OpenPuff Steganography and Watermarking, sometimes abbreviated OpenPuff or Puff, is a

free Free may refer to: Concept * Freedom, the ability to act or change without constraint or restriction * Emancipate, attaining civil and political rights or equality * Free (''gratis''), free of charge * Gratis versus libre, the difference betw ...

steganography tool for

Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

created by Cosimo Oliboni and still maintained as independent software. The program is notable for being the first steganography tool (version 1.01 released in December 2004) that: * lets users hide data in more than a single carrier file. When hidden data are split among a set of carrier files you get a carrier chain, with no enforced hidden data theoretical size limit (256MB, 512MB, ... depending only on the implementation) * implements 3 layers of hidden data

obfuscation Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional (although intent ...

(

cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...

, whitening and

encoding In communications and Data processing, information processing, code is a system of rules to convert information—such as a letter (alphabet), letter, word, sound, image, or gesture—into another form, sometimes data compression, shortened or ...

) * extends deniable cryptography into deniable steganography Last revision supports a wide range of carrier formats: * Images Bmp,

Jpg JPEG ( , short for Joint Photographic Experts Group and sometimes retroactively referred to as JPEG 1) is a commonly used method of lossy compression for digital images, particularly for those images produced by digital photography. The degr ...

Png Portable Network Graphics (PNG, officially pronounced , colloquially pronounced ) is a raster-graphics file format that supports lossless data compression. PNG was developed as an improved, non-patented replacement for Graphics Interchange ...

, Tga * Audios

Aiff AIFF may refer to: * Audio Interchange File Format * All India Football Federation, the national governing body of Association football in India Film festivals * Addis International Film Festival, Addis Ababa, Ethiopia * Alexandria Internation ...

Mp3 MP3 (formally MPEG-1 Audio Layer III or MPEG-2 Audio Layer III) is a coding format for digital audio developed largely by the Fraunhofer Society in Germany under the lead of Karlheinz Brandenburg. It was designed to greatly reduce the amount ...

Wav Waveform Audio File Format (WAVE, or WAV due to its filename extension; pronounced or ) is an audio file format standard for storing an audio bitstream on personal computers. The format was developed and published for the first time in 1991 ...

* Videos

3gp 3GP (3GPP file format) is a digital multimedia container format defined by the Third Generation Partnership Project (3GPP) for 3G UMTS multimedia services, largely based on MPEG-4 Part 12. A 3GP container may consist of H.263 or H.264 video ...

Mp4 MP4 (formally MPEG-4 Part 14), is a digital multimedia container format most commonly used to store video and audio, but it can also be used to store other data such as subtitles and still images. Like most modern container formats, it allows ...

, Mpeg I, Mpeg II,

Vob VOB (for video object) is the container format in DVD-Video media. VOB can contain digital video, digital audio, subtitles, DVD menus and navigation contents multiplexed together into a stream form. Files in VOB format may be encrypted. File fo ...

* Flash-Adobe Flv,

Pdf Portable document format (PDF), standardized as ISO 32000, is a file format developed by Adobe Inc., Adobe in 1992 to present documents, including text formatting and images, in a manner independent of application software, computer hardware, ...

, Swf

Use

OpenPuff is used primarily for anonymous asynchronous data sharing: * the sender hides a hidden stream inside some public available carrier files (''password'' + ''carrier files'' + ''carrier order'' are the

secret key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key c ...

) * the receiver unhides the hidden stream knowing the secret key The advantage of

steganography Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the concealed information would not be evident to an unsuspecting person's examination. In computing/ ...

, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages — no matter how unbreakable — will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.

Watermarking A watermark is a recognizable image or pattern in paper used to determine authenticity. Watermark or watermarking may also refer to: Technology * Digital watermarking, a technique to embed data in digital audio, images or video ** Audio waterma ...

is the action of signing a file with an ID or copyright mark. OpenPuff does it in an invisible steganographic way, applied to any supported carrier. The invisible mark, being not password protected, is accessible by everyone (using the program). OpenPuff arch4

Multi-cryptography

OpenPuff is a semi-open source program: * cryptography,

CSPRNG A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also referred t ...

hashing Hash, hashes, hash mark, or hashing may refer to: Substances * Hash (food), a coarse mixture of ingredients, often based on minced meat * Hash (stew), a pork and onion-based gravy found in South Carolina * Hash, a nickname for hashish, a cannab ...

