What is Steganography?
Steganography is defined as the art and science of masking hidden messages in a manner only intelligible to the messenger’s intended receiver. Steganography differs from cryptography in that the existence of the message itself is disguised and unknown to the general observer. In today’s information age, instances of steganographic use generally incorporate the hiding of digital information within various digital files (image, audio, video files).
What is Steganography used for?
Steganography is primarily used as a means to communicate and maintain the confidentiality of private information. A steganographic message is concealed behind a form of covertext. The covertext is simply an apparent message (text, video, audio) acting as a facade, used to conceal an actual steganographic message.
Steganography can also be used for digital watermarking which is a technique used to add hidden copyright and verification material in digital audio, video, or image documents. This idea of digital watermarking is primarily used to combat various forms of copyright infringements.
Instances of steganographic use are powerful and diverse. Along with legitimate uses like digital watermarking, steganography can also be used as a medium for carrying out illegal activity. For instance, individuals may use steganography to distribute child pornography. Drug dealers may use it to exchange drug trade information. Terrorists may use it to covertly devise and carry out devastating attacks. These malevolent uses of steganography enable one to grasp the significance of the concept and acknowledge its importance in the information security field.
Steganography Tools
There are basically two main types of tools in the field of steganography. First, there are the tools used for creating and stealthily deploying hidden steganographic messages in digital files. Secondly, there are tools that are used for steganalysis. Steganalysis is the art and science used to detect hidden steganographic messages in digital content. A steganalysis tool is generally thought of as a forensic statistician used in determining which files, if any, contain a hidden payload.
Steganographic Example and Walkthrough
GIF-It-Up v1.0 is a freeware tool one can find over at www.stegoarchive.com that can be used to inject into/extract hidden data from GIF images.
Step 1: First decide what data it is you wish to hide and then determine which GIF image you wish to hide it in. I’ve chosen to hide the text from the Declaration of Independence in a GIF image of San Francisco.
San_Fran.GIF
The Declaration of Independence
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. — That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, …
-------Continued---------
Step 2: Run the GIF-It-Up V1.0 program, go to File->Open, and select the image you wish to hide the message in.
Step 3: Once you’ve opened the image in GIF-It-Up go to Inject/Extract->Select file to inject and select the file whose content you wish to have hidden in the image. (In my case, the declaration of independence in the image of San Francisco)
Also, if one so chooses, they have the opportunity to encrypt the text file before hiding it in the image. Simply go to Encryptio->Use Encryption. In this case, when the text is extracted from the image it will be encrypted requiring the user to decrypt the cipher text. This simply adds one more additional layer of security in order to maintain the integrity of the original message.
Step 4: Lastly you’ll want to extract the message from the image to make sure it worked correctly. Go to Inject/Extract->Specify name to extract and give the output file a name. I’ve chosen to name my output file declaration_of_independence.txt and save it to my desktop.
Step 5: Check and