THE UNIVERSITY OF DODOMA

COLLEGE OF INFORMATICS AND VIRTUAL EDUCATION

DEPARTMENT OF COMPUTER SCIENCE

MASTER OF SCIENCE IN COMPUTER SCIENCE

COURSE CODE: IT 601

COURSE NAME: COMPUTER NETWORKS AND INFORMATION SECURITY

GROUP PARTICIPANTS

NAME REGISTRATION NO.

BAKARI SAIDI SHEGHEMBE HD/UDOM/211/T.2014
BUJAH GABRIEL FRANCIS HD/UDOM/120/T.2014
CLEVERENCE KOMBE HD/UDOM/094/T.2014
CHARLES MKOTA CHILUMATE HD/UDOM/308/T.2014

INSTRUCTOR NAME: Dr. S. I. Mrutu

GROUP ASSIGNMENT: STEGANOGRAPHY

SUBMISSION DATE: 24th April 2015

TABLE OF CONTENTS
LIST OF FIGURES ........................................................................................................................iii
ABBREVIATION .......................................................................................................................... iv
INTRODUCTION ........................................................................................................................... 1
Brief Overview ............................................................................................................................ 1
Brief History of Steganography .................................................................................................. 1
Past: ......................................................................................................................................... 1
More Recent History ............................................................................................................... 3
Modern Day Application of Steganography ........................................................................... 4
STEGANOGRAPHY TECHNIQUES ............................................................................................ 7
TYPES OF STEGANOGRAPHIC TECHNIQUES ................................................................... 7
Pure Steganography................................................................................................................. 7
Secret Key Steganography ...................................................................................................... 8
Public Key Steganography ...................................................................................................... 9
CHARACTERISTICS OF STEGANOGRAPHY .................................................................... 11
Capacity ................................................................................................................................. 11
Robustness ............................................................................................................................. 11
Undectetable .......................................................................................................................... 11
Invisibility (perceptual transparency).................................................................................... 12
Security.................................................................................................................................. 12
CLASSIFICATION OF STEGANOGRAPHICAL TECHNIQUES ........................................ 12
Substitutional systems ........................................................................................................... 13
Transform domain ................................................................................................................. 14
Spread spectrum technique.................................................................................................... 14
Statistical method .................................................................................................................. 16
Distortions techniques ........................................................................................................... 17
Cover generating methods ..................................................................................................... 17
STEGANOGRAPHY IN APPLICATION ................................................................................... 18
Media type ................................................................................................................................. 18
Encryption ................................................................................................................................. 18
Embedding ................................................................................................................................ 19
Embedding data into text....................................................................................................... 20

i
 Embedding data into images, audio and video ...................................................................... 21
Embedding data into program files ....................................................................................... 22
Embedding data into archive files ......................................................................................... 23
Embedding data into network protocols................................................................................ 23
STEGANALYSIS TECHNIQUES ............................................................................................... 24
STEGANOGRAPHY ATTACKS ............................................................................................ 25
ADVANTAGES AND DISADVANTAGES ............................................................................... 25
ADVANTAGES OF STEGANOGRAPHY OVER CRYPTOGRAPHY ................................ 25
Confidential communication and secret data storing ............................................................ 26
Protection of data alteration .................................................................................................. 26
Access control system for digital content distribution .......................................................... 26
Media database systems ........................................................................................................ 27
THREATS OF STEGANOGRAPHY ....................................................................................... 28
Hiding of malware into seemingly safe files ......................................................................... 28
Using of macros in microsoft documents .............................................................................. 29
Ransom wares ....................................................................................................................... 29
Theft of users credentials ...................................................................................................... 30
CONCLUSION ............................................................................................................................. 31
REFERENCES .............................................................................................................................. 32

ii
LIST OF FIGURES
Figure 1: Humming Bird One of the Nazca's Geolyphs.................................................................. 2
Figure 2: Total Images Found at the Nazca Geolyphs .................................................................... 2
Figure 3: 5 x 5 Tap code used by Armed Forces prisoners in Viet Nam ........................................ 4
Figure 4: Pure Steganography ......................................................................................................... 8
Figure 5: Secret Key Steganography ............................................................................................... 9
Figure 6: Public Key Steganography ............................................................................................ 10
Figure 7: characteristics of steganography .................................................................................... 11
Figure 8: classification of steganography methods ....................................................................... 12
Figure 9: table of percentage of medias tools used for steganography ......................................... 19
Figure 10: spammic converts message into spam ......................................................................... 21

iii
ABBREVIATION
LSB Least Significant Bit

DCT Discrete Cosine Transformation

WT Wavelet Transformation

HVS Human Visual Systems

HAS Human Audio Systems

DES Data Encryption Standard

LAN Local Area Network

iv
INTRODUCTION

Brief Overview

(1)Steganography is the art and science of writing messages in such way that the existence of the
communication is hidden. It has been used in various forms for thousands of years. In the
computer era data hiding techniques gain importance and serve security, primarily the
authenticity and integrity of a message in the context of computer-supported communication.

Steganography is often confused with cryptography because the two are similar in the way that
they both are used to protect confidential information. In contrast to cryptography where it is
allowed to detect and intercept messages without being able to violate certain security premises
guaranteed by a cryptosystem the goal of steganography is to hide messages inside other
“harmless” media in a way that prevents anybody even detecting it. A good steganographic
system should fulfill the same requirements posed by “Kirchhoff‟s‟ law” in cryptography.
Kirchhoff‟s law states that a cryptosystem should be secure even if everything about the system,
except the key, is public knowledge. Unfortunately it can also be used for communication among
terrorists and criminals as well as hard core pornography.

Brief History of Steganography

Past:

(2)Johannes Trithemius (1462-1516) has published a series of books named “Steganography: the
art through which writing is hidden requiring recovery by the minds of men”. The book I and
Book II describe the methods to hide messages in writing. Book III is about secret astrology.
Two researchers have discovered that Book III contains some hidden messages. One of those
messages was “the quick brown fox jumps over the lazy dog”.

Mary Queen of Scots used a combination of cryptography and steganography to hide letters. Her
letters were hidden in the bunghole of a beer barrel, which freely passed in and out of her prison.