(used in password hexadecimal extension), and scrambling are open source Cryptographic algorithms (16 taken from AES,

NESSIE NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Go ...

and

CRYPTREC CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSI ...

) are joined into a unique multi-cryptography algorithm: * keys and internal static data are initialized for each algorithm f * each data block D i '' (128bit) will be encrypted using a different algorithm f i '' * f i '' is chosen with a pseudorandom oracle, seeded with a second independent password ''1. Choosing the cryptography algorithm for data block'' i f i = rand ( Oracle ) ''2. Applying cryptography to data block'' i Cipher ( D i ) = f i ( D i ) OpenPuff arch6

Statistical resistance

Extensive testing has been performed on the statistical resistance properties of the CSPRNG and multi-cryptography modules, using the ENT, NIST and DIEHARD test suites. Provided results are taken from 64KB, 128KB, ... 256MB samples: * bit entropy test: >7.9999xx / 8.000000 *

compression Compression may refer to: Physical science *Compression (physics), size reduction due to forces *Compression member, a structural element such as a column *Compressibility, susceptibility to compression * Gas compression *Compression ratio, of a ...

test: 0% size reduction after compression *

chi square distribution In probability theory and statistics, the \chi^2-distribution with k Degrees of freedom (statistics), degrees of freedom is the distribution of a sum of the squares of k Independence (probability theory), independent standard normal random vari ...

test: 40% < deviation < 60% *

mean value A mean is a quantity representing the "center" of a collection of numbers and is intermediate to the extreme values of the set of numbers. There are several kinds of means (or "measures of central tendency") in mathematics, especially in statist ...

test: 127.4x / 127.5 *

Monte Carlo Monte Carlo ( ; ; or colloquially ; , ; ) is an official administrative area of Monaco, specifically the Ward (country subdivision), ward of Monte Carlo/Spélugues, where the Monte Carlo Casino is located. Informally, the name also refers to ...

test: error < 0.01% *

serial correlation Autocorrelation, sometimes known as serial correlation in the discrete time case, measures the correlation of a signal with a delayed copy of itself. Essentially, it quantifies the similarity between observations of a random variable at differe ...

test: < 0.0001 OpenPuff arch8

Steganalysis resistance

Security, performance and steganalysis resistance are conflicting trade-offs. ecurity vs. Performance Whitening * Pro: ensures higher data security * Pro: allows deniable steganography * Con1: ''requires a lot of extra carrier bits'' ecurity vs. Steganalysis Cryptography + Whitening * Pro: ensure higher data security * Con2: ''their

random In common usage, randomness is the apparent or actual lack of definite pattern or predictability in information. A random sequence of events, symbols or steps often has no order and does not follow an intelligible pattern or combination. ...

statistical response marks carriers as more "suspicious"'' Data, before carrier injection, is encrypted and whitened: a small amount of hidden data turns into a big chunk of pseudorandom "suspicious data". Carrier injection encodes it using a non linear covering function that takes also original carrier bits as input. Modified carriers will need much less change (Con1) and, lowering their random-like statistical response, deceive many steganalysis tests (Con2). OpenPuff arch14

Deniable steganography

There will always be a non-negligible probability of being detected, even if the hidden stream behaves like a "natural container" (unpredictable side-effects, being caught in

Flagrante delicto ''In flagrante delicto'' (Latin for "in blazing offence"), sometimes simply ''in flagrante'' ("in blazing"), is a legal term used to indicate that a criminal has been caught in the act of committing an offence (compare ). The colloquial "caught ...

, etc.). Resisting these unpredictable attacks is also possible, even when the user is forced (by legal or physical coercion) to provide a valid password.Julian Assange - Physical Coercion
/ref> Deniable steganography (a decoy-based technique) allows the user to deny convincingly the fact that sensitive data is being hidden. The user needs to provide some expendable decoy data that he would plausibly want to keep confidential and reveal it to the attacker, claiming that this is all there is.

References

{{reflist

External links

HomePage

Steganography Cryptographic software Espionage techniques Applications of cryptography Portable software Computer security software 2004 software