OpenPuff

OpenPuff Steganography and Watermarking, sometimes abbreviated OpenPuff or Puff, is a free steganography tool for Microsoft Windows created by Cosimo Oliboni and still maintained as independent software. The program is notable for being the first steganography tool that:

lets users hide data in more than a single carrier file. When hidden data are split among a set of carrier files you get a carrier chain, with no enforced hidden data theoretical size limit
implements 3 layers of hidden data obfuscation
extends deniable cryptography into deniable steganography

Last revision supports a wide range of carrier formats:

Images Bmp, Jpg, Png, Tga
Audios Aiff, Mp3, Wav
Videos 3gp, Mp4, Mpeg I, Mpeg II, Vob
Flash-Adobe Flv, Pdf, Swf

WWW Official Site

Use

OpenPuff is used primarily for anonymous asynchronous data sharing:

the sender hides a hidden stream inside some public available carrier files
the receiver unhides the hidden stream knowing the secret key

The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages — no matter how unbreakable — will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.
Watermarking is the action of signing a file with an ID or copyright mark. OpenPuff does it in an invisible steganographic way, applied to any supported carrier. The invisible mark, being not password protected, is accessible by everyone.

Multi-cryptography

OpenPuff is a semi-open source program:

cryptography, CSPRNG, hashing, and scrambling are open source

Cryptographic algorithms are joined into a unique multi-cryptography algorithm:

keys and internal static data are initialized for each algorithm f
each data block D will be encrypted using a different algorithm f f is chosen with a pseudorandom oracle, seeded with a second independent password

1. Choosing the cryptography algorithm for data block i
f = rand
2. Applying cryptography to data block i
'''Cipher = f '''

Statistical resistance

Extensive testing has been performed on the statistical resistance properties of the CSPRNG and multi-cryptography modules, using the ENT, NIST and DIEHARD test suites. Provided results are taken from 64KB, 128KB,... 256MB samples:

bit entropy test: >7.9999xx / 8.000000
compression test: 0% size reduction after compression
chi square distribution test: 40% < deviation < 60%
mean value test: 127.4x / 127.5
Monte Carlo test: error < 0.01%
serial correlation test: < 0.0001

Steganalysis resistance

Security, performance and steganalysis resistance are conflicting trade-offs.
: Whitening

Pro: ensures higher data security
Pro: allows deniable steganographyCon1: requires a lot of extra carrier bits

: Cryptography + Whitening

Pro: ensure higher data securityCon2: their random statistical response marks carriers as more "suspicious"

Data, before carrier injection, is encrypted and whitened: a small amount of hidden data turns into a big chunk of pseudorandom "suspicious data". Carrier injection encodes it using a non linear covering function that takes also original carrier bits as input. Modified carriers will need much less change and, lowering their random-like statistical response, deceive many steganalysis tests.

Deniable steganography

There will always be a non-negligible probability of being detected, even if the hidden stream behaves like a "natural container". Resisting these unpredictable attacks is also possible, even when the user is forced to provide a valid password. Deniable steganography allows the user to deny convincingly the fact that sensitive data is being hidden. The user needs to provide some expendable decoy data that he would plausibly want to keep confidential and reveal it to the attacker, claiming that this is all there is.