1
Other uses of steganography weren‟t limited to normal writing materials. One may consider the
huge geoglyphs of the 1Nazca in Peru to be a form of steganography. As seen at Figure 1 and
Figure 2 the geoglyphs are obviously open to view, yet many of the images were not detected
until viewed from the air.

Human vectors include the efforts of Histaiacus in the 5th century BC. Histaiacus shaved the
head of a messenger, wrote a note encouraging Aristagoras of Miletus to revolt against the king
of Persia. After the messenger‟s hair grew back, the messenger was dispatched with the message.
Obviously, this message wasn‟t especially time constrained.

Figure 1: Humming Bird One of the Figure 2: Total Images Found at the Nazca
Nazca's Geolyphs Geolyphs

1
(5)The Nazca Lines /ˈnæzkə/ are a series of ancient geoglyphs located in the Nazca Desert in southern Peru. They
were designated as a UNESCO World Heritage Site in 1994. The high, arid plateau stretches more than 80 km (50
mi) between the towns of Nazca and Palpa on the Pampas de Jumana about 400 km south of Lima. Although some
local geoglyphs resemble Paracas motifs, scholars believe the Nazca Lines were created by the Nazca culture
between 400 and 650 AD.[1] The hundreds of individual figures range in complexity from simple lines to stylized
hummingbirds, spiders, monkeys, fish, sharks, orcas, and lizards. Since the geoglyphs are not visible until when
viewed from the air, that is why even these geoglyphs are termed as one of the arts of steganography

2
In 480 BC a Greek by the name of Demaratus sent a message to the Spartans warning of a
pending invasion by Xerxes. Heroclotus described the method used by Demaratus.

“As the danger of discovery was great, there was only one way in which he could contrive to get
the message through: this was by scraping the wax off a pair of wooden folding tablets, writing
on the wood underneath what Xerxes intended to do, and then covering the message over with
the wax again. In this way the tablets, being apparently blank, would cause no trouble with the
guards along the road….”

More Recent History

In more recent history, several stenographic methods were used during World War II. Microdots
developed by the Nazis are essentially microfilm chips created at high magnification (usually
over 200X). These microfilm chips are the size of periods on a standard typewriter. These dots
could contain pages of information, drawings, etc. The Nazis also employed invisible inks and
null ciphers. One of the most noted null cipher messages sent by a Nazi spy follows:

Apparently neutral’s protest is thoroughly discounted and ignored Isman hard hit. Blockade
issue affects pretext for embargo on by-products, ejecting suets and vegetable oils.

Using the second letter from each word, the following message appears:

Pershing sails from NY June I

One steganographic method employed by the United States Marines during WW II, was the use
of Navajo “code talkers.” While the code talkers employed a simplistic cryptographic technique,
the messages were sent in clear text.

Another example of steganography involves the use of the Cardano grill. This device, named
after its inventor Girolama Cardano, can be as simple as a piece of paper with holes cut in it.
When the grill is laid over printed text, the intended message can be retrieved. In techniques
related to the Cardano grill, classical steganography techniques include pin punctures in text (e.g.
newspapers), and overwriting printed text with pencil.

There is evidence that prior to the Civil War, there was a method of providing secret messages to
slaves to aid in their escape. By using various patterns in quilts, which were commonly hung

3
from windowsills to dry, messages were passed to slaves guiding them in their quest for
freedom. An example of one such quit pattern is the Bear Paw symbol.

More recent uses of stenographic techniques involved a photograph of the captured crew of the
U.S.S. Pueblo where the crewmembers spelled the word “snow job” using various hand
positions. Finally, during the Viet Nam era, there were instances where captured members of the
U.S. Armed Forces would use various hand gestures during photo ops, often only to have these
gestures airbrushed out by the media.

Other techniques employed were using the eyelids to blink words in Morse code (such as
torture). Prisoners of the infamous Hanoi Hilton used a “tap code” to communicate with each
other. The code was based on a five by five matrix with each letter being assigned a tap sequence
based on this matrix. Spaces (pauses) between characters were twice as long as the spaces in that
letters code

Figure 3: 5 x 5 Tap code used by Armed Forces prisoners in Viet Nam

Modern Day Application of Steganography

Currently, the emphasis has been on various forms of digital steganography. Commonly there are
a number of digital technologies that the community is concerned with, namely text files, still
images, movie images, and audio. There are two primary groups “Image Domain tools
encompass bit-wise methods that apply least significant bit (LSB) insertion and noise
manipulation. The transform domain group of tools includes those that involve manipulation of

4
algorithms and image transforms such as discrete cosine transformation (DCT) and wavelet
transformation.

After the events of September 11, 2001, there was immediate concern voiced regarding the
possible use of steganography by the al Qaeda network. Initially, there were reports that hidden
messages might be located in images located on XXX rated sex web sites. Following up on this,
a group at the University of Michigan began scanning images located on various sites such as
eBay auctions. After scanning over two millions images, the researchers reported back that they
had not found any suspect images. The article in USA Today didn‟t indicate if the researchers
actually scanned any images located on XXX web sites. Beyond the concerns of hidden
messages in images, there has been additional concern voiced regarding the television broadcast
of bin Laden. Remembering that steganography is hardly the sole property of digital technology,
there is the possibility that there could have been hidden messages in the audio portion of the
broadcasts, or even in the background of the televised images.

Are terrorist organizations hiding information using steganographic technology? At this point,
there doesn‟t seem to be any conclusive evidence, at least available to the general public.

Other interests who are making use of steganographic techniques are involved in the application
of digital watermarks. Using a variety of techniques, images, music, movies can be imprinted
with digital watermarks. Watermarks are available in several configurations: fragile vs. robust,
visible vs. invisible, and private vs. public. Fragile watermarks are those that are easily destroyed
by image manipulation, and find utilization in image authentication systems.

Although we are currently more interested in digital steganography, other forms of

steganography are currently in use today, primarily in physical security measures. The venerable
microdots pioneered by the Nazis are currently being marketed as a simple technique that can be
used to mark equipment. Equipment marked with microdots aids in identification in the case of
theft. There are a number of firms producing microdots for this purpose.

