm does NOT result in a pure white noise -- it just LOOKS like pure white noise and it is impossible to prove otherwise.

    Kaa
  • by Kaa ( 21510 ) on Tuesday May 08, 2001 @08:38AM (#237670) Homepage
    It is mathematically impossible to hide information in another medium that cannot be figured out

    Bullshit. Take some data, encrypt it with OTP, and combine the result, using some non-utterly-trivial mix strategy, with white noise. If you want you can match the statistical characteristics of white noise to the ones of your OTP stream.

    That, of course, does not answer the question why would anybody send white noise to another person, but it is hiding information in another medium. What's mathematically impossible about it?

    Kaa
  • Anyone who thinks steganography is a useful tool for secure communication over the long haul really needs to get past the "gee whiz" stage (read: get his head out of his ass) and read the relevant material in Bruce Schneier's Applied Cryptography or some other reputable source.

    To be fair, a Jon Katz type would do better to read Schneier's Secrets and Lies, which approaches network / computer security issues at a higher level, and (if I recall correctly) even includes the giraffe picture trading example you use.
  • Yeah right! Bin Laden and other terrorists have been using it in a very clever way to make it extremely powerful. It is reported that Bin Laden and his gang encode a set of orders to his followers in a picture, and post it on a porn trading board. Now, they've just masked a message (that can be encrypted or not) inside the noise of a picture, which is hidden in the noise of these porn-trading websites. The follower just checks the board for some kind of keyword that lets him know it's one of these stegoed pictures (liek "blonde bombshell") downloads and decodes the message in the picture. Simple, and very effective.
  • Steganography is by no means "foolproof", "new", or "relatively unknown".
    And, AFAIK steganography has a problem with being easily detected. Besides the size increase of the steg'd images filesize, it is possible to scan a suspected image to see if it's been steg'd without discovering the info inside the image, or being stopped by password protecting the file inside the image.

  • Hadn't looked at OutGuess yet, I'll have to head over there.
    My statements were made based on an article I read a while back about Steg encapsulation. Don't remember who had wrote it, but I think it was on wired somewhere.
    Haven't looked at your images yet. What type of data did you steg into them? Standard text, or some other type of data. I'd be interested to see how well OutGuess shrinks say a .c, .o, or .exe file.
  • K, here's [wired.com]
    the article I was referencing in my above post (GASP! Fact checking on /.!!!).
    Towards the bottom of the first page it talks about "Gary Gordon, vice president of cyber-forensics technology at WetStone Technologies, based in Freeville, New York, said that his firm has made progress in creating a tool to detect steganography." and how they've run this on a web spider pulling random images from the 'net and found steg'd images.
    Pretty good read, perhaps I should send this onto Mr. Katz as well??

  • The only thing we can be sure of, is that no matter how good [secret_message]RIAA, come and get your reeking DeCSS, call me at home 782-224-9824[/secret_message] our technics for data hiding become, the powers that be will find a way to deal with them.

    They're just that good!
  • Anybody who was programming in assembly language on DOS based 80x86 systems will probably remember (either fondly or with hatred, it tended to draw extreme views) a fairly powerful if non-standard shareware macro assembler that could do some _very_ spiffy stuff.
    You were not allowed to distribute for money any software assembled with a86 unless you registered the program. To keep track of this, the author used some fairly clever information hiding in the machine language output to tag the files fairly unmistakably.
    I remember hearing that he actually won a lawsuit against a company on account of the tags, but i'm not sure of any details so take it with a large grain of salt.
  • Watermark a PGP encoded MP3 file with the key. Then use a Watermark detector to get the key. Use a watermark remover on the file. PGP decode using the key.

    BTW since windows decided to become more restrictive on the media it plays, people will be pissed that they can't play their music and finally make the switch to Linux. (stage three and counting)

  • when he can pull his Luddite head out of his ass and find the 1/! key.

    -jhp

  • Stenography is just another form of encryption, and a weak one at that.

    Actually, no. Certainly, steganography can additionally use encryption (of any kind, BTW, including the cipher of your choice), but it is not "just another kind of encryption".

    The primary reason is simple - it is security through obscurity.

    Not really. That's a bit like saying cryptography is security by obscurity, since you must'nt make public the password. True, there are stronger and weaker forms of steganography (just as with cryptogtaphy in general), and some are easier to detect than others.

    It is mathematically impossible to hide information in another medium that cannot be figured out.

    I'm afraid I'll have to ask you to prove that. The well-respected german computer magazine c't [heise.de] reviewed a few of the more popular steganography applications in their last-but-one issue. It is true that in many cases they were able to detect hidden information. (Which is enough to "break" it, since steganography is to designed to hide the mere fact that information has been exchanged).

    The signal carrying the second data stream will always be recongnizable.

    That's simply not true. You must not, of course, always overwrite the least significant bit or things like that, since this is relatively easy to figure out with statistical analysis.
  • Further, you'd better have a good stash of source materials, rather than just some ol' picture you got off the net - otherwise, it would be easy to use an image search tool to find the original source image, diff the two, and get out the "secret" bits.

    After the point you made about pictures of giraffes being pretty conspicuous, it's pretty amazing that you'd fall prey to this error. Much of the power of steganography lies in the idea that an eavesdropper doesn't even know where to look (or might not even know there's anything to look at) and can't afford to look everywhere. There's actually an obvious equivalence between stego and crypto, which is that you could consider the "where to look" information to be a sort of key. This might not please mathematicians who have staked their reputations on application of a particular kind of analysis, but both stego and crypto are ultimately about creating too many possibilities for an analyst to explore. Working through N zillion possible locations or arrangements of data and working through N zillion possible keys aren't that different.

  • Stenography is just another form of encryption, and a weak one at that. The primary reason is simple - it is security through obscurity.

    The two are very closely related, as I pointed out in another post. One way in which they are related is that both - along with every other non-physical form of concealment - are at some level "security through obscurity". To recover the message you need to know a secret, whether that's a cryptographic key or a steganographic pattern or a location or an algorithm. They're all equivalent.

    Don't believe me? The SDMI "challenge", such as it was, was cracked almost immediately by a simple signal analysis.

    The existence of weak stego says nothing about stego in general, just as the existence of weak crypto says nothing about crypto in general.

  • Here's me talking out of my ass:

    Demos I've seen of watermarking on photography have the effect of subtlely altering the balance and contrast of bits of the image in a way that doesn't really "hurt" the image if you're just looking at the watermarked version. If you put the two side-by-side, however, you can see some differences.

