CURRENT STATE OF STEGANOGRAPHY: USES, LIMITS, & IMPLICATIONS

Transcription

1 CURRENT STATE OF STEGANOGRAPHY: USES, LIMITS, & IMPLICATIONS Sophie Engle University of California, Davis College of Engineering Department of Computer Science Abstract Steganography has received considerable press in the last three years, mostly due to the war on terror. This paper discusses the state of steganography by examining its current uses, limitations, and implications. In addition, this paper addresses the relationship between steganography, steganalysis and terrorism. I. Introduction Since 2001, there have been over 25 articles published online by major news sites such as ABC News, BBC News, CNN, MSNBC News, Wired News, and USA Today on the topic of steganography and terrorism (see Appendix A). Most of these articles make or refute claims that terrorists are using steganography as a method of communication. Steganography is an ancient discipline which usually refers to hiding information within information. Today, this is usually accomplished by hiding secret messages inside images or other forms of multimedia. To most people, these altered images appear no different from normal images. Ideally, only parties using the images as a means of communication have the ability to detect the hidden messages. In addition to addressing the significant press steganography has received recently, the goal of this paper is to analyze the current uses, limits, and implications of steganography. The next section defines common terminology. The rest of the paper is organized as follows: The Cryptography section discusses the relationship between cryptography and steganography. The Past Methods section first gives the classical application of steganography. It then discusses various methods employed in the past. The Current Tools section focuses on modern steganographic tools. The Limitations section addresses the weaknesses and limits of steganography. This section also discusses under what conditions steganography becomes an impractical tool for communication. The Implications section examines the positive and negative implications of steganography. Included is a discussion of the relationship between steganography and terrorist communication. The detection and removal of steganographic messages is covered in the Steganalysis section. The effectiveness and usefulness of these actions are also addressed. Following the Conclusion section, the Resources section provides various resources in the field of steganography and steganalysis which may not otherwise be mentioned in this paper. This paper also includes an appendix (Appendix A) of freely available news articles on the links between steganography and terrorism since II. Terminology Steganography is often discussed alongside watermarking, fingerprinting, covert channels, subliminal channels, and cryptography. In actuality, these subjects are all sub-disciplines of information hiding [1]. Watermarks and Fingerprints. Both watermarking and fingerprinting are types of robust copyright marking [1]. Watermarking hides ownership or copyright information inside an object, such as an image or file. Fingerprinting hides identification or license information such as serial numbers inside objects. The former identifies the owner, while the latter identifies the user. Two main properties distinguish copyright marking from steganography. The first is detection. Steganography exists to prevent detection of

2 information. If hidden information is detected, it is compromised. However, it is desirable to detect the presence of copyright marks. The second difference involves destruction. While robustness is merely desired in steganography, it is required for copyright marking. For example, cropping a picture or changing an image format should not destroy copyright information. Covert Channels. Covert channels rely on shared resources as a path of communication [2]. Covert channels misuse these shared resources to create communication paths that are neither designed nor intended to transfer information [1]. Steganography, on the other hand, hides information in normal paths of communication. Subliminal Channels. [3] defines subliminal channels similarly to steganography, except that significantly smaller amounts of information are exchanged. Subliminal channels focus more on leaking information than actual communication. However, differences between steganography and subliminal channels are minimal. Subliminal channels and steganography are often used interchangeably. Cryptography. Considering that strong cryptographic algorithms often disguise information