Steganography is the art of hiding things in plain sight. While this isn't a cryptographic thing -- indeed, it can be practiced without cryptography at all -- it is nonetheless something interesting enough that I thought it should be included as an "atom" in its own right.
Perhaps the funniest example (to me, anyway) that I have come across is found in the docs describing how to use SSH (ie, Secure Shell, an app used to securely connect with, and transfer data between, remote computers) -- the docs explain that, while SSH can ensure that data transferred between computers will be safe, they cannot prevent data from being "leaked out" by other means -- such as by encoding data in the sizes of data packets sent by SSH.
A more visual example can be provided by considering a lowly picture format, say JPEG, and observe that each pixel consists of four 8-bit parts -- Red, Green, Blue, and an "Alpha" to indicate how transparent that pixel is (because, hey, if you want to fit 24 bits into the standard 32-bit word that most modern computers use for memory, you might as well do something with that extra eight bits!). If we consider the Red byte, and observe that "0000 0000" gives us absolutely no red, "1111 1111" gives us the darkest red, and overall we have 256 individual shades of red to choose from ... sure, if we consider two shades adjacent to each other, say, one colored "0000 0000" and one colored "0000 0001", or, for that matter, one colored "1011 1110" and one colored "1011 1111", our eyes can tell the difference between the two ... if they were large squares!
But if we make that subtle change for a single pixel, and only do those subtle changes for all the four values that make up that pixel, and then surround that dot with eight other dots, it becomes much harder to spot! And by using this particular technique, each 32-bit pixel gives us 4 bits we can play around with. That doesn't sound like much, but when you consider that a single photo has millions of pixels, we can suddenly hide lots of data!
Naturally, we can wonder: "What does this have to do with Identity Management, besides the obvious role of transferring data underneath people's noses?" The most common use of this technique is to "watermark" visual data, so that someone who publishes an original photo or video can demonstrate later if someone else just copied it.
Steganography has a couple of weaknesses, to be sure. For one thing, if someone knows what to look for, they can find the data using statistical analysis -- but this starts off an "arms race" of sorts, where the person hiding data uses more sophisticated techniques to hide it, while those who are looking for hidden data use more sophisticated statistical analysis to uncover the information. One good example of this is to consider how JPEG uses sophisticated trigonometry as part of its format -- and then consider that data can be hidden in the coefficients of each cosine function used. Another, perhaps more simple method, is to simply encrypt the data you wish to hide -- because every camera has subtle variations in every pixel, and heck, even subtle variations from second to second when each pixel sensor reads data! -- encrypted data becomes indistinguishable from the natural "variance" and "noise" that surrounds us.
Another weakness of steganography is -- for watermarks, at least -- if someone has reason to believe that a photo or video has been invisibly watermarked, and wants to remove that mark, it doesn't matter if the mark is encrypted or not -- all the person has to do to remove the watermark is to hide their own steganographic information into the picture, which would clobber the watermark. This can even happen accidentally, if the image is merely edited and manipulated before it is re-published.
No comments:
Post a Comment