Another steganographic technique involves the use of subliminal suggestion. While in the
1950‟s, the American public was obsessed with subliminal messages being show on theater
screens (e.g. “go to the snack bar”), there was significant research being done by the Central
Intelligence Agency (CIA). Subliminal suggestions may range from advertisements (either

5
blatant suggestion, to images/messages perceived by various groups as having a particular
meaning) to modern subliminal suggestion programs such as those available from Inner Talk.

While not classified as a steganographic technique, the potential for hiding information in Photo
Tiled pictures is a possibility.

While this application provides some striking examples of manipulation of collections of

photographs to create an entirely new picture, one could always argue that there is the possibility
that hidden information could be contained in the output.

Another digital format that may escape notice is the venerable animated GIF format. Normal
steganalysis of GIF formats wouldn‟t necessarily indicate any hidden messages while it would be
trivial to hide a message using this format.

Without going into detail, other areas that could conceivably be employed to hide messages are:

 Holography technology
 Infrared (e.g. programmable IR hand controls for computers)
 Pagers
 Colored glasses that filter all but intended wavelengths to make hidden messages visible
 Ink, magnetic, thermo chromic, photochromic
 DNA message hiding
 Jargon speak

 HTML code

6
STEGANOGRAPHY TECHNIQUES

TYPES OF STEGANOGRAPHIC TECHNIQUES

There are basically three steganographic techniques based on whether it uses cryptographic
techniques or not, and if it does how whether it employs symmetric key encryption method or
asymmetric key encryption. These three techniques includes:

 Pure steganography
 Secret key steganography
 Public key steganography

Pure Steganography

Pure steganography is a steganography system that doesn't require prior exchange of some secret
information before sending message. Therefore, no information is required to start the
communication process; the security of the system thus depends entirely on its secrecy.

The pure steganography can be defined as the quadruple(C, M, D, and E) where:

 C: the set of possible covers.

 M: the set of secret message with |C|≥|M|.
 E: C×M→C the embedding function.
 D:C→M of the extraction function with the property that
D (E(c, m)) = m for all m Є M and c Є C

7
Figure 4: Pure Steganography

Secret Key Steganography

A secret key steganography system is similar to a symmetric cipher, where the sender chooses a
cover and embeds the secret message into the cover using a secret key. If the secret key used in
the embedding process is known to the receiver, he can reverse the process and extract the secret
message. Anyone who doesn't know the secret key should not be able to obtain evidence of the
encoded information.

The secret key steganography can be defined as the quintuple (C, M, K, DK, and EK) where:

 C: the set of possible covers.

 M: the set of secret message.
 K: the set of secret keys.
 Ek : C ×M×K→C
With the property that DK (EK(c, m, k), k) = m for all m Є M, c Є C and k Є K

8
Figure 5: Secret Key Steganography

Public Key Steganography

Public key steganography does not depend on the exchange of a secret key. It requires two keys,
one of them private (secret) and the other public: the public key is stored in a public database;
whereas the public key is used in the embedding process. The secret key is used to reconstruct
the secret message. One way to build a public key steganography system is to use a public key
crypto system. The sender and the receiver can exchange public keys of some public key
cryptography algorithm before imprisonment. Public key steganography utilizes the fact that the
decoding function in a steganography system can be applied to any cover, whether or not it
already contains a secret message. The public key steganography relies on the fact that encrypted
information is random enough to hide in plain sight.

The sender encrypts the information with the receiver's public key to obtain a random-looking
massage and embeds it in a channel known to the receiver, there by replacing some of the natural
randomness with which every communication process is accompanied.

Assume that both the cryptographic algorithms and the embedding functions are publicly known.
The receiver who cannot decide a priori if secret information is transmitted in a specific cover

9
will suspect the arrival of message and will simply try to extract and decrypt it using his private
key. If the cover actually contained information, the decryption information is the sender's
message.

Figure 6: Public Key Steganography

Generally it is assumed that the sender wishes to send via steganographic transmission, a
message to a receiver.

 The sender starts with a cover message, which is an input to the stego-system, in which
the embedded message will be hidden. The hidden message is called the embedded
message.
 A steganographic algorithm combines the cover message with the embedded message,
which is something to be hidden in the cover.
 The algorithm may, or may not, use a steganographic key (stegokey), which is additional
secret data that may be needed in the hidden process.
 The same key (or related one) is usually needed to extract the embedded message again.
The output of the steganographic algorithm is the stego-message.
 The cover message and stego-message must be of the same data type, but the embedded
message may be of another data type.
 The receiver reverses the embedding process to extract the embedded message

10
CHARACTERISTICS OF STEGANOGRAPHY

Figure 7: characteristics of steganography

Steganographic techniques embed a message inside a cover. Various features characterize the
strength and weaknesses of the methods. The relative importance of each feature depends on the
application.

Capacity

The notion of capacity in data hiding indicates the total number of bits hidden and successfully
recovered by the stegosystem.

Robustness

Robustness refers to the ability of the embedded data to remain intact if the stego-system
undergoes transformation, such as linear and non-linear filtering; addition of random noise; and
scaling, rotation, and loose compression.

Undectetable

The embedded algorithm is undetectable if the image with the embedded message is consistent
with a model of the source from which images are drawn. For example, if a steganography
method uses the noise component of digital images to embed a secret message, it should do so
while not making statistical changes to the noise in the carrier. Un-detectability is directly
affected by the size of the secret message and the format of the content of the cover image.

11
Invisibility (perceptual transparency)

This concept is based on the properties of the human visual system (HVS) or the human audio
system (HAS). The embedded information is imperceptible if an average human subject is
unable to distinguish between carriers that do contain hidden information and those that do not.
It is important that the embedding occurs without a significant degradation or loss of perceptual
quality of the cover.

Security

The embedded algorithm is secure if the embedded information is not subject to removal after
being discovered by the attacker and it depends on the total information about the embedded
algorithm and secret key.

CLASSIFICATION OF STEGANOGRAPHICAL TECHNIQUES

There are several approaches in classifying steganographic systems. One could categorize them
according to the type of covers used for secret communication or according to the cover
modifications applied in the embedding process. From the second approach, the steganographic
methods are grouped in six categories, although in some cases an exact classification is not
possible. See Figure 8:

Figure 8: classification of steganography methods

12
Substitutional systems

Basic substitution systems try to encode secret information by substituting insignificant parts of
the cover by secret message bits. The receiver can extract the information if he has knowledge of
the positions where secret information has been embedded. Since only minor modifications are
made in the embedding process, the sender assumes that they will not be noticed by an attacker.