as random noise, cryptography can also be thought of as a sub-discipline of information hiding [4]. One of the main differences between cryptography and steganography is the goal each attempt to achieve. Cryptography is concerned only with protecting secret information (often in some mathematical manner). Steganography is concerned with concealing the existence of secret information [1]. More on the relationship between cryptography and steganography will be discussed in the next section. Steganalysis. Steganalysis involves discovering and rendering useless information hidden through steganography [5]. More information on steganalysis and its significance is presented in section VIII. The main focus of this paper will be on steganography and steganalysis. For more on information hiding and its sub-disciplines refer to [1, 2]. More on terminology specific to steganography can be found in [6]. III. Cryptography As mentioned in [7], steganography should not replace cryptography. It is important to realize the goals, advantages, and disadvantages of both before deciding which should be employed. In most cases, however, steganography and cryptography complement each other extremely well. Consider the following scenario. A U.S. spy has critical information concerning an upcoming terrorist attack. The sensitivity of the information requires that it be encrypted. However, sending encrypted information is like running around shouting I have secret information I do not want you to see! Considering the spy may be in an extremely hostile environment, this is undesirable and dangerous. Instead, suppose the spy uses steganography to hide the encrypted information in a humorous photo. The spy may then send this photo to several friends without raising alarm. This allows the spy to communicate secret information secretly. steganography + cryptography secret communication equals of Figure 1: Steganography and cryptography secret information The above scenario demonstrates how steganography can supplement cryptography [Figure 1]. Likewise, cryptography may supplement steganography. For instance, steganography often involves hiding information in the noise of images [4]. As mentioned earlier, cryptography often transforms messages into what appears to be random noise. Therefore, actual noise can be replaced with encrypted information without changing the statistical properties of the image. This makes steganalysis much more difficult. IV. Past Methods The primary goal of steganography is to enable undetected, secret communication. The classical application of steganography is given by [8], and is known as the Prisoner s Problem [Figure 2]. The problem involves two accomplices to a crime, about to be locked up in separate prison cells. The prison warden allows limited communication between the two individuals. The criminals want to devise and coordinate an escape plan, without alerting the warden. However, the warden is particularly suspicious of the two criminals and monitors all communication between them. This is an ideal situation for the application of steganography. Sophie Engle, June

3 movies, or sound [3]. More information on how these tools work can be found in [7] and in section VI. Figure 2: Prisoner s Problem. Communication across boundary via monitored channels. Several examples of steganography existed before the prisoner s problem was proposed in Hidden messages placed under the wax of writing tablets were used to alert the Greeks of Xerxes hostile intentions [9]. Microdot technology, where messages are reduced to the size of a dot and hidden in periods, was used during World War I [1]. Messages written between lines of text with invisible ink were used during the start of World War II [7]. Also used in World War II were messages hidden in the letters of seemingly innocent text [Figure 3]. Most of these techniques depend on security through obscurity [1]. If an adversary discovers the technique used to hide messages, all messages are compromised. Section VII (Limitations) discusses this problem further. Steganography has evolved through the ages. From the first documented practices in the 16 th century to the age of ubiquitous internet connectivity, steganography has adapted through political and technological change. The next section discusses the current generation of steganographic tools. V. Current Tools Steganography has been greatly impacted by the Internet and digital media. Modern steganography refers mostly to hiding information in images, pictures, Apparently neutral s protest is thoroughly discounted and ignored. Isman hard hit. Blockage issue affects pretext