[tor-bugs] #8096 [Stegotorus]: Security factor for steg modules
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 27 16:58:34 UTC 2014
#8096: Security factor for steg modules
-----------------------------+------------------
Reporter: vmon | Owner: zwol
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Stegotorus | Version:
Resolution: | Keywords: steg
Actual Points: | Parent ID:
Points: |
-----------------------------+------------------
Comment (by vmon):
Now Stegotorus takes --minimum-noise-to-signal in command line, and by
pass this number to steg. Currently, both implemented payload servers
(ApachePayloadServer and TracePayloadServer) respect this value and don't
use a cover whose size isn't minimum-noise-to-signal times its capacity,
to be used as a cover. For example c.f. trace_payload_server.cc:372
if (pl.typePayloadCap[contentType][current] <= cap ||
pl.payload_hdrs[pl.typePayload[contentType][current]].length/(double)cap <
noise2signal)
continue;
However, it means that file specific steg sub-modules such as (JPEG,
JavaScript) only uses the begining of the cover and leave the remainder of
the buffer intact. to get a better statistical indistinguishibility, it is
desirable for the steg submodule to see if the cover has more capacity
than the data to be embeded and if so, it distribute the data uniformly
among the changable bytes (for example keying a pseudorandom function to
determine the offset of the bytes being used in embedding in contrast to
those which stays in tact (due to over capacity).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8096#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list