    I imagine that audio watermarking technology would be based on similar relative changes to the audio, like slowing down this section or that section barely enough that a computer could detect the change by comparison to the master. Since the effects of any conversion like D/A are likely to be mathematically consistent throughout the stream, they can be easily disregarded when looking for the watermark.

    Audiophiles wouldn't like it, but average consumers wouldn't notice. It'd be like buying a print of a painting, then comparing it to the original and complaining because the color balance in one spot is ever-so-slightly off.

  • Jack Valenti used steganography to hide the code to CSS_Descramble in his deposition in the Universal v. Corley trial. There's probably some other stuff, like the 7-line perl version and maybe Macbeth.

    Hear for yourself. [underwhelm.org]

  • As long as I don't want their music, pictures, software, etc. What they do to control that content means nothing to me. (And if I do want it, I should either pay the price they are asking. If I think it is overpriced, I should produce something just as good on my own.)

    I'm not opposed to their protection mechanisms because they prevent piracy (which they won't). I'm opposed to them because they prevent me from using the content in completely legal ways that they happen to not approve of. See DeCSS.


  • In this paper we address the invertibility of invisible watermarking schemes for resolving rightful ownerships, and present attacks which can cause confusion to rightful claims. We shall show that non-invertibility is a necessary but not sufficient condition in resolving ownership disputes. We then define quasi-invertible watermarking schemes, and, present analysis that links invertibility and quasi-invertibility to some classes of watermarking techniqueswith different properties (which may or may not require original versions in watermark decoding), as well as to the different classes of attacks we have developed.

    full document [nec.com]

    listens to Shake That Ass -- Mystikal


  • Advertisers use subliminal messages [ksu.edu] in commercials... ;)

    Venona [antioffline.com]


  • steganography has a problem with being easily detected

    OutGuess 0.2 can not be detected by any test available. At least not the ones available to the guys at Univ of Michigan for one. Secondly even if you detect it, you still have to go about retrieving data.

    Your also wrong on the filesizes as Outguess shrinks the filesize. You can verify this by looking at the pictures in my Ghost in the Shell [antioffline.com] where filesizes sometimes are decreased from 80k to about 16k.


  • by joq ( 63625 ) on Tuesday May 08, 2001 @07:07AM (#237697) Homepage Journal
    The Germans didn't leak out anything their info was encrypted and cracked by the "Dayton Codebreakers" some employees of National Cash Register, [ncr.com] and other in the NSA, and Navy:

    And as part of the Manhattan Project, he was designing a high-speed electronic counter needed for developing the atom bomb. But all that work would be swept aside for the Navy's highest priority - breaking the Enigma Code.

    In a tersely stated letter to the National Defense Research Committee on Aug. 17, 1942, Desch wrote: "We have other work of higher priority rating on which we can usefully place our engineers, but once they are started on such other work, they cannot be withdrawn . . . for some time to come." By mid-summer, two of the Navy's bright young theoreticians were in England learning all about the British bombe and sending reports back to the States. Desch received at least some of that information, enough to persuade him that he needed to take a direction different from both the British and the U.S. Navy if he were to turn out a machine in time. After weeks of agonizing, Desch decided on a major technological leap - backwards. H proposed an electromechanical device that wouldn't be pretty, wouldn't be elegant, but would accomplish the job through sheer brute force. "We never had any doubt about it. We knew what (the machine) had to do," Mumma said. "It was just matter of time, but time was of the essence."

    Full doc [antioffline.com]
  • by joq ( 63625 ) on Tuesday May 08, 2001 @06:44AM (#237698) Homepage Journal

    For those wanting more information on stego check out the following link which I found to be one of the most informative. [jjtc.com] Outguess [outguess.org] is probably the top of the line Nix stego program I've found (FYI) and you could see its output here [antioffline.com] (Statue of Liberty pics)

    Personally I think this will piss off Big Brother more than it would Corporations, since it'd be extremely hard on a system to encipher a 700mb video clip into a picture so the stego comment seems off the mark to me where Napster or SDMI is concerned Watermarking yes stego a music file... Sure and $AUTHORITY_FIGURES will believe that pr0n picture is supposed to be 500mb in file size.

    As for digital watermarking... Please see this prior post [slashdot.org] on this subject.


  • by jacobm ( 68967 ) on Tuesday May 08, 2001 @05:26PM (#237700) Homepage
    You can also get rid of the watermark by flipping all the zero's to one's, so looks like watermarking isn't a problem after all!

    Seriously, real watermarks are designed to be tough to destroy without degrading the audio substantially -- for example, I believe all of the "SDMI challenge" watermark schemes could survive being played over speakers and re-recorded by a microphone. So sure, you can apply your own watermark to the file, but that's not likely to "step on" the other watermark unless yours is so lossy that it destroys the original signal.

    On the other hand, many people (including myself and additionally some people who actually know what they're talking about) believe that it just isn't possible to create a watermark that CD players, Windows, etc can detect but that can't be removed by anyone who can arbitrarily permute the file. Furthermore, it ought to always be possible to remove the watermark and not degrade the original data any more than the original watermarking process did.
    --
    -jacob
  • I think you may be mis-reading the intent of the persons you reference (persons of reason, please accept my apology for foolishly attempting to explain these things to those with obviously closed minds!):

    I really find that one-ups-manship quality to be a very unattractive one.

    I doubt Storyman and others have any interest in one-ups-manship (sic). In fact, it is somewhat amusing that those who oppose the views of any poster are immediately criticised and condemned by posts like this one.

    What is it about dialog, inspection, discussion and "the grappling of truth and falsehood" that is arrogant?

    Usually, when you evaluate the motivations of those who describe these actions as arrogant, the arrogance is secretly implied, due to a bias that prevents them from evaluating a dialog from an objective, critical perspective.

    What these folks are unaware of is that those posting their differing views have probably already 'compiled' the views they differ with in their heads to evaluate it objectively. Unlike their critics, there is no inherent bias.

    Subsequently, the charges of one-ups-manship and arrogance are amusingly only accurate when applied to their critics.

    but I believe this audience is a little too quick to chop him down with their "intellectual superiority" routine.

    A 'common man' ploy, or just an inferiority complex? Slashdot posters are already in the global top 2%, so comments like this are far from entertaining.

    Per motivations, I'll supply mine:

    I abhor the absence of reason.

