integrating GPG with deniable steganography

[Florian Weimer]

	"Matthias Urlichs" <smurf@noris.de> writes:

> Hmm. Don't most crypto algorithms just look like random bits when you
> don't have the key?

Yes, but random bits are suspicious because they are very rare under
normal circumstances.

> Therefore, a stego algorithm which replaces the lower bit of a noisy
> audio or video file should be perfectly safe, assuming (a) that lower
> bit is truly random, and (b) nobody can get at the original image.
> 
> (b) is not always easy, but essentially a solved problem. (a) isn't
> quite that simple, but IMHO still much further along than early crypto.

'Not quite that simple' is an understatement.  In order to hide random
bits in some data which looks like noise, it still must look like the
same kind of noise after the hiding operation.  Now noise which occurs
in practice is never truly random.  Therefore, we need some noise
model which characterizes the noise, and using this model, we can
check if the modified noise with the hidden data still matches the
model, i.e. it's hidden according to the given noise model.  The
fundamental problem with this approach is that a better noise model
than ours defeats our attempt at data hiding, regardless of the noise
model being used.  Developing a better noise model is certainly
simplified if the original noise model is made public, so
steganography at this point involves quite an amount of security by
obscurity.

In this scenario, we win only if our noise model is better than any
our opponents are able to come up with, and it's hard to believe
that we're able to outperform government agencies in this area, for
example.