Jump to content

OutGuess

From Wikipedia, the free encyclopedia
OutGuess
Original author(s)Niels Provos
Initial release1999; 25 years ago (1999)
Stable release
0.4[1] / 2 September 2021; 3 years ago (2 September 2021)
Repository
Written inC
Operating systemWindows, Unix-like
Typesteganography
LicenseBSD (Free Software)

OutGuess is a steganographic software. It has handlers for image files in the common Netpbm and JPEG formats, so it can, for example, specifically alter the frequency coefficients of JPEG files. It is written in C and published as Free Software under the terms of the old BSD license. It has been tested on a variety of Unix-like operating systems and is included in the standard software repositories of the popular Linux distributions Debian and Arch Linux (via user repository) and their derivatives.

Method of operation

[edit]

An algorithm estimates the capacity for hidden data without the distortions of the decoy data becoming apparent. OutGuess determines bits in the decoy data that it considers most expendable and then distributes secret bits based on a shared secret in a pseudorandom pattern across these redundant bits, flipping some of them according to the secret data. For JPEG images, OutGuess recompresses the image to a user-selected quality level and then embeds secret bits into the least significant bits (LSB) of the quantized coefficients while skipping zeros and ones.[2] Subsequently, corrections are made to the coefficients to make the global histogram of discrete cosine transform (DCT) coefficients match that of the decoy image, counteracting detection by the chi-square attack that is based on the analysis of first-order statistics.[citation needed] This technique is criticized because it actually facilitates detection by further disturbing other statistics.[3] Also, data embedded in JPEG frequency coefficients has poor robustness and does not withstand JPEG reencoding.[4][citation needed]

History

[edit]

OutGuess was originally developed in Germany in 1999 by Niels Provos. In 1999, Andreas Westfeld published the statistical chi-square attack, which can detect common methods for steganographically hiding messages in LSBs of quantized JPEG coefficients.[5] In response, Provos implemented a method that exactly preserves the DCT histogram on which this attack is based.[6] He released it in February 2001 in OutGuess version 0.2, which is not backward compatible to older versions. It was broken by an attack published in 2002 that uses statistics based on discontinuities across the JPEG block boundaries (blockiness) of the decoded image and can estimate the lengths of messages embedded by OutGuess.[7] It gained popularity after being used in the first puzzle published by Cicada 3301 in 2012. OutGuess was abandoned and the official website was shut down in September 2015.[8] A fork called OutGuess Rebirth (OGR) was released in 2013 by Laurent Perch, with some bug fixes and a graphical user interface for Windows. After its last version 1.3 from September 28, 2015, it was also abandoned and in 2018 its website went offline. In November 2018, Debian developer Joao Eriberto Mota Filho imported the source code into a new repository on GitHub to continue development, and since then released some new minor versions that include bug fixes from several people.

References

[edit]
  1. ^ "Release 0.4". 2 September 2021. Retrieved 5 January 2022.
  2. ^ Feamster, Nick; Balazinska, Magdalena; Harfst, Greg; Balakrishnan, Hari; Karger, David (2002-08-08). Infranet: Circumventing Web Censorship and Surveillance. USENIX Security Symposium. Vol. 11. San Francisco, CA, USA: USENIX Association. pp. 247–262.
  3. ^ Fridrich, Jessica; Pevný, Tomáš; Kodovský, Jan (2007). "Statistically undetectable JPEG steganography" (PDF). Proceedings of the 9th workshop on Multimedia & security - MM&Sec '07. New York, New York, USA: ACM Press. p. 3. doi:10.1145/1288869.1288872. ISBN 978-1-59593-857-2.
  4. ^ Hiney, Jason; Dakve, Tejas; Szczypiorski, Krzysztof; Gaj, Kris (2015-08-25). Using Facebook for Image Steganography (PDF). International Conference on Availability, Reliability and Security. Vol. 10. Toulouse, France: IEEE. arXiv:1506.02071. doi:10.1109/ARES.2015.20.
  5. ^ Westfeld, Andreas; Pfitzmann, Andreas (2000). "Attacks on Steganographic Systems". Information Hiding (PDF). Berlin, Heidelberg: Springer Berlin Heidelberg. pp. 61–76. doi:10.1007/10719724_5. ISBN 978-3-540-67182-4. ISSN 0302-9743.
  6. ^ Provos, Niels (2001-08-17). Defending against statistical steganalysis. USENIX Security Symposium. Vol. 10. Washington, D.C., USA: USENIX Association. pp. 323–336.
  7. ^ Fridrich, Jessica; Goljan, Miroslav; Hogea, Dorin (2002-12-06). Attacking the OutGuess (PDF). ACM Workshop on Multimedia and Security. France.
  8. ^ "OutGuess". Archived from the original on 2015-08-31. Retrieved 2015-08-31.
[edit]