A New Twist On Steganography From The Creator Of BitTorrent
from the secret-message?-what-secret-message? dept
Over the last year, we have learned that keeping things secret as they pass over the Internet is much harder than we thought because of the extraordinary NSA and GCHQ surveillance programs revealed by Edward Snowden's leaks. One of the problems with traditional encryption is that its opaque text flags up rather obviously that something is being hidden. An alternative approach, known as steganography, tries to get around that by hiding secret messages in other kinds of text or images in such a way that it is not obvious -- for example, by changing individual pixels -- and therefore does not attract unwanted attention.
Those carrying out surveillance are of course perfectly aware of steganography, and have methods that allow them to inspect files for subtle changes that indicate there are hidden texts. In the usual arms-race fashion, this has now led to the development of a more advanced kind of steganography that hopes to evade those tools. It comes from Bram Cohen, creator of the important file-sharing protocol and software, BitTorrent. His new system bears the dramatic name "DissidentX"; here's how it works:
Cohen has programmed DissidentX to serve as a customizable framework for steganography that can use any method of tweaking a file from adding spaces at the end of a text file's lines to adding pixels to a video. But unlike older steganographic tools, those alterations to the camouflage file known as the "cover text" don’t serve as a set of on-or-off bits to encode the secret message. Instead, DissidentX makes the changes such that when the recipient puts the entire file through a cryptographic function known as a "hash" -- a transformation that converts it into a unique string of characters -- it produces an encrypted version of the sender's message, ready to be decrypted with the recipient's key.
As well as this more subtle approach, Cohen's DissidentX has another big advantage over traditional steganography:
He's designed DissidentX to allow multiple secret messages to be encoded in an altered file, each of which can only be read with different decryption keys. That means a single text file or video could hold messages intended for multiple recipients, or additional false messages can also be encoded into the file as red herrings.
As the article in Forbes quoted above points out, this could be important for dissidents who face the prospects of being tortured for their decryption key: alongside the real message, kept secret, a dummy text that can be given up to the authorities could be stored as well.
It's a clever approach, albeit with one drawback: the visible text in which the steganographic message is hidden has to be around 500 times longer than the invisible one. Sending such long texts might in itself draw some attention, but Cohen hopes to reduce that size factor in future versions. In any case, it doesn't really matter whether or not this particular steganographic system takes off; what's important is that people like Cohen are coming up with a range of new ways to thwart the surveillance state we find ourselves inhabiting.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bram cohen, steganography
Reader Comments
Subscribe: RSS
View by: Time | Thread
THIS JERK IS A FRUAD
also 6 months befor ehe created bittorrent me and a us military guy on his off time created bandwidth sharing software
i hurt my back he went off to war...it never got published but its still all sitting on th eoriginal hard drive
and this steno software...its part of the united hackers associate file archive....
it had any type a file within images
[ link to this | view in chronology ]
Re: THIS JERK IS A FRUAD
& why're you so butt-hurt anyway? After all, IF what you claim is true, it's only been 20+ years. :P
I would strongly advice that you try to "Get Over It", though it's painfully obvious that if you haven't by now, you never will.
Cheers! :]
[ link to this | view in chronology ]
p.s.
[ link to this | view in chronology ]
NSA/Steganography
[ link to this | view in chronology ]
Re: NSA/Steganography
[ link to this | view in chronology ]
http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fak e-secrets/
I'd love to be able to input a password on my Android phone, to unveil a "clean" account, while inputting another password would unveil my real account.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
u mad?
[ link to this | view in chronology ]
Other options
I am not a cryptography expert, but it seems like you could break it down on smaller parts of the original document.
[ link to this | view in chronology ]
Re: Other options
The whole idea is to hide the existence of the secret message - doing what you suggest would be an obvious flag that something funny is going on. You may as well just send a straight encrypted message if you're going to do that.
[ link to this | view in chronology ]
Re: Re: Other options
Do you have any good links that would help explain this a bit more? That Forbes article was pretty basic.
[ link to this | view in chronology ]
Re: Re: Re: Other options
Variable width spaces in between words don't normally appear in ordinary documents. So their presence would be be a red flag that there may be a hidden message...which defeats the purpose of hiding it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Explanation is unclear
When I read this my skepticism reached overload. A hash is a one-way mathematical function, and by definition, cannot be decrypted with a key. I figured that maybe it was just Andy Greenberg who misunderstood the algorithm here. That appears to be true, but I will cut him some slack because Bram Cohen's explanation of this on Github sucks, to be frank. From what I think I understand the algorithm to be, it is rather clever. It does go to show that sometimes smart people don't have the ability to explain well what they know.
I haven't read the code yet, only the textual notes. So, this may not be correct, but here goes.
The elements are:
-cover text, for which there exists a set of short alternate segments. For each of these segments there is a single alternate which makes as much sense as the original.
-A shared cryptographic key.
-a value, which is the message to be hidden.
-SHA3 cryptographic hash algorithm
-a custom stream cipher which is a variation of AES in Output FeedBack mode (OFB). An important aspect of the algorithm for this stream cipher is that the set of segment alternates can be found, by the "encoding" portion of the program, that, with the chosen key, will produce the desired value (the message) as the first part of the encrypted output of the cipher.
The first step, for the sender, is to encrypt the cover text with chosen alternates using the shared key and an initialization vector (what Cohen is calling the salt), and AES in OFB mode. This initialization vector is created by using the first 4 bytes of the SHA3 hash of the chosen cover text.
There is a packing step which adds a length prefix and a checksum. The resulting data can be posted on a public website.
The message receiver will also have the shared key and can apply the custom stream cipher to reveal the message.
There are some details which I am still unclear about. I am not a cryptologist, so I cannot evaluate this scheme.
[ link to this | view in chronology ]
Re: Explanation is unclear
[ link to this | view in chronology ]
Re: Explanation is unclear
(In addition, one would probably prefer to use SHA256 nowadays instead of SHA3, since fast hardware is readily available to accelerate such an inversion of SHA256 --- namely, any Bitcoin mining setup.)
I'm off to check it out. I hope his work is an improvement on my own --- it'll save me a lot of trouble getting my own into publishable form.
[ link to this | view in chronology ]
Re: Explanation is unclear
[ link to this | view in chronology ]
Re: Re: Explanation is unclear
> new trendy hawtness from NIST
I guess he missed out the part where NIST "suddenly" wanted to reset the security parameters of SHA-3... anyone following the recent news wouldn't think of SHA-3 as a stellar candidate for being an essential part of a stego algorithm.
Or did the NSA tell them to do that to try to make us think that the original parameters were "too hard" for them? Inquiring minds want to know!
[ link to this | view in chronology ]