for embargo on by-products, ejecting suets and vegetable oils. Pershing sails from NY June 1 Figure 3: Example message sent by spy in WWII [7]. Message decoded by extracting every second letter. JSteg, JPHide [10], and OutGuess [11] are popular tools that hide messages in JPEG image files [12]. The program MandelSteg [7] hides information inside Mandelbrot fractal images [Figure 4]. A general method of using images for secure communication is found in [13]. S-Tools [7] hides information in both images and audio. mp3stego [14] is a popular steganography tool using mp3 files. Figure 4: Fractal image with hidden message This is an example of MandelSteg. Created with MandelSteg 1.0. Spam has also become an ideal cover for hidden information. SpamMimic is a popular steganography tool that allows users to hide information inside spam messages [15]. Various other tools exist. The program wbstego hides information in PDF documents [16]. [17] refers to a method of hiding information in executables by exploiting redundancies in the Intel x86 instruction set. A brief discussion on hiding information in unused header fields of various network protocols is found in [18]. Snow [19] and various other tools hide information using spacing in ASCII text. There is even a method which hides information inside DNA [20, 21]. Some tools use steganography for applications other than communication. DriveCrypt/ScramDisk allows virtual disks to be hidden in WAV files [22]. StegFS is a steganographic file system for Linux [23]. Both of these programs conceal the existence of information on a computer (ideal for hiding cryptographic keys). Most of these tools are archived online [24, 25]. The implications of this easy accessibility are discussed in section VII. Sophie Engle, June

4 VI. Limitations The primary application of steganography is secret communication. However, steganography is not necessarily best for every situation requiring secret communication. Understanding the limitations of steganography is important before deciding on its usefulness in a specific situation. Below are some of the limitations and difficulties related to steganography. Knowing when and where to look for steganographic content is sometimes difficult. Consider the example where Herodotus wrote warning of the imminent invasion by Xerxes underneath the wax of a writing tablet. Sparta, the recipient of the blank tablet, was almost fooled and could have easily missed the warning [1]. This illustrates one limitation of steganography. For steganographic communication to function, the recipients must have some reason to look for hidden messages. At the same time there must be nothing about the hidden message that would alert nonrecipients and lead to inspection. In fact, this problem in general relates to how steganographic communication often requires a shared secret. Such shared secrets may be when and where to look for hidden messages, and how to extract hidden information once obtained. This information must remain secret; otherwise the goal of hidden communication is defeated. There are cases where an opponent can find the hidden messages and how the messages were hidden but still not be able to extract the actual hidden message. Such a system is known as a secure stego-system, but still requires a shared secret, which in most cases is a cryptographic key [1]. How is this secret information communicated between parties? In the case of modern secure steganographic communication, the key may also be sent using steganography. However, the parties must still know to look for the key itself. At some point, most modern steganography requires secret and unsuspicious communication to occur between parties without the use of steganography. Communicating such information can be difficult, depending on the situation. The idea of secure steganography is relatively new. Older methods of steganography depended on security through obscurity [1], where security of information depended on the method of communication remaining secret. Today, systems dependent on security through obscurity are frequently not considered secure at all. This leads to one of the major limitations of steganography today. While Shannon provided a theory of secrecy systems and Simmons provided a theory of authentication [1], steganography itself is not a solid science [4]. In contrast to secrecy and authentication, steganography is much more dependent on the information source used to hide messages [1, 9]. However, there has been considerable work to formalize steganography [26, 27] and the field is rapidly growing. Another limitation to modern steganography