Documente Academic
Documente Profesional
Documente Cultură
GROUP PARTICIPANTS
i
Embedding data into images, audio and video ...................................................................... 21
Embedding data into program files ....................................................................................... 22
Embedding data into archive files ......................................................................................... 23
Embedding data into network protocols................................................................................ 23
STEGANALYSIS TECHNIQUES ............................................................................................... 24
STEGANOGRAPHY ATTACKS ............................................................................................ 25
ADVANTAGES AND DISADVANTAGES ............................................................................... 25
ADVANTAGES OF STEGANOGRAPHY OVER CRYPTOGRAPHY ................................ 25
Confidential communication and secret data storing ............................................................ 26
Protection of data alteration .................................................................................................. 26
Access control system for digital content distribution .......................................................... 26
Media database systems ........................................................................................................ 27
THREATS OF STEGANOGRAPHY ....................................................................................... 28
Hiding of malware into seemingly safe files ......................................................................... 28
Using of macros in microsoft documents .............................................................................. 29
Ransom wares ....................................................................................................................... 29
Theft of users credentials ...................................................................................................... 30
CONCLUSION ............................................................................................................................. 31
REFERENCES .............................................................................................................................. 32
ii
LIST OF FIGURES
Figure 1: Humming Bird One of the Nazca's Geolyphs.................................................................. 2
Figure 2: Total Images Found at the Nazca Geolyphs .................................................................... 2
Figure 3: 5 x 5 Tap code used by Armed Forces prisoners in Viet Nam ........................................ 4
Figure 4: Pure Steganography ......................................................................................................... 8
Figure 5: Secret Key Steganography ............................................................................................... 9
Figure 6: Public Key Steganography ............................................................................................ 10
Figure 7: characteristics of steganography .................................................................................... 11
Figure 8: classification of steganography methods ....................................................................... 12
Figure 9: table of percentage of medias tools used for steganography ......................................... 19
Figure 10: spammic converts message into spam ......................................................................... 21
iii
ABBREVIATION
LSB Least Significant Bit
WT Wavelet Transformation
iv
INTRODUCTION
Brief Overview
(1)Steganography is the art and science of writing messages in such way that the existence of the
communication is hidden. It has been used in various forms for thousands of years. In the
computer era data hiding techniques gain importance and serve security, primarily the
authenticity and integrity of a message in the context of computer-supported communication.
Steganography is often confused with cryptography because the two are similar in the way that
they both are used to protect confidential information. In contrast to cryptography where it is
allowed to detect and intercept messages without being able to violate certain security premises
guaranteed by a cryptosystem the goal of steganography is to hide messages inside other
“harmless” media in a way that prevents anybody even detecting it. A good steganographic
system should fulfill the same requirements posed by “Kirchhoff‟s‟ law” in cryptography.
Kirchhoff‟s law states that a cryptosystem should be secure even if everything about the system,
except the key, is public knowledge. Unfortunately it can also be used for communication among
terrorists and criminals as well as hard core pornography.
Past:
(2)Johannes Trithemius (1462-1516) has published a series of books named “Steganography: the
art through which writing is hidden requiring recovery by the minds of men”. The book I and
Book II describe the methods to hide messages in writing. Book III is about secret astrology.
Two researchers have discovered that Book III contains some hidden messages. One of those
messages was “the quick brown fox jumps over the lazy dog”.
Mary Queen of Scots used a combination of cryptography and steganography to hide letters. Her
letters were hidden in the bunghole of a beer barrel, which freely passed in and out of her prison.
1
Other uses of steganography weren‟t limited to normal writing materials. One may consider the
huge geoglyphs of the 1Nazca in Peru to be a form of steganography. As seen at Figure 1 and
Figure 2 the geoglyphs are obviously open to view, yet many of the images were not detected
until viewed from the air.
Human vectors include the efforts of Histaiacus in the 5th century BC. Histaiacus shaved the
head of a messenger, wrote a note encouraging Aristagoras of Miletus to revolt against the king
of Persia. After the messenger‟s hair grew back, the messenger was dispatched with the message.
Obviously, this message wasn‟t especially time constrained.
Figure 1: Humming Bird One of the Figure 2: Total Images Found at the Nazca
Nazca's Geolyphs Geolyphs
1
(5)The Nazca Lines /ˈnæzkə/ are a series of ancient geoglyphs located in the Nazca Desert in southern Peru. They
were designated as a UNESCO World Heritage Site in 1994. The high, arid plateau stretches more than 80 km (50
mi) between the towns of Nazca and Palpa on the Pampas de Jumana about 400 km south of Lima. Although some
local geoglyphs resemble Paracas motifs, scholars believe the Nazca Lines were created by the Nazca culture
between 400 and 650 AD.[1] The hundreds of individual figures range in complexity from simple lines to stylized
hummingbirds, spiders, monkeys, fish, sharks, orcas, and lizards. Since the geoglyphs are not visible until when
viewed from the air, that is why even these geoglyphs are termed as one of the arts of steganography
2
In 480 BC a Greek by the name of Demaratus sent a message to the Spartans warning of a
pending invasion by Xerxes. Heroclotus described the method used by Demaratus.