    Tolerating and leaving unopposed the incorrect and dangerous views of word terrorists like JonKatz would make me as guilty as Katz for the outcome.

    So if you are a friend of reason, support dialog, argumentation and the discovery of truth through the many perspectives of fellow slashdotters. If not, continue attacking or sheepishly cowering in the shadows of Katz and his fellows.

    Regardless of your choice, your decision has its consequence.

    *scoove*
  • Nice rebuttal & a decent defense of JonKatz.

    A couple of comments:

    - "Monk" Toohey was intentional. Reread (or don't and take my word for it) Fountainhead and you'll see the reference as the somewhat less proper nickname for Toohey. Or stick with the cliffnotes version which probably doesn't go that deep (appropriate cliffnotes trivia reference, since its founder, a native of Lincoln Nebraska, passed away this week). I'd suggest you dig a little deeper; you'll appreciate the humor in your remarks (along the foot-in-mouth lines - hey, we all do it at times).

    - Collectivist tirades: I can see why you backed off the defense here a bit. Katz hides it well, but once you've dealt with a few of these parasites, they're annoyingly similar in style. Perhaps Katz just embraces the style and language, but what other ethic system would he embrace?

    - Spokesman role: Why else lecture for page after page, only to cower from the dialog? Some have suggested Katz's "importance" (defined by what? title? income? education? peer recognition? I'm certain more than a few slashdotters have him beat) as the reason for this. Considering what responsibilities I and a few other slashdotters I'm aware of shirk to foolishly spend time posting here, I doubt Katz's claims are any greater.

    Others have suggested he is more of a conversationalist anarchist or terrorist - lobbing grenades only to run away and admire his destruction. I doubt the former and hope to doubt the latter, and can only assume self-defined spokesmanship, Kaczynski-style, is the cause. Or perhaps I've seriously misjudged his sincerity and he's just a underpaid hack throwing drivel up on slashdot to solicit responses like these:-)

    - innovations of academics: They have their place, just as Hollywood actors have theirs. And there are places they don't belong (like any actor in a political dialog). You reference Tim Berners-Lee - but fail to reference numerous others responsible for bringing his (and others) ideas to the masses. I'm always puzzled with this view. Per Katz, you're probably right that it was an incorrect characterization. He actually strikes me as a less-than-successful attorney with lots of free time and an axe to grind (I officed next to one of these for a year and a half - talk about a treat!). I'd be amused to learn what Katz really does.

    - non-academics & innovation/credit: Why is it that some value the invention of concept so greatly, while relegating the invention of scale, process and distribution as the world of "useless PHBs."

    It seems to be a descendent of worthless hero worship - building Linus shrines while forgetting the countless thousands who made the idea a reality. As any VC will tell you, ideas are neat but cheap. Execution is everything. (Yea, it sounds PHB, I know. But how many more great idea no execution dot-com plane wreaks do we need to see?)

    - Areopagetic: Sorry - John Milton essay that essentially says you need to let truth and falsehood grapple before you can truly know what truth is. It's probably online somewhere.

    Time for bed... even Rand fans have to sleep sometime.

    *scoove*
  • You see that a bit in the scientific community when one chooses not to go the peer review route, but rather announce his/her results unilaterally as a statement of fact and then hide from any objective review.

    That'd be a good definition of egotism.
  • "The Germans didn't leak out anything"

    The Germans didn't leak out any design information about there cryptography, we can thank the Poles, and later the French and English for that. What I was referring to was the fact that they used redundancy in the information they encrypted, for example there was a post that almost every day reporting "Post xxx, nothing to report"... which made it easier by orders of magnatude to do an automated scan for the right keys to the data for that day.

    The amount of intellect thrown at this and the other technical problems of the war still astounds me, both sides had some VERY clever people working on it.

    --Mike--

  • The last World War was won because of many factors, one that figured very heavily was encryption and secrecy. The fact that the Germans leaked a bit of information through Enigma (always starting with the same introduction to a message, for example) enabled the Allies to have a large strategic advantage which they used fairly effectively throughout the war.

    We need to use this to OUR advantage to make sure that we, the citizens of the world, keep control instead of the Corporations and Governments.

    --Mike--

  • Actually, decrypt the article, and you get the secret message of "All your base are belong to Katz!"

    :-)
  • Yes, it is noteworthy that steganographic techniques are clearly going to be important to both sides of the "information wants to be free" vs. "access to information must be restricted" struggle.

    I'm using the first phrase to encompass people whose communications could comprise everything from music/software/books/movies, through the traditional bugbears like child porn, bomb plans, drug deals, terrorist schemes, etc., up to and including subversion of the prevailing societal order (ours or your pick of oppressive foreign ones). Similarly, I use the second phrase as shorthand for the people, agencies, etc. that are out to intercept, interdict, or punish any or all of these. Note that different people will necessarily have different attitudes towards different subsets of these kinds of communication, in different contexts. Doesn't matter. They're all digital data and when you remove the entropy by compressing and encrypting, you can't tell one from the other.

    Of course, given this indistinguishability, the fact that one is openly communicating encrypted information is likely to tend, quite unfairly, towards being inherently incriminating in any but the most enlightened, free society. And that will be the main value of steganography to the "information wants to be free" contingent. Because as long as we are permitted to own programmable computers and communicate at least some type of unencrypted, information-theoretically redundant, innocuous-seeming digital information -- be it music, voice, pictures, even text -- it will be possible to pass along encrypted data while utterly hiding the fact that you are using encryption.

    Think about this for a second, because it is this combination of encryption and steganography, I think, that offers the real open road, the assurance that -- short of resorting to utter fascism or reverting to pre-Information Age conditions -- the "information wants to be free" side is going to win in the end, for good or for bad. (I tend to think, or at least hope fervently, that it is for good.)

    It is true that the same technology is going to enable content providers to use watermarking and the like, but I think that this "double-edged sword" really has one sharp edge and one blunt one. The IWTBF side has control of the sharp edge (encryption combined with the ability to hide your use of encryption) whereas the ATIMBR side must make do with the blunt edge of watermarking and the like, which are never going to do much to hinder the copying and trading of digital information.

    After all, if it can be viewed/read/listened to, then it *can* be copied. Any watermark will almost certainly turn out to be removable ultimately. The same is true of steganographically hidden encrypted information, of course, but note that the ability to destroy hidden information in an intercepted file (e.g. scramble a bunch of bits) doesn't imply that the intercepting authority can a) prove that there was hidden information in the first place, let alone b) discover it. On the other hand, a defeated watermark means a file that is no longer traceable in any way, one which can freely be passed on (with steganographically hidden encryption, if necessary) from that point on.