is illustrated well in [3]. Suppose two persons decide to communicate by hiding messages in image files. If these two persons have never exchanged images before, this act may seem suspicious and prompt investigation. This is especially true when odd images are used. Such methods only work when they can be used within existing communication patterns. Modern steganography is also limited by the cover used. Assume images are used. Once an image has been used to hide a message, the original should be destroyed [3]. Otherwise, someone may notice the difference between the original and stego-image (image with a hidden message). This means images widely available on the internet should not be used, as the originals can not be destroyed. This also means images should not be reused. The number of hidden messages that can be sent becomes limited by the number of inconspicuous images that can be produced by the sender. Only so many pictures of the family dog can be sent before it begins to raise suspicion. Lastly, steganography is also susceptible to multiple attacks. These attacks and their effectiveness are discussed in section VIII. VII. Implications Modern steganography and its accessibility enable a multitude of uses. One of these is to communicate not only secretly, but also anonymously [4]. Similarly, chapters 4 and 9 of [4] describe how steganography can be used to provide some degree of deniability. Having a file with a hidden message does not necessarily mean you know of its existence. This is especially true for steganographic communication taking place on public file sharing networks such as Kazaa or Gnutella. Since there are many possible recipients, it is difficult determine the intended recipient. Also, since there are Sophie Engle, June

5 Osama bin Laden to plan terrorist attacks. Kelly goes as far as to call steganography a terrorist s tool in [A27]. Most of these articles received a good deal of criticism, due to lack of evidence. In fact, a massive search for such hidden terrorist plots turned up empty [A16, 28]. However, as stated by [4], there is no doubt that steganography could have been used. Possible evidence was eventually identified [A10, A05, A03], but finding such evidence proved difficult. In fact, evidence in [A03] was not found in the estimated 28 billion images and 2 billion web sites on the Internet [A27], but on actual computers seized from suspected terrorists. The actual and potential effectiveness of terrorist communications using steganography has resulted in a backlash against steganography and cryptography in general. This has lead to discussion on further restricting the two technologies. Several steganography websites, such as [29, 30], have had to limit the information presented due to the legality of the research. Figure 5: Two different possibilities of steganographic communication for prisoner s problem. In case 1 the warden is the adversary. In case 2, the prisoners are the adversaries. several possible sources, it is difficult to determine the original sender. Private communication in general has a multitude of uses. However, as stated by [4], technology is neutral. Technology can be utilized by both the forces of good and evil. In fact, steganographic communications will always involve some adversary, by its very definition. For example, consider the prisoner s problem from [8] (summarized in section IV). For the first case, suppose the prisoners are innocent victims of an oppressive regime. In this case, the warden of the oppressive regime becomes the adversary. On the other hand, suppose the prisoners are terrorists. In this case, the prisoners using steganography to communicate an escape plan become the adversaries [Figure 5]. The possibility of terrorists using steganography has received much press following the September 11 th terrorist attacks (see Appendix A). The article [A26] is one of many claiming steganography was used by However, the idea of banning steganography or cryptography is somewhat impractical. Schneier points out that the spread of cryptography can not be limited [31]. Another argument notes that if cryptography is outlawed, only the outlaws will have cryptography [4]. The same arguments hold for steganography. Also, such a ban would be devastating to privacy [32], preventing the honest from having access to tools using these techniques [4]. There is a thin line between steganography and other information hiding techniques, the banning of which would have far reaching effects. For example, steganography utilizes many of the same techniques as copyright marking. Such copyright marking techniques helped law enforcement to track down the Melissa virus author by the serial number (or fingerprint) embedded in the programs used [33]. These techniques are also crucial in prevention of software piracy. Perhaps the most important argument against banning steganography is that it would do nothing to prevent terrorism [4, 34]. Not only could terrorist still create and use steganographic tools despite any ban, but as pointed out in [35], there are plenty of other methods of communication open to terrorists. Terrorist also operate outside the reach of United States government, limiting the effectiveness of restrictions. Sophie Engle, June

