A New Twist On Steganography From The Creator Of BitTorrent

from the secret-message?-what-secret-message? dept

Over the last year, we have learned that keeping things secret as they pass over the Internet is much harder than we thought because of the extraordinary NSA and GCHQ surveillance programs revealed by Edward Snowden's leaks. One of the problems with traditional encryption is that its opaque text flags up rather obviously that something is being hidden. An alternative approach, known as steganography, tries to get around that by hiding secret messages in other kinds of text or images in such a way that it is not obvious -- for example, by changing individual pixels -- and therefore does not attract unwanted attention.

Those carrying out surveillance are of course perfectly aware of steganography, and have methods that allow them to inspect files for subtle changes that indicate there are hidden texts. In the usual arms-race fashion, this has now led to the development of a more advanced kind of steganography that hopes to evade those tools. It comes from Bram Cohen, creator of the important file-sharing protocol and software, BitTorrent. His new system bears the dramatic name "DissidentX"; here's how it works:

Cohen has programmed DissidentX to serve as a customizable framework for steganography that can use any method of tweaking a file from adding spaces at the end of a text file's lines to adding pixels to a video. But unlike older steganographic tools, those alterations to the camouflage file known as the "cover text" don’t serve as a set of on-or-off bits to encode the secret message. Instead, DissidentX makes the changes such that when the recipient puts the entire file through a cryptographic function known as a "hash" -- a transformation that converts it into a unique string of characters -- it produces an encrypted version of the sender's message, ready to be decrypted with the recipient's key.
As well as this more subtle approach, Cohen's DissidentX has another big advantage over traditional steganography:
He's designed DissidentX to allow multiple secret messages to be encoded in an altered file, each of which can only be read with different decryption keys. That means a single text file or video could hold messages intended for multiple recipients, or additional false messages can also be encoded into the file as red herrings.
As the article in Forbes quoted above points out, this could be important for dissidents who face the prospects of being tortured for their decryption key: alongside the real message, kept secret, a dummy text that can be given up to the authorities could be stored as well.

It's a clever approach, albeit with one drawback: the visible text in which the steganographic message is hidden has to be around 500 times longer than the invisible one. Sending such long texts might in itself draw some attention, but Cohen hopes to reduce that size factor in future versions. In any case, it doesn't really matter whether or not this particular steganographic system takes off; what's important is that people like Cohen are coming up with a range of new ways to thwart the surveillance state we find ourselves inhabiting.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bram cohen, steganography


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. This comment has been flagged by the community. Click here to show it
    identicon
    Guardian, 30 Jan 2014 @ 12:25am

    THIS JERK IS A FRUAD

    i have software that does this from the 90's and i got it from others....

    also 6 months befor ehe created bittorrent me and a us military guy on his off time created bandwidth sharing software

    i hurt my back he went off to war...it never got published but its still all sitting on th eoriginal hard drive

    and this steno software...its part of the united hackers associate file archive....

    it had any type a file within images

    link to this | view in thread ]

  2. identicon
    Guardian, 30 Jan 2014 @ 12:27am

    p.s.

    p.s. why you think the sicko spies are watching all that porn ..it aint to see what your up to....although some abuses that way occur.

    link to this | view in thread ]

  3. identicon
    Tom, 30 Jan 2014 @ 12:48am

    NSA/Steganography

    If they already have all the data that is on your computer (and they do,)before you encrypt it using any means possible - is there any point in encrypting the data ?

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 30 Jan 2014 @ 1:51am

    This one is interesting, too, and could be very useful at airports, where they want to search your electronics these days increasingly more often:

    http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fak e-secrets/

    I'd love to be able to input a password on my Android phone, to unveil a "clean" account, while inputting another password would unveil my real account.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 30 Jan 2014 @ 1:59am

    good for him! the only thing now emerging from this 'i want to know all about everyone' approach the governments have are programs etc to fuck them up. it may not bode well for a defense against terrorism, but surely keeping our rights is?

    link to this | view in thread ]

  6. This comment has been flagged by the community. Click here to show it
    identicon
    NSA, 30 Jan 2014 @ 5:25am

    u mad?

    Suck my dick bitches

    link to this | view in thread ]

  7. icon
    John Fenderson (profile), 30 Jan 2014 @ 5:52am

    Re: NSA/Steganography

    They do? How'd they get it?

    link to this | view in thread ]

  8. icon
    ahow628 (profile), 30 Jan 2014 @ 6:42am

    Other options

    I like the addition of extra spaces at the end of the lines, but it seems like you could easily encrypt FAR more data if you made the spaces themselves vary in width. Or maybe vary the distance between each consecutive character in the sentence.

    I am not a cryptography expert, but it seems like you could break it down on smaller parts of the original document.

    link to this | view in thread ]

  9. icon
    OldMugwump (profile), 30 Jan 2014 @ 8:15am

    Re: Other options

    Given that there is no reasonable reason to do that (variable space widths, character spacing), that would defeat the purpose of steganography.

    The whole idea is to hide the existence of the secret message - doing what you suggest would be an obvious flag that something funny is going on. You may as well just send a straight encrypted message if you're going to do that.

    link to this | view in thread ]

  10. icon
    Kenpachi (profile), 30 Jan 2014 @ 9:43am

    Re: THIS JERK IS A FRUAD

    English MF, ever heard of it?

