Re: Q: Stegoanalysis



On 02/10/2010 17:20, Mok-Kong Shen wrote:
Francois Grieu wrote:

It depends tremendously on the data subjected to steganographic
injection.
If that data is purely random bits, one can substitute 100% of
the bits with encrypted data and that's demonstrably undetectable
under realistic models.
For photographic data things depend tremendously on the nature of
the source image, sensor, postprocessing, compression format, and
the best model the steganalyst can have of the above. I know no
proof or strong argument for an undetectability bound in some
realistic model (but I want to learn). [snip]

But everything in crypto is "practically" a matter of probability,
isn't it? A good block cipher's key could theoretically be found
via brute force, for example.

If one use strong crypto (e.g. AES-128 with appropriate mode and
implementation), one can rest assured that the message is undecipherable
to an adversary with 2^80 AES computing power and current knowledge,
except for a 2^-48 residual chance. By contract, I know no stego system
for photos originating from a camera (or anything making a practical
cover) that can offer a quantifiable level of trust, even a much lower
one.

As the ratio of embedding gets smaller,
the risk of detectability naturally must asymptotically approach
zero, IMHO.

I disagree with that. To take an extreme counterexample, if the camera
was designed to includes a CRC of the image data stuffed in a comment
field (many formats including JPEG allow comments), and the stego
software ignores it, but the steganalyst knows, any alteration no matter
how small could be detected with high probability.

More generally, something that the steganalyst knows on the allegedly
original file's construction (like pre-filtering, exact algorithm of DCT
transform or quantization or Huffman-like encoder), and the stego
software does not take into account, can allow the steganalyst
to recognize those files that have been altered by a stego software.
That may even work quite well for unknown stego software.
My original post asked whether there is some known fairly
"useful" (by the user) lower limit of detectability of state-of-the-art
stegoananalytic techniques in respect to (simple) pseudo-random
embedding schemes.

As far as I know, there is no such limit. I've never read a scientific
publication giving credible arguments of security (in the sense that
use of stego is hard to detect) under the assumption that the apparent
messages are files taken from a camera. If there is such article, I want
a reference!

I imagine quantifiable undetectability could be possible for images
encoded with an algorithm known in detail or hypothesized, but the above
arguments (CRC, or detail of the Huffman-like encoder) show that it
can't be done for unspecified camera.


Francois Grieu
.