Software:OutGuess

From HandWiki
Short description: Steganographic software


OutGuess
Original author(s)Niels Provos
Initial release1999; 25 years ago (1999)
Written inC
Operating systemWindows, Unix-like
Typesteganography
LicenseBSD (Free Software)

OutGuess is a steganographic software for hiding data in the most redundant content data bits of existing (media) files. It has handlers for image files in the common Netpbm and JPEG formats, so it can, for example, specifically alter the frequency coefficients of JPEG files. It is written in C and published as Free Software under the terms of the old BSD license. It has been tested on a variety of Unix-like operating systems and is included in the standard software repositories of the popular Linux distributions Debian and Arch Linux (via user repository) and their derivatives.

Method of operation

An algorithm estimates the capacity for hidden data without the distortions of the decoy data becoming apparent. OutGuess determines bits in the decoy data that it considers most expendable and then distributes secret bits based on a shared secret in a pseudorandom pattern across these redundant bits, flipping some of them according to the secret data. For JPEG images, OutGuess recompresses the image to a user-selected quality level and then embeds secret bits into the least significant bits (LSB) of the quantized coefficients while skipping zeros and ones.[1] Subsequently, corrections are made to the coefficients to make the global histogram of discrete cosine transform (DCT) coefficients match that of the decoy image, counteracting detection by the chi-square attack that is based on the analysis of first-order statistics.[citation needed] This technique is criticized because it actually facilitates detection by further disturbing other statistics.[2] Also, data embedded in JPEG frequency coefficients has poor robustness and does not withstand JPEG reencoding.[3][citation needed]

History

OutGuess was originally developed in Germany in 1999 by Niels Provos. In 1999, Andreas Westfeld published the statistical chi-square attack, which can detect common methods for steganographically hiding messages in LSBs of quantized JPEG coefficients.[4] In response, Provos implemented a method that exactly preserves the DCT histogram on which this attack is based.[5] He released it in February 2001 in OutGuess version 0.2, which is not backward compatible to older versions. It was broken by an attack published in 2002 that uses statistics based on discontinuities across the JPEG block boundaries (blockiness) of the decoded image and can estimate the lengths of messages embedded by OutGuess.[6] It gained popularity after being used in the first puzzle published by Cicada 3301 in 2012. OutGuess was abandoned and the official website was shut down in September 2015.[7] A fork called OutGuess Rebirth (OGR) was released in 2013 by Laurent Perch, with some bug fixes and a graphical user interface for Windows. After its last version 1.3 from September 28, 2015, it was also abandoned and in 2018 its website went offline. In November 2018, Debian developer Joao Eriberto Mota Filho imported the source code into a new repository on GitHub to continue development, and since then released some new minor versions that include bug fixes from several people.

References

  1. Feamster, Nick; Balazinska, Magdalena; Harfst, Greg; Balakrishnan, Hari; Karger, David (2002-08-08). "Infranet: Circumventing Web Censorship and Surveillance". USENIX Security Symposium. 11. San Francisco, CA, USA: USENIX Association. pp. 247–262. https://www.usenix.org/legacy/events/sec02/feamster.html. 
  2. Fridrich, Jessica; Pevný, Tomáš; Kodovský, Jan (2007). "Proceedings of the 9th workshop on Multimedia & security - MM&Sec '07". New York, New York, USA: ACM Press. p. 3. doi:10.1145/1288869.1288872. ISBN 978-1-59593-857-2. 
  3. Hiney, Jason; Dakve, Tejas; Szczypiorski, Krzysztof; Gaj, Kris (2015-08-25). "Using Facebook for Image Steganography". International Conference on Availability, Reliability and Security. 10. Toulouse, France: IEEE. doi:10.1109/ARES.2015.20. https://ece.gmu.edu/~kgaj/publications/conferences/GMU_WUT_2015.pdf. 
  4. Westfeld, Andreas; Pfitzmann, Andreas (2000). "Attacks on Steganographic Systems". Information Hiding. Berlin, Heidelberg: Springer Berlin Heidelberg. pp. 61–76. doi:10.1007/10719724_5. ISBN 978-3-540-67182-4. https://users.ece.cmu.edu/~adrian/487-s06/westfeld-pfitzmann-ihw99.pdf. 
  5. Provos, Niels (2001-08-17). "Defending against statistical steganalysis". USENIX Security Symposium. 10. Washington, D.C., KH: USENIX Association. pp. 323–336. https://www.usenix.org/legacy/publications/library/proceedings/sec01/provos.html. 
  6. Fridrich, Jessica; Goljan, Miroslav; Hogea, Dorin (2002-12-06). "Attacking the OutGuess". ACM Workshop on Multimedia and Security. France. http://dde.binghamton.edu/publications/acm_outguess.pdf. 
  7. "Archived copy". http://outguess.org/. 

External links