1. Least Significant Bit Substitution (LSB).

The embedding process consists of choosing a subset {j1…jl (m)} of cover elements and
performing the substitution operation cji ↔ mi on them, which exchange the LSB of cji
by mi (mi can be either1or0). In the extraction process, the LSB of the selected cover-
element is extracted and lined up to reconstruct the secret message.
2. Pseudorandom Permutation
If all cover bits are accessed in the embedding process, the cover is a random access over,
and the secret message bits can be distributed randomly over the whole cover. This
technique further increases the complexity for the attacker, since it is not guaranteed that
the subsequent message bits are embedded in the same order.
3. Image Downgrading and Cover Channels
Image down grading is a special case of a substitution system in which image acts both as
a secret message and a cover. Given cover-image and secret image of equal dimensions,
the sender exchanges the four least significant bits of the cover gray scale (or color)
values with the four most significant bits of the secret image. The receiver extracts the
four least significant bits out of the stego-image, there by gaining access to the most
significant bits of the stego-image.

4. Cover Regions and Parity Bits

Any nonempty sub set of {c1,……..,c I (c)} is called a cover-region. By dividing the
cover into several disjoint regions, it is possible to store one bit of information in a whole
cover-region rather than in a single element. A parity bit of a region I can be calculated
by:
B(I)==ΣLSB(cj) mod 2 J€I
5. Palette-Based Image

13
 There are two ways to encode information in a palette-based image; either the palette or
the image data can be manipulated. The LSB of the color vectors could be used for
information transfer, just like the substitution methods presented. Alternatively, since the
palette does not need to be sorted in anyway, information can be encoded in the way the
colors are stored in the palette.

Transform domain

It has been seen that the substitution and modification techniques are easy ways to embed
information, but they are highly vulnerable to even small modification. An attacker can simply
apply signal processing techniques in order to destroy the secret information. It has been noted in
the development of steganographic systems that embedding information in the frequency domain
of a signal can be much more robust than embedding rules operating in the time domain.
Transformation domain methods hide message in a significant area of the cover image which
makes them more robust to attack, such as adding noise, compression, cropping some image
processing. Many transform domain variations exist. One method is to use the Discrete Cosine
Transformation (DCT) as a vehicle to embed information in image. Another method would be
the use of wavelet transforms. Transforms embedding embeds a message by modification
(selected) transform (e.g.,frequency) coefficient of the cover message

Spread spectrum technique

(3)We point out this technique as an example for spread spectrum data-hiding methods. Spread
spectrum techniques are now widely used in military radio communications, due to their very
high robustness to detection and extraction. SSIS is a quite mature process, and its aim is to
achieve low detectability, ease of extraction, high data rate and good robustness to removal. It is
based on spread spectrum techniques, but it enhances them by adding other encoding steps,
acquiring better performance. The core of SSIS is a spread spectrum encoder. These devices
work by modulating a narrow band signal over a carrier. The carrier's frequency is continually
shifted using a pseudorandom noise generator fed with a secret key. In this way the spectral
energy of the signal is spread over a wide band, thus decreasing its density, usually under the
noise level. To extract the embedded message, the receiver must use the same key and noise
generator to tune on the right frequencies and demodulate the original signal. A casual observer

14
won't be able even to detect the hidden communication, since it is under the noise level. The
SSIS encoder adds more steps in order to push spread spectrum to its limits:

1. It optionally encrypts the message m to be embedded with key1, getting e

2. The data stream passes through a Low-Rate ECC (Error Correction Code) encoder, to
acquire better robustness against destruction attacks and unwanted noise, becoming c.

3. Spread spectrum modulation, using a pseudorandom noise generator fed with key2, and
get s

4. An inter leaver and spatial spreader processes s using key3 obtaining i

5. The output of the inter leaver is added to the image f, getting g

6. A quantization process is used to preserve the initial dynamic range of the cover image.
We'll call it still g

We assume that the stego-image is sent through a noisy channel to the receiver and will
become g'

The decoding process fairly repeats the same steps backwards:

1. It gets an optimal approximation f' of the original image f using image restoration
techniques

2. f' is subtracted from the stego-image g' to reveal an estimate of the embedded data i'.

3. i' is fed into a keyed de inter leaver, that uses key3 to construct an approximation of the
hidden signal, s'.

4. s' is demodulated with key2 to get an estimate of the encoded message, c'

5. c' is decoded through the low-rate ECC to get e'

6. if m was encrypted, then e' is decrypted with key1 and this will give m'

The data rate for this technique can be fairly high, but it depends on the choices made for the
different parameters of the encoding. We can assume that the message will be compressed before

15
embedding to allow for a higher capacity. The ECC encoder instead is going to insert redundant
data into the stream to be able to correct the errors. The more errors we want to correct, the more
bits will be added. Then, we have a tradeoff between good retrieval and capacity. If we can allow
for small glitches in the recovered message, then we can use a weaker encoding.

Moreover, the more data we want to insert in the image, the more noise we are going to add to it.
Then, if our cover is not noisy, we will be able to hide very little data, while if we choose a noisy
one, its capacity will be higher.

The following is a list of some of the advantages of Spread Spectrum Techniques

 Robustness: Spread spectrum techniques are usually quite robust. Every transformation
that adds noise to the image isn't able to destroy the message. Anyway, a determined
attacker can quite easily compromise the embedded data using some digital processing,
like for example noise reduction filters, the same that are used in decoding to estimate the
original cover.
 Ease of detection/extraction: Spread spectrum encoding is widely used in military
communications for its robustness against detection. An attacker can't usually even know
if the message was embedded, and anyway it will be very hard for him to extract it
without knowing the right key2 and key3.
 Suitability for steganography or watermarking: Due to its fairly high capacity and low
ease of detection and extraction, SISS is very good for steganography.

