Cryptography Reference
In-Depth Information
The field of steganalysis is usually more concerned with simply
identifying the existence of a message instead of actually extracting
it. This is only natural because the field of steganography aims to
conceal the existence of a message, not scramble it. Many of the ba-
sic tests in steganalysis will often just identify the possible existence
of a message. Recovering the hidden data is usually beyond the ca-
pabilities of the tests becausemany algorithms use cryptographically
secure random number generators to scramble the message as it is
inserted. In some cases, the hidden bits are spread throughout the
file. Some of these algorithms can't tell you where they are, but they
can tell that the hidden bits are probably there.
Identifying the existence of a hiddenmessage can often be enough
for an attacker. The messages are often fragile and an attacker can
destroy the message without actually reading it. Some data can be
wiped out by storing another message in its place. Other data can
be nullified by flipping a randomnumber of the least significant bits.
Many small distortions can wipe out the information, which after all
is stored in the form of small distortions. While the attacker may not
read the message, the recipient won't either. It may even be argued
that adding small, random permutations is more effective than try-
ing to detect the existence of the message in the first case. This is
a corollary to Blaise Pascal's idea that one might as well believe in a
God because there's no downside if you're wrong.
All of these attacks depend on identifying some characteristic
part of an audio or image file that is altered by the hidden data.
That is, finding a way where the steganography failed to imitate or
camoflage enough. In many cases, the hidden data is more random
than the data it replaces and this extra “perfection” often stands out.
The least significant bits of many images, for instance, are not ran-
dom. In some cases the camera sensor is not perfect and in others
the lack of randomness is introduced by some file compression. Re-
placing the least significant bits with a more random (i.e. higher en-
tropy) hidden message removes this artifact.
“When a thing is funny,
search it carefully for a
hidden truth.” -George
Bernard Shaw,
unsourced
There are limitations. Many of these techniques must be tuned
to attack the output from particular software programs. They can be
highly effective in the hands of a skilled operator searching for hid-
den information created by a known algorithms, but they can begin
to fail when they encounter the results from even slightly different al-
gorithms. There is no guarantee that the steganalysis algorithms can
be automatically extended to each version of the software. There is
no magic anti-steganography bullet.
But there are also no guarantees that any steganographic algo-
rithm can withstand clever steganalysis. None of the algorithms in
