back to article New steganography technique relies on letter shapes

A trio of Indian researchers have proposed a method of steganography which hides messages in by using non-random distribution of letters with or without straight lines. Steganography is a group of techniques for hiding messages in plain sight. Microdots, tiny text written inside a full stop and only legible when magnified, are …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Yeah, who could possibly tell that a random-appearing string of characters could hide a message??

    I also propose a novel scheme where a straight vertical line represents a 'one' and a slightly elliptic round thing standing on one end represents a 'zero'.

    1. Michael H.F. Wilkinson Silver badge
      Joke

      Re: Yeah, who could possibly tell that a random-appearing string of characters .....?

      And besides, a random appearing string of characters might be a program in Perl

      1. Nexox Enigma

        Re: Yeah, who could possibly tell that a random-appearing string of characters .....?

        """And besides, a random appearing string of characters might be a program in Perl"""

        The ultimate form of steno is, of course, hiding your message in a Perl script which prints 100 Bottle of Beer, by all of the same methods that can be made to make that script look like a row of beer bottles.

        Then you post the script to a suitable newsgroup, and your secret communications are complete.

  2. Anonymous Coward
    Anonymous Coward

    By definition

    A binary quantity can only have one of two values not "0, 1, 10 or 11".

    Who knows what the approved name of a variable with four possible values is?

    I know trinary is three, but does a four value variable follow Greek or Roman naming?

  3. Anonymous Coward
    Anonymous Coward

    I'll answer that

    http://english.stackexchange.com/questions/25116/what-follows-next-in-the-sequence-unary-binary-ternary

    But they don't have 'Trinary' in their lists so how reliable are they? ;-)

    1. mike 32
      Headmaster

      Re: I'll answer that

      Ternary is the correct term, trinary a misconception/mistake.

      Dunno about quadrenery/etc.

      1. batfastad
        Happy

        Re: I'll answer that

        Quaternary?

      2. Eddie Edwards
        Happy

        Re: I'll answer that

        Yesss ... and the "correct" term for octal is "octary" while the "correct" term for decimal is "decary".

        One should recall that dictionaries reflect usage, not vice versa.

  4. Anonymous Coward
    Anonymous Coward

    Why bother with steganography?

    The dog is out of the doghouse.

    Pavlova with prunes is frequently in need of amperage.

    Speak purple mice with naughty emphasis.

    minimum safe distance!

    1. Michael H.F. Wilkinson Silver badge
      Joke

      Re: Why bother with steganography?

      Amanfrommars, is that you?

  5. jake Silver badge

    ::rolls eyes::

    This kind of security Has Issues which are obvious to Security folks.

    I think Someone needs a trifle more education.

    Before you poo-poo me, Understand that Lateral thinking Links Somewhat sophisticated Homegrown Intelligence Technology.

    (As a question for amfM, how'd I do?)

    1. amanfromMars 1 Silver badge

      Re: ::rolls eyes:: ......... and who believes in random chaotic coincidence ...

      ..... as opposed to SMARTer PreTextual Planning?

      Hi, jake,

      There is not much, and some would even be brave and bold enough to share that there is nothing that anyone or anything* can do [*well, we are told that we do have machines now apparently programmed and supposedly able to make better strategic and tactical decisions for machine minders/humanised operators] to defeat Good Steganography. Anything and everything which may be bad though, is quite a different matter and will be full of luscious holes and exploitable zerodays and be an endless treasure trove of compounding riches.

      Spookily enough, there is further parallel mention of such novel disruptive and constructive/irregular and unconventional views just shared this weekend here ......Posted by amanfromMars, March 18, 2012 12:06 AM …….. on http://www.schneier.com/blog/archives/2012/03/on_cyberwar_hyp.html

  6. frank ly

    Surely ....

    .... this is just a very inefficient substitution cypher?

  7. Charles Martin

    Sadly, this new scheme was

    invented by Francis Bacon sometime around 1600. http://en.wikipedia.org/wiki/Bacon's_cipher

    1. Spiracle

      Re: Sadly, this new scheme was

      Have you just invented 6 degrees of Francis Bacon?

