A New Twist On Steganography From The Creator Of BitTorrent
from the secret-message?-what-secret-message? dept
Over the last year, we have learned that keeping things secret as they pass over the Internet is much harder than we thought because of the extraordinary NSA and GCHQ surveillance programs revealed by Edward Snowden’s leaks. One of the problems with traditional encryption is that its opaque text flags up rather obviously that something is being hidden. An alternative approach, known as steganography, tries to get around that by hiding secret messages in other kinds of text or images in such a way that it is not obvious — for example, by changing individual pixels — and therefore does not attract unwanted attention.
Those carrying out surveillance are of course perfectly aware of steganography, and have methods that allow them to inspect files for subtle changes that indicate there are hidden texts. In the usual arms-race fashion, this has now led to the development of a more advanced kind of steganography that hopes to evade those tools. It comes from Bram Cohen, creator of the important file-sharing protocol and software, BitTorrent. His new system bears the dramatic name “DissidentX”; here’s how it works:
Cohen has programmed DissidentX to serve as a customizable framework for steganography that can use any method of tweaking a file from adding spaces at the end of a text file’s lines to adding pixels to a video. But unlike older steganographic tools, those alterations to the camouflage file known as the “cover text” don’t serve as a set of on-or-off bits to encode the secret message. Instead, DissidentX makes the changes such that when the recipient puts the entire file through a cryptographic function known as a “hash” — a transformation that converts it into a unique string of characters — it produces an encrypted version of the sender’s message, ready to be decrypted with the recipient’s key.
As well as this more subtle approach, Cohen’s DissidentX has another big advantage over traditional steganography:
He’s designed DissidentX to allow multiple secret messages to be encoded in an altered file, each of which can only be read with different decryption keys. That means a single text file or video could hold messages intended for multiple recipients, or additional false messages can also be encoded into the file as red herrings.
As the article in Forbes quoted above points out, this could be important for dissidents who face the prospects of being tortured for their decryption key: alongside the real message, kept secret, a dummy text that can be given up to the authorities could be stored as well.
It’s a clever approach, albeit with one drawback: the visible text in which the steganographic message is hidden has to be around 500 times longer than the invisible one. Sending such long texts might in itself draw some attention, but Cohen hopes to reduce that size factor in future versions. In any case, it doesn’t really matter whether or not this particular steganographic system takes off; what’s important is that people like Cohen are coming up with a range of new ways to thwart the surveillance state we find ourselves inhabiting.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: bram cohen, steganography
Comments on “A New Twist On Steganography From The Creator Of BitTorrent”
THIS JERK IS A FRUAD
i have software that does this from the 90’s and i got it from others….
also 6 months befor ehe created bittorrent me and a us military guy on his off time created bandwidth sharing software
i hurt my back he went off to war…it never got published but its still all sitting on th eoriginal hard drive
and this steno software…its part of the united hackers associate file archive….
it had any type a file within images
Re: THIS JERK IS A FRUAD
English MF, ever heard of it?
& why’re you so butt-hurt anyway? After all, IF what you claim is true, it’s only been 20+ years. 😛
I would strongly advice that you try to “Get Over It”, though it’s painfully obvious that if you haven’t by now, you never will.
Cheers! :]
p.s.
p.s. why you think the sicko spies are watching all that porn ..it aint to see what your up to….although some abuses that way occur.
NSA/Steganography
If they already have all the data that is on your computer (and they do,)before you encrypt it using any means possible – is there any point in encrypting the data ?
Re: NSA/Steganography
They do? How’d they get it?
This one is interesting, too, and could be very useful at airports, where they want to search your electronics these days increasingly more often:
http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/
I’d love to be able to input a password on my Android phone, to unveil a “clean” account, while inputting another password would unveil my real account.
good for him! the only thing now emerging from this ‘i want to know all about everyone’ approach the governments have are programs etc to fuck them up. it may not bode well for a defense against terrorism, but surely keeping our rights is?
u mad?
