|
Newsgroups: sci.crypt.research From: "Markus Kuhn" <mskuhn@cip.informatik.uni-erlangen.de> Subject: Announcement: Steganography Mailing List Message-ID: <mpjDB9Js0.H9B@netcom.com> Sender: mpj@netcom15.netcom.com Organization: private site, Hamburg (Germany) Date: Wed, 5 Jul 1995 21:59:59 GMT Approved: crypt-request@cs.aukuni.ac.nz Steganography Mailing List -------------------------- Markus Kuhn -- 1995-07-03 Steganography is the art and science of communicating in a way which hides the existence of the communication. In contrast to cryptography, where the "enemy" is allowed to detect, intercept and modify messages without being able to violate certain security premises guaranteed by a cryptosystem, the goal of steganography is to hide messages inside other "harmless" messages in a way that does not allow any "enemy" to even detect that there is a second secret message present. Steganography is in the (especially military) literature also referred to as transmission security or short TRANSEC. A good steganography system should fulfill the same requirements posed by the "Kerckhoff principle" in cryptography. This means that the security of the system has to be based on the assumption that the "enemy" has full knowledge of the design and implementation details of the steganographic system. The only missing information for the "enemy" is a short easily exchangeable random number sequence, the secret key, and without the secret key, the "enemy" should not have the slightest chance of even becoming suspicious that on an observed communication channel hidden communication might take place. Steganography is closely related to the problem of "hidden channels" in secure operating system design, a term which refers to all communication paths that can not easily be restricted by access control mechanisms (e.g. two processes that communicate by modulating and measuring the CPU load). Steganography is also closely related to spread spectrum radio transmission, a technique that allows to receive radio signals that are over 100 times weaker than the atmospheric background noise, as well as TEMPEST, techniques which analyze RF transmissions of computer and communication equipment in order to get access to secret information handled by these systems. Most communication channels like telephone lines and radio broadcasts transmit signals which are always accompanied by some kind of noise. This noise can be replaced by a secret signal that has been transformed into a form that is indistinguishable from noise without knowledge of a secret key and this way, the secret signal can be transmitted undetectable. This basic design principle of steganographic systems, i.e. replacing high entropy noise with a high entropy secret transmission, is quite obvious. There have a number of simple software tools been published for e.g. hiding files in the least significant bits of digital images or for transforming PGP messages into files resembling pure random byte sequences. However really good steganography is much more difficult and usage of most of the currently available steganographic tools might be quite easily detected using sufficiently careful analysis of the transmitted data. The noise on analog systems has a large number of properties very characteristic to the channel and the equipment used in the communication system. A good steganographic system has to observe the channel, has to build a model of the type of noise which is present and has then to adapt the parameters of its own encoding algorithms so that the noise replacement fits the model parameters of the noise on the channel as well as possible. Whether the steganographic system is really secure depends on whether the "enemy" has a more sophisticated model of the noise on the channel than the one used in the steganographic system. Common communication systems have a huge number of characteristics and only a small fraction of what looks like noise can actually be replaced by the statistically very clean noise of a cryptographic ciphertext. Noise in communication systems is often created by modulation, quantization and signal cross-over and is heavily influenced by these mechanisms and in addition by all kinds of filters, echo cancelation units, data format converters, etc. Many steganographic systems have to work in noisy environments and consequently require synchronization and forward error correction mechanisms that also have to be undetectable as long as the secret key is unknown. It is my impression that the field of steganography has not yet been examined in detail by the scientific community outside the military world. Many of the above mentioned problems in the design of high quality steganographic systems have not been addressed in the literature and only very few attempts of practical solutions have been published and analyzed so far. In order to encourage discussion and cooperation in the field of steganography, the STEGANO-L mailing list has been established. We want to invite people with a good background in modern communication systems, cryptography, digital signal processing, information theory, mathematics, etc. to publish tools for steganographic systems, to attack these and discuss weaknesses and possible improvements and to collect statistic and signal processing software tools as well as sample data that can be used for quality control of steganographic systems. In order to (un-)subscribe to STEGANO-L, send an e-mail message "(UN)SUB stegano-l your-mail-address" to stegano-l-request@as-node.jena.thur.de Messages to all STEGANO-L members have to be sent to the address stegano-l@as-node.jena.thur.de The manager of the mailing list server is Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De> WWW: <http://www.thur.de/ulf/stegano/> I am looking forward to meet you in interesting discussions there ... Markus -- Markus Kuhn, Computer Science student -- University of Erlangen, Internet Mail: <mskuhn@cip.informatik.uni-erlangen.de> - Germany WWW Home: <http://wwwcip.informatik.uni-erlangen.de/user/mskuhn>