Tuesday, March 21, 2006

About OutGuess ... (part 1): N. Provos


OutGuess by Neils Provos
Offical Website: www.outguess.org


Niels Provos & Peter Honeyman 在 2001 年CITI 的技術報告, 還有 2002年 ISOC NDSS'02 研討會論文 "Detecting Steganographic Content on the Internet" 中是這樣描述 OutGuess 的:
[ P.5 ]
 OutGuess is a steganographic system available as UNIX source code. There are two released versions: OutGuess 0.13b, which is vulnerable to statistical analysis, and OutGuess 0.2, which includes the ability to preserve statistical properties and can not be detected by the statistical tests used in this paper.

 OutGuess is different from the systems described in the previous sections in that its chooses the DCT coefficients with a pseudo-random number generator. A user-supplied pass phrase initializes a stream cipher and a pseudo-random number generator, both based on RC4. The stream cipher is used to encrypt the content.

 Because the modifications are distributed randomly over the DCT coefficients, the X²-test can not be applied on a continuously increasing sample of the image. Instead, we slide the position where we take the samples across the image.

 For OutGuess 0.13b, we do not find any clear signatures. Figure 7 shows the probability of embedding for a sample image. The spikes indicate areas in the image where modifications to coefficients cause departures from the expected DCT coefficient frequency.


Figure 7: OutGuess 0.13b is more difficult to detect. Due to the random selection of bits, there is no clear signature.

上面這張圖是論文的 Figure 7, 將整張影像切割成 100 等份(橫軸), 每一等份都用 Chi-Square Attack 去估算嵌有機密訊息的可能性(縱軸)。由於 OutGuess 隨機地將資料分散在整張影像之中, 因此, 分別在這 100 份的部分影像所計算出來的可能值, p, 大小是不固定的, 可以說毫無特定特徵(signature)可言。因此, 相對於 Jsteg/JSteg-Shell 與 JPHide 來說, 隱藏在整張影像的機密訊息是較難被偵測出來的。

Niels Provos and Peter Honeyman, "Detecting Steganographic Content on the Internet,"ISOC NDSS'02, San Diego, CA, February 2002.

No comments:

Post a Comment