Suck my dick bitches
Other options
I like the addition of extra spaces at the end of the lines, but it seems like you could easily encrypt FAR more data if you made the spaces themselves vary in width. Or maybe vary the distance between each consecutive character in the sentence.
I am not a cryptography expert, but it seems like you could break it down on smaller parts of the original document.
Re: Other options
Given that there is no reasonable reason to do that (variable space widths, character spacing), that would defeat the purpose of steganography.
The whole idea is to hide the existence of the secret message – doing what you suggest would be an obvious flag that something funny is going on. You may as well just send a straight encrypted message if you’re going to do that.
Re: Re: Other options
So I’m obviously not too familiar with this stuff but why are extra spaces at the line end ok, but variable width spaces aren’t?
Do you have any good links that would help explain this a bit more? That Forbes article was pretty basic.
Re: Re: Re: Other options
Because extra spaces at the end of lines happen all the time naturally, in documents that don’t have any hidden messages.
Variable width spaces in between words don’t normally appear in ordinary documents. So their presence would be be a red flag that there may be a hidden message…which defeats the purpose of hiding it.
DissidentX, sounds interesting. I’ll have to check it out.
Explanation is unclear
“a cryptographic function known as a “hash” — a transformation that converts it into a unique string of characters — it produces an encrypted version of the sender’s message, ready to be decrypted with the recipient’s key.”
When I read this my skepticism reached overload. A hash is a one-way mathematical function, and by definition, cannot be decrypted with a key. I figured that maybe it was just Andy Greenberg who misunderstood the algorithm here. That appears to be true, but I will cut him some slack because Bram Cohen’s explanation of this on Github sucks, to be frank. From what I think I understand the algorithm to be, it is rather clever. It does go to show that sometimes smart people don’t have the ability to explain well what they know.
I haven’t read the code yet, only the textual notes. So, this may not be correct, but here goes.
The elements are:
-cover text, for which there exists a set of short alternate segments. For each of these segments there is a single alternate which makes as much sense as the original.
-A shared cryptographic key.
-a value, which is the message to be hidden.
-SHA3 cryptographic hash algorithm
-a custom stream cipher which is a variation of AES in Output FeedBack mode (OFB). An important aspect of the algorithm for this stream cipher is that the set of segment alternates can be found, by the “encoding” portion of the program, that, with the chosen key, will produce the desired value (the message) as the first part of the encrypted output of the cipher.
The first step, for the sender, is to encrypt the cover text with chosen alternates using the shared key and an initialization vector (what Cohen is calling the salt), and AES in OFB mode. This initialization vector is created by using the first 4 bytes of the SHA3 hash of the chosen cover text.
There is a packing step which adds a length prefix and a checksum. The resulting data can be posted on a public website.
The message receiver will also have the shared key and can apply the custom stream cipher to reveal the message.
There are some details which I am still unclear about. I am not a cryptologist, so I cannot evaluate this scheme.
Re: Explanation is unclear
I had a look at the code, and it doesn?t do anything that can be described as ?decrypting a hash? (thankfully). It uses SHA3-256 to compute a hash to guard against modification (malicious or otherwise) of the encrypted message?pretty standard practice for encryption algorithms.
Re: Explanation is unclear
Well, if it’s anything like the version I thought up independently, the algorithm only uses a limited number of bits of the result of the hash function, enabling a brute force search to (sometimes, since there is no reason, except statistics, to expect that this would be possible) invert what would ordinarily be, as you said, an uninvertible function.
(In addition, one would probably prefer to use SHA256 nowadays instead of SHA3, since fast hardware is readily available to accelerate such an inversion of SHA256 — namely, any Bitcoin mining setup.)
I’m off to check it out. I hope his work is an improvement on my own — it’ll save me a lot of trouble getting my own into publishable form.
Re: Re: Explanation is unclear
I think he?s using SHA-3 because that?s the anointed new trendy hawtness from NIST. Though it has to be said that the long-expected weaknesses in SHA-2 have failed to show.
Re: Re: Re: Explanation is unclear