“As the danger of discovery was great, there was only one way in which he could contrive to get
the message through: this was by scraping the wax off a pair of wooden folding tablets, writing
on the wood underneath what Xerxes intended to do, and then covering the message over with
the wax again. In this way the tablets, being apparently blank, would cause no trouble with the
guards along the road….”
In more recent history, several stenographic methods were used during World War II. Microdots
developed by the Nazis are essentially microfilm chips created at high magnification (usually
over 200X). These microfilm chips are the size of periods on a standard typewriter. These dots
could contain pages of information, drawings, etc. The Nazis also employed invisible inks and
null ciphers. One of the most noted null cipher messages sent by a Nazi spy follows:
Apparently neutral’s protest is thoroughly discounted and ignored Isman hard hit. Blockade
issue affects pretext for embargo on by-products, ejecting suets and vegetable oils.
Using the second letter from each word, the following message appears:
One steganographic method employed by the United States Marines during WW II, was the use
of Navajo “code talkers.” While the code talkers employed a simplistic cryptographic technique,
the messages were sent in clear text.
Another example of steganography involves the use of the Cardano grill. This device, named
after its inventor Girolama Cardano, can be as simple as a piece of paper with holes cut in it.
When the grill is laid over printed text, the intended message can be retrieved. In techniques
related to the Cardano grill, classical steganography techniques include pin punctures in text (e.g.
newspapers), and overwriting printed text with pencil.
There is evidence that prior to the Civil War, there was a method of providing secret messages to
slaves to aid in their escape. By using various patterns in quilts, which were commonly hung
3
from windowsills to dry, messages were passed to slaves guiding them in their quest for
freedom. An example of one such quit pattern is the Bear Paw symbol.
More recent uses of stenographic techniques involved a photograph of the captured crew of the
U.S.S. Pueblo where the crewmembers spelled the word “snow job” using various hand
positions. Finally, during the Viet Nam era, there were instances where captured members of the
U.S. Armed Forces would use various hand gestures during photo ops, often only to have these
gestures airbrushed out by the media.
Other techniques employed were using the eyelids to blink words in Morse code (such as
torture). Prisoners of the infamous Hanoi Hilton used a “tap code” to communicate with each
other. The code was based on a five by five matrix with each letter being assigned a tap sequence
based on this matrix. Spaces (pauses) between characters were twice as long as the spaces in that
letters code
Currently, the emphasis has been on various forms of digital steganography. Commonly there are
a number of digital technologies that the community is concerned with, namely text files, still
images, movie images, and audio. There are two primary groups “Image Domain tools
encompass bit-wise methods that apply least significant bit (LSB) insertion and noise
manipulation. The transform domain group of tools includes those that involve manipulation of
4
algorithms and image transforms such as discrete cosine transformation (DCT) and wavelet
transformation.
After the events of September 11, 2001, there was immediate concern voiced regarding the
possible use of steganography by the al Qaeda network. Initially, there were reports that hidden
messages might be located in images located on XXX rated sex web sites. Following up on this,
a group at the University of Michigan began scanning images located on various sites such as
eBay auctions. After scanning over two millions images, the researchers reported back that they
had not found any suspect images. The article in USA Today didn‟t indicate if the researchers
actually scanned any images located on XXX web sites. Beyond the concerns of hidden
messages in images, there has been additional concern voiced regarding the television broadcast
of bin Laden. Remembering that steganography is hardly the sole property of digital technology,
there is the possibility that there could have been hidden messages in the audio portion of the
broadcasts, or even in the background of the televised images.
Are terrorist organizations hiding information using steganographic technology? At this point,
there doesn‟t seem to be any conclusive evidence, at least available to the general public.
Other interests who are making use of steganographic techniques are involved in the application
of digital watermarks. Using a variety of techniques, images, music, movies can be imprinted
with digital watermarks. Watermarks are available in several configurations: fragile vs. robust,
visible vs. invisible, and private vs. public. Fragile watermarks are those that are easily destroyed
by image manipulation, and find utilization in image authentication systems.
Another steganographic technique involves the use of subliminal suggestion. While in the
1950‟s, the American public was obsessed with subliminal messages being show on theater
screens (e.g. “go to the snack bar”), there was significant research being done by the Central
Intelligence Agency (CIA). Subliminal suggestions may range from advertisements (either
5
blatant suggestion, to images/messages perceived by various groups as having a particular
meaning) to modern subliminal suggestion programs such as those available from Inner Talk.
