OpenPuff Arch1 on:
[Wikipedia]
[Google]
[Amazon]
OpenPuff Steganography and Watermarking, sometimes abbreviated OpenPuff or Puff, is a free steganography tool for Microsoft Windows created by Cosimo Oliboni and still maintained as independent software. The program is notable for being the first steganography tool (version 1.01 released in December 2004) that:
* lets users hide data in more than a single carrier file. When hidden data are split among a set of carrier files you get a carrier chain, with no enforced hidden data theoretical size limit (256MB, 512MB, ... depending only on the implementation)
* implements 3 layers of hidden data
Julian Assange - Physical Coercion
/ref> Deniable steganography (a decoy-based technique) allows the user to deny convincingly the fact that sensitive data is being hidden. The user needs to provide some expendable decoy data that he would plausibly want to keep confidential and reveal it to the attacker, claiming that this is all there is.
HomePage
Steganography Cryptographic software Espionage techniques Applications of cryptography Portable software Computer security software 2004 software
obfuscation
Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional (although intent u ...
(cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
, whitening and encoding
In communications and information processing, code is a system of rules to convert information—such as a letter (alphabet), letter, word, sound, image, or gesture—into another form, sometimes data compression, shortened or secrecy, secret ...
)
* extends deniable cryptography into deniable steganography
Last revision supports a wide range of carrier formats
* Images Bmp, Jpg
JPEG ( ) is a commonly used method of lossy compression for digital images, particularly for those images produced by digital photography. The degree of compression can be adjusted, allowing a selectable tradeoff between storage size and image ...
, Png, Tga
* Audios Aiff
Audio Interchange File Format (AIFF) is an audio file format standard used for storing sound data for personal computers and other electronic audio devices. The format was developed by Apple Inc. in 1988 based on Electronic Arts' Interchange Fil ...
, Mp3
MP3 (formally MPEG-1 Audio Layer III or MPEG-2 Audio Layer III) is a coding format for digital audio developed largely by the Fraunhofer Society in Germany, with support from other digital scientists in the United States and elsewhere. Orig ...
, Wav
* Videos 3gp, Mp4, Mpeg I, Mpeg II, Vob
VOB (for video object) is the container format in DVD-Video media. VOB can contain digital video, digital audio, subtitles, DVD menus and navigation contents multiplexed together into a stream form. Files in VOB format may be encrypted.
File ...
* Flash-Adobe Flv
Flash Video is a container file format used to deliver digital video content (e.g., TV shows, movies, etc.) over the Internet using Adobe Flash Player version 6 and newer. Flash Video content may also be embedded within SWF files. There ar ...
, Pdf
Portable Document Format (PDF), standardized as ISO 32000, is a file format developed by Adobe in 1992 to present documents, including text formatting and images, in a manner independent of application software, hardware, and operating systems. ...
, Swf
SWF ( ) is an Adobe Flash file format used for multimedia, vector graphics and ActionScript.Open Screen Pr ...
Use
OpenPuff is used primarily for anonymous asynchronous data sharing: * the sender hides a hidden stream inside some public available carrier files (''password'' + ''carrier files'' + ''carrier order'' are thesecret key
A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key ...
)
* the receiver unhides the hidden stream knowing the secret key
The advantage of steganography
Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, ...
, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages — no matter how unbreakable — will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.
Watermarking
A watermark is a recognizable image or pattern in paper used to determine authenticity.
Watermark or watermarking may also refer to:
Technology
* Digital watermarking, a technique to embed data in digital audio, images or video
** Audio waterm ...
is the action of signing a file with an ID or copyright mark. OpenPuff does it in an invisible steganographic way, applied to any supported carrier. The invisible mark, being not password protected, is accessible by everyone (using the program).
Multi-cryptography
OpenPuff is a semi-open source program: * cryptography,CSPRNG
A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also loosely kno ...
, hashing
Hash, hashes, hash mark, or hashing may refer to:
Substances
* Hash (food), a coarse mixture of ingredients
* Hash, a nickname for hashish, a cannabis product
Hash mark
* Hash mark (sports), a marking on hockey rinks and gridiron football fiel ...
(used in password hexadecimal extension), and scrambling are open source
Cryptographic algorithms (16 taken from AES
AES may refer to:
Businesses and organizations Companies
* AES Corporation, an American electricity company
* AES Data, former owner of Daisy Systems Holland
* AES Eletropaulo, a former Brazilian electricity company
* AES Andes, formerly AES Gener ...