    & why're you so butt-hurt anyway? After all, IF what you claim is true, it's only been 20+ years. :P

    I would strongly advice that you try to "Get Over It", though it's painfully obvious that if you haven't by now, you never will.

    Cheers! :]

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 30 Jan 2014 @ 10:20am

    DissidentX, sounds interesting. I'll have to check it out.

    link to this | view in thread ]

  12. icon
    aldestrawk (profile), 30 Jan 2014 @ 12:38pm

    Explanation is unclear

    "a cryptographic function known as a "hash" -- a transformation that converts it into a unique string of characters -- it produces an encrypted version of the sender's message, ready to be decrypted with the recipient's key."

    When I read this my skepticism reached overload. A hash is a one-way mathematical function, and by definition, cannot be decrypted with a key. I figured that maybe it was just Andy Greenberg who misunderstood the algorithm here. That appears to be true, but I will cut him some slack because Bram Cohen's explanation of this on Github sucks, to be frank. From what I think I understand the algorithm to be, it is rather clever. It does go to show that sometimes smart people don't have the ability to explain well what they know.

    I haven't read the code yet, only the textual notes. So, this may not be correct, but here goes.
    The elements are:

    -cover text, for which there exists a set of short alternate segments. For each of these segments there is a single alternate which makes as much sense as the original.

    -A shared cryptographic key.

    -a value, which is the message to be hidden.

    -SHA3 cryptographic hash algorithm

    -a custom stream cipher which is a variation of AES in Output FeedBack mode (OFB). An important aspect of the algorithm for this stream cipher is that the set of segment alternates can be found, by the "encoding" portion of the program, that, with the chosen key, will produce the desired value (the message) as the first part of the encrypted output of the cipher.

    The first step, for the sender, is to encrypt the cover text with chosen alternates using the shared key and an initialization vector (what Cohen is calling the salt), and AES in OFB mode. This initialization vector is created by using the first 4 bytes of the SHA3 hash of the chosen cover text.

    There is a packing step which adds a length prefix and a checksum. The resulting data can be posted on a public website.

    The message receiver will also have the shared key and can apply the custom stream cipher to reveal the message.

    There are some details which I am still unclear about. I am not a cryptologist, so I cannot evaluate this scheme.

    link to this | view in thread ]

  13. identicon
    Lawrence D'Oliveiro, 30 Jan 2014 @ 1:21pm

    Re: Explanation is unclear

    I had a look at the code, and it doesn’t do anything that can be described as “decrypting a hash” (thankfully). It uses SHA3-256 to compute a hash to guard against modification (malicious or otherwise) of the encrypted message—pretty standard practice for encryption algorithms.

    link to this | view in thread ]

  14. icon
    RonKaminsky (profile), 30 Jan 2014 @ 1:23pm

    Re: Explanation is unclear

    Well, if it's anything like the version I thought up independently, the algorithm only uses a limited number of bits of the result of the hash function, enabling a brute force search to (sometimes, since there is no reason, except statistics, to expect that this would be possible) invert what would ordinarily be, as you said, an uninvertible function.

    (In addition, one would probably prefer to use SHA256 nowadays instead of SHA3, since fast hardware is readily available to accelerate such an inversion of SHA256 --- namely, any Bitcoin mining setup.)

    I'm off to check it out. I hope his work is an improvement on my own --- it'll save me a lot of trouble getting my own into publishable form.

    link to this | view in thread ]

  15. identicon
    Lawrence D'Oliveiro, 30 Jan 2014 @ 1:43pm

    Re: Explanation is unclear

    I think he’s using SHA-3 because that’s the anointed new trendy hawtness from NIST. Though it has to be said that the long-expected weaknesses in SHA-2 have failed to show.

    link to this | view in thread ]

  16. icon
    RonKaminsky (profile), 30 Jan 2014 @ 3:00pm

    Re: Re: Explanation is unclear

    > I think he’s using SHA-3 because that’s the anointed
    > new trendy hawtness from NIST

    I guess he missed out the part where NIST "suddenly" wanted to reset the security parameters of SHA-3... anyone following the recent news wouldn't think of SHA-3 as a stellar candidate for being an essential part of a stego algorithm.

    Or did the NSA tell them to do that to try to make us think that the original parameters were "too hard" for them? Inquiring minds want to know!

    link to this | view in thread ]

  17. icon
    ahow628 (profile), 2 Feb 2014 @ 9:56am

    Re: Re: Other options

    So I'm obviously not too familiar with this stuff but why are extra spaces at the line end ok, but variable width spaces aren't?

    Do you have any good links that would help explain this a bit more? That Forbes article was pretty basic.

    link to this | view in thread ]

  18. icon
    OldMugwump (profile), 21 Feb 2014 @ 1:03pm

    Re: Re: Re: Other options

    Because extra spaces at the end of lines happen all the time naturally, in documents that don't have any hidden messages.

    Variable width spaces in between words don't normally appear in ordinary documents. So their presence would be be a red flag that there may be a hidden message...which defeats the purpose of hiding it.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.