6 If banning is not the solution, then is there another way to prevent terrorist use of steganography? The answer in short is no [31]. Technology is unable to provide an ultimate solution to this problem [4]. Even steganalysis, as discussed in the next section, has multiple obstacles it must overcome to be effective. VIII. Steganalysis While detection is enough to defeat the purpose of steganography, modern steganalysis is concerned with extraction and destruction of hidden messages as well. Each of these, however, are difficult problems. Detection. The first obstacle detection must overcome is the sheer volume of information that must be analyzed. Consider the situation where steganographic messages are being hidden in multimedia files on the Gnutella network. As shown in [36], over 65% of 15,153,524 unique queries request multimedia files. This suggests a tremendous amount of files requiring steganographic analysis. Finding steganographic images on the Internet is an even harder task. In 2001, the estimated number of images on the Internet was over 28 billion [A27]. Identifying steganographic content in spam is even more overwhelming. In 2002, it was estimated that a spammer could send 650,000 messages every hour [37]. Just last month, the percentage of that is spam passed 50% [38]. A large amount of this spam also comes from overseas, outside the reach of law [39]. Another complication is the dynamic nature of most electronic networks. Image ads frequently change. New online auctions are added every day. Websites appear and disappear rapidly. All of these are potential places to find steganographic content. Such information must be processed real-time or archived. Both are difficult. Real-time processing requires high-end equipment and efficient algorithms. Short-cuts may have to be made, decreasing effectiveness. Archiving requires enormous amounts of space to store information for processing. Once information is processed, it may be too late to take action. Most detection techniques are statistical, searching for files which do not appear normal [41]. However, defining normal is not an easy task. For example, photographs, paintings, drawings, and graphics have different image characteristics [41]. Some techniques instead look for signatures of certain steganographic tools. One such study used this technique on two million images downloaded from ebay, but was not able to find a single hidden message [12]. This does not say hidden messages were absent, since this technique only detects known signatures. It can not account for messages hidden with other techniques. Extraction. Older steganographic methods were primarily concerned with concealing the existence of hidden messages. Once a hidden message was detected, often times it was easily read. This is not true with most modern steganographic tools. These tools often combine cryptography and steganography, protecting the hidden message with a secret key. Knowing a message exists and the method used to hide it is insufficient to extract the message itself. Knowing the method does allow for attacks on the message. Some attacks attempt to guess the secret key used to protect the message. For example, StegDetect uses a dictionary attack against suspicious files to extract the contents of a hidden message [12]. However, StegDetect only works against messages hidden with the known method and a key susceptible to dictionary attacks. In general, the cost associated with extracting hidden messages hinders its usefulness. One might envision a SETI-like program that allows distributed detection and extraction of terrorist messages in images. However, the usefulness of such a program is limited by the concept of security through obscurity. Once the method of detection such a program uses is known, detection by that program can also be avoided. Destruction. Destruction of steganographic messages is accomplished in several ways. For example, consider a steganographic message hidden in an