Forgot your password?
typodupeerror
Communications Encryption

BitTorrent's Bram Cohen Unveils New Steganography Tool DissidentX 124

Posted by timothy
from the what-does-this-guy-know? dept.
Sparrowvsrevolution writes "For the last year Bram Cohen, who created the breakthrough file-sharing protocol BitTorrent a decade ago, has been working on a tool he calls DissidentX, a steganography tool that's available now but is still being improved with the help of a group of researchers at Stanford. Like any stego tool, DissidentX can camouflage users' secrets in an inconspicuous website, a corporate document, or any other, pre-existing file from a Rick Astley video to a digital copy of Crime and Punishment. But it uses a new form of steganography based on cryptographic hashes to make the presence of a hidden message far harder for an eavesdropper to detect than in traditional stego. And it also makes it possible to encode multiple encrypted messages to different keys in the same cover text."
This discussion has been archived. No new comments can be posted.

BitTorrent's Bram Cohen Unveils New Steganography Tool DissidentX

Comments Filter:
  • Bram Cohen (Score:5, Insightful)

    by vikingpower (768921) <exercitussolus@NOspaM.gmail.com> on Thursday January 16, 2014 @10:19AM (#45976057) Homepage Journal
    deserves a medal.
  • Svefg cbfg! (Score:5, Funny)

    by Grantbridge (1377621) on Thursday January 16, 2014 @10:19AM (#45976059)
    Svefg cbfg!
  • Actual Link (Score:5, Informative)

    by steamraven (2428480) on Thursday January 16, 2014 @10:23AM (#45976093)

    Come on guys! At least post a link to the project.

    https://github.com/bramcohen/DissidentX [github.com]

    • by gstoddart (321705)

      Now there's going to be some download logs closely scrutinized by intelligence agencies.

      Because, if you have nothing to hide you have nothing to fear, right? So if you've got something to hide, you must be guilty of something.

      *sigh*

    • I'm curious what the actual "expansion ratio" is. I.e., if you want to encrypt N bytes in a cover-message of M bytes, how many bytes do you actually need to store/transmit?

      • by godel_56 (1287256)

        I'm curious what the actual "expansion ratio" is. I.e., if you want to encrypt N bytes in a cover-message of M bytes, how many bytes do you actually need to store/transmit?

        From TFA:

        "Even with Cohen’s clever hashing trick, the cover text for a secret message must be much larger than that message itself. Cohen suggests a file five hundred times as large as the secret message to encode communications without raising suspicions."

  • by Anonymous Coward

    It's probably better to work on this kind of thing in silence until it's released...

  • "Baron Cohen Unveils New Steganography Tool DissidentX"

  • by Anonymous Coward

    If you're a whistleblower and use proprietary software, you're braindead. Might soon all dead...

  • To the typical user it just looks like a random bunch of ones and zeros.

    01101110 01101111 00100000 01101101
    01101111 01110010 01100101 00100000
    01110011 01100101 01100011 01110010
    01100101 01110100 01110011

    • To the typical user it just looks like a random bunch of ones and zeros.

      01101110 01101111 00100000 01101101
      01101111 01110010 01100101 00100000
      01110011 01100101 01100011 01110010
      01100101 01110100 01110011

      Nah, only morons openly represent encoded stuff exposed. Concealing real encodings takes stenography...

      FTFY.

  • tool? (Score:3, Interesting)

    by Anonymous Coward on Thursday January 16, 2014 @10:40AM (#45976269)

    This does not even have tests. Barely any project-like organization. Just a bunch of python scripts hobbled together. Seriously, this is barely v0.1 material.

    Call it a proof-of-concept, an experiment, anything. But not a tool.

    • From the first lines of the first file on Github:

      def x(m1, m2):
      assert type(m1) is bytes
      assert type(m2) is bytes
      return (int.from_bytes(m1, 'big') ^ int.from_bytes(m2, 'big')).to_bytes(len(m1), 'big')

      assert x(x(b'abc', b'def'), b'def') == b'abc'

      Maybe that was added after you posted. Note that it ostensibly has a 'test' (assert) but with functions named h(), x(), I find the code very unfriendly indeed.

      • I had a look at the rest of the code. Granted, it's a tad better than what you posted, but it is still ridiculously amateurish... He should definitely submit some of it here [stackexchange.com].
  • What is it with all the dinosaur porn lately? Stenography probably predates the first man-cave, and was probably responsible for early advances in inter-cave communication.
  • Leak Tracking (Score:5, Insightful)

    by guttentag (313541) on Thursday January 16, 2014 @10:42AM (#45976287) Journal

    But it uses a new form of steganography based on cryptographic hashes to make the presence of a hidden message far harder for an eavesdropper to detect than in traditional stego.

