Your first paragraph nails it. Unless your phone is both jail broken and seriously compromised, there is no means of viewing the “original” version of either picture. Also re: the second paragraph. The app forces you to take a picture from your device to use as the “Decoy”, it will not allow you to use an off-device image. (You CAN use an off-device image as the hidden picture).
As for the statistical analysis, it’s mostly irrelevant. The encoding algorithm is both reversible and published. So you can extract “Decoy data” from ANY picture that you find, Decoy or no. The only thing that will confirm it one way or the other is a successful decryption. The best you could do is say, “Based on certain telltales, there’s a 10% chance this image is a Decoy” or whatever the odds may be.
Such an attack has little to no value. If you are an attacker with a specific target, isolating which pictures are decoys removes a trivial amount of entropy from the equation, especially compared to the work of trying to brute-force an AES-encrypted ciphertext.
As for the statistical analysis, it’s mostly irrelevant. The encoding algorithm is both reversible and published. So you can extract “Decoy data” from ANY picture that you find, Decoy or no.
I understand that, and I understand that it should be impractical to decrypt the hidden image without its key given that strong attacks on AES have not yet been publicly found (key exchange difficulties, which are always considerable, aside). But I think you’re being far too nonchalant about detection here. The fact that you can extract “decoy data” from any image is wholly irrelevant; it’s the statistical properties of those bits that I’m interested in, and with maybe a million bits of data to play with, the bias per bit does not have to be very high for an attacker to be very confident that some kind of steganography’s going on.
That does not, of course, prove that it’s being used to hide anything interesting from an attacker’s point of view; but that was never the point of this objection.
Well, my point has never been that it’s impossible for an attacker to be confident that you’re using steganography. Rather it’s that an attacker cannot prove with certainty.
The “decoy picture” aspect of the protocol is intended to provide social protection and ensure plausible deniability can be maintained. It is not intended as cryptographic protection, that is what the AES is for.
“Confidence” is only useful to an attacker when it comes to determining a target. But an attacker has to already be confident in order to perform such a test in the first place. Which means you’ve already been selected as a target. Furthermore they would have to compromise enough of your security to access your image data. If that happens, then the benefit of gaining further confidence is marginal at best.
Incidentally, regarding the specific details of such a detection method:
We (and the attacker) already know that the distribution of base64 characters in an AES-encrypted ciphertext is approximately random and follows no discernible pattern. We also know that the ciphertext is encoded into the last 2 bits of each 8-bit pixel. So, we can, with X amount of confidence, show that an image is not a Decoy if we extract the last 2 bits of each pixel and discover the resulting data is non-randomly distributed.
However, because it is possible for normal, non-Decoy, compressed JPEGs to exhibit a random distribution of the data in the last 2 bits of each pixel, the presence of randomness does not confirm that an image is a Decoy.
The only viable attack here would be to pull images which are “visually similar” (a trivial task by simply using Google image search), reduce them to the same size, compress them heavily, and then examine the last 2 bits of each of their pixels. If there is a significant difference in the randomness of the control images vs. the randomness of the suspected image, you could then suggest with X% confidence that the suspected image has been tampered with.
However, because it is possible for an image to be tampered with and yet NOT be a Decoy image, even then you could still not, with any legitimate amount of confidence, use such a test to state that an image is a Decoy.
Your first paragraph nails it. Unless your phone is both jail broken and seriously compromised, there is no means of viewing the “original” version of either picture. Also re: the second paragraph. The app forces you to take a picture from your device to use as the “Decoy”, it will not allow you to use an off-device image. (You CAN use an off-device image as the hidden picture).
As for the statistical analysis, it’s mostly irrelevant. The encoding algorithm is both reversible and published. So you can extract “Decoy data” from ANY picture that you find, Decoy or no. The only thing that will confirm it one way or the other is a successful decryption. The best you could do is say, “Based on certain telltales, there’s a 10% chance this image is a Decoy” or whatever the odds may be.
Such an attack has little to no value. If you are an attacker with a specific target, isolating which pictures are decoys removes a trivial amount of entropy from the equation, especially compared to the work of trying to brute-force an AES-encrypted ciphertext.
I understand that, and I understand that it should be impractical to decrypt the hidden image without its key given that strong attacks on AES have not yet been publicly found (key exchange difficulties, which are always considerable, aside). But I think you’re being far too nonchalant about detection here. The fact that you can extract “decoy data” from any image is wholly irrelevant; it’s the statistical properties of those bits that I’m interested in, and with maybe a million bits of data to play with, the bias per bit does not have to be very high for an attacker to be very confident that some kind of steganography’s going on.
That does not, of course, prove that it’s being used to hide anything interesting from an attacker’s point of view; but that was never the point of this objection.
Well, my point has never been that it’s impossible for an attacker to be confident that you’re using steganography. Rather it’s that an attacker cannot prove with certainty.
The “decoy picture” aspect of the protocol is intended to provide social protection and ensure plausible deniability can be maintained. It is not intended as cryptographic protection, that is what the AES is for.
“Confidence” is only useful to an attacker when it comes to determining a target. But an attacker has to already be confident in order to perform such a test in the first place. Which means you’ve already been selected as a target. Furthermore they would have to compromise enough of your security to access your image data. If that happens, then the benefit of gaining further confidence is marginal at best.
Incidentally, regarding the specific details of such a detection method:
We (and the attacker) already know that the distribution of base64 characters in an AES-encrypted ciphertext is approximately random and follows no discernible pattern. We also know that the ciphertext is encoded into the last 2 bits of each 8-bit pixel. So, we can, with X amount of confidence, show that an image is not a Decoy if we extract the last 2 bits of each pixel and discover the resulting data is non-randomly distributed.
However, because it is possible for normal, non-Decoy, compressed JPEGs to exhibit a random distribution of the data in the last 2 bits of each pixel, the presence of randomness does not confirm that an image is a Decoy.
The only viable attack here would be to pull images which are “visually similar” (a trivial task by simply using Google image search), reduce them to the same size, compress them heavily, and then examine the last 2 bits of each of their pixels. If there is a significant difference in the randomness of the control images vs. the randomness of the suspected image, you could then suggest with X% confidence that the suspected image has been tampered with.
However, because it is possible for an image to be tampered with and yet NOT be a Decoy image, even then you could still not, with any legitimate amount of confidence, use such a test to state that an image is a Decoy.
--moved to previous comment8