    So ultimately, I think the battle stands more or less won, before it has really even gotten underway (after all most ostensibly illegal communication nowadays -- think MP3 trading -- isn't even being encrypted yet, let alone hidden). Short of forcibly prohibiting computer ownership and cleartext digital communication, there really is no way to evade the sharp edge of the steganographic-cryptographic sword.


  • Also, is there such a thing as "the Corporate Republic"? When you use loaded expressions like that, you sound just as paranoid as Oliver Stone, ranting away about "the Military-Industrual Complex" which he blames for all his little conspiracy theories.


    Actually, the term "Military Industrial Complex" was not the invention of Oliver Stone, whose loose theories are well-known and generally regarded in accordance to how well substantiated they are.

    Rather, it was a Republican icon from the 1950s, President Dwight Eisenhower, that warned of the "Military Industrial Complex" in his farewell address to the nation [msu.edu]. Because his position permitted him a great deal more familiarity with such matters, I attribute greater credence to Ike's warning than, say, Katz on the Corporate Republic.

    That's not to say that Corporate Republic is a total distortion of the facts, but only that a spokesperson, from a position of authority, knowledge and either recognized neutrality or, better, former advocacy, has yet to utter this expression.

    The term coporate republic gained some currency with James K Galbraith in this article, [commondreams.org] so it gets more credence and respectability than if Katz coined the term.

    Nonetheless, its usage is primarily confined to advocates pushing a particular view or position, much like the self-serving code words employed by the government of the PRC (eg, imperialists == America, hegemonists == Russia), or the many colorful appellations that Rush Limbaugh uses to ridicule opponents of his views.

  • I don't see how steganography will help file sharing. Look at it this way: Alice wants to publish a file F such that random strangers Bob, Carol and Dave can access it.
    However if Mallet finds F, he will force Alice to remove it. So Alice publishes the file in a steganographic format X(F). Hooray, she's safe from Mallet.
    Unfortunately, Bob, Carol and Dave don't have the key to convert the published file X(F) back to X. So Alice must also publish the key somehow. How will Alice publish the key so that Mallet can't get it?
    The fundamental problem is that there's no way to publish information to strangers such that only 'good guys' can read it.
  • Easy, Bob Carol and Dave publish their public keys.
    OK, so Mallet also publishes his public key. Alice encrypts the file and sends it to him. Or can you think of some way she will differentiate Mallet from any other random stranger?
  • The Germans didn't leak out anything

    There are ALWAYS entropic leaks in any symmetric encryption system.

    The frequencies used, the morse operators signature, the location a message was sent from is all information leaked!

    In the Engima case, German Radio operators, historically trained as Morse Operators would double key 'P' or 'Q' at the start of a plain-text entered in to the enigma machine. To a Morse Operator this acts like start bit[s], and broadly means attention!). Indeed the Operators would often helpfully re-key these after encoding, when sending the Cipher text. Apparently many Sig-Int Radio Operators initially skipped recording these when the Cipher text was captured from the air waves, and when this discovery had to be specifically ordered to record what they though was useless 'junk data'.

    Since the cipher text was produced from a known part of the plain-text, this could be used to help determine the rotors used.

    Since the Destination and Sender of each message could normally be determined with a good degree of certainty, by other

    It was also normal for German officers, largely because of their aristocratic backgrounds to start messages with long winded pleasantries, and use very formal naming and signatures, again more leaked information, in the form of known plain-text.

    Pernutamtly it was not the USA who cracked Enigma, it was Code Breakers of Bletchly park, headed up by perhaps the founding father of the programmable digital computer, Alan Turing who cracked Enigma [with considerable ground work done by the Polish before the War].

    Finally NCR is a Japanese company so what would they be doing cracking Enigma for the Allies ?

  • I see putting a watermark in software as the same thing as an artist signing his name to a painting, or an author signing a book. If code is free speach then a company can "say" anyhting they want in it, can't they?
    =\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\= \=\=\=\
  • I hope that question is answered soon. The trouble is that if DeCSS, and source code is considered free speech then so must ANYTHING placed in code. After all, every program is created from source code (unless it's ASM, but even then to a lesser extent), so everything ever placed into any program could be considered free speech.
    =\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\= \=\=\=\=\
  • I think Katz has overstated the ability for steno to keep communications secret. In contrast to what he said, it doesn't hide the act of communications. It hides data within the communications

    If two terrorist groups are sending emails to each other then they are communicating. The fact that there is some extra data hidden in a JPG doesn't eliminate the fact that they are communicating. If their network has been tapped, whoever is monitoring the situation knows of their communications.

    The question is does the listener (1) know that there is communications hidden in the JPG and (2) do they know how to crack it? It is basically a digital version of using disappearing ink to write a second message on a letter.

  • The key is to track the receipient of the information, not the sender. If I know that Bob is a terrorist, I will monitor all communication that Bob receives. It's not that difficult to track all the email he sees and web sites he visits.

    The harder part is sorting through it to find the stuff that is interesting. This is where steganography comes in. Bob is trying to get me to ignore a piece of data (like a banner ad) that has a hidden message.

    I don't know much about stego, but if Bob can decrypt the message, the algorithms must exist. This is where the listener would need supercomputers to crunch through all of Bob's incoming data to look for hidden information.

    You are correct that some messages (like the timing of a ping) could be nearly impossible to decrypt on its own. The other side of the coin is that such messages transmit very little information. Its meaning had to be pre-arranged, and that is the listener's opportunity.

  • From a mathematical perspective, white noise is not information. Steganography - hope I spelled it right this time - is the attempt to hide a signal. All your counter-example does is increase the noise floor.

  • The "signal" in this case comes from the one time agreement between Alice and Bob over a single data set. However this is not a generalized algorithm for hiding information in an arbitrarily large number of examples - which is what I was talking about. Maybe I should have made that clearer.

    I don't have time (or perhaps the ability) to deliver you a formal proof, but the outline of it would be something like this: Assuming an undetectable algorithm did exist, Alice would have an Algorithm A that placed a signal in white noise that resulted in pure white noise (possible) and Bob would have an Algorithm A' that took the white noise and extracted the original signal from it (impossible - white noise contains no information).

    Q.E.D.