image. Suppose before the image reaches the recipient, it is slightly cropped. This subtle change may be enough to disable the recipient s ability to recover the message. Other image operations have the same effect, such as changing the hue or rotating the image. Destruction can also be accomplished by adding a new hidden message, overwriting an existing one. Compression is another operation common to images and other multimedia files. Compression decreases file size by removing redundant or unnecessary information. These operations are destructive to many forms of modern steganography. If compression occurs after a message is hidden, most times the message is completely destroyed. This is also true if the file is converted into another format before it reaches its final destination [4]. Sophie Engle, June

7 Most of these techniques can be accomplished without altering the image, music, or video file visually. In addition, these techniques do not require a message to exist. In fact, it may take less time and resources to simply use these techniques without first attempting to detect steganographic content [4]. While destruction is an excellent way to prevent steganographic communication, it does have complications. The first of these concerns robustness. Robustness is not a requirement for steganography, but most tools allow for a certain degree of error to be introduced before the hidden message is lost. Robust steganographic techniques require more severe and costly destruction techniques to be effective. However, there is a tradeoff between robustness and message size, limiting the degree of robustness any particular message can have [5, 7]. Another problem with destruction lies in the difference between active and passive wardens. In the prisoner s problem, an active warden has the ability to alter any material passed between the prisoners. A passive warden only has the ability to inspect material. On the decentralized network comprising the Internet, behaving as an active warden is difficult, yet required for destruction to occur. Anti-Steganalysis. There are two main actors in the prisoner s problem. Most steganalysis takes place from the viewpoint of the warden, attempting to detect or disrupt communication between the prisoners. Antisteganalysis addresses the problem from the viewpoint of the prisoners attempting to defeat the warden. Statistical profiles are just as useful in anti-steganalysis as in steganalysis. Messages can be hidden such that the final product meets a normal statistical profile [42, 43]. Similarly, mimicry can be used make information appear normal to automated steganalysis tools [4], but may fail visual inspection. An interesting anti-steganalysis concept is diversion or distraction. This is done by hiding extra, unimportant messages inside one file. These extra messages can serve multiple purposes. First, they can be inserted to match a certain statistical profile. It is highly likely only the extra messages will be detected when the file is analyzed, diverting attention away from the actual message. Second, they allow for plausible deniability [43]. For example, consider the prisoner s problem. Suppose the warden is positive a message is hidden within a file passed between the prisoners. The prisoners could simply reveal the extra, innocuous messages to the warden, leaving the actual message unharmed and undetected [43]. Like steganography, there is no solid theoretical model for steganalysis. There exists no magic antisteganography bullet, nor is there a guarantee that any steganographic algorithm can withstand clever steganalysis [4]. Both are caught in a cyclic, evolving battle. IX. Conclusion Steganography is an ancient art which has experienced a surge of growth with the advent of the Internet and digital media. No longer is steganography a method limited to secret communication between spies, or use during war. Tools are now accessible to the general public over the Internet, and require no special training to use. This has several ramifications. The first of these is the increased ability for persons to protect their privacy, or communicate in dangerous situations. The second is the increased ability for criminals and terrorists to communicate undetected by law enforcement. Bans on the technology are not sufficient to eliminate criminal use. Steganalysis, while potentially effective, faces many obstacles in becoming a reliable method of tracking steganographic activity. Steganography and steganalysis are still rapidly growing. As techniques for hiding information improve, so does those for detection. In reality, steganography is