OpenPuff

OpenPuff

OpenPuff v4.00 screenshot
Developer(s) Eng. Cosimo Oliboni
Stable release
4.00 / July 7, 2012 (2012-07-07)
Operating system Microsoft Windows
Type Steganography tool
License OpenPuff: CC BY 4.0 freeware
libObfuscate: GNU LGPL 3
Website HomePage

OpenPuff Steganography and Watermarking, sometimes abbreviated OpenPuff or Puff, is a freeware steganography tool for Microsoft Windows created by Cosimo Oliboni and still maintained as independent software. The program is notable for being the first steganography tool (version 1.01 released on December 2004) that:

Last revision supports a wide range of carrier formats

Use

OpenPuff is used primarily for anonymous asynchronous data sharing:

The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages — no matter how unbreakable — will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.

Watermarking is the action of signing a file with an ID or copyright mark. OpenPuff does it in an invisible steganographic way, applied to any supported carrier. The invisible mark, being not password protected, is accessible by everyone (using the program).[1]

Multi cryptography architecture
Multi cryptography architecture

Multi-cryptography

OpenPuff is a semi-open source program:

Cryptographic algorithms (16 taken from AES, NESSIE and CRYPTREC) are joined into a unique multi-cryptography algorithm:

1. Choosing the cryptography algorithm for data block i
f [ i ] = rand ( Oracle )
2. Applying cryptography to data block i
Cipher ( D [ i ] ) = f [ i ] ( D [ i ] )
CSPRNG

Statistical resistance

Extensive testing has been performed on the statistical resistance properties of the CSPRNG and multi-cryptography modules, using the ENT,[3] NIST [4] and DIEHARD [5] test suites. Provided results are taken from 64KB, 128KB, ... 256MB samples:

Carrier bit encoding

Steganalysis resistance

Security, performance and steganalysis resistance are conflicting trade-offs.[6]

[Security vs. Performance]: Whitening

[Security vs. Steganalysis]: Cryptography + Whitening

Data, before carrier injection, is encrypted and whitened: a small amount of hidden data turns into a big chunk of pseudorandom "suspicious data". Carrier injection encodes it using a non linear covering function[7] that takes also original carrier bits as input. Modified carriers will need much less change (Con1) and, lowering their random-like statistical response, deceive many steganalysis tests (Con2).

Deniable steganography usage

Deniable steganography

There will always be a non-negligible probability of being detected, even if the hidden stream behaves like a “natural container” (unpredictable side-effects, being caught in Flagrante delicto, etc.). Resisting these unpredictable attacks is also possible, even when the user is forced (by legal or physical coercion) to provide a valid password.[8][9] Deniable steganography (a decoy-based technique) allows the user to deny convincingly the fact that sensitive data is being hidden. The user needs to provide some expendable decoy data that he would plausibly want to keep confidential and reveal it to the attacker, claiming that this is all there is.

See also

References

  1. Cours : stéganographie et tatouage numérique
  2. OpenPuff Manual
  3. ENT - A Pseudorandom Number Sequence Test Program
  4. NIST - A Statistical Test Suite for the Validation of Random Number Generators and Pseudo Random Number Generators for Cryptographic Applications
  5. DIEHARD - The Marsaglia Random Number CDROM including the Diehard Battery of Tests of Randomness
  6. Provos, Niels. "Defending against statistical steganalysis". Proceedings of the 10th conference on USENIX Security Symposium. SSYM'01. USENIX Association. 10: 24–37. Retrieved 28 November 2012.
  7. Bierbrauer, Jürgen; Fridrich, Jessica. "Constructing good covering codes for applications in Steganography" (PDF). Transactions on Data Hiding and Multimedia Security III. Lecture Notes in Computer Science. Springer Berlin Heidelberg. 4920: 1–22. ISBN 978-3-540-69019-1. doi:10.1007/978-3-540-69019-1_1. Retrieved 28 November 2012.
  8. Sergienko, Greg S. "Self Incrimination and Cryptographic Keys". Richmond Journal of Law and Technology. jolt.richmond.edu. 2 (1). Retrieved 28 November 2012. External link in |publisher= (help)
  9. Julian Assange - Physical Coercion
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.