Sunday, November 04, 2007

關於 Jsteg 的點點滴滴 (七) : N. Provos


這張圖出現在 Niels Provos & Peter Honeyman 的 2002年 ISOC NDSS'02 研討會論文 "Detecting Steganographic Content on the Internet" 中 ( Figure 4, P. 4 )。原文是這樣描述的:
 Figure 4 shows the result of the X²-test for an image that contains information hidden with JSteg. In this case, the first chapter of “The Hunting of the Snark” has been bzip2 compressed prior to embedding. The low probability at the beginning of the graph is caused by the dictionary at the beginning of a bzip2 compressed file. The dictionary does not look like encrypted data and is not detected by the test.
這邊提到 bzip2 這個壓縮軟體, 作者先將機密訊息 “The Hunting of the Snark” 的 第一章內容 用 bzip2 壓縮至 15 KB, 然後用 Jsteg 將其藏到影像中。由於 bzip2 壓縮檔的檔頭存放著解壓縮時需要用到的 dictionary, 因此在 Figure 4 的最左端 - 約 5% 的影像 - 用 X²-test 所得到的 p 值並不像 5% ~ 25% 區間的 p = 100% 那麼高。


Figure 5: Using JSteg-Shell with RC4 encryption causes the probability of embedding to be high for all embedded data.

這張圖則是針對 Jsteg-Shell stego-image 分析所得到的結果。原文描述如下:
 JSteg-Shell is a Windows user interface to JSteg developed by Korejwa. It supports encryption and compression of the content before embedding the data with JSteg. JSteg-Shell uses the RC4 stream cipher for encryption. However, the RC4 key space is restricted to 40 bits.

 When encryption is being employed, we expect the probability of embedding to be high at the beginning of the image. There should be no exception.

 An example of JSteg-Shell is shown in Figure 5. Just observing the graph allows us to determine the size of the embedded message. Later we show how this can help to improve the automatic detection of steganographic content.
JSteg-Shell 在隱藏前, 針對機密訊息提供壓縮和加密的功能。因此, 沒有意外地, Figure 5 從一開始就有很高的 p 值。觀察上圖, 我們很容易就可獲知嵌入的資料量, 這項資訊可以用來改善自動偵測隱藏的訊息。

Niels Provos and Peter Honeyman, "Detecting Steganographic Content on the Internet,"ISOC NDSS'02, San Diego, CA, February 2002.
 

No comments:

Post a Comment