    Now of course things get immeasurably more complex when we add the factors of hiding signal in signal, rubustness in compression, and the P/NP completeness of the problem of trying to locate the hidden signal. But based on my conserable experience in CODECs, I can tell you there are precious few ways to hide watermarks that will survive a DCT, and they're all pretty obvious.

  • Stenography is just another form of encryption, and a weak one at that. The primary reason is simple - it is security through obscurity.

    It is mathematically impossible to hide information in another medium that cannot be figured out. The signal carrying the second data stream will always be recongnizable. Figuring out algorithms robust enough to survive Lossy compression is - to an applied mathemitician - nearly trivial.

    Don't believe me? The SDMI "challenge", such as it was, was cracked almost immediately by a simple signal analysis [theregister.co.uk].

  • Following a few links from the "prototype" story leads to this Wired Article:

    http://www.wired.com/news/digiwood/0,1412,43389,00 .html [wired.com]

    As the article states, in order to use this technology, you will have to have the correct version of Windows media player installed. If WMP decides that it doesn't want to play your MP3 because the watermark tells it that it doesn't have permission, then just play the MP3 in Winamp (or some other media player that ignores watermarks). Assuming that the DMCA doesn't make those kind of players illegal, we have nothing to worry about. The information that we want, the song, is not encrypted.
  • by StoryMan ( 130421 ) on Tuesday May 08, 2001 @08:18AM (#237728)
    The problem with this and many of Katz's other editorials is that while they profess "insight" they usually offer nothing more than spun spin that lacks depth and insight.

    This is a perfect example. The *rise* of steganography?

    Come on. Just because it's new to Katz doesn't mean that it's *new*.

    Steganography is a fundamental part of encryption. There's neither nothing "new" about it nor anything that indicates -- BANG! out of nowhere! -- that it's on the "rise."

    SDMI watermarking in particular may be new but the general concept is not.

    Moreover, most of Katz's essays feel like they're the result of getting a "review copy" in the mail. Katz gets a free book -- maybe reads the whole thing, skims it, or just reads the last few chapters -- and then writes an essay.

    For Katz, everything is new, earth-shattering, revolutionary, and dangerous. We're always all living at the beginning of a revolution.

    The web revolution.

    The computer revolution.

    The napster revolution.

    The corporate revolution.

    The democratic revolution.

    I could go on, but you get the point. Katz's vision often lacks coherence from one essay to another. In essay #1 the web is revolutionary. In essay #2 napster is revolutionary.

    Well, which is it? I mean, is every new piece of software revolutionary? Is every new technological advancement revolutionary? (And who's to say what qualifies as an "advancement?") And if *everything* is revolutionary then doesn't that mean that nothing, really, is revolutionary?

    The final point is Katz's arrogance. He will not respond to posts. Period. Katz's uses Slashdot as a mouthpiece but doesn't join in the chorus of voices. It's an arrogance that I find quite stunning -- and something that I'm surprised more people don't find offensive.

    Maybe this is flame-bait. I don't know. Moderate me down. Go ahead. It's a troll. It's a flame. It's just, er, not nice. The idea of arrogance, yes, borders on an ad hominem attack and is probably not in the spirit of Slashdot.

    But I can't close my eyes to the irony. Katz sees himself as a critic -- spokesperson, perhaps -- of the revolution. Of all the revolutions, you name it.

    But in essence -- and I think this is a fair assessment -- he's a un-revolutionary as they come. His editorial distance is as distant as stand-offish as anyone in the mainstream press. He won't participate in the Slashdot community except to offer his "critiques" ex cathedra.

    And then what? They waft off into the ether. He sees his mission as an instigator. I'm sure he prides himself on his ability to get his Slashdot audience to "talk." For this he is paid and patted on the back.

    But if he wants to be a revolutionary -- if he wants to join in a real revolution -- then he should communicate with his readers. Be the author who responds. Not the traditional author divorced from his/her "voice".

    This is the revolution, Katz -- the ability to utilize technology to subvert the cultural hegemonies of traditional authorship.

  • Obviously how about jokes?

    I wonder how much internet bandwidth is chewed up with joke forwards. The only saving grace is that jokes are usually passed around in text format. Even at that, they're usually 1/3 headers, 1/3 repetitive '>' quotations, and maybe 1/3 joke content.

    At this, the average joke couldn't send around many bits of information. But make it like tcp/ip, and distribute your content into several packets, otherwise known as jokes. Fun thing is, you don't even have to send directly to the recipient, as long as you know he/she is reliably in the redistribution path.

    Now we have the greatest reason for moving from clear text to html for email and news. It puts more chaff and volume into what were once very compact communications. All that chaff means more opportunity for steganographic bits. Consider the variety in valid html.

    But then what happens when you attempt to read a new joke distributed as html from a new Microsoft product? What if there was no hidden message, but it ends up looking like one out of chance and MS-ness. No doubt it would say, "Paul is dead."

    The mind boggles.

    Problem is, I don't know if I'm being serious, or attempting humor.
  • I would think more in terms of changing line lenght and white space. The problem with that is that you just can't send many bits in a typical joke. That's why I suggest html. Once you're there, there are all sorts of opportunities to make gassy html, and more opportunity to hide more bits in the gas.
  • by ekrout ( 139379 ) on Tuesday May 08, 2001 @07:17AM (#237739) Journal
    It's hard for me, personally, to write a short paragraph commenting on a Slashdot story without getting criticized about something silly in a random moron's reply to my thoughts. Therefore, you can imagine multiplying that paragraph by a factor of twenty or so until it's similar in size to a Katz-length article (comment, really) and counting the number of trolls and flamebaits that go along with it.

    I wish people would stop spending their time on Slashdot trying to prove others wrong, and instead perhaps try and give their own insight about a certain topic. It would definitely make for a much better experience.

    I think it's great that Jon Katz organizes his thoughts and the facts on various topics that are extremely relevant and interesting, and then publishes them for us to read and think about. Unfortunately, too many readers of Slashdot have such low self-esteem that they feel it's necessary to put others down out of sheer envy of their intelligence, knowledge, or wit.

    Well, that's the end of my thought. Here ya go trolls and flamers, have fun replying to this one.

    : - (

  • By hiding data in noise, you can use this to track the source of a copy.

    You have an image; you hide a signature in the image; you find a copy; BANG! Proof of a copy and proof of the source.

    Almost like people with a domain that a different email address on each list to track SPAM. It might be able to be done free with an image editor. Of course, if the image is scaled or coverted to another format, it may be lost.