While not classified as a steganographic technique, the potential for hiding information in Photo
Tiled pictures is a possibility.
Another digital format that may escape notice is the venerable animated GIF format. Normal
steganalysis of GIF formats wouldn‟t necessarily indicate any hidden messages while it would be
trivial to hide a message using this format.
Without going into detail, other areas that could conceivably be employed to hide messages are:
Holography technology
Infrared (e.g. programmable IR hand controls for computers)
Pagers
Colored glasses that filter all but intended wavelengths to make hidden messages visible
Ink, magnetic, thermo chromic, photochromic
DNA message hiding
Jargon speak
HTML code
6
STEGANOGRAPHY TECHNIQUES
There are basically three steganographic techniques based on whether it uses cryptographic
techniques or not, and if it does how whether it employs symmetric key encryption method or
asymmetric key encryption. These three techniques includes:
Pure steganography
Secret key steganography
Public key steganography
Pure Steganography
Pure steganography is a steganography system that doesn't require prior exchange of some secret
information before sending message. Therefore, no information is required to start the
communication process; the security of the system thus depends entirely on its secrecy.
7
Figure 4: Pure Steganography
A secret key steganography system is similar to a symmetric cipher, where the sender chooses a
cover and embeds the secret message into the cover using a secret key. If the secret key used in
the embedding process is known to the receiver, he can reverse the process and extract the secret
message. Anyone who doesn't know the secret key should not be able to obtain evidence of the
encoded information.
The secret key steganography can be defined as the quintuple (C, M, K, DK, and EK) where:
8
Figure 5: Secret Key Steganography
Public key steganography does not depend on the exchange of a secret key. It requires two keys,
one of them private (secret) and the other public: the public key is stored in a public database;
whereas the public key is used in the embedding process. The secret key is used to reconstruct
the secret message. One way to build a public key steganography system is to use a public key
crypto system. The sender and the receiver can exchange public keys of some public key
cryptography algorithm before imprisonment. Public key steganography utilizes the fact that the
decoding function in a steganography system can be applied to any cover, whether or not it
already contains a secret message. The public key steganography relies on the fact that encrypted
information is random enough to hide in plain sight.
The sender encrypts the information with the receiver's public key to obtain a random-looking
massage and embeds it in a channel known to the receiver, there by replacing some of the natural
randomness with which every communication process is accompanied.
Assume that both the cryptographic algorithms and the embedding functions are publicly known.
The receiver who cannot decide a priori if secret information is transmitted in a specific cover
9
will suspect the arrival of message and will simply try to extract and decrypt it using his private
key. If the cover actually contained information, the decryption information is the sender's
message.
Generally it is assumed that the sender wishes to send via steganographic transmission, a
message to a receiver.
The sender starts with a cover message, which is an input to the stego-system, in which
the embedded message will be hidden. The hidden message is called the embedded
message.
A steganographic algorithm combines the cover message with the embedded message,
which is something to be hidden in the cover.
The algorithm may, or may not, use a steganographic key (stegokey), which is additional
secret data that may be needed in the hidden process.
The same key (or related one) is usually needed to extract the embedded message again.
The output of the steganographic algorithm is the stego-message.
The cover message and stego-message must be of the same data type, but the embedded
message may be of another data type.
The receiver reverses the embedding process to extract the embedded message
10
CHARACTERISTICS OF STEGANOGRAPHY
Steganographic techniques embed a message inside a cover. Various features characterize the
strength and weaknesses of the methods. The relative importance of each feature depends on the
application.
Capacity
The notion of capacity in data hiding indicates the total number of bits hidden and successfully
recovered by the stegosystem.
Robustness
Robustness refers to the ability of the embedded data to remain intact if the stego-system
undergoes transformation, such as linear and non-linear filtering; addition of random noise; and
scaling, rotation, and loose compression.
Undectetable
The embedded algorithm is undetectable if the image with the embedded message is consistent
with a model of the source from which images are drawn. For example, if a steganography
method uses the noise component of digital images to embed a secret message, it should do so
while not making statistical changes to the noise in the carrier. Un-detectability is directly
affected by the size of the secret message and the format of the content of the cover image.
11
Invisibility (perceptual transparency)
This concept is based on the properties of the human visual system (HVS) or the human audio
system (HAS). The embedded information is imperceptible if an average human subject is
unable to distinguish between carriers that do contain hidden information and those that do not.
It is important that the embedding occurs without a significant degradation or loss of perceptual
quality of the cover.
Security
The embedded algorithm is secure if the embedded information is not subject to removal after
being discovered by the attacker and it depends on the total information about the embedded
algorithm and secret key.