part of the same cycle as law enforcement and crime. As the capabilities of law enforcement increase, so do the capabilities of criminals. The only real option is to continue advancing. Continued advancement and research is the only way to prevent the cycle from ending in favor of those who abuse the technology. X. Resources There are several websites which provide a wide-array of information on steganography. The website by Neil Johnson [44] includes several of publications he helped author on the subject, along with an excellent introduction. Various links and tools are listed as well. Petitcolas [45] provides a history on steganography, complete with scans and translations from the first books on the subject. The site includes companies, research groups, and active researchers in the field of steganography. It also includes the Information Hiding Annotated Bibliography [46], which contains over 400 Sophie Engle, June

8 hundred other resources information hiding. on steganography and StegoArchive [47] is another excellent resource which provides a newsletter. The SANS InfoSec Reading Room [48] also provides several white papers on steganography and its link to terrorism. Acknowledgements I extend a special thanks to Sean Whalen (UC Davis), and my sisters Charlene and Dannielle Engle (Tufts, Northwestern University), for their valuable suggestions and comments regarding this paper. References [1] F. Petitcolas, R. Anderson, and M. Kuhn, Information Hiding A Survey, In Proceedings of the IEEE, vol. 87, no. 7, Jul., pp , ( /~fapp2/publications/ieee99-infohiding.pdf) [2] M. Bishop, Computer Security; Art and Science, Boston, MA: Addison-Wesley, [3] B. Schneier, Secrets & Lies; Digital Security in a Networked World, New York, NY: Wiley Computer, [4] P. Wayner, Disappearing Cryptography; Information Hiding: Steganography and Watermarking, 2nd ed., Boston, MA: Morgan Kaufmann, [5] N. Johnson, and S. Jajodia, Steganalysis: The Investigation of Hidden Information, In Proceedings of IEEE Information Technology Conference, Syracuse, New York, ( [6] B. Pfitzmann, Information Hiding Terminology, In Proceedings of Information Hiding Workshop, Cambridge, England, pp , ( /publ/pfit12_96hideterm.ps.gz) [7] N. Johnson, and S. Jajodia, Exploring Steganography: Seeing the Unseen, IEEE Computer, Feb., pp , ( [8] G. Simmons, The Prisoner s Problem and the Subliminal Channel, In Proceedings of CRYPTO 83, pp , ( ML/PDF/C83/51.PDF) [9] R. Anderson and F. Petitcolas, On the Limits of Steganography, IEEE Journal of Selected Areas in Communications, vol. 16, no. 4, May, pp , [10] [11] [12] N. Provos and P. Honeyman, Detecting Steganographic Content on the Internet, University of Michigan Center for Information Technology Integration, Ann Arbor, MI, Technical Report 01-11, 31 Aug ( ti-tr pdf) [13] D. Lou and J. Liu, Steganographic Method for Secure Communications, Computers & Security, vol. 21, no. 5, Oct., pp , [14] mp3stego/ [15] [16] [17] K. Poulsen, Program Hides Secret Messages in Executables, The Register [online], 24 Feb ( archive/29449.html) [18] G. Fisk, M. Fisk, C. Papadopoulos, and J. Neil, Eliminating Steganography in Internet Traffic with Active Wardens, In Proceedings of the 5th International Workshop on Information Hiding, Noordwijkerhout, Netherlands, Oct., pp , ( pdf) [19] [20] Scientists Code Words into DNA, Wired News [online], 10 Jun ( /news/technology/0,1282,20136,00.html) [21] D. Tapellini, Teen Science Is Serious Business, Wired News [online], 16 Mar Sophie Engle, June

9 ( ,00.html) [22] [23] A. McDonald, M. Kuhn, StegFS: A Steganographic File System for Linux, In Proceedings of Information Hiding, pp , ( stegfs.pdf ) [24] der&category=06 [25] [26] N. Hopper, J. Langford, and L. von Ahn, Provably Secure Steganography, Crypto 2002, ( PSS.pdf) [27] C. Cachin, An Information-Theoretic Model for Steganography, In Proceedings of 2nd Workshop on Information Hiding, ( [28] N. Provos and P. Honeyman, Detecting Steganographic Content on the Internet, University of Michigan Center for Information Technology Integration, Ann Arbor, MI., Technical Report 01-11, 31 Aug ( pdf) [29] [30] [31] B. Schneier, Crypto-Gram Newsletter [online], Counterpane Internet Security, 30 Sept ( 0109a.html) [32] S. Lau, An Analysis of Terrorist Groups Potential Use of Electronic Steganography, SANS Reading Room, 18 Feb ( paper.php?id=554) [33] D. Takahashi and D. Starkman, It's Getting Harder to Hide in Cyberspace, The Wall Street Journal Online, 4 Apr ( [34] N. McAllister, No Scorched-Internet Policy Attacking Technology Will Only Add to the Toll, SF Gate [online], 20 Sept ( gate/archive/2001/09/20/sigintell.dtl) [35] R. Bagnall, Reversing the Steganography Myth in Terrorist Operations: The Asymmetrical Threat of Simple Intelligence Dissemination Techniques Using Common Tools, SANS Information Security Reading Room, 19 Aug ( [36] D. Zeinalipour-Yazti and T. Folias, A Quantitative Analysis of the Gnutella Network Traffic, Riverside: University of California, 17 June ( /courses/cs204/project/gnudc.pdf ) [37] Spam: By the Numbers, eprivacy Group [online], ( pdfs/spambythenumbers.pdf) [38] Half of all s are Spam, BBC News [online], 31 May ( hi/technology/ stm) [39] D. McCullagh, Spam Oozes Past Border Patrol, Wired News [online], 23 Feb ( 1283,41860,00.html) [40] J. Leyden, Website Combines Spam with Encryption, The Register [online], 15 Dec ( 521.html) [41] N. F. Johnson, and S. Jajodia, Steganalysis of Images Created Using Current Steganography Software, Lecture Notes in Computer Science, vol. 1525, pp , ( [42] N. Provos, Defending Against Statistical Steganalysis, University of Michigan Center for Information Technology Integration, Ann Arbor, MI. Tech. Rep. 01-4, 12 Feb ( ti-tr-01-4.pdf) [43] N. Provos, Probabilistic Methods for Improving Information Hiding, University of Michigan Center for Information Technology Integration, Ann Arbor, MI. Tech. Rep. 01-1, 31 Jan ( ti-tr-01-1.pdf) Sophie Engle, June

10 [44] [45] [46] R. Anderson and F. Petitcolas, Information Hiding: An Annotated Bibliography, Cambridge: University of Cambridge, ( fapp2/steganography/ bibliography/) [47] [48] Sophie Engle, June

11 Appendix A: Recent News Articles Linking Steganography and Terrorism APPENDIX A: RECENT NEWS ARTICLES LINKING STEGANOGRAPHY AND TERRORISM * # Article Title Author (if given) Source (base url) Date (dd mm yyyy) Link (as of ) [A01] Al-Qaeda Said to be Using Stegged Porn T. C. Greene The Register theregister.co.uk [A02] 9/11 Plot Hidden in E-Porn N. Lathem New York Post [A03] Coded Pornography, WTC Pictures Found on Terror Cell Computers A. Salomon ABC News abcnews.go.com TeamInsider_ html [A04] Al-Qaeda Poised to Strike Hard Via the Internet T. C. Greene The Register theregister.co.uk html [A05] Spy Games: Decoding Osama s Secrets at 16 M. Kumar Hindustan Times hindustantimes.com , htm [A06] Web Site With Area Ties Stirs Terrorism Concern J. Lynott Times Leader timesleader.com htm [A07] Hunt for Hidden Web Messages Goes On W. Knight New Scientist newscientist.com [A08] Hidden Messages: Any There There? F. Manjoo Wired News ,00.html [A09] Watching the Web for Wicked Messages P. Eng ABC News abcnews.go.com ews/webwatch html [A10] Internet Link in Terror Probe (not provided) BBC News news.bbc.co.uk stm [A11] France Terror Code Breakthrough (not provided) BBC News news.bbc.co.uk [A12] A Secret Language B. Ross ABC News abcnews.go.com ynews/primetime_011004_steganography.html [A13] Net Surveillance Fatally Flawed (not provided) BBC News news.bbc.co.uk [A14] Terrorists and Steganography (in Crypto- Gram Newsletter) B. Schneier CounterPane counterpane.com a.html * Only includes links to articles freely available on the Internet. All links current as of 28 May Sophie Engle, June 2003 A11

12 Appendix A: Recent News Articles Linking Steganography and Terrorism # Article Title [A15] [A16] Opening Encryption 'Back Door' Problematic, Experts Say Massive Search Revels No Secret Code in Web Images Author (if given) E. M. Abreu W. Knight [A17] Tech s Double-Edged Sword S. Levy [A18] Coded Communications P. McGrath [A19] [A20] Bin Laden Exploits Technology to Suit His Needs No Scorched-Internet Policy Attacking Technology Will Only Add To The Toll [A21] Terrorists Online Methods Elusive [A22] Controlling Encryption Will Not Stop Terrorists D. Sieberg N. McAllister A.E. Cha and J. Krim W. Knight [A23] Anti-Attack Feds Push Carnivor D. McCullagh [A24] Did Encryption Empower These Terrorists? S. Levy [A25] Secret Messages Come in.wavs D. McCullagh [A26] Bin Laden: Steganography Master? [A27] Terror Groups Hide Behind Web Encryption J. Kelly [A28] Terrorist Instructions Hidden Online J. Kelly Source (base url) InfoWorld New Scientist newscientist.com MSNBC News MSNBC News CNN SF Gate Washington Post washingtonpost.com New Scientist newscientist.com Wired News MSNBC News Wired News D. McCullagh Wired News USA Today USA Today Date (dd mm yyyy) Link (as of ) 6/010926hnbackdoor.xml rch/index.html archive/2001/09/20/sigintell.dtl name=article&contentid=a sep html html 0.html binladen.htm binladen-side.htm Sources Include: ABC News, BBC News, CNN, Hindustan Times, MSNBC News, New Scientist, New York Post, The Register, Times Leader, USA Today, and Wired News. Sophie Engle, June 2003 A12