Maybe no stego on eBay afterall

Peter Wayner pcw2 at flyzone.com
Fri Jul 19 13:55:05 EDT 2002 

At 10:34 AM +0200 7/19/02, Hadmut Danisch wrote:
>On Thu, Jul 18, 2002 at 10:49:58AM -0700, Nelson Minar wrote:
>>
>>    Chet Hosmer ... said that in his research, very few messages on eBay
>>    show signs of being infected by terrorists. About one in 100,000
>>    pictures "appears suspicious," but a much smaller number -- "one in
>>    every 15 to 20 million files" -- is "something that we really
>>    believe is a real hidden message."
>>
>>  I wonder which it is? 0.6%? Or one in every 20 million files? Either
>>  way, they're not giving out any examples. I bet they're still spending
>>  the Air Force's money to do the study, though.
>
>
>What's the hamming distance between eBay pictures/messages
>"containing" stego contents?
>
>What's the probability that a random, clean picture is
>falsely tested positive? How many "unusual" bits does it take
>to make a picture appear as being a stego pic?

You can draw the line anywhere you choose. You want more positives? 
You just move the bar. You want less? You move the bar. The mechanism 
is scientific, but it's also based on statistics and it's impossible 
to predict what kind of image will carry what length message.

The basic scheme is very simple. Generally the inserted message has 
higher entropy than the raw LSBs of an image. So the entropy of the 
picture/message combo should be higher than the picture alone. So you 
look at the entropy and choose all images that pass a threshold. You 
can do better by using your understanding of normal images to create 
more sophisticated statistics. But there's little you can do about 
large images and small messages. As the proportion of changed pixels 
drops, the statistics end up closer and closer to the norm.

So even though there's some cool science in the process, there's no 
scientific way to draw the line.

-Peter

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list