    2. TRT Silver badge
      Headmaster

      Re: Sadly, this new scheme was

      And a numeric cipher has existed in Arabic since well before that, for example the Sufi code. Bacon was known to study various middle eastern philosophies - as did many other members of the RI.

  8. Wilhelm Lindt
    Boffin

    The secrecy of a steganographic technique is not important if the encoded data is also encrypted.

    1. Just Thinking

      The point of steganography is that the enemy don't even know there is an encrypted message so they leave you alone rather than locking you up/torturing you/kidnapping your family to force you to give up the keys.

      If you "hide" your message in a bunch of random meaningless text, you are wasting your time with the stego part because it is fairly obvious that the message has a hidden meaning. You might as well use Base 64.

      1. Eddie Edwards
        Black Helicopters

        Ah yes, but don't the laws hinge on there being "a decryption key" that you're refusing to hand over? If they can't prove that there *is* a decryption key, I wonder what happens. And does a desteg application count as a "key"? What if you use a memorized manual cipher that's known only to you? What if you *claim* to use a such a cipher? :)

        (I know you're talking more generally, but I mean within the confines of the UK's "hand over your keys or go to jail" laws, which gives a good example of the kind of oppressive regime where the people are "the enemy" and can be legally coerced into self-incrimination, but where the letter of the law still counts for something.)

      2. Anonymous Coward
        Anonymous Coward

        Course, going to the trouble of kidnapping a family or torturing someone to decode a base64 hash would be pretty much pointless, seeing it's not actually encryption!

        Bugbear of mine, sorry!!

        1. mangobrain

          I think the reference to Base64 was intentional - the point being that this "steganography" technique appears to make it so obvious that there's a hidden message in the text, it is no better than using pre-existing bog-standard encodings to carry your raw binary data (encrypted or otherwise). This new technique is not steganography in the same way that Base64 is not encryption.

          Disclaimer: I haven't actually read the paper. For all I know, the article may be an over-simplification, and there may actually be something to it.

  9. Anonymous Coward
    Anonymous Coward

    This is new?

    I thought I read about using the first letter of each sentence for steganography decades ago?

    If you have a throughput of one bit per sentence you need to generate a lot of text to cover it. It will be too boring to do that by hand, but machine-generated text is obviously machine-generated, so it's obvious what you are up to. Fail.

    1. Anonymous Coward
      Anonymous Coward

      Re: This is new?

      I'm totally reading this as the type of 'stenography' that a child comes up with and hides messages in the first character of the line. You know... to spell BOOBIES down the page :P

      I suspect the next thing is to write a message in an ink eraser on the back of your homework saying the teacher smells!!

      1. SYNTAX__ERROR
        Happy

        Re: This is new?

        Also the kind of 'steganography' that got James May fired from Autocar magazine.

  10. volsano

    Short messages only

    This may work for short, provided both the sender and recipient have secretly agreed the code.

    We might agree that any text message that begins with a vowel contains secret text. The NSA can analyse the preceding 100 messages and decide there is nothing hidden (or have erroneously uncovered a decoy steganographic scheme).

    Then I send:

    Are you well? Hope the cold is better. Cheers!

    And BOOM -- the terrorist attack is GO.

  11. Anonymous Coward
    Anonymous Coward

    Then email the message using neutrinos

    We don't want to draw attention to the message just because the sender and receiver are known.

  12. Torben Mogensen

    Not real steganography

    "Real" steganography is hiding a message in an already constructed text or picture in a way that does not obviously change that text or picture. What is described is a form of cryptography.

    Text steganography could, for example, be by varying the amount of space between words to encode a hidden message: On the surface, the text is unaltered and looks perfectly natural, but there is a message hidden. If you actually have to construct a message specifically to encode the message, it is not really steganography -- it is just low-density cryptography similar to texts where the initial letters of the words encode a message or texts where the length of the words encode digits (like "How I wish I could recollect pi. "Eureka!" cried the great inventor: Christmas pudding, Christmas pie, is the problem's very centre"). The challenge of these is to make the text seem natural, while it has to obey non-trivial constraints. Real steganography should have no such constraints, but be able to encode any text (or picture) to hide a message.