  • Of course, US citizens enjoy more economic freedom. What about social freedom then?

    Lets concentrate on one country mentioned in the article, the Netherlands:

    - Several drugs are legal, others tolerated.

    - Adults are treated as adults, no "21-year and above" exceptions.

    - Prostitution is legal.

    - No software patents. DeCSS legal.

    - Assisted suicide legal

    - 100% gay rights, including marrige and adoption.

    - "Asset forfeiture" virtually unknown.

    I would also like to comment on some blatant errors:

    - The Netherlands has softer copyright laws than the US.

    - No mandatory taxes for religion in many European countries, including Holland.

    - No jail sentances for nazi-auctions in Holland.

    - No waiting in line for surgery *if* you have a privately funded health insurance. Minium standard of health care higher in Holland than US according to the latest OECD report.

    I will conclude this comment the same way I opened it: People have more economic freedom in the US than in the Netherlands, but the opposite is true for social freedoms. Feel free to give examples if you feel this isn't true.
  • the exercise more control over their people than the US government, but its easy to forget that eh?

    As if that is some kind of a catch-all for happy society. The less control a government exerts on the people, the better society you get? You mention China as an example of a controlling state and then use it as an example how the European states who control (as you claim without proof) their citizens more must also be worse off. What about a country like Ivory Coast where there is no government at all. The people are completely free - or are they?

    That's too one dimensional, black and white thinking: us vs. them, capitalism vs. communism, good vs. evil and so on. The world is full of shades of gray and so are the benefits and disadvantages of government control (or the lack of it).

    Yeah, perhaps the corporations in European countries are more controlled and people pay more income tax than in the US, but is that so bad for Joe Sixpack. And then again in most European countries they still have living standards that are more than comparable to that in the U.S.A. They have excellent, government subsidized health care and public transportation. You probably know the list.

  • by patrixmyth ( 167599 ) on Tuesday May 08, 2001 @10:19AM (#237753)
    "During a security panel, reported McCullagh, a Microsoft research scientist demonstrated how the hidden copyright infringement fingerprint is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded."

    What an insidious concept. This is a direct attack on fair use. If this were implemented, all I would have to do to stop free speech would be to play a bit of Metallica in the background at events I disagreed with, so the "free" media player would refuse to play the speech.

    It's time to stop asking what we can do, however, and actually start doing something. A check to the EFF is a start, but what would be better is actual involvement in the system. We talk about politics like it's somebody else's problem. We need more people in power that understand these issues. The DMCA isn't the last repressive legislation that's going to be suggested, but it could be the last one passed, if a few of us come out from behind our keyboards and actually run for office and lead the debates at their source.

  • Napster will start filtering any song that *doesn't* have a valid watermark. Want to put your band's song on Napster, you have to send someone an MP3 and they "sign" it with the watermark and return it to you. Meanwhile Sting and Michael Jackson get their money for "Every Breath You Take" and "Thriller" because the servers now know who has those songs.

    Record companies are not the problem. The problem are idiotic people who don't know anything about what is good music and what is crap, so they continue to consume the non-musical crap that the record companies feed them. I think I remember reading somewhere that in the 18th century, almost every family had at least one person in it that could play a musical instrument (i.e. read sheet music) -- because the only way to listen to music was if somebody played it for you!

    If it wasn't for this, we'd feel a lot more guilt downloading songs for free and not paying anyone for them -- because we'd have respect for the makers and distributors of the music. You wouldn't be reading stuff about a "revolution in free information".

    In general I don't believe in this "revolution of free information". Don't kid yourself. You can have bad quality information or good quality information. The better the quality, the higher price you pay. TANSTAAFL.
    ---
  • I completely agree. If I pay for something, I expect to be able to use it in any legal way that I see fit.

    If a company prevents me from doing so with the content they are selling, the solution is to choose not to buy the content.

    I'm not saying boycott them in the hope of changing their actions. I am saying do without the content that they are selling. It's not important. You can live without Metallica and have a rich, full life.

  • by Golias ( 176380 ) on Tuesday May 08, 2001 @06:48AM (#237761)
    The next major battle between hackers and the Corporate Republic will almost surely involve the relatively unknown fields of steganography and digital watermarking, otherwise known as Information Hiding, a scientific discipline to take very seriously.

    Was there a previous "major battle" between hackers and the Corporate Republic? I thought most hackers made their livings working for corporations.

    Also, is there such a thing as "the Corporate Republic"? When you use loaded expressions like that, you sound just as paranoid as Oliver Stone, ranting away about "the Military-Industrual Complex" which he blames for all his little conspiracy theories.

    [skimming, skimming, skimming] It's not a huge stretch to say that steganographers may determine whether the Net -- and much of the data that moves through it -- stays free or not.

    Yes it is. Not only is it a huge stretch, it is utter hysteria. Seek counciling.

  • by Golias ( 176380 ) on Tuesday May 08, 2001 @07:11AM (#237762)
    I think that most of the hysteria comes from a fundamental misunderstanding about the kind of freedom the Internet enables.

    "Back in the day," there really wasn't much in the way of corporate participation on the net. The Internet (and later, the web), made it possible for me to freely distribute information. It also made it possible to consume information that other people were producing and freely distributing. Even operating systems can be passed around. Hooray!

    Okay, now there is a large commercial presence on the web, and these people don't really want to distribute things for free. They want to maintain control over the content that they spent ass-loads of money creating and promoting. So they use things like watermarking and encription. Boo!

    Now, how much does the presense of these companies ruin my ability to use the web the way I always did before they arrived? Zero.

    Sure, I can't steal their content from their distribution systems... but I couldn't do that before their distribution systems arrived on the net, either.

    As long as I don't want their music, pictures, software, etc. What they do to control that content means nothing to me. (And if I do want it, I should either pay the price they are asking. If I think it is overpriced, I should produce something just as good on my own.)

    All those academic and philanthropic sites that we remember from the "good ol days" of the web are still there, still free, and still useful. The addition of less-free sites does not make us less free.

  • Sorry Jon, the US is a sane country, China isn't.

    I have to use an analogy That I heard in a different context, that makes sense here.

    If you have a democratically run (by the inmates) insane asylum, it would still be crazy. If you had a communistically [is that a word?] run (by the inmates) insane asylum, it would still be crazy.

