Sending covert messages undetectable over the net.

http://phys.org/news/2014-06-covert-channel-internet.html

Originally posted by sonhouse
http://phys.org/news/2014-06-covert-channel-internet.html

Very clever and announced just as China is expressing paranoia at the U.S. cyber-espionage capability.

Originally posted by DeepThought
Very clever and announced just as China is expressing paranoia at the U.S. cyber-espionage capability.

Yes, well the Chinese just got caught with their hands in the cookie jar, didn't they?

Originally posted by sonhouse
Yes, well the Chinese just got caught with their hands in the cookie jar, didn't they?

Yes. It's terrible how they are doing everything the Americans [and British]
are doing, but with less resource's and proficiency...

I mean can't they just do as we say, instead of as we do...

It's really inconsiderate of them.

EDIT: For calibration purposes your sarcasometer's should have just registered
a 9.0 on the CISS [Calibrated Internet Sarcasm Scale]

I did read the article. The idea that you can alter the gaps in the message with suitable hardware so that a hidden message is still readable really is clever. To defend against it networks could simply reset the gaps to a standard length by default, thereby wiping any hidden message.

I've got to admit my main motivation in posting here is to push the problems with RJHinds and creationist dating of rocks and fossils threads down the list. It's depressing that they are the only threads anyone can think of anything to say in.

Originally posted by DeepThought
I did read the article. The idea that you can alter the gaps in the message with suitable hardware so that a hidden message is still readable really is clever. To defend against it networks could simply reset the gaps to a standard length by default, thereby wiping any hidden message.

I've got to admit my main motivation in posting here is to push t ...[text shortened]... he list. It's depressing that they are the only threads anyone can think of anything to say in.

Well this forum tends to be a bit on the slow side... which is why having
creationist debates spill over from spirituality is so disruptive.

One problem I see with this is that you have to have specialist hardware
and a direct optical fibre connection to the internet for it to work.

Which would kinda stand out at the moment.
And if everyone has it then everyone has the ability to intercept and read
these messages, and so you're back to standard encryption.

I'm not sure that this is an improvement on [for example] widely implementing
TOR and SSH encryption on all websites and internet connections as standard.
{which requires no new hardware}

That way you have the needle in the haystack problem of determining which
highly encrypted data stream is the one you want, because you can't crack them all.

It does however present a way of adding extra bandwidth, which is always helpful.

"Steganography" is the generic word for the technique of hiding a message inside another message.

See for example:

http://www.strangehorizons.com/2001/20011008/steganography.shtml

http://www.garykessler.net/library/steganography.html

The hidden message can be encoded as spaces (inter-frame gaps) or unused bits in tcp headers, or alpha channels in JPEGs or DICOMs--almost any transmission medium can be so modified. The best kept secret is the one that is in plain view but unrecognizable as a secret. Encrypting text makes it obvious that someone is hiding something, so it's just a matter of time plus RAM to crack the encryption. Whereas plain text folded into a JPEG is detectable only if a someone has reason to think there might be text in the JPEG and start looking for it.

EDIT: I once had a nifty DOS program which would fold text into a BITMAP. As no one uses BITMAPS these days, that in itself would be suspicious, but the principle could be applied to JPEGs or PNGs I'm sure.

Originally posted by moonbus
"Steganography" is the generic word for the technique of hiding a message inside another message.

See for example:

http://www.strangehorizons.com/2001/20011008/steganography.shtml

http://www.garykessler.net/library/steganography.html

The hidden message can be encoded as spaces (inter-frame gaps) or unused bits in tcp headers, or alpha channels i ...[text shortened]... hat in itself would be suspicious, but the principle could be applied to JPEGs or PNGs I'm sure.

All images are (basically) bitmaps, JPEG and GIF refer to compression algorithms. Stenography won't work with JPEGs because they use lossy compression, so either the JPEG won't be uncompressible, rendering the image file suspicious, or the message will be clobbered by the compression algorithm. You could do it with GIFs though as that is a lossless compression algorithm. This does require both the sender and the receiver having copies of the original image the message is put into.

The easiest way to do it would be to XOR the least significant bit of each pixel with a bit from the message, to get 1 bit of message per byte of image. Provided the image does not contain large regions where one would expect neighbouring pixels to be identical (such as the night sky) then the message will be undetectable to a non-suspicious third party.

If there is suspicion on behalf of the third party they may be able to detect the presence of the message. For example using the method I described above would spoil lossless compression which relies on large regions of the image having the same bit value, so the GIF file would be unusually large. In that case it should be possible to extract the message using standard cryptographic techniques. So the message would still need pre-encryption with a hard cypher like AES, or if it's as sensitive as all that a one time pad.

A more sophisticated way of hiding the message would be only to change bytes where the pixel value of the original image is changing anyway. Then one could use 0 for no message bit, 1 to encode message bit value 0, and 2 for message bit value 1. This would make the resultant GIF much smaller and less suspicious at the cost of greatly reducing the size of sendable message per megabyte of image.

Originally posted by DeepThought
All images are (basically) bitmaps, JPEG and GIF refer to compression algorithms. Stenography won't work with JPEGs because they use lossy compression, so either the JPEG won't be uncompressible, rendering the image file suspicious, or the message will be clobbered by the compression algorithm. You could do it with GIFs though as that is a lossless com ...[text shortened]... s suspicious at the cost of greatly reducing the size of sendable message per megabyte of image.

You can erase the need for a reference picture by using a reversible algorithm
to encode the message. Then you only need to know the algorithm used and any
picture can be used to hide the message.

Also, I still mainly use bitmaps. Storage is cheap. 😉

Originally posted by moonbus
"Steganography" is the generic word for the technique of hiding a message inside another message.

See for example:

http://www.strangehorizons.com/2001/20011008/steganography.shtml

http://www.garykessler.net/library/steganography.html

The hidden message can be encoded as spaces (inter-frame gaps) or unused bits in tcp headers, or alpha channels i ...[text shortened]... hat in itself would be suspicious, but the principle could be applied to JPEGs or PNGs I'm sure.

Yes, and this is my problem with this atm.

You have to install special equipment to implement this technique.

As it's not an encryption but a form of stenography, this means that
when you install this equipment you are signalling that you are trying
to send a secret message. So unless this equipment becomes standard,
I don't think this is very practical.

Originally posted by googlefudge
You can erase the need for a reference picture by using a reversible algorithm
to encode the message. Then you only need to know the algorithm used and any
picture can be used to hide the message.

Also, I still mainly use bitmaps. Storage is cheap. 😉

I don't understand how the reversibility of the algorithm will help. I suppose one could simply overwrite the least significant bit of every byte rather than xor-ing, so that the message can simply be read, and thus avoid having to use a reference image. But that would be vulnerable to message detection, since after compression and encryption the message to be hidden would be expected to be similar to a random sequence of bits, but in an image there should be regions where the is a high probability that the least significant bits of neighbouring pixels have the same value. I wouldn't trust that system against a professional cryptographer.

Storage is cheap, but for transmission of bitmaps you'd want to use some sort of compression algorithm. After a quick check .png is lossless, and very frequently used so is ideal.

"After a quick check .png is lossless, and very frequently used so is ideal."

TIFF is also lossless and can be used without or without compression.