There are several approaches in classifying steganographic systems. One could categorize them
according to the type of covers used for secret communication or according to the cover
modifications applied in the embedding process. From the second approach, the steganographic
methods are grouped in six categories, although in some cases an exact classification is not
possible. See Figure 8:
12
Substitutional systems
Basic substitution systems try to encode secret information by substituting insignificant parts of
the cover by secret message bits. The receiver can extract the information if he has knowledge of
the positions where secret information has been embedded. Since only minor modifications are
made in the embedding process, the sender assumes that they will not be noticed by an attacker.
13
There are two ways to encode information in a palette-based image; either the palette or
the image data can be manipulated. The LSB of the color vectors could be used for
information transfer, just like the substitution methods presented. Alternatively, since the
palette does not need to be sorted in anyway, information can be encoded in the way the
colors are stored in the palette.
Transform domain
It has been seen that the substitution and modification techniques are easy ways to embed
information, but they are highly vulnerable to even small modification. An attacker can simply
apply signal processing techniques in order to destroy the secret information. It has been noted in
the development of steganographic systems that embedding information in the frequency domain
of a signal can be much more robust than embedding rules operating in the time domain.
Transformation domain methods hide message in a significant area of the cover image which
makes them more robust to attack, such as adding noise, compression, cropping some image
processing. Many transform domain variations exist. One method is to use the Discrete Cosine
Transformation (DCT) as a vehicle to embed information in image. Another method would be
the use of wavelet transforms. Transforms embedding embeds a message by modification
(selected) transform (e.g.,frequency) coefficient of the cover message
(3)We point out this technique as an example for spread spectrum data-hiding methods. Spread
spectrum techniques are now widely used in military radio communications, due to their very
high robustness to detection and extraction. SSIS is a quite mature process, and its aim is to
achieve low detectability, ease of extraction, high data rate and good robustness to removal. It is
based on spread spectrum techniques, but it enhances them by adding other encoding steps,
acquiring better performance. The core of SSIS is a spread spectrum encoder. These devices
work by modulating a narrow band signal over a carrier. The carrier's frequency is continually
shifted using a pseudorandom noise generator fed with a secret key. In this way the spectral
energy of the signal is spread over a wide band, thus decreasing its density, usually under the
noise level. To extract the embedded message, the receiver must use the same key and noise
generator to tune on the right frequencies and demodulate the original signal. A casual observer
14
won't be able even to detect the hidden communication, since it is under the noise level. The
SSIS encoder adds more steps in order to push spread spectrum to its limits:
2. The data stream passes through a Low-Rate ECC (Error Correction Code) encoder, to
acquire better robustness against destruction attacks and unwanted noise, becoming c.
3. Spread spectrum modulation, using a pseudorandom noise generator fed with key2, and
get s
6. A quantization process is used to preserve the initial dynamic range of the cover image.
We'll call it still g
We assume that the stego-image is sent through a noisy channel to the receiver and will
become g'
1. It gets an optimal approximation f' of the original image f using image restoration
techniques
2. f' is subtracted from the stego-image g' to reveal an estimate of the embedded data i'.
3. i' is fed into a keyed de inter leaver, that uses key3 to construct an approximation of the
hidden signal, s'.
4. s' is demodulated with key2 to get an estimate of the encoded message, c'
6. if m was encrypted, then e' is decrypted with key1 and this will give m'
The data rate for this technique can be fairly high, but it depends on the choices made for the
different parameters of the encoding. We can assume that the message will be compressed before
15
embedding to allow for a higher capacity. The ECC encoder instead is going to insert redundant
data into the stream to be able to correct the errors. The more errors we want to correct, the more
bits will be added. Then, we have a tradeoff between good retrieval and capacity. If we can allow
for small glitches in the recovered message, then we can use a weaker encoding.
Moreover, the more data we want to insert in the image, the more noise we are going to add to it.
Then, if our cover is not noisy, we will be able to hide very little data, while if we choose a noisy
one, its capacity will be higher.
Robustness: Spread spectrum techniques are usually quite robust. Every transformation
that adds noise to the image isn't able to destroy the message. Anyway, a determined
attacker can quite easily compromise the embedded data using some digital processing,
like for example noise reduction filters, the same that are used in decoding to estimate the
original cover.
Ease of detection/extraction: Spread spectrum encoding is widely used in military
communications for its robustness against detection. An attacker can't usually even know
if the message was embedded, and anyway it will be very hard for him to extract it
without knowing the right key2 and key3.
Suitability for steganography or watermarking: Due to its fairly high capacity and low
ease of detection and extraction, SISS is very good for steganography.
Statistical method
Statistical methods use a so called a “1 bit” steganographic scheme. This scheme embeds one
bit of information in a digital carrier. This is accomplished by modifying the cover in such a way
that certain statistical characteristics change significantly if “1” is transmitted. If a cover is left
unchanged then it indicates a “0”. The receiver must be able to distinguish between modified and
unmodified covers in order to receive the secret message.