Statistical method
Statistical methods use a so called a “1 bit” steganographic scheme. This scheme embeds one
bit of information in a digital carrier. This is accomplished by modifying the cover in such a way
that certain statistical characteristics change significantly if “1” is transmitted. If a cover is left
unchanged then it indicates a “0”. The receiver must be able to distinguish between modified and
unmodified covers in order to receive the secret message.

Assuming m is the secret message and l(m) is the length of the message in bits. A cover is
divided into l(m) disjoint blocks B1,…….,B l(m) . A secret bit mi is inserted into the i th block by

16
placing a “1” into Bi if mi = 1 , otherwise the block is left unchanged. The detection of a specific
bit is done via a test function that distinguishes between modified and unmodified blocks,

f(Bi ) = 1 if block (Bi ) was modified and = 0 if it was not

The receiver successively applies f to all cover blocks to restore the secret message.

Distortions techniques
Distortion techniques require the knowledge of original cover in the decoding process. The
sender applies a series of modifications to a cover in order to get the stegano object. The
sequence of modifications corresponds to a specific secret message the sender wants to transmit.
The recipient measures the differences to the original cover in order to reconstruct the sequence
of modifications and this corresponds to the secret message. A flaw in this system is that the
receiver must have access to the original covers. If an eavesdropper has access to them, she can
easily detect the cover modifications and has evidence for a secret communication. An
assumption therefore is that the original covers have been distributed through a secret channel.

Text based hiding methods are of distortion type. A technique for text distortion is
modulating the position of lines and words. Adding spaces and “invisible” characters to text
provides a method to pass hidden information. HTML files could be used for including extra
spaces, tabs and line breaks. These are ignored by web browsers and they go unnoticed until the
source of the web page is revealed.

Cover generating methods

In contrast to systems where secret information is added to a specific cover by applying an
embedding algorithm, cover generation techniques generate a digital object only for the purpose
of being a cover for secret communication. Due to the tremendous volume of information that is
out there, it is impossible for a human to observe all communications around the world. Mimic
functions can be used to hide the identity of a message by changing its statistical profile in such a
way that it matches the profile of an innocent looking text. The English language possesses
several statistical properties. For instance, distribution of characters is not uniform e occurs a lot
more frequently than z. This fact is used in data compression schemes such as Huffman
encoding. A mimic function can be constructed out of Huffman compression functions. These
functions can only fool machines; to a human observer the mimicked text will look completely
meaningless because of grammatical errors. To overcome these limitations mimicry has been

17
enhanced by the application of context free grammars. Context Free Grammars explain the rules
of constructing sentences in languages from different parts of speech. Context Free Grammar can
be used to create grammatically correct English text to hide messages. Spam mimici provides a
good example of a cover generation method.

STEGANOGRAPHY IN APPLICATION

In the context of steganography it is necessary to take a closer look at the choosing of an

appropriate carrier. While in ancient Greece slaves were used to play this role, in present times,
various types of data files have the potential for this function. Therefore file formats can be
assigned to the following domains: text, image, audio, video, and program files.

Media type

Based on the weakness of the human visual systems (HVS) and the human audio systems (HAS),
most steganographical tools take advantages of this weakness and embeds secrete messages
within media files.

Error! Reference source not found. is a chart of different media used in steganography and the
umber of the percentage of all the tools used in any particular media.

Encryption

Encrypting a stega-media is in most cases is an option but it helps to improve the authenticity
and security of the steganographical scheme. (4) In fact, 71 % of the analyzed steganographic
tools feature the use of a cryptographic key for the encryption of the message before the
embedding process. Encryption can increase the security level of the hiding procedure, e.g. by
preventing the comprehension of the message content if the embedding is discovered and/or by
creating a uniformly distributed secret message out of any original secret message.

18
Figure 9: table of percentage of medias tools used for steganography

Analysis shows that one of the more commonly used algorithms is Blowfish. In fact a number of
15 investigated tools use this encryption scheme. The DES algorithm is the second most
frequently used cryptographic function. Finally, self-constructed algorithms without published
source code infringe Kerckhoffs‟ law. They are provided by small developer groups only who
generally cannot ensure their security whereas open source algorithms (e.g. Blowfish, DES, etc.)
are (usually) more secure than self-constructed ones because open source is reviewed by much
more people. In addition, the standardized encryption schemes such as AES experienced no
severe attack.

Embedding

Steganography encompasses methods of transmitting secret messages in such a manner that the
existence of the embedded message is undetectable. The analyzed software tools provide a
variety of information-hiding techniques. Among these, most methods are employed depending

19
upon characteristics specific to a carrier type or format while other methods may work without
relying on a specific file format.

The following is a list of some of the most commonly employed message embedding techniques

Embedding data into text

In this technique the message is hidden within a plain text file using different schemes like use of
selected characters, extra while spaces of the cover text etc.

 Using selected characters of cover Text.

Sender sends a series of integer number (Key) to the recipient with a prior agreement that
the secret message is hidden within the respective position of subsequent words of the
cover text. For example the series „1,1,2,3,4,2,4‟ and the cover text is “A team of five
men joined today”. So the hidden message is “Atfvoa”. A “0” in the number series
indicate a blank space in the recovered message. The word in the received cover text will
be skipped if the number of chatacters in that word is less than the respective number in
the series (Key) which shall also be skipped during the process of message unhide.
 Use of extra white space characters of cover text.
A number of extra blank spaces are inserted between consecutive words of cover text.
These numbers are mapped to a hidden message through an index of a lookup table. For
example extra three spaces between adjacent words indicate the number “3” which
subsequently indicates a specific text of look-up table which is available to the both
communicating parties as a prior agreement
 There are some online tools for doing textual steganography, the most famous is
www.spammic.com which allows its users to encrypt there text messages into any of the
following formats
o Encode as spam with a password
o Encode as spam without a password see
o Encode the message as a fake PGP (Pretty Good Privacy)
o Encode the message as a fake Russian
o Encode the message as a space

20
Figure 10: spammic converts message into spam

Embedding data into images, audio and video

Numerous methods exist for hiding information in audio, images, and video. Some common
embedding techniques range from least significant bit (LSB) manipulation over masking and
filtering to applying more sophisticated image or audio processing algorithms and
transformations. Each of these approaches can be developed with varying degrees of success for
different file formats.