  13. John Smith 19 Gold badge
    Unhappy

    Disappointed

    I'd thought they'd come up with some neat trick to alter the characteristics of individual fonts or instances of font in a PDF file.

    If you open a file of *known* format in the relevant reader and your first reaction "this is nonsense" then it's pretty obvious it's a)random file done for the LOLz b)encoded message.

    BTW the very first Mission Impossible is about trying to find the key used to separate a message page photographically combined with a random image.

    As others have notes that is *proper* steganography.

  14. bonkers
    FAIL

    Outraged

    As many have noted, this cannot correctly be described as steganography, unless the resulting text is readable and "not unusual". Stego must encode TWO messages, the obvious, and the secret. If it produces junk text, its so obviously time to reach for the rubber hoses.

  15. Anonymous Coward
    Joke

    "...but it cannot be decoded until a user is not aware about these approaches"

    Sounds ominous for the poor decoders: you need to render them "unaware" of these approaches?

  16. SYNTAX__ERROR
    Boffin

    Maybe...

    This author's copious mistakery and extant erroneousness is really just a clever steganographic technique?

    I wonder if there is a prize for decrypting it...

    1. Ryan 7

      Re: Maybe...

      You should ask John Forbes Nash what he thinks about that

  17. Anonymous Coward
    Anonymous Coward

    How is this cutting-edge research?

    Steganography without cryptography is not something I'd use to do anything more serious than trying to fool a 10-year-old.

    "it is essential to keep the application of a particular approach to a particular data set secret, while using them."

    Ecuritysay oughthray obscurityway is upidstay.

  18. Chris Phillips

    I'm sure this was in one of my Johnny Ball Reveals All books I used to have when I was a kid, along with other codes like "ISISISISISISISISISIS" = Tennis and POTOOOOOOOO = Potato. Clever stuff! For an 11 year old.

  19. LawLessLessLaw
    Boffin

    Is that how you get a degree these days ?

    Still, they are better than some of the Comp-Sci graduates I've interviewed.

  20. Maninthemoon101010

    There's more to this than meets the eye

    This is so plainly a ueless form of cypher (see numerous comments above) that it's totally implausable that a team of researchers in the field (with multiple papers behind them - these are not 1st year undergrads) would not know the weaknesses.

    So what the hell is going on?

    Like 'Disappointed' above, I thought this was a cunning way to hide messages in individual font shapes, which would be very cool, but is awkward in PDFs.

    If it's not that, then what?

    I wonder if they are really onto something much more clever, but had to yank the paper at the last minute at the request of some 'special' people. I've been there and you finish having to dash out something feeble to fill the gap.

  21. PowerSurge
    Pint

    The key feature of steganography is plausible deniability. I played with stegFS whilst linux 2.2 was still current. Sadly no more: http://www.mcdonald.org.uk/StegFS/ but still interesting.

  22. nemo20000
    Unhappy

    I just invented this

    Make a handwriting font with four versions of each letter. Write an innocuous letter. Hide actual message two bits per character by the choice of letterform. Receiver OCRs the result and extracts the 2 bits per character.

    There, we are now ALL in possession of information that may be of use to a terrorist. :-(

  23. Muckminded

    Halo Crypto

    Thought this up a few years back, maybe it's been done elsewhere. It's a combination of encryption and stego (the stego is actually the least novel part):

    - Users have 3D-modeled scenes in which letters or symbols are dispersed spatially (could also be dispersed along a timeline)

    - There can be as many instances of a given letter as desired

    - Any number of other 3D objects can be in place

    - The encryption involves using coordinates and orientation information to have a ray intersect any of the letters or symbols

    - The coordinates can then be added as lowest value bit information to image formats, or any other common steg technique

    Pro: can have near infinite number of coordinates referring to the same letter or symbol.

    Con: anyone having access to the original 3D data can decipher.

    Maybe it's something new, probably not, thought I would chuck it out there.

This topic is closed for new posts.