Assuming m is the secret message and l(m) is the length of the message in bits. A cover is
divided into l(m) disjoint blocks B1,…….,B l(m) . A secret bit mi is inserted into the i th block by
16
placing a “1” into Bi if mi = 1 , otherwise the block is left unchanged. The detection of a specific
bit is done via a test function that distinguishes between modified and unmodified blocks,
The receiver successively applies f to all cover blocks to restore the secret message.
Distortions techniques
Distortion techniques require the knowledge of original cover in the decoding process. The
sender applies a series of modifications to a cover in order to get the stegano object. The
sequence of modifications corresponds to a specific secret message the sender wants to transmit.
The recipient measures the differences to the original cover in order to reconstruct the sequence
of modifications and this corresponds to the secret message. A flaw in this system is that the
receiver must have access to the original covers. If an eavesdropper has access to them, she can
easily detect the cover modifications and has evidence for a secret communication. An
assumption therefore is that the original covers have been distributed through a secret channel.
Text based hiding methods are of distortion type. A technique for text distortion is
modulating the position of lines and words. Adding spaces and “invisible” characters to text
provides a method to pass hidden information. HTML files could be used for including extra
spaces, tabs and line breaks. These are ignored by web browsers and they go unnoticed until the
source of the web page is revealed.
17
enhanced by the application of context free grammars. Context Free Grammars explain the rules
of constructing sentences in languages from different parts of speech. Context Free Grammar can
be used to create grammatically correct English text to hide messages. Spam mimici provides a
good example of a cover generation method.
STEGANOGRAPHY IN APPLICATION
Media type
Based on the weakness of the human visual systems (HVS) and the human audio systems (HAS),
most steganographical tools take advantages of this weakness and embeds secrete messages
within media files.
Error! Reference source not found. is a chart of different media used in steganography and the
umber of the percentage of all the tools used in any particular media.
Encryption
Encrypting a stega-media is in most cases is an option but it helps to improve the authenticity
and security of the steganographical scheme. (4) In fact, 71 % of the analyzed steganographic
tools feature the use of a cryptographic key for the encryption of the message before the
embedding process. Encryption can increase the security level of the hiding procedure, e.g. by
preventing the comprehension of the message content if the embedding is discovered and/or by
creating a uniformly distributed secret message out of any original secret message.
18
Figure 9: table of percentage of medias tools used for steganography
Analysis shows that one of the more commonly used algorithms is Blowfish. In fact a number of
15 investigated tools use this encryption scheme. The DES algorithm is the second most
frequently used cryptographic function. Finally, self-constructed algorithms without published
source code infringe Kerckhoffs‟ law. They are provided by small developer groups only who
generally cannot ensure their security whereas open source algorithms (e.g. Blowfish, DES, etc.)
are (usually) more secure than self-constructed ones because open source is reviewed by much
more people. In addition, the standardized encryption schemes such as AES experienced no
severe attack.
Embedding
Steganography encompasses methods of transmitting secret messages in such a manner that the
existence of the embedded message is undetectable. The analyzed software tools provide a
variety of information-hiding techniques. Among these, most methods are employed depending
19
upon characteristics specific to a carrier type or format while other methods may work without
relying on a specific file format.
The following is a list of some of the most commonly employed message embedding techniques
In this technique the message is hidden within a plain text file using different schemes like use of
selected characters, extra while spaces of the cover text etc.
20
Figure 10: spammic converts message into spam
Numerous methods exist for hiding information in audio, images, and video. Some common
embedding techniques range from least significant bit (LSB) manipulation over masking and
filtering to applying more sophisticated image or audio processing algorithms and
transformations. Each of these approaches can be developed with varying degrees of success for
different file formats.
LSB methods insert the embedding data in the carrier byte stream, substituting insignificant
information in a carrier file with secret data. Some tools utilize two least significant bits or even
more to hide a message.
In general there are two types of LSB embedding which apply to images:
21
o matrix encoding
LSB embedding in palette images
o change color index to similar palette entry (e.g. EzStego)
o change palette entry
The LSB manipulation concept can also be applied to audio. The least significant bit of
information at each audio sampling point is replaced with a bit from the hidden message. This
method introduces significant noise into the audio file.
LSB manipulation is a quick and easy way to hide information but is vulnerable to small changes
resulting from file processing or lossy compression. Masking methods such as hiding secret
messages into higher-order bits with simultaneous decrease of luminance or volume are more
robust than LSB insertion in respect of compressing, cropping, and some image or audio
processing. These techniques allow embedding in more significant areas in order to integrate a
hidden message further into the cover file.
Another technique for hiding data into image or multimedia files is called appending which
means that the secret data is added after the very last byte of the carrier file.
The carrier file size could increase up to the sum of the size of the original carrier file and the
secret file yet the size will change with a very high probability. This method is very simple and
very easy to detect because the secret message will be added in plain form. Furthermore, the
probability of detecting the secret message increases if the steganographic tool uses such
embedding techniques as inserting in junk or comment fields in the header of the file structure.
