OpenPuff Arch6 on:
[Wikipedia]
[Google]
[Amazon]
OpenPuff Steganography and Watermarking, sometimes abbreviated OpenPuff or Puff, is a
Julian Assange - Physical Coercion
/ref> Deniable steganography (a decoy-based technique) allows the user to deny convincingly the fact that sensitive data is being hidden. The user needs to provide some expendable decoy data that he would plausibly want to keep confidential and reveal it to the attacker, claiming that this is all there is.
HomePage
Steganography Cryptographic software Espionage techniques Applications of cryptography Portable software Computer security software 2004 software
free
Free may refer to:
Concept
* Freedom, having the ability to do something, without having to obey anyone/anything
* Freethought, a position that beliefs should be formed only on the basis of logic, reason, and empiricism
* Emancipate, to procur ...
steganography tool for Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
created by Cosimo Oliboni and still maintained as independent software. The program is notable for being the first steganography tool (version 1.01 released in December 2004) that:
* lets users hide data in more than a single carrier file. When hidden data are split among a set of carrier files you get a carrier chain, with no enforced hidden data theoretical size limit (256MB, 512MB, ... depending only on the implementation)
* implements 3 layers of hidden data obfuscation
Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional (although intent u ...
( cryptography, whitening and encoding)
* extends deniable cryptography into deniable steganography
Last revision supports a wide range of carrier formats
* Images Bmp, Jpg
JPEG ( ) is a commonly used method of lossy compression for digital images, particularly for those images produced by digital photography. The degree of compression can be adjusted, allowing a selectable tradeoff between storage size and image ...
, Png, Tga
* Audios Aiff, Mp3, Wav
* Videos 3gp
3GP (3GPP file format) is a multimedia container format defined by the Third Generation Partnership Project (3GPP) for 3G UMTS multimedia services. It is used on 3G mobile phones but can also be played on some 2G and 4G phones.
3G2 (3GPP2 ...
, Mp4, Mpeg I, Mpeg II, Vob
VOB (for video object) is the container format in DVD-Video media. VOB can contain digital video, digital audio, subtitles, DVD menus and navigation contents multiplexed together into a stream form. Files in VOB format may be encrypted.
File fo ...
* Flash-Adobe Flv, Pdf
Portable Document Format (PDF), standardized as ISO 32000, is a file format developed by Adobe in 1992 to present documents, including text formatting and images, in a manner independent of application software, hardware, and operating systems. ...
, Swf
SWF ( ) is an Adobe Flash file format used for multimedia, vector graphics and ActionScript.Open Screen Pr ...
Use
OpenPuff is used primarily for anonymous asynchronous data sharing: * the sender hides a hidden stream inside some public available carrier files (''password'' + ''carrier files'' + ''carrier order'' are the secret key) * the receiver unhides the hidden stream knowing the secret key The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages — no matter how unbreakable — will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Watermarking is the action of signing a file with an ID or copyright mark. OpenPuff does it in an invisible steganographic way, applied to any supported carrier. The invisible mark, being not password protected, is accessible by everyone (using the program).
Multi-cryptography
OpenPuff is a semi-open source program: * cryptography, CSPRNG, hashing (used in password hexadecimal extension), and scrambling are open source Cryptographic algorithms (16 taken fromAES
AES may refer to:
Businesses and organizations Companies
* AES Corporation, an American electricity company
* AES Data, former owner of Daisy Systems Holland
* AES Eletropaulo, a former Brazilian electricity company
* AES Andes, formerly AES Gener ...
, NESSIE and CRYPTREC) are joined into a unique multi-cryptography algorithm:
* keys and internal static data are initialized for each algorithm f
* each data block D i '' (128bit) will be encrypted using a different algorithm f i ''
* f i '' is chosen with a pseudorandom oracle, seeded with a second independent password
''1. Choosing the cryptography algorithm for data block'' i
f i = rand ( Oracle )
''2. Applying cryptography to data block'' i
Cipher ( D i ) = f i ( D i )
Statistical resistance
Extensive testing has been performed on the statistical resistance properties of the CSPRNG and multi-cryptography modules, using the ENT, NIST and DIEHARD test suites. Provided results are taken from 64KB, 128KB, ... 256MB samples: * bit entropy test: >7.9999xx / 8.000000 * compression test: 0% size reduction after compression *chi square distribution
In probability theory and statistics, the chi-squared distribution (also chi-square or \chi^2-distribution) with k degrees of freedom is the distribution of a sum of the squares of k independent standard normal random variables. The chi-square ...
test: 40% < deviation < 60%
* mean value test: 127.4x / 127.5
* Monte Carlo test: error < 0.01%
* serial correlation test: < 0.0001
Steganalysis resistance
Security, performance and steganalysis resistance are conflicting trade-offs. ecurity vs. Performance Whitening * Pro: ensures higher data security * Pro: allows deniable steganography * Con1: ''requires a lot of extra carrier bits'' ecurity vs. Steganalysis Cryptography + Whitening * Pro: ensure higher data security * Con2: ''their random statistical response marks carriers as more "suspicious"'' Data, before carrier injection, is encrypted and whitened: a small amount of hidden data turns into a big chunk of pseudorandom "suspicious data". Carrier injection encodes it using a non linear covering function that takes also original carrier bits as input. Modified carriers will need much less change (Con1) and, lowering their random-like statistical response, deceive many steganalysis tests (Con2).
Deniable steganography
There will always be a non-negligible probability of being detected, even if the hidden stream behaves like a “natural container” (unpredictable side-effects, being caught inFlagrante delicto
''In flagrante delicto'' (Latin for "in blazing offence") or sometimes simply ''in flagrante'' ("in blazing") is a legal term used to indicate that a criminal has been caught in the act of committing an offence (compare ). The colloquial "caught ...
, etc.). Resisting these unpredictable attacks is also possible, even when the user is forced (by legal or physical coercion) to provide a valid password./ref> Deniable steganography (a decoy-based technique) allows the user to deny convincingly the fact that sensitive data is being hidden. The user needs to provide some expendable decoy data that he would plausibly want to keep confidential and reveal it to the attacker, claiming that this is all there is.
See also
* Steganography tools * Portable application * List of portable softwareReferences
{{reflistExternal links
HomePage
Steganography Cryptographic software Espionage techniques Applications of cryptography Portable software Computer security software 2004 software