, NESSIE
NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Go ...
and CRYPTREC
CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE ...
) are joined into a unique multi-cryptography algorithm:
* keys and internal static data are initialized for each algorithm f
* each data block D i '' (128bit) will be encrypted using a different algorithm f i ''
* f i '' is chosen with a pseudorandom oracle, seeded with a second independent password
''1. Choosing the cryptography algorithm for data block'' i
f i = rand ( Oracle )
''2. Applying cryptography to data block'' i
Cipher ( D i ) = f i ( D i )
Statistical resistance
Extensive testing has been performed on the statistical resistance properties of the CSPRNG and multi-cryptography modules, using the ENT, NIST and DIEHARD test suites. Provided results are taken from 64KB, 128KB, ... 256MB samples: * bit entropy test: >7.9999xx / 8.000000 * compression test: 0% size reduction after compression *chi square distribution
In probability theory and statistics, the chi-squared distribution (also chi-square or \chi^2-distribution) with k degrees of freedom is the distribution of a sum of the squares of k independent standard normal random variables. The chi-square ...
test: 40% < deviation < 60%
* mean value
There are several kinds of mean in mathematics, especially in statistics. Each mean serves to summarize a given group of data, often to better understand the overall value ( magnitude and sign) of a given data set.
For a data set, the ''arit ...
test: 127.4x / 127.5
* Monte Carlo
Monte Carlo (; ; french: Monte-Carlo , or colloquially ''Monte-Carl'' ; lij, Munte Carlu ; ) is officially an administrative area of the Principality of Monaco, specifically the ward of Monte Carlo/Spélugues, where the Monte Carlo Casino i ...
test: error < 0.01%
* serial correlation
Autocorrelation, sometimes known as serial correlation in the discrete time case, is the correlation of a signal with a delayed copy of itself as a function of delay. Informally, it is the similarity between observations of a random variable as ...
test: < 0.0001
Steganalysis resistance
Security, performance and steganalysis resistance are conflicting trade-offs. ecurity vs. Performance Whitening * Pro: ensures higher data security * Pro: allows deniable steganography * Con1: ''requires a lot of extra carrier bits'' ecurity vs. Steganalysis Cryptography + Whitening * Pro: ensure higher data security * Con2: ''theirrandom
In common usage, randomness is the apparent or actual lack of pattern or predictability in events. A random sequence of events, symbols or steps often has no order and does not follow an intelligible pattern or combination. Individual rando ...
statistical response marks carriers as more "suspicious"''
Data, before carrier injection, is encrypted and whitened: a small amount of hidden data turns into a big chunk of pseudorandom "suspicious data". Carrier injection encodes it using a non linear covering function that takes also original carrier bits as input. Modified carriers will need much less change (Con1) and, lowering their random-like statistical response, deceive many steganalysis tests (Con2).
Deniable steganography
There will always be a non-negligible probability of being detected, even if the hidden stream behaves like a “natural container” (unpredictable side-effects, being caught inFlagrante delicto
''In flagrante delicto'' (Latin for "in blazing offence") or sometimes simply ''in flagrante'' ("in blazing") is a legal term used to indicate that a criminal has been caught in the act of committing an offence (compare ). The colloquial "caught ...
, etc.). Resisting these unpredictable attacks is also possible, even when the user is forced (by legal or physical coercion) to provide a valid password./ref> Deniable steganography (a decoy-based technique) allows the user to deny convincingly the fact that sensitive data is being hidden. The user needs to provide some expendable decoy data that he would plausibly want to keep confidential and reveal it to the attacker, claiming that this is all there is.
See also
*Steganography tools
A steganography software tool allows a user to embed hidden data inside a carrier file, such as an image or video, and later extract that data.
It is not necessary to conceal the message in the original file at all. Thus, it is not necessary to m ...
* Portable application
A portable application (portable app), sometimes also called standalone, is a program designed to read and write its configuration settings into an accessible folder in the computer, usually in the folder where the portable application can be ...
* List of portable software
For the purposes of this list, a portable application is software that can be used from portable storage devices such as USB flash drives, digital audio players, PDAs or external hard drives. To be considered for inclusion, an application must ...
References
{{reflistExternal links
HomePage
Steganography Cryptographic software Espionage techniques Applications of cryptography Portable software Computer security software 2004 software