LSB methods insert the embedding data in the carrier byte stream, substituting insignificant
information in a carrier file with secret data. Some tools utilize two least significant bits or even
more to hide a message.

In general there are two types of LSB embedding which apply to images:

 simple LSB embedding in raw images

o change LSB in one up to all three color channels of the pixel or in the frequency
coefficients of a discrete cosine transformation (DCT)
o increment/decrement the pixel value instead of flipping the LSB

21
 o matrix encoding
 LSB embedding in palette images
o change color index to similar palette entry (e.g. EzStego)
o change palette entry

The LSB manipulation concept can also be applied to audio. The least significant bit of
information at each audio sampling point is replaced with a bit from the hidden message. This
method introduces significant noise into the audio file.

LSB manipulation is a quick and easy way to hide information but is vulnerable to small changes
resulting from file processing or lossy compression. Masking methods such as hiding secret
messages into higher-order bits with simultaneous decrease of luminance or volume are more
robust than LSB insertion in respect of compressing, cropping, and some image or audio
processing. These techniques allow embedding in more significant areas in order to integrate a
hidden message further into the cover file.

Another technique for hiding data into image or multimedia files is called appending which
means that the secret data is added after the very last byte of the carrier file.

The carrier file size could increase up to the sum of the size of the original carrier file and the
secret file yet the size will change with a very high probability. This method is very simple and
very easy to detect because the secret message will be added in plain form. Furthermore, the
probability of detecting the secret message increases if the steganographic tool uses such
embedding techniques as inserting in junk or comment fields in the header of the file structure.
On the one hand the hidden data congregates at the same place and on the other hand the file
header is rather vulnerable for steganalysis.

Embedding data into program files

The common technique for hiding data in program files is appending the data at the end of the
carrier file as practiced with image, audio, and video files. Another possibility is stashing a secret
message by transforming program instructions. This technique substitutes an instruction by an
equivalent which represents the bit(s) of the secret data. A simple example: “add %eax, 50” can
be substituted by “sub %eax, -50”.

22
Embedding data into archive files

There is only one example among the investigated software which uses archive files (gzip-files)
as carrier medium. It embeds the secret data during the compression process through overwriting
the least significant bits.

Embedding data into network protocols

The embedding process in network protocols takes place via manipulation of unused spaces and
other features of the packet header.

Steganographic covert channels based on modification of network protocol header values are
best understood by considering a scenario with three actors; in keeping with the existing
literature, we shall call them Alice, Bob and Walter. Alice can make arbitrary modifications to
network packets originating from a machine within Walter‟s network. She wants to leak a
message to Bob, who can only monitor packets at the egress points of this network. Alice aims to
hide the message from Walter, who can see (but not modify) any packet leaving his network. In a
practical instantiation of this problem, Alice and Bob may well be the same person. Consider a
machine to which an attacker has unrestricted access for only a short amount of time, and which
lies within a closely monitored network. The attacker installs a key logger on the machine, and
wishes to leak passwords to himself in such a way that the owner of the network does not
observe that anything untoward is happening. Alice can choose which layer of the protocol stack
she wishes to hide her message in. Each layer has its own characteristics, which indicate the
scenarios in which it can best be used. In, the potential for embedding at all layers of the OSI
model is discussed.

At the bottom of the stack, in the Physical and Data-Link layers (e.g. Ethernet), there is some
opportunity for embedding data. However, it requires low level control of the hardware, which
Alice may find difficult to obtain. Also, if she chooses to signal to Bob at this layer, her
messages will be stripped out if they reach a device that connects networks at a higher layer (e.g.
an IP router). This requires Bob to be on the same LAN. Alice might also choose to embed data
at the Presentation or Application layers of the network stack (e.g. in Telnet or HTTP/FTP
traffic). If, however, she only has brief access to the machine from which she is leaking data, she
needs to anticipate which applications are likely to be used on it; she can then modify them to
carry her messages in the traffic they generate. Similarly, the format of files sent over HTTP or

23
FTP (such as JPEG or PDF) may also be viewed as protocols in which steganographic data can
be embedded. These provide Alice with a high-bandwidth channel, but only if she is confident of
being able to modify these files without arousing suspicion. The only remaining layers to
consider in the OSI model are Network, Transport and Session. TCP and IP fall within these
layers, and are common to the vast majority of Internet applications. A message embedded in
these protocols has the advantage that it will survive unchanged on its journey out of Walter‟s
network.

STEGANALYSIS TECHNIQUES

Steganalysis is the process of identifying steganography by inspecting various parameter of a

stego media. The primary step of this process is to identify a suspected stego media. After that
steganalysis process determines whether that media contains hidden message or not and then try
to recover the message from it.

In the cryptanalysis it is clear that the intercepted message is encrypted and it certainly contains
the hidden message because the message is scrambled. But in the case of steganalysis this may
not be true. The suspended media may or may not be with hidden message. The steganalysis
process starts with a set of suspected information streams. Then the set is reduced with the help
of advance statistical methods.

The properties of electronic media are being changed after hiding any object into that. This can
result in the form of degradation in terms of quality or unusual characteristics of the media:
steganalysis techniques based on unusual pattern in the media or visual detection of the same.

For example in the case of Network Steganography unusual patterns are introduced in the
TCP/IP packet header. If the packet analysis technique of Intrusion Detection Sytem of a
network is based on white list pattern (unusual pattern), then this method of network
steganography can be defeated.

In the case of Visual detection steganalysis technique a set of stego images are compared with
original cover images and not the visible difference. Signature of the hidden message can be
derived by comparing numerous images. Cropping or padding of image also is a visual clue of
hidden message because some stego tool is cropping or padding blank spaces to fit the stego
image into fixed size. Difference in file size between cover image and stego images, increase or

24
decrease of unique colors in stego images can also be used in the Visual Detection steganalysis
technique.

STEGANOGRAPHY ATTACKS

Steganographic attacks consist of detecting, extracting and destroying hidden object of the stego
media. Steganography attack is followed by steganalysis. There are several types of attacks
based on the information available for analysis. Some of them are as follows:

 known carrier attack: the original cover media and stego media both are available for
analysis
 steganography only attack: In this type of attacks, only stego media is available for
analysis.
 Known message attack: the hidden message is known in this case.
 Known steganography attack: The cover media, stego media as well as the steganography
tool or algorithm are known.