    In fact, it doesn't matter what form of government or political philosophy you use in an insane asylum run by the inmates, it would still be crazy. Most political philosophies make decent sense if you have bunch decent sane people to make it work, and to nullify the abuses. But when you cannot not tell the difference betewn the nuts and the flakes and the crackpots, and sanity, you have a problem.

    Now you have a situation where you have to cope with the abuses imposed by the wackos so you can live in a decent world.

    It is startling to think that the problems of figuring out who is a wacko (and who is not) and how to deal with them is a possible component of the problems we deal with in many arenas. The politically correct answer is that everyone is crazy, or everyone is sane. neither of which is true, although I wonder about this sometimes

    Obviously commercial interests exist to take advantadge of the situation. There is no commercial profit obviously there in the long run, regardless of the idealism you may have to try to sort it all out. It is not politically correct to pursue this.

    It is this quandry that brings us to trying to hide stuff

    Check out the Vinny the Vampire [eplugz.com] comic strip

  • those who don't want to read it.
    Engineers are policy wise.

    Three big points security, privacy and IP. No rational media coverage, not even here.

    Define Steganography
    It could upend conventional wisdom. Governments and businesses make us hide stuff.

    SDMI presentation canceled.

    Microsoft reportedly developed a music control system using watermarks.

    Define watermarks.

    War over control of information online seems to escalate over time.

    History of this war.

    Microsoft campaign to counter the open source movement. This is important to information hiding for some reason.

    Law is coming to the net.

    Quote: Businesses are terrified about the rise in free and shared data.

    Quote: Corporate lobbyists have successfully advanced the idea that laws and initiatives are necessary to protect IP from pirates online.

    I disagree. Some laws are bad.

    Hiding informating...DeCSS

    Too cheap to buy a book. Hackers should buy them though.

    Cryptography has been important, but maybe not stenography.

    Review of book.

    Fingerprinting can be used to prevent theft and also prevent fair use.

    Right now IP and copyright issues are up in the air. Some people think one thing, some think another.

    So Information Hiding becomes politically important

    MAY EFFECT EVERYONE and EVERYTHING

    Seems to be missing content to me.
  • What world are you living in?

    Most good books that I buy on a technical subject are atleast $20, more likely $40 to $60. If the subject is esoteric, the price is frequently $80 to $150. Price a graduate text book sometime and you will see that most of those are easily above $60.

    The price is not out of line because of some conspiracy. It is merely not a very popular subject. I would bet is has less than 1% of the audience of say a book on HTML. And books on HTML are not exactly read by the general populace as simple as HTML may be and as useful as it may be.
  • by boing boing ( 182014 ) on Tuesday May 08, 2001 @07:00AM (#237770) Journal
    Jon Katz said:

    "There's little published material about steganography, and what has been written costs a fortune. Information Hiding: Techniques for Steganography and Digital Watermarking edited by Stefan Katzenbeisse and Fabien A.P. Petitcolas, published by Artech House, costs nearly $100."

    Translation:

    "There is little published on steganography, and since I have no budget and am to cheap to buy a $100 book, I couldn't even look at one damn book, but here is the title of one!"

    Come on Jon, a $100 is shitted away by most of the people on Slashdot in a week by eating out for lunch, renting movies, buying CDs, buying a new computer game, buying pron, etc. To say that $100 is a lot of money to this crowd is ridiculous.
  • I dunno...

    Isn't conventional cryptography just 'hiding' a message 'inside' a string of random bits?

    Apply the key, and out pops the message?

    Why isn't stenography just the symmetric case, where instead of one random and one non random data stream, you have two non random data streams?

    Geek dating! [bunnyhop.com]
  • Quote:
    http://ban.joh.cam.ac.uk/~adm36/StegFS/ [cam.ac.uk]
    you basically set multiple pwds. each pwd unlocks more directories in the filesystem. essentially allows you to plausably deny the existence of certian files. very cool...

    --
    (Just adding some visibility to this most interesting post. Please mod up the parent.)

  • Use the webcam on your website! Nobody has any reason the check the pictures on a typical vanity webpage. Post some photos on Yahoo or other free vanity site. After you get a reply (at another public website, the picture can be updated (evidence removed). Let the reciepient know the frames at noon for the next 10 minutes needs captured! No casual visitor to the site would be any the wiser.
  • I wish I had mod points to mod that as funny. 127.0.0.1 is even better, take a look. No streaming, just grab and go goodies. Most are not watermarked at all.
  • Well considering that every time hiding information in "subliminal messages" has been scientifically tested it didn't affect anything, what are you concerned about?
  • A couple of years ago, a researcher took an image from a web page, split it into m x n images, then displayed them together. The result? A group of images that looks just like the original image when viewed in a web browser, but that no automated watermark crawler could detect.

    Now if "secure" music is watermarked, then sharers would just have to contribute sections of music short enough that the watermark is not discernible, along with the offset (e.g. a 3 second clip starting at 2:14).

    A network service of some kind, either central or not, could collect these pieces from multiple, different users, convert the audion to PCM, then assemble them into one non-watermarked music file.

    While it would take many such pieces (e.g. if length of clips is 3 seconds, and there is no offset duplication, it would take 100 different users contributing pieces), the result would now be untracable.

    A similar concept could be used in the frequency domain if necessary.

  • Thanks for keeping me honest: I should have attributed the giraffe bit to Schneier. I'm pretty sure he also includes it in AC.

    OK,
    - B
    --

  • by RareHeintz ( 244414 ) on Tuesday May 08, 2001 @07:18AM (#237808) Homepage Journal
    Anyone who thinks steganography is a useful tool for secure communication over the long haul really needs to get past the "gee whiz" stage (read: get his head out of his ass) and read the relevant material in Bruce Schneier's Applied Cryptography or some other reputable source.

    If you're hiding information in a picture of a giraffe that you pass back and forth with your co-conspirator, you'd better have a good reason to be passing pictures of giraffes back and forth or it will be just as conspicuous as if you were sending a random-looking stream of encrypted bits.

    Further, you'd better have a good stash of source materials, rather than just some ol' picture you got off the net - otherwise, it would be easy to use an image search tool to find the original source image, diff the two, and get out the "secret" bits.