On the one hand the hidden data congregates at the same place and on the other hand the file
header is rather vulnerable for steganalysis.
The common technique for hiding data in program files is appending the data at the end of the
carrier file as practiced with image, audio, and video files. Another possibility is stashing a secret
message by transforming program instructions. This technique substitutes an instruction by an
equivalent which represents the bit(s) of the secret data. A simple example: “add %eax, 50” can
be substituted by “sub %eax, -50”.
22
Embedding data into archive files
There is only one example among the investigated software which uses archive files (gzip-files)
as carrier medium. It embeds the secret data during the compression process through overwriting
the least significant bits.
The embedding process in network protocols takes place via manipulation of unused spaces and
other features of the packet header.
Steganographic covert channels based on modification of network protocol header values are
best understood by considering a scenario with three actors; in keeping with the existing
literature, we shall call them Alice, Bob and Walter. Alice can make arbitrary modifications to
network packets originating from a machine within Walter‟s network. She wants to leak a
message to Bob, who can only monitor packets at the egress points of this network. Alice aims to
hide the message from Walter, who can see (but not modify) any packet leaving his network. In a
practical instantiation of this problem, Alice and Bob may well be the same person. Consider a
machine to which an attacker has unrestricted access for only a short amount of time, and which
lies within a closely monitored network. The attacker installs a key logger on the machine, and
wishes to leak passwords to himself in such a way that the owner of the network does not
observe that anything untoward is happening. Alice can choose which layer of the protocol stack
she wishes to hide her message in. Each layer has its own characteristics, which indicate the
scenarios in which it can best be used. In, the potential for embedding at all layers of the OSI
model is discussed.
At the bottom of the stack, in the Physical and Data-Link layers (e.g. Ethernet), there is some
opportunity for embedding data. However, it requires low level control of the hardware, which
Alice may find difficult to obtain. Also, if she chooses to signal to Bob at this layer, her
messages will be stripped out if they reach a device that connects networks at a higher layer (e.g.
an IP router). This requires Bob to be on the same LAN. Alice might also choose to embed data
at the Presentation or Application layers of the network stack (e.g. in Telnet or HTTP/FTP
traffic). If, however, she only has brief access to the machine from which she is leaking data, she
needs to anticipate which applications are likely to be used on it; she can then modify them to
carry her messages in the traffic they generate. Similarly, the format of files sent over HTTP or
23
FTP (such as JPEG or PDF) may also be viewed as protocols in which steganographic data can
be embedded. These provide Alice with a high-bandwidth channel, but only if she is confident of
being able to modify these files without arousing suspicion. The only remaining layers to
consider in the OSI model are Network, Transport and Session. TCP and IP fall within these
layers, and are common to the vast majority of Internet applications. A message embedded in
these protocols has the advantage that it will survive unchanged on its journey out of Walter‟s
network.
STEGANALYSIS TECHNIQUES
In the cryptanalysis it is clear that the intercepted message is encrypted and it certainly contains
the hidden message because the message is scrambled. But in the case of steganalysis this may
not be true. The suspended media may or may not be with hidden message. The steganalysis
process starts with a set of suspected information streams. Then the set is reduced with the help
of advance statistical methods.
The properties of electronic media are being changed after hiding any object into that. This can
result in the form of degradation in terms of quality or unusual characteristics of the media:
steganalysis techniques based on unusual pattern in the media or visual detection of the same.
For example in the case of Network Steganography unusual patterns are introduced in the
TCP/IP packet header. If the packet analysis technique of Intrusion Detection Sytem of a
network is based on white list pattern (unusual pattern), then this method of network
steganography can be defeated.
In the case of Visual detection steganalysis technique a set of stego images are compared with
original cover images and not the visible difference. Signature of the hidden message can be
derived by comparing numerous images. Cropping or padding of image also is a visual clue of
hidden message because some stego tool is cropping or padding blank spaces to fit the stego
image into fixed size. Difference in file size between cover image and stego images, increase or
24
decrease of unique colors in stego images can also be used in the Visual Detection steganalysis
technique.
STEGANOGRAPHY ATTACKS
Steganographic attacks consist of detecting, extracting and destroying hidden object of the stego
media. Steganography attack is followed by steganalysis. There are several types of attacks
based on the information available for analysis. Some of them are as follows:
known carrier attack: the original cover media and stego media both are available for
analysis
steganography only attack: In this type of attacks, only stego media is available for
analysis.
Known message attack: the hidden message is known in this case.
Known steganography attack: The cover media, stego media as well as the steganography
tool or algorithm are known.
The advantage of steganography, over cryptography alone, is that messages do not attract
attention to themselves. Plainly visible encrypted messages-no matter how unbreakable-will
arouse suspicion, and may in them be incriminating in countries where encryption is illegal.
