|
Due to a new Michigan law (Super DMCA), the legality of
my research or these web pages is currently unclear. Felten provides
additional information about the resulting restrictions on technology and research.
Potentially offending web content has been
moved to the Netherlands. Please, support the
EFF.
|
|
If you are a reporter and have questions about the research, please
have a look at the Steganography Press Information.
Defeating Statistical Steganalysis
Abstract
The main purpose of steganography is to hide the occurrence of
communication. While most methods in use today are invisible to the
observer's senses, mathematical analysis may reveal statistical
discrepancies in the stego medium. These discrepancies expose the
fact that hidden communication is happening.
This talk presents a new method to preserve the statistical properties
of the cover medium. After applying a correcting transform to an
image, statistical steganalysis is no longer able to detect the
presence of steganography. We present an a priori estimate to
determine the amount of data that can be hidden in the image while
still being able to maintain frequency count based statistics. This
way, we can quickly choose an image in which a given message can be
hidden safely. To evaluate the effectiveness of our approach, we
present statistical tests for the JPEG image format and explain how
our new method defeats them.
For background material, see
All methods have been implemented in the
OutGuess system.
Detecting Steganographic Content on the Internet
Abstract
Recently, there has been rumors about terrorist using steganography
to hide their communication and secret plans.
However, it is difficult to verify these claims. To answer this
question, I have
created a detection framework that consists of several elements:
-
A web crawler that
saves JPG images.
-
Its output is piped into stegdetect, a tool for automatic detection of steganographic
content.
- The positive results are distributed to a loosely couple cluster
of workstations with disconcert.
-
On the clients, stegbreak is used to launch a dictionary attack against the
positive images. A normal stegbreak job runs on a few hundred clients.
So far we have analyzed 2 Million images obtained from ebay auctions.
So far not a single hidden message could be found. However, these
images provided valuable insight in how to improve the system for the
next round where images will be analyzed from a number of other locations.
disconcert is available only as snapshot without documentation.
-
Detecting Steganographic Content on the Internet
[ps]
- Niels Provos and Peter Honeyman, ISOC NDSS'02, San Diego, CA, February 2002. [August 2001, CITI Techreport].
- Detecting Steganographic
Content on the Internet - August, 2001, HAL 2001 Presentation, Slides.
- Detecting Steganographic
Content on the Internet - November, 2001, CSL EE380 Colloquium, Stanford University, Slides.
- Detecting Steganographic
Content on the Internet - November, 2001, CSL EE380 Colloquium, Stanford University, Video.
Analysing USENET content
We are analyzing USENET images for steganographic content.
Stegdetect has analyzed approximately one million images.
The positive images are being processed on a disconcert
cluster with about two hundred workstations.
The current results are available here.