    I think steganography is far more likely to be used to track the people who leak information. When information gets out that was apparently available to multiple people, the leaker may not realize that his copy had a specific steganographic signature that identifies him as the source. It could be a pattern of extra spaces or line breaks in the code of document that he doesn't even see. The increased availability of the technology will likely mean smaller companies or government agencies will use it to suppress leaks.

    • by milesy20 (94995)

      Wouldn't this concern be nullified if the original leaked documents are even slightly changed prior to release? From what I understand, any modification would render any encrypted messages unreadable...

      • by MobyDisk (75490)

        No necessarily, because guttentag is really talking about watermarking, not steganography. You can watermark a document in such a way that the reader cannot detect the watermark (unless the compare theirs to the original). The watermark is retained even during (most) modifications. For example, a misspelling can be a watermark. Even if it is modified, so long as one or more misspellings remain, the watermark can be identified.

        • by Monoman (8745)

          What about converting to another file format before passing along the data?

          jpg ---> png
          doc ---> pdf
          pdf --> screenshot ---> ?

          • by kagerato (2920999)

            That would remove nearly all steganography during the encoding phase, since the encoder doesn't care much about seemingly insignificant bits (like the low-order, high-entropy bits of an RGB image).

            As the person you replied to pointed out, tracking is more about clever watermarking. Watermarks will not necessarily be removed by encoding to a new format. For text, patterns of spelling or mis-spelling will be preserved. Whitespace may or may not be preserved, depending on the source and target formats. Ima

      • by guttentag (313541)
        You would have to know where the signature was. If the document was distributed to a few dozen people, a single character could be used to identify which one leaked the document. It could be a punctuation "mistake" or any number of other minor things you wouldn't think to change. It could be a different thing that is changed in each version (in John's copy there is an extra space after the end of the first sentence, but in Jane's copy there is an extra space after the second sentence, etc.).
    • You can nullify that by doing an N-way merge of the document with the N people that received it.

      • by kaiser423 (828989)
        That then requires N people to be in on the leak, making the bar to anonymously leak information even higher. Still doesn't stop a Snowden though :)
        • An authority like Wikileaks can do the N-way merge for you.
          Just upload the document to Wikileaks.
          And supply the parameter N (meaning you don't want it published if the merge uses less than N documents).

          Of course, you should then trust that the others uploading the document are not working against you.

    • Re:Leak Tracking (Score:4, Interesting)

      by girlintraining (1395911) on Thursday January 16, 2014 @12:42PM (#45977605)

      I think steganography is far more likely to be used to track the people who leak information.

      You've got the right idea, but you're not connecting all the pieces of the puzzle to answer how. Allow me: You know that massive data center the NSA is building to basically "download the internet"? Well, as it turns out, the overwhelming amount of traffic on the internet is just a copy of something else. Translation: If you compressed it you'd get some amazing compression rates. Here's the thing about steganography that is going to fuck most people who try to use it: If they ever find the original file that you used pre-stego, a simple binary comparison will reveal the alteration. In other words, if you use any publicly available image, document, etc., and then "stego" it... an adversary like the NSA can programically detect this. Plausible deniability goes right out the window.

      The increased availability of the technology will likely mean smaller companies or government agencies will use it to suppress leaks.

      This is something separate from steganography. What you're talking about is watermarking, and it's something color printers already do -- the serial number, username, time, etc., is encoded in yellow microdots on all pages. It was originally implimented to assist in anti-counterfeiting measures, but has since expanded to cover "national security" interests. And by that, I mean tracking down political undesireables and neutralizing them.

      • by Anonymous Coward

        I think steganography is far more likely to be used to track the people who leak information.

        You've got the right idea, but you're not connecting all the pieces of the puzzle to answer how. Allow me: You know that massive data center the NSA is building to basically "download the internet"? Well, as it turns out, the overwhelming amount of traffic on the internet is just a copy of something else. Translation: If you compressed it you'd get some amazing compression rates. Here's the thing about steganography that is going to fuck most people who try to use it: If they ever find the original file that you used pre-stego, a simple binary comparison will reveal the alteration. In other words, if you use any publicly available image, document, etc., and then "stego" it... an adversary like the NSA can programically detect this. Plausible deniability goes right out the window.

        Why would you use something already public as the carrier? Just encode your secret payload into a video you just made of your cat playing with a piece of string, and then delete the original video. Now nobody can diff your carrier file.

      • by kagerato (2920999)

        Your first point/paragraph is why steganography can't replace good encryption as a data hiding technique. Steganography is much older than strong cryptographic encryption, but likewise it is much more limited in its capacities. When one relies on steganography, that person is taking a gamble that the method of data obscuration is never discovered. With encryption, assuming the algorithm is actually cryptographically sound, the discovery of the algorithm and even its specific implementation is not a big c

      • Here's the thing about steganography that is going to fuck most people who try to use it: If they ever find the original file that you used pre-stego, a simple binary comparison will reveal the alteration.