ADVANTAGES AND DISADVANTAGES

ADVANTAGES OF STEGANOGRAPHY OVER CRYPTOGRAPHY

The advantage of steganography, over cryptography alone, is that messages do not attract
attention to themselves. Plainly visible encrypted messages-no matter how unbreakable-will
arouse suspicion, and may in them be incriminating in countries where encryption is illegal.
Therefore, whereas cryptography protects the contents of a message, steganography can be said
to protect both messages and communicating parties. However, it can also pose serious problems
because it's difficult to detect. Network surveillance and monitoring systems will not flag
messages or files that contain steganographic data. Therefore, if someone attempted to steal
confidential data, they could conceal it within another file and send it in an innocent looking
email.
Steganography is applicable to, but not limited to, the following areas.

25
  Confidential communication and secret data storing
 Protection of data alteration
 Access control system for digital content distribution
 Media Database systems

Confidential communication and secret data storing

The "secrecy" of the embedded data is essential in this area. Steganography provides us with:

 Potential capability to hide the existence of confidential data

 Hardness of detecting the hidden (i.e., embedded) data
 Enhancing the secrecy of the encrypted data

Protection of data alteration

We take advantage of the fragility of the embedded data in this application area. The embedded
data can rather be fragile than be very robust. Actually, embedded data are fragile in most
steganography programs. However, this fragility opens a new direction toward an information-
alteration protective system such as a “Digital Certificate Document System.” The most novel
point among others in that “no authentication bureau is needed.” If it is implemented, people can
send their “digital certificate data” to any place in the world through internet. No one can forge,
alter, nor tamper such certificate data. If forged, altered, or tampered, it is easily detected by the
extraction program

Access control system for digital content distribution

In this area embedded data is "hidden", but is "explained" to publicize the content. Today, digital
contents are getting more and more commonly distributed by Internet than ever before. For
example, music companies release new albums on their Webpage in a free or charged manner.
However, in this case, all the contents are equally distributed to the people who accessed the
page. So, an ordinary Web distribution scheme is not suited for a "case-by-case" and "selective"
distribution. Of course it is always possible to attach digital content to e-mail messages and send
to the customers. But it will take a lot of cost in time and labor. If you have some valuable
content, which you think it is okay to provide others if they really need it, and if it is possible to

26
upload such content on the Web in some covert manner. And if you can issue a special "access
key" to extract the content selectively, you will be very happy about it. A steganographic scheme
can help realize this type of system. We have developed a prototype of an "Access Control
System" for digital content distribution through Internet. The following steps explain the scheme.

 A content owner classify his/her digital contents in a folder-by-folder manner, and embed
the whole folders in some large vessel according to a steganographic method using folder
access keys, and upload the embedded vessel (stego-data) on his/her own Webpage.
 On that Webpage the owner explains the contents in depth and publicize worldwide. The
contact information to the owner (post mail address, e-mail address, phone number, etc.)
will be posted there.
 The owner may receive an access-request from a customer who watched that Webpage.
In that case, the owner may (or may not) creates an access key and provide it to the
customer (free or charged). In this mechanism the most important point is, a “selective
extraction” is possible or not.

Media database systems

In this application area of steganography secrecy is not important, but unifying two types of data
into one is the most important. Media data (photo picture, movie, music, etc.) have some
association with other information. A photo picture, for instance, may have the following.

 The title of the picture and some physical object information

 The date and the time when the picture was taken
 The camera and the photographer's information

Formerly, these are annotated beside the each picture in the album. Recently, almost all cameras
are digitalized. They are cheap in price, easy to use, quick to shoot. They eventually made people
feel reluctant to work on annotating each picture. Now, most homes PC's are stuck with the huge
amount of photo files. In this situation it is very hard to find a specific shot in the piles of
pictures. A “photo album software" may help a little. You can sort the pictures and put a couple
of annotation words to each photo. When you want to find a specific picture, you can make a
search by keywords for the target picture. However, the annotation data in such software are not
unified with the target pictures. Each annotation only has a link to the picture. Therefore, when
you transfer the pictures to different album software, all the annotation data are lost. This

27
problem is technically referred to as "Metadata (e.g., annotation data) in a media database system
(a photo album software) are separated from the media data (photo data) in the database
managing system (DBMS)." This is a big problem. Steganography can solve this problem
because a steganography program unifies two types of data into one by way of embedding
operation. So, metadata can easily be transferred from one system to another without hitch.
Specifically, you can embed all your good/bad memory (of your sight-seeing trip) in each snap
shot of the digital photo. You can either send the embedded picture to your friend to extract your
memory on his/her PC, or you may keep it silent in your own PC to enjoy extracting the memory
ten years after. If a "motion picture steganography system" has been developed in the near
future, a keyword based movie-scene retrieving system will be implemented. It will be a step to a
"semantic movie retrieval system."

THREATS OF STEGANOGRAPHY

Digital steganography, as stated before, is just a series of methods which hides information and
files from view into other files and can have many beneficial and secure properties such as
watermarking photographs to deter art theft, keeping sensitive data secure in innocuous files in
case of unauthorized access or data theft, etc. But as any other tool in the world, intentionally
and unintentionally, people may use this difficulty of detection in not such secure ways.

Hiding of malware into seemingly safe files

“Is your PC virus-free? Get it infected here!”

This was a real Google Ad last year. You may think that no one in his right state of mind would
click this advert. But they do. Fortunately, this was only an experiment by Mikko Hypponen,
who is Chief Research Officer at security firm F-Secure and only leads to a “Thank You” html
page. During the six month period that this ad was online, 409 people either by mistake, out of
curiosity or stupidity thought it was a good idea to click the link to “see what happens”. This
experiment was mentioned to show how some users willingly download viruses even if it says
“Clicking this link will format your hard disk but you will see a dancing pig” let alone if the
virus is hidden in an innocent attachment sent (seemingly) from a co-worker or a friend.
(Anyone involved in computer security will know of the “Dancing pig problem”). The most

28
common misuse of steganography is the hiding of malware into seemingly safe files such as
pictures, audio and email attachments. This method is used to hide any type of malware ranging
from viruses to worms from spyware to Trojans.

