On Thu, Oct 04, 2001 at 11:48:53PM +0100, Julian Tibble wrote: > There is a paper about about an experiment to try and locate examples of > stenography on eBay (the paper was mentioned recently during a discussion > of terrorist use of encryption/stenography). > > Although the study only involved information hidden in JPEG images, I'm sure > the principles could be more widely applied. Stegdetect looks for abnormal frequency distributions of the DC components in JPEG images. The DC components are the conversion from signal (image) to frequency. These values are then compressed by discarding the least significant bits. Most of the current JPEG stego uses variations in these values for hiding information, much like storing information in a raw soundfile. The detected JPEG stego programs insert their message data from the start of these values, causing the first DC components (with stego) to have different characteristics then the last (without). These differences are rare in normal JPEGs. BTW, I have been running stegdetect regularly on the images from a selection of USENET newsgroups since HAL2001 and have similarly negative results. Either the tools used are way more advanced (unlikely), or we are looking at the wrong places or this kind of communication is very, very rare. This detection mechanism is in the class "differences in properties between normal objects and objects with steganographicly hidden messages", which is appropiate for detection of more advanced stego methods. Detection of known signatures is very effective against GIF-stego programs (most leave huge fingerprints). With kind regards, Wouter Slegers Your Creative Solutions
This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 13:51:31 PST