Basic Image and Text Steganography and Steganalysis

Oct 21, 2006 by Javantea


Oct 5, 2006

Text steganography 1 version 0.1.1 [sig]
Rubber Spoon 1 version 0.1 [sig]
libsteg version 0.4.4 [sig]

INTRODUCTION

Steganography is the science of hiding information in plain sight. It does not require cryptography, but in modern computation, it is obvious that cryptography is quite likely to be involved. There are a handful of methods of steganography that are well-known but most of them involve taking the least significant bits (lsb) of a large set of data and flipping it to a pattern. Keying the flipping of bits makes for a larger attack surface, but can still be brute forced if the key lacks enough entropy.

It is important that the input picture used for steganography not be available to an attacker because this will allow the attacker to see ~90% of which bits are flipped giving away the secret and plausible deniability. Image generation that is impossible to reverse is a topic that can be discussed in the future. An easy way that would give away intent would be to flip all non-steg least significant bits randomly. A better way would be to design the algorithm around the randomness already present in images.

Read more »

UDP Session Development

Oct 21, 2006 by Javantea

UDP Session Development
by Joel R. Voss aka. Javantea
jvoss@altsci.com
jvoss@myuw.net
Jan 20, 2006

UDP Session 0.4.0d Source [sig]
UDP Session 0.3.3c Source [sig]
UDP Session 0.3.2b Source [sig]

DESCRIPTION

This program connects two computers without having either be a server. It uses "Evasive UDP Session Establishment" originally conceived by Winston Williams and other concurrent developers. The initial idea of the system was to poke holes in a firewall by using UDP's design as a stateless protocol. That way, both computers could consider themselves clients to a remote server. Upon further development, I found that other developers had designed similar systems with different mechanics.

ENCRYPTION

Version 0.3 is encrypted with Blowfish-cbc. This 128-bit encryption is easily considered strong if used with strong passwords. Version 0.3 is statically or dynamically linked to libssl and libcrypt, so their licences apply. I will include the proper licensing agreements in future versions. Since the current version is such a fast release, it makes sense to release it sooner than later. To implement Blowfish-cbc, I created a library which wraps the OpenSSL calls in a way that is easily usable. That library is called SSL Blowfish Wrapper for the time being.

Read more »

« previous