At 04:23 PM 01/25/2000 -0600, I asked:
>>With this model there is no problem in making everyone aware of where to
>>look for cover traffic with stego data in it.
>
>Has anyone actually built a steganographic system that has achieved this?
Okay, I've seen a half dozen messages saying "it's no problem to do this"
but I still haven't seen anyone point to a worked example.
This is undoubtedly one of those cases where the proof of the pudding is in
the eating -- can we build an actual system in which the attacker can't
tell whether a digital file contains setganographic data or not? Does the
system hold up against the efforts of the crypto community to attack it?
The theory's pretty clear from 10,000 feet: we can adjust the statistical
properties of the stego'ed data to match those of the covering data. I'm
just skeptical about how well a practical, open-algorithm implementation
will fare against knowledgable attackers.
It sounds like there are a number of interesting design questions. For
example, the sender and recipient must obviously share a secret key. What
other secrets must they share? For example, does it make sense to share
some representation of the encoding strategy, since the strategy must vary
to match the statistical bias of the underlying data? If so, is there some
way the attacker can exploit that representation to systematically search
for stego'ed data?
I think the problem sounds even more challenging than the design of a good
cipher, especially as you try to pump up the bandwidth. The community
probably needs to design a few and crack a few before the design criteria
are well enough understood to build a really successful one.
Rick.
[EMAIL PROTECTED]
