Sunday, January 11, 2004

Strong crypto should look not unlike random noise

Slashdot posted to USAF Wants To Find Steganographic Content as Strong crypto should look not unlike random noise :

Maybe statistical analysis can determine if a given image or other medium is possibly hiding information. But if that information is encrypted, doesn't it look like random data without the key?

Yes. One quick-and-dirty test of the strength of a cryptographic algorithm or hash function is that the output appears random, and a small change in the input results in a large change in the output.

If the steg'd data has obvious headers and block formatting, a weak algorithm could leave enough of a pattern in the output file to be detectable. And of course some applications of stego are used to embed cleartext data...

Without knowing the key or even the cipher used to encrypt it... how can it be shown to actually be information? "That's just random noise/corruption in my images your honor... I dont know what your talking about"

Proponents of stego sometimes suggest it's use in environments where even the suspicion of crypto is enough to risk persecution and/or prosecution.

The other "trick" to detecting stego is that "normal" JPG/BMP/WAV/MP3/AVI/MPEG files tend to not actually show a high degree of random noise -- the seemingly random data in the LSB tends to have a pattern imposed by the encoder used and the input device.

I'd guess that this problem is more of an issue on highly-processed information from clean sources. You wouldn't expect random noise on an MP3 file ripped off the latest pop album release, but it wouldn't be out of place on a .SHN "bootleg" recording of a TMBG live concert from a handheld DAT recorder...

cryptor3 replies:
Interesting... looking for things being too random...

So then to counter this, the steg programs need to encode data in such a way that the various nonrandom patterns originally present in the unaltered files.

It seems like this would become a mathematical arms race where, on one side, analyzers are developing new statistical tests for patterns, and on the other side, programmers for steg programs must keep patching their programs to account for these types of patterns.


Post a Comment

<< Home