Therefore, whereas cryptography protects the contents of a message, steganography can be said
to protect both messages and communicating parties. However, it can also pose serious problems
because it's difficult to detect. Network surveillance and monitoring systems will not flag
messages or files that contain steganographic data. Therefore, if someone attempted to steal
confidential data, they could conceal it within another file and send it in an innocent looking
email.
Steganography is applicable to, but not limited to, the following areas.
25
Confidential communication and secret data storing
Protection of data alteration
Access control system for digital content distribution
Media Database systems
The "secrecy" of the embedded data is essential in this area. Steganography provides us with:
We take advantage of the fragility of the embedded data in this application area. The embedded
data can rather be fragile than be very robust. Actually, embedded data are fragile in most
steganography programs. However, this fragility opens a new direction toward an information-
alteration protective system such as a “Digital Certificate Document System.” The most novel
point among others in that “no authentication bureau is needed.” If it is implemented, people can
send their “digital certificate data” to any place in the world through internet. No one can forge,
alter, nor tamper such certificate data. If forged, altered, or tampered, it is easily detected by the
extraction program
In this area embedded data is "hidden", but is "explained" to publicize the content. Today, digital
contents are getting more and more commonly distributed by Internet than ever before. For
example, music companies release new albums on their Webpage in a free or charged manner.
However, in this case, all the contents are equally distributed to the people who accessed the
page. So, an ordinary Web distribution scheme is not suited for a "case-by-case" and "selective"
distribution. Of course it is always possible to attach digital content to e-mail messages and send
to the customers. But it will take a lot of cost in time and labor. If you have some valuable
content, which you think it is okay to provide others if they really need it, and if it is possible to
26
upload such content on the Web in some covert manner. And if you can issue a special "access
key" to extract the content selectively, you will be very happy about it. A steganographic scheme
can help realize this type of system. We have developed a prototype of an "Access Control
System" for digital content distribution through Internet. The following steps explain the scheme.
A content owner classify his/her digital contents in a folder-by-folder manner, and embed
the whole folders in some large vessel according to a steganographic method using folder
access keys, and upload the embedded vessel (stego-data) on his/her own Webpage.
On that Webpage the owner explains the contents in depth and publicize worldwide. The
contact information to the owner (post mail address, e-mail address, phone number, etc.)
will be posted there.
The owner may receive an access-request from a customer who watched that Webpage.
In that case, the owner may (or may not) creates an access key and provide it to the
customer (free or charged). In this mechanism the most important point is, a “selective
extraction” is possible or not.
In this application area of steganography secrecy is not important, but unifying two types of data
into one is the most important. Media data (photo picture, movie, music, etc.) have some
association with other information. A photo picture, for instance, may have the following.
Formerly, these are annotated beside the each picture in the album. Recently, almost all cameras
are digitalized. They are cheap in price, easy to use, quick to shoot. They eventually made people
feel reluctant to work on annotating each picture. Now, most homes PC's are stuck with the huge
amount of photo files. In this situation it is very hard to find a specific shot in the piles of
pictures. A “photo album software" may help a little. You can sort the pictures and put a couple
of annotation words to each photo. When you want to find a specific picture, you can make a
search by keywords for the target picture. However, the annotation data in such software are not
unified with the target pictures. Each annotation only has a link to the picture. Therefore, when
you transfer the pictures to different album software, all the annotation data are lost. This
27
problem is technically referred to as "Metadata (e.g., annotation data) in a media database system
(a photo album software) are separated from the media data (photo data) in the database
managing system (DBMS)." This is a big problem. Steganography can solve this problem
because a steganography program unifies two types of data into one by way of embedding
operation. So, metadata can easily be transferred from one system to another without hitch.
Specifically, you can embed all your good/bad memory (of your sight-seeing trip) in each snap
shot of the digital photo. You can either send the embedded picture to your friend to extract your
memory on his/her PC, or you may keep it silent in your own PC to enjoy extracting the memory
ten years after. If a "motion picture steganography system" has been developed in the near
future, a keyword based movie-scene retrieving system will be implemented. It will be a step to a
"semantic movie retrieval system."
THREATS OF STEGANOGRAPHY
Digital steganography, as stated before, is just a series of methods which hides information and
files from view into other files and can have many beneficial and secure properties such as
watermarking photographs to deter art theft, keeping sensitive data secure in innocuous files in
case of unauthorized access or data theft, etc. But as any other tool in the world, intentionally
and unintentionally, people may use this difficulty of detection in not such secure ways.
