A
short introduction into steganography was written by Neil F. Johhnson.
Steganography Mailing List
Markus Kuhn -- 1995-07-03
Steganography is the art and science of communicating in a way which
hides the existence of the communication. In contrast to cryptography,
where the "enemy" is allowed to detect, intercept and modify messages
without being able to violate certain security premises guaranteed by
a cryptosystem, the goal of steganography is to hide messages inside
other "harmless" messages in a way that does not allow any "enemy" to
even detect that there is a second secret message present.
Steganography is in the (especially military) literature also referred
to as transmission security or short TRANSEC.
A good steganography system should fulfill the same requirements posed
by the "Kerckhoff principle" in cryptography. This means that the
security of the system has to be based on the assumption that the
"enemy" has full knowledge of the design and implementation details of
the steganographic system. The only missing information for the
"enemy" is a short easily exchangeable random number sequence, the
secret key, and without the secret key, the "enemy" should not have
the slightest chance of even becoming suspicious that on an observed
communication channel hidden communication might take place.
Steganography is closely related to the problem of "hidden channels"
in secure operating system design, a term which refers to all
communication paths that can not easily be restricted by access
control mechanisms (e.g. two processes that communicate by modulating
and measuring the CPU load). Steganography is also closely related to
spread spectrum radio transmission, a technique that allows to receive
radio signals that are over 100 times weaker than the atmospheric
background noise, as well as TEMPEST, techniques which analyze RF
transmissions of computer and communication equipment in order to get
access to secret information handled by these systems.
Most communication channels like telephone lines and radio broadcasts
transmit signals which are always accompanied by some kind of noise.
This noise can be replaced by a secret signal that has been
transformed into a form that is indistinguishable from noise without
knowledge of a secret key and this way, the secret signal can be
transmitted undetectable.
This basic design principle of steganographic systems, i.e. replacing
high entropy noise with a high entropy secret transmission, is quite
obvious. There have a number of simple software tools been published
for e.g. hiding files in the least significant bits of digital images
or for transforming PGP messages into files resembling pure random
byte sequences.
However really good steganography is much more difficult and usage of
most of the currently available steganographic tools might be quite
easily detected using sufficiently careful analysis of the transmitted
data. The noise on analog systems has a large number of properties
very characteristic to the channel and the equipment used in the
communication system. A good steganographic system has to observe the
channel, has to build a model of the type of noise which is present
and has then to adapt the parameters of its own encoding algorithms so
that the noise replacement fits the model parameters of the noise on
the channel as well as possible. Whether the steganographic system is
really secure depends on whether the "enemy" has a more sophisticated
model of the noise on the channel than the one used in the
steganographic system.
Common communication systems have a huge number of characteristics and
only a small fraction of what looks like noise can actually be
replaced by the statistically very clean noise of a cryptographic
ciphertext. Noise in communication systems is often created by
modulation, quantization and signal cross-over and is heavily
influenced by these mechanisms and in addition by all kinds of
filters, echo cancelation units, data format converters, etc. Many
steganographic systems have to work in noisy environments and
consequently require synchronization and forward error correction
mechanisms that also have to be undetectable as long as the secret key
is unknown.
It is my impression that the field of steganography has not yet been
examined in detail by the scientific community outside the military
world. Many of the above mentioned problems in the design of high
quality steganographic systems have not been addressed in the
literature and only very few attempts of practical solutions have been
published and analyzed so far.
In order to encourage discussion and cooperation in the field of
steganography, the STEGANO-L mailing list has been established. We
want to invite people with a good background in modern communication
systems, cryptography, digital signal processing, information theory,
mathematics, etc. to publish tools for steganographic systems, to
attack these and discuss weaknesses and possible improvements and to
collect statistic and signal processing software tools as well as
sample data that can be used for quality control of steganographic
systems.
In order to (un-)subscribe to STEGANO-L, send an e-mail message
"(UN)SUB your-mail-address stegano-l" to
stegano-l-request@iks-jena.de
Messages to all STEGANO-L members have to be sent to the address
stegano-l@iks-jena.de
The manager of the mailing list server is
Lutz Donnerhacke
WWW: http://www.thur.de/ulf/stegano/
I am looking forward to meet you in interesting discussions there ...
|