One of the simplest ways to hide malware is to use double extensions. A file would be named for
example as “cutekitten.jpg.exe”. When this is clicked, Windows will look only at the last part of
the extension and therefore treats it as an executable. For an unprotected computer this method is
particularly effective as this can be received as an attachment and, by default, Windows hides the
last extensions of its files and therefore this is shown as a jpg file and can be overlooked and
executed. An example was the Anna Kournikova virus which was sent via email as an
attachment “AnnaKournikova.jpg.vbs”. A similar technique is with URL links. These may be
fashioned to show that they are directed to a jpg, mp3 etc but when clicked, the user is redirected
to an executable.

Using of macros in microsoft documents

Macros embedded in Microsoft documents also fall under the steganography cap. These mini-
programs are executed as soon as one opens the document and mostly spread by copying the
email addresses in the address book and sending itself automatically by email. The Melissa virus
is a famous example of this; it had a null payload but its damage came in the form of email
servers congestion due to its high rate of spread.

As stated before, text can be embedded in pictures. This may take the form of malicious code.
Though harmless on its own, it can have a companion malware process which loads the program
from the carrier picture. The main advantage is that in some systems, picture files are not
scanned and the companion process will not have a virus signature.

Ransom wares

While in the previous cases steganography was used to hide the malware to infect the system, it
can also be used maliciously in reverse. A virus may be programmed to “hide” a user‟s important
documents or files inside a file and ask for ransom for the password that will be used to decrypt
the data back to its original state (hopefully). A macro famous for this was a variant of the
Melissa virus mentioned before called Melissa.V. This macro made a backup of documents and
destroyed random parts of the original. Then it requested a ransom of $100 to be transferred to

29
an offshore account. Fortunately the owner of the account was tracked down and it was
discovered that the macro wrote information in the Windows registry and with this, the
documents could be retrieved.

Theft of users credentials

Another dangerous application to steganography involves malevolent users of the system whose
intent is to transfer or steal sensitive information or files. This can very easily be done with “Text
in media files” or the “Files archive in pictures” methods mentioned previously in this article.

For example take the picture of “Big Buck Bunny” to

the right. If one sees this email being sent one can easily
assume that the user just sent this screenshot home as a
reminder to borrow the DVD or to show it to someone
else.

But, if one takes this picture and checks it for hidden

messages, he will find the message:

Hi,

The details for the server are the following:

IP: 123.123.123.123
Username: Administrator
Password: 1a2s3d4f

Take all important information and crash it. Then we will ask for ransom.

30
CONCLUSION

Steganography transmits secrets through apparently innocuous covers in an effort to conceal the
existence of a secret. Digital image steganography and its derivatives are growing in use and
application. In areas where cryptography and strong encryption are being outlawed, citizens are
looking at steganography to circumvent such policies and pass messages covertly. As with the
other great innovations of the digital age: the battle between cryptographers and cryptanalysis,
security experts and hackers, record companies and pirates, steganography and Steganalysis will
continually develop new techniques to counter each other.

In the near future, the most important use of steganographic techniques will probably be lying in
the field of digital watermarking. Content providers are eager to protect their copyrighted works
against illegal distribution and digital watermarks provide a way of tracking the owners of these
materials. Steganography might also become limited under laws, since governments already
claimed that criminals use these techniques to communicate. The possible use of steganography
technique is as following:

 Hiding data on the network in case of a breach.

 Peer-to-peer private communications.
 Posting secret communications on the Web to avoid transmission.
 Embedding corrective audio or image data in case corrosion occurs from a poor
connection or transmission.

31
REFERENCES

1. Information Society Technologies. Audio Benchmarking Tools and Steganalysis. ECRYPT.

[Online] February 22, 2006. [Cited: April 9, 2015.]
http://www.ecrypt.eu.org/ecrypt1/documents/D.WVL.10-1.1.pdf.

2. Steganography: Past, Present and Future. JUDGE, JAMES C. 2015, SANS INSTITUTE,
pp. 2-5.

3. LIA.DEIS. SSIS.html. lia.deis.unibo.it. [Online] [Cited: November 4, 2015.]

http://www.lia.deis.unibo.it/Courses/RetiDiCalcolatori/Progetti98/Fortini/SSIS.html.

4. ECRYPT. 2006, EUROPEAN NETWORK OF EXCELLENCE IN CRYPTOLOGY, pp. 30-

31.

5. WIKIPEDIA. Nazca_Lines. http://en.wikipedia.org. [Online] [Cited: 4 13, 2015.]

http://en.wikipedia.org/wiki/Nazca_Lines.

6. Steganography An Art of Hiding. Channalli, Shashikala and Jadhav, Ajay. 3, Pune :

International Journal on Computer Science and Engineering, 2009, Vol. I.

7. AN OVERVIEW OF DIGITAL IMAGE STEGANOGRAPHY. R.Poornima and R.J.Iswarya.

1, s.l. : International Journal of Computer Science & Engineering Survey, 2013, Vol. IV.

8. A Study of Various Steganographic Techniques Used for Information Hiding. C.P.Sumathi,

T.Santanam and G.Umamaheswari. 6, Chennai : International Journal of Computer Science &
Engineering Survey, 2013, Vol. IV.

9. Dunbar, Bret. A Detailed look at Steganographic Techniques and their use in an Open-
Systems Environment. SANS Institute. 2002.

10. Steganography- A Data Hiding Technique. Kumar, Arvind and Pooja, Km. 7, Meerut :
International Journal of Computer Applications, 2010, Vol. IX. 0975 – 8887.

32
11. Steganography and Steganalysis: Different Approaches. Das, Soumyendu, et al., et al.
Kolkata : s.n.

12. Analysis and Implementation of Distinct Steganographic Methods. TATAR, Ünal and
MATARACIOĞLU, Tolga. Ankara : TÜBİTAK UEKAE, Department of Information Systems
Security.

13. Katzenbeisser, Stefan and Petitcolas, Fabien A. P. Information Hiding Techniques for
Steganography and Digital Watermarking. Norwood : ARTECH HOUSE, INC, 2000. 1-58053-
035-4.

14. Steganography: Past, Present, Future. Judge, James C. s.l. : SANS Institute, 2001.

33