This was a real Google Ad last year. You may think that no one in his right state of mind would
click this advert. But they do. Fortunately, this was only an experiment by Mikko Hypponen,
who is Chief Research Officer at security firm F-Secure and only leads to a “Thank You” html
page. During the six month period that this ad was online, 409 people either by mistake, out of
curiosity or stupidity thought it was a good idea to click the link to “see what happens”. This
experiment was mentioned to show how some users willingly download viruses even if it says
“Clicking this link will format your hard disk but you will see a dancing pig” let alone if the
virus is hidden in an innocent attachment sent (seemingly) from a co-worker or a friend.
(Anyone involved in computer security will know of the “Dancing pig problem”). The most
28
common misuse of steganography is the hiding of malware into seemingly safe files such as
pictures, audio and email attachments. This method is used to hide any type of malware ranging
from viruses to worms from spyware to Trojans.
One of the simplest ways to hide malware is to use double extensions. A file would be named for
example as “cutekitten.jpg.exe”. When this is clicked, Windows will look only at the last part of
the extension and therefore treats it as an executable. For an unprotected computer this method is
particularly effective as this can be received as an attachment and, by default, Windows hides the
last extensions of its files and therefore this is shown as a jpg file and can be overlooked and
executed. An example was the Anna Kournikova virus which was sent via email as an
attachment “AnnaKournikova.jpg.vbs”. A similar technique is with URL links. These may be
fashioned to show that they are directed to a jpg, mp3 etc but when clicked, the user is redirected
to an executable.
Macros embedded in Microsoft documents also fall under the steganography cap. These mini-
programs are executed as soon as one opens the document and mostly spread by copying the
email addresses in the address book and sending itself automatically by email. The Melissa virus
is a famous example of this; it had a null payload but its damage came in the form of email
servers congestion due to its high rate of spread.
As stated before, text can be embedded in pictures. This may take the form of malicious code.
Though harmless on its own, it can have a companion malware process which loads the program
from the carrier picture. The main advantage is that in some systems, picture files are not
scanned and the companion process will not have a virus signature.
Ransom wares
While in the previous cases steganography was used to hide the malware to infect the system, it
can also be used maliciously in reverse. A virus may be programmed to “hide” a user‟s important
documents or files inside a file and ask for ransom for the password that will be used to decrypt
the data back to its original state (hopefully). A macro famous for this was a variant of the
Melissa virus mentioned before called Melissa.V. This macro made a backup of documents and
destroyed random parts of the original. Then it requested a ransom of $100 to be transferred to
29
an offshore account. Fortunately the owner of the account was tracked down and it was
discovered that the macro wrote information in the Windows registry and with this, the
documents could be retrieved.
Another dangerous application to steganography involves malevolent users of the system whose
intent is to transfer or steal sensitive information or files. This can very easily be done with “Text
in media files” or the “Files archive in pictures” methods mentioned previously in this article.
Hi,
IP: 123.123.123.123
Username: Administrator
Password: 1a2s3d4f
Take all important information and crash it. Then we will ask for ransom.
30
CONCLUSION
Steganography transmits secrets through apparently innocuous covers in an effort to conceal the
existence of a secret. Digital image steganography and its derivatives are growing in use and
application. In areas where cryptography and strong encryption are being outlawed, citizens are
looking at steganography to circumvent such policies and pass messages covertly. As with the
other great innovations of the digital age: the battle between cryptographers and cryptanalysis,
security experts and hackers, record companies and pirates, steganography and Steganalysis will
continually develop new techniques to counter each other.
In the near future, the most important use of steganographic techniques will probably be lying in
the field of digital watermarking. Content providers are eager to protect their copyrighted works
against illegal distribution and digital watermarks provide a way of tracking the owners of these
materials. Steganography might also become limited under laws, since governments already
claimed that criminals use these techniques to communicate. The possible use of steganography
technique is as following:
31
REFERENCES
2. Steganography: Past, Present and Future. JUDGE, JAMES C. 2015, SANS INSTITUTE,
pp. 2-5.
9. Dunbar, Bret. A Detailed look at Steganographic Techniques and their use in an Open-
Systems Environment. SANS Institute. 2002.
10. Steganography- A Data Hiding Technique. Kumar, Arvind and Pooja, Km. 7, Meerut :
International Journal of Computer Applications, 2010, Vol. IX. 0975 – 8887.
32
11. Steganography and Steganalysis: Different Approaches. Das, Soumyendu, et al., et al.
Kolkata : s.n.
12. Analysis and Implementation of Distinct Steganographic Methods. TATAR, Ünal and
MATARACIOĞLU, Tolga. Ankara : TÜBİTAK UEKAE, Department of Information Systems
Security.
13. Katzenbeisser, Stefan and Petitcolas, Fabien A. P. Information Hiding Techniques for
Steganography and Digital Watermarking. Norwood : ARTECH HOUSE, INC, 2000. 1-58053-
035-4.
14. Steganography: Past, Present, Future. Judge, James C. s.l. : SANS Institute, 2001.
33