        Bullshit. Useless to try hampering all the stenographic wrapper resources. Origin's not generally your only usecase. Lossy artifacts may encode representations.

        Well, how about that? A stenographic insult lays lexically yet most other readings offer none.

      • by Tom (822)

        Here's the thing about steganography that is going to fuck most people who try to use it: If they ever find the original file that you used pre-stego, a simple binary comparison will reveal the alteration. In other words, if you use any publicly available image, document, etc., and then "stego" it... an adversary like the NSA can programically detect this.

        If you are stupid, yes.

        If you are not stupid, you copy the image, crop it a bit, apply some filter and re-encode it. There goes your programmatic detection.

      • It's simple. First, come up with a type of picture that you can plausibly send around. Ideally, acquire cats. Second, take your own pictures. Third, embed your message in the picture. Fourth, send out the picture that contains the message. Make sure the original never leaves your own possession, and never ever reuse a picture. Find different cute positions for your cats instead.

  • by Tangential (266113) on Thursday January 16, 2014 @10:48AM (#45976339) Homepage
    I'd like to see someone come up with a steganographic RAID-ish storage volume. I'd like a driver that scattered encrypted data throughout my media files but presented that data as an updateable storage volume. It would need enough redundancy to survive the loss of some of the files (hence the RAID-ish part.) If I could hide writeable encrypted data throughout my iTunes, Photo, Video files and access/update it without actually changing the size, mod dates, etc of the files it would be very handy and reasonably hard to detect.
    • by swb (14022)

      I was thinking of something similar.

      The idea that popped into my head was a virtual volume whose backing store was a directory full of image files with the data spread out across the image files using a distributed parity system. Ideally it would be encrypted prior to being stored steganographically in the image files.

      With the right automation you could have the storage system dynamically use something like Google image search to grab new images to use as stego storage targets.

    • I'd like to see someone come up with a steganographic RAID-ish storage volume.

      Sounds like a variation on a "PAR" archive. [wikipedia.org] It may be that a combination of PAR with a TrueCrypt volume way to go. If someone could do PAR as a FUSE project, then you'd be partway there. This would still be missing the steganography angle, and I don't see anything to help that along.

  • Cue the NSA insisting that they need to examine every photo and video that passes over the Internet because terrorists might be using this.

    Also cue some enterprising NSA employee convincing his superiors that terrorists might hide stuff on porn sites and he needs to examine those photos/videos very carefully and repeatedly.

    • by PPH (736903)

      In related news, the NSA's Utah data center is filled to capacity with versions of Goatse Guy.

  • I just encode messages by changing the font of the letters in the hidden message to comic sans.
  • by alexandre (53) *

    Will it be closed like Bittorrent-sync?

  • by PPH (736903)

    Of course I didn't read TFA!

    Will there be an effective way for cryptanalysts to know the number of separately encrypted messages that exist within a data object? If so, the deniability feature of this will be of little use. If the number is not known, then handing over the password to a relatively innocuous message might be sufficient to end the interrogation. If the number is known, the waterboarding will continue until all passwords are revealed..

    • I read TFA, and you didn't miss much. The reporter dumbed the idea too far down or didn't understand it himself. https://github.com/bramcohen/DissidentX [github.com] [github.com] has a little more explanation especially if you want to read the code.

      Anyway, you can't tell how many messages are encoded, in fact you shouldn't be able to see if a single message is encoded at all, hence the purpose of the tool and stenography in general. Though, if you have the undoctered original file and you know that this tool is the on

  • Hashes are *always* one way. So you can't ever decrypt something that you only have a hash from. The best you can do is compare the hash to a hash of something you have as well and see if the hashes are the same. Unless you've chosen an algorithm that is known to have a lot of collisions, you can be fairly certain that your original text is probably the same thing as the other person's original text if the hashes are identical. Encrypting something with hashes so others can read it therefor doesn't work and
    • Hashes are *always* one way.

      Well, then welcome to the infinite future. Here, in the way beyond all, "hashes" are simply a cryptographic primitive: Pseudo random number generators.

      Where Hash() is any hashing function, and blocks are the length of a hash output, + is concatenation, XOR is Exclusive-Or of two blocks worth of bits.

      Encipher:
      output_block[ 0 ]: input_block[ 0 ] XOR Hash( key )
      output_block[ 1 ]: input_block[ 1 ] XOR Hash( key + input_block[ 0 ] )
      ...
      output_block[ n ]: input_block[ n ] XOR Hash( key + input_block[ 0 ] + input

  • by __roo (86767) on Thursday January 16, 2014 @03:00PM (#45978975) Homepage

    This is really clever. It includes encoders that use tabs [github.com] spaces at the ends of lines [github.com], and even Oxford commas [github.com]. That is ridiculously cool. Nice work, Bram & co.!

New crypt. See /usr/news/crypt.

Working...