Documente Academic
Documente Profesional
Documente Cultură
Independence, Ohio
6 June 2002
Steganography - An Introduction to
Data Hiding Techniques
Michael Panczenko, Director, E-Crime
The Windermere Group, LLC
2000 Windermere Court
Annapolis, MD 21401
Who We Are
Here’s a highly
sensitive document
■ Steganography
» Steganography comes from the Greek words for “covered writing”
» It is the practice of disguising the existence of a message
■ Cover
» Generally, innocent looking carriers, e.g., pictures, audio, video, text,
etc. that hold the hidden information
» The combination of hidden data-plus-cover is known as the stego-object
■ Stegokey
» An additional piece of information, such as a password or mathematical
variable, required to embed the secret information
Classification of Hiding Techniques
I n f o r m a t i o n H i d i n g
C o v e r t C h S a t n e n g e a l ns o g r Aa pn ho yn y m C i t oy p y r i g h t M a r k
L i n g u i s tTi c e c h n i c a l R o b u s t F r a g i l e
F i n g e r p Wr i n a t it n e gr m a r k i n g
I m p e r c e p V t i i bs li eb l e
Receiver
Sender Hides Decodes Secret Receiver
Transmitted
Sender Secret Message In Carrier Appears Message by Reads
a Cover Using a Removing the Secret
Innocuous
Stegokey Cover Using the Message
Stegokey
Steganography vs. Encryption
Encryption Steganography
(Contains embedded encrypted message)
Steganography Through History
Trithemius,
Ancient Greece, Steganographia,
5th-Century B.C. 1606
Tattooing secret message
on Gaspari Schotti,
slave’s head Schola
Steganographica,
1665
Ref: http://www.witsusa.com
Why Steganography Works
■ Human Visual System (HVS) - characteristics
include:
» Insensitivity to gradual changes in shade
» Insensitive to high frequencies and blue region of
visible spectrum
rk
the “last line of defense” original image
ma
» Implements copy protection, e.g., =
te r
“never copy,” “copy once”
Wa
» Copyright ownership and original,
rk
+
ma
authorized recipient can be
determined
ter
» Allows trace-back of illegally
Wa
produced copies for prosecution 2). Embedded
watermark can only
be retrieved by
recovery software
SDMI
Ref: http://equip.zdnet.com/gear/mp3/news/16d7a/
technology
■ Some consumer electronics
manufacturers already
introducing SDMI compatible
products
Digital Piracy
Cover
LSB Substitution Example
» Privacy/freedom of 7000
expression 6000
» E-Commerce 5000
# of Hits
» Encryption export 4000
concerns 3000
» Protection of intellectual
2000
capital
1000
» Perceived government
Jul-94
Jul-00
Jan-93
Jul-93
Jan-94
Jan-95
Jul-95
Jan-96
Jul-96
Jan-97
Jul-97
Jan-98
Jul-98
Jan-99
Jul-99
Jan-00
Jan-01
snooping Time
Example Steganography Programs
BMP Secrets
■ Features include:
» Multimedia steganography
(images, audio, video)
» Multi-level security and DES
encryption
» Built-in E-mail function
» Unlimited hidden data length
■ www.datamark-tech.com
Media Clip
MP3Stego
■ Compresses, encrypts,
then hides data in an MP3 Greatest Hits
bit stream MP3
■ Developed by F.A.P.
Petitcolas, Computer
Laboratory, Cambridge
?
■ URL:
http://www.cl.cam.ac.uk/
~fapp2/steganography/mp
3stego/
S-Mail and S-Split
■ Features include:
» Strong encryption (AES)
» Secure, hidden drive
» Internet trace destructor
» File shredder
» E-mail encryptor
■ www.demcom.com
■ “More than one million
users world-wide use
Steganos”
Z-File
■ Features include:
» Strong encryption (up to 1024
bits)
» Multi-layer protection - up to 20
layers of recursive compression,
camouflage, and encryption
» Built-in E-mail function
■ Developed by INFOSEC
Information Security Co., Ltd.,
Taipei, Taiwan, ROC
» http://www.in4sec.com
» Cost: $14.50USD
Media Clip
Secret Fax
www.digimarc.com/
www.zeroknowledge.com/ www.digisafe.com.sg/steganography.htm
www.highwatersignum.com/
www.demcom.com/english/steganos/
Detection and Analysis
Need for Improved Detection
histogram spikes
600
400
Stego’d
■ Isolated colors occur when
S t e g a n o s 2 4 -b it F ile # 7
700
600
Note double spikes
certain bits are suppressed or 500
400
200
Ref: http://link.springer.de/link/service/series/0558/tocs/t1525.htm
stego image
Stegdetect
■ Automated tool for detecting
steganographic content in images
■ Currently-claimed detection
schemes:
» Jsteg
» JPHide
» Invisible Secrets
» Outguess 0.1.3b
■ Windermere’s analysis shows
this program is extremely
unreliable and provides
excessive (i.e., near 100%) false-
positives
Summary
Some Indicators of Data Hiding Activity