    OK,
    - B
    --

  • "During a security panel, reported McCullagh, a Microsoft research scientist demonstrated how the hidden copyright infringement fingerprint is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded. " I've now read this in three or four different places, and I'm sorry, there's a raucous technical problem in there. While this might be feasible as a lab stunt, a watermark that's usuable even after several A/D and D/A conversions cannot help but be apparent to the listener, and if it's that apparent, the content will be rejected by the listener regardless of the technical advantage to the content creator. This isn't a situation like those shareware PrintShop clones that stick their logo in the background to remind the user they're just "evaluating" the content or the tool, they're going to try to embed this in content they expect people to pay for. Think about this, based on your experience with MP3 and Napster. Lemme guess, those of you with dialup connections gravitated toward the 96kbps or 112kbps rips initially because they're small, right? Then you found out that they sounded (mostly) like crap, so you went for the 128s and then the 160s, and if you're hardcore the 192s and 256es. If the listeners can hear ANY artifact in recordings that interferes with listening, they'll reject it eventually. And any watermark obvious enough to survive a trip through speaker cones, air and microphones would have to be obvious enough to be heard by consumers. And of course, if it's THAT obvious, it'll be a cinch to write tools to identify and obliterate it. This is a loser all the way around. Turtle
    ---------------------------------------
  • Watermarking, in the way the RIAA means to use it, will never work. Period. No argument.

    The RIAA means to lock up all music as it is copied onto the PC by placing a watermark as it is encoded; hardware will then detect the watermark and, if it is not registered to that piece of hardware, will refuse to play that music.

    Read My Lips: IF YOU HAVE ACCESS TO THE ORIGINAL MUSIC AND THE WATERMARKED SAMPLES TOGETHER, YOU CAN DETERMINE THE METHODS USED AND AT THE LEAST MASK THE WATERMARK. IF YOU HAVE A PIECE OF HARDWARE AT YOUR DISPOSAL TO TEST WHETHER A WATERMARK IS VISIBLE, YOU WILL EVENTUALLY DISCOVER HOW TO OBSCURE IT.

    The DeCSS challenge, while a good idea, and while it proved the system faulty, was not a good real-life test. To be a valid test of the technology, the RIAA would've had to allow people to submit their own samples for encoding. Given encoding software, or even hardware, one could submit audio of test tones looking for patterns in the encoding.

    I've done a bit of work with Steganography; I've seen one system that would work in tracing the path of music that had been pirated to the person who let it out in the first place, and would survive any attack, where data would be recoverable even if the music were played in analog and redigitized. But these systems depend on having an encoder and analyzer that is not in the hands of the public, even if the basic system is known, and having your MP3 players check for watermarks would be violate that system.
  • Stenography is just another form of encryption, and a weak one at that.

    That's not really what this is about. You can encrypt your message with the strongest cipher in the world, then ship it out across an untrusted network. Unless a significant portion of the data on the network is encrypted, it's relatively easy for someone to single out the encrypted messages, and at least focus additional attention on you.

    If you encrypt the message with a strong cipher, then hide it inside of another type of message, its significantly less likely that someone'll be able to find it (and even if they do, they still have to break your encryption, so it's irrelevant that steganography is 'weak'.) If your approach to hiding the data is significantly tricky, it can take an enormous number of cycles to find the message.

    Figuring out algorithms robust enough to survive Lossy compression is - to an applied mathemitician - nearly trivial.

    Yes, and this is relevant to watermarking, which must be able to survive lossy compression. That's a fairly arbitrary requirement, and is probably not required for most purposes of digital communication.

    The truth is, it probably isn't possible to invent the perfect 'undetectable' steganographic procedure for non-random information (of course there is a major exception if you're using something like a one-time pad.) But nothing is really perfect (public/private key crypto is certainly not perfect in this way). You simply needs to make detection several orders of magnitude more difficult in order to realize a significant benefit.

  • Then again, all they really need to do is hide a few characters, perhaps a few dozen, in a multimegabyte song. You could, for example, delay or advance some notes by an unnoticeable fraction of a second to encode such data when compared to a pristine original.

    Book makers have been using this for ages when doing their own printings of public domain works. They misspell a word here or there deliberately, then when someone copies their copyrighted version, they can prove the copier stole it from them rather than from a true public domain source because the copier has duplicated the deliberate errors.

  • by blair1q ( 305137 ) on Tuesday May 08, 2001 @08:55AM (#237832) Journal
    If you can watermark your data, I can watermark it too, and if my watermark process steps on your watermark process, then you lose your ability to detect your watermark, while mine remains intact.

    --Blair
    "All your IP are belong to us."
  • by blair1q ( 305137 ) on Tuesday May 08, 2001 @01:07PM (#237833) Journal
    And, in the case of the Statue of Liberty pics, if you merely Photoshop it to add a word balloon saying "All your tired, your poor, your huddled masses yearning to breathe free, The wretched refuse of your teeming shore are belong to us", then nobody would even question the checksum diff between your image and the LOC's reference copy.

    --Blair
  • It gets more complicated than that. The IP protection defeaters are also using stegonography in order to bypass protectionist laws passed by the MPAA, RIAA, etc, and the MPAA, RIAA, etc are using crypto to try protecting their works. How will this all end? The optimist in me says that we'll go back to the old, capitalistic system of short copyright protection and legalized thinking. The pessimist in me thinks that we'll end up going to hell in a handbasket, with the RIAA, etc eventually buying even more blatantly unconstitutional laws.
  • by Chakat ( 320875 ) on Tuesday May 08, 2001 @06:41AM (#237839) Homepage
    Jon, Stegonography has been discussed quite often here, even had another book reviewed here [slashdot.org] a few months back. The book in question is much more affordable than the lengthy tome you linked to, is fairly in depth, and a great primer. Stego is actually pretty widely discussed nowadays, at least in tech/privacy circles.
  • To tell you the truth, im happier in a "saner" country: England. yeah, you can buy more stuff in the US, and own more property, and reach closer to the greedy potentials that people like Microsoft and RIAA want us to be, but thats not for me.

    And the level of policing in the US is plainly fascist. maybe in socialist europe the police do interfere more, but i never see them. the US' concerns with clamping down on our freedoms is so prevalent that we have begun to ignore it, and that is one of the few things that i thank Jon for pointing out to us.

    (Case in point: the united states institutional prejudice against "youngsters" allows for drug related "mandatory minimums" and a general feeling of dislike against anyone under 25)
  • Here's some insight for ya.

    We know it's you Katz.

    Pbbbbbt. ;)

    --
    "Fuck your mama."

"Kill the Wabbit, Kill the Wabbit, Kill the Wabbit!" -- Looney Tunes, "What's Opera Doc?" (1957, Chuck Jones)

Working...