Maybe no stego on eBay afterall

Hadmut Danisch hadmut at danisch.de
Sat Jul 20 07:30:16 EDT 2002 

On Fri, Jul 19, 2002 at 01:55:05PM -0400, Peter Wayner wrote:
> 
> You can draw the line anywhere you choose. You want more positives? 
> You just move the bar. You want less? You move the bar. 



That's the point.

(As a European, I'm in the temptation to ask what's the
most US-patriotic position for the bar...)

Most (all?) statistical stego detection algorithms report
false positives with a given (hopefully known) probability.
So if you take a collection of just enough pictures you'll
always have a chance to find positives, and ebay is some
sort of "enough".

A more serious way to detect stego on ebay would be to have
a comparable database of clean images, and to show that
algorithms report significantly more (or less???)
stego-suspicious pictures than in the comparison database
(or than the expected probability of false positives in
pictures of that kind).

But how to build a comparable database? Or how to 
determine the probability of false positives? Maybe someone
at ebay used the same digital camera with a different firmware
version or a different program to colorcorrect/shrink the
images, and the comparison database doesn't compare anymore?

Maybe the author of the picture used some kinky method of
watermarking. A watermark is a kind of stego information.

If you sell at ebay, you can give a picture which is processed
by some image processing software at ebay. Maybe this software
causes some statistical turbulences?

I don't believe such stego claims before I see what kind of
statistical evidence was found or a real message was found.

(BTW: Does anybody know a statistical method to distinguish
stego used by terrorists and that used by other persons?
Wouldn't life be easier if we all could just agree that 
stego used for harmless purposes is restricted to the least
significant bit while terrorists use the second least
significant bit?)

Hadmut





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list