OutGuess
OutGuess is a steganographic software for hiding data in the most redundant content data bits of existing (media) files. It has handlers for image files in the common Netpbm and JPEG formats, so it can, for example, specifically alter the frequency coefficients of JPEG files. It is written in C and published as Free Software under the terms of the old BSD license. It has been tested on a variety of Unix-like operating systems and is included in the standard software repositories of the popular Linux distributions Debian and Arch Linux (via user repository) and their derivatives.
Original author(s) | Niels Provos |
---|---|
Initial release | 1999 |
Stable release | 0.2.2[1]
/ 21 January 2019 |
Repository | |
Written in | C |
Operating system | Windows, Unix-like |
Type | steganography |
License | BSD (Free Software) |
Method of operation
An algorithm estimates the capacity for hidden data without the distortions of the decoy data becoming apparent. OutGuess determines bits in the decoy data that it considers most expendable and then distributes secret bits based on a shared secret in a pseudorandom pattern across these redundant bits, flipping some of them according to the secret data. For JPEG images, OutGuess recompresses the image to a user-selected quality level and then embeds secret bits into the least significant bits (LSB) of the quantized coefficients while skipping zeros and ones.[2] Subsequently, corrections are made to the coefficients to make the global histogram of discrete cosine transform (DCT) coefficients match that of the decoy image, counteracting detection by the chi-square attack that is based on the analysis of first-order statistics. This technique is criticized because it actually facilitates detection by further disturbing other statistics.[3] Also, data embedded in JPEG frequency coefficients has poor robustness and does not withstand JPEG reencoding.[4]
History
OutGuess was originally developed in Germany in 1999 by Niels Provos. In 1999, Andreas Westfeld published the statistical chi-square attack, which can detect common methods for steganographically hiding messages in LSBs of quantized JPEG coefficients.[5] In response, Provos implemented a method that exactly preserves the DCT histogram on which this attack is based.[6] He released it in February 2001 in OutGuess version 0.2, which is not backward compatible to older versions. It was broken by an attack published in 2002 that uses statistics based on discontinuities across the JPEG block boundaries (blockiness) of the decoded image and can estimate the lengths of messages embedded by OutGuess.[7] It gained popularity after being used in the first puzzle published by Cicada 3301 in 2012. OutGuess was abandoned and the official website was shut down in September 2015.[8] A fork called OutGuess Rebirth (OGR) was released in 2013 by Laurent Perch, with some bug fixes and a graphical user interface for Windows. After its last version 1.3 from September 28, 2015 it was also abandoned and in 2018 its website went offline. In November 2018, Debian developer Joao Eriberto Mota Filho imported the source code into a new repository on GitHub to continue development, and since then released some new minor versions that include bug fixes from several people.
References
- "Release 0.2.2". 21 January 2019. Retrieved 23 August 2019.
- Feamster, Nick; Balazinska, Magdalena; Harfst, Greg; Balakrishnan, Hari; Karger, David (2002-08-08). Infranet: Circumventing Web Censorship and Surveillance. USENIX Security Symposium. 11. San Francisco, CA, USA: USENIX Association. pp. 247–262.
- Fridrich, Jessica; Pevný, Tomáš; Kodovský, Jan (2007). Statistically undetectable JPEG steganography (PDF). New York, New York, USA: ACM Press. doi:10.1145/1288869.1288872. ISBN 978-1-59593-857-2.
- Hiney, Jason; Dakve, Tejas; Szczypiorski, Krzysztof; Gaj, Kris (2015-08-25). Using Facebook for Image Steganography (PDF). International Conference on Availability, Reliability and Security. 10. Toulouse, France: IEEE. doi:10.1109/ARES.2015.20.
- Westfeld, Andreas; Pfitzmann, Andreas (2000). "Attacks on Steganographic Systems". Information Hiding (PDF). Berlin, Heidelberg: Springer Berlin Heidelberg. pp. 61–76. doi:10.1007/10719724_5. ISBN 978-3-540-67182-4. ISSN 0302-9743.
- Provos, Niels (2001-08-17). Defending against statistical steganalysis. USENIX Security Symposium. 10. Washington, D.C., USA: USENIX Association. pp. 323–336.
- Fridrich, Jessica; Goljan, Miroslav; Hogea, Dorin (2002-12-06). Attacking the OutGuess (PDF). ACM Workshop on Multimedia and Security. France.
- "Archived copy". Archived from the original on 2015-08-31. Retrieved 2015-08-31.CS1 maint: archived copy as title (link)