Life in the Noise - Disappearing Cryptography

Cryptography Reference

In-Depth Information

icant bits that follow. Upham noted that this number would often

have a great number of zeros at the front of it. Since these bits would

normally be somewhat randomly distributed, a block of zeros could

look suspicious. Sixteen zeros in a row should only occur about 1 out

of 2 16 times.

His solution was to have two fields in the header. The first con-

sisted of a 5-bit number that specified the number of bits in the sec-

ond field. The second field would contain the number of bits in the

entire file. This would remove any large blocks of bits at the begin-

ning of the number while leaving the flexibility for extremely large

files. He also suggests that the number of bits in the second field be

padded with an extra 0 about half of the time. This prevents the sixth

bitofthefilefromalwaysbeinga1.Thisisaverysubtleattentionto

detail. 5

9.5.2 Outguess

The Outguess software written by Niels Provos tweaks least signifi-

cant bits like all of the other tools, butitdoesitcarefullytoavoidin-

troducing statistical signatures that might alert attackers looking for

the presence of the message.

This attention to statistical detail has its costs. The program iden-

tifies potential bits and then rules out using half of them in order to

have potential corrections. This cuts the capacity of the channel in

half but increases the security dramatically.

In the most abstract sense, the Outguess algorithm is straight for-

ward. Every time you change a bit to hide information, you search

for an equivalent bit and change it too to maintain a balanced sta-

tistical profile. If you change a 0 to a 1, then change a 1 to a 0 at the

same time. The Outguess software can be modified to work with any

data format given routines for identifying good places to hide data.

[Pro01b, Pro01a]

Thesebalancedchangescanbeusedinanyofthesteganographic

solutions. In practice, Provos implements the algorithm by changing

the JPEG compression coefficients. Just changing the least signifi-

cant bits may introduce higher order changes to the JPEG compres-

sion coefficients and these changes can be relatively easy to detect.

[JJ98a]

5 John Marsh, a reader, suggests that techniques like Rice Coding and Golumb Cod-

ing are effective here because they dowell encoding small integers while handling very

large ones too.

Search WWH ::

Custom Search

Home