RE: Steganography

From: hal@finney.org
Date: Thu Sep 27 2001 - 11:43:57 MDT


I agree with Harvey that the security goal of steganography is to embed
a message in a picture such that an attacker can't tell if there is a
message there. That is the point of steganography. Being able to tell
means breaking the security.

Further asking the attacker to extract the message is meaningless, because
the message can be encrypted such that it looks equivalent to random noise,
and extracting such a message is of no value.

If all you wanted was to keep your messages from being read, ordinary
encryption will suffice. You use steganography because you want to hide
the very fact that you are sending messages. Hence if the attacker can
tell that you are sending something, the steganography is broken.

However I think the tests which have been offered here are not good,
because the same cover image is used in each one. In practice an attacker
generally does not have access to a reference image with no (or little)
embedded data to compare with the modified version.

What you should do is to use a variety of different images, of different
sizes, numbers of colors, and qualities, and embed messages in some of
them and not in others. This would be a more meaningful test in being
similar to the actual task facing a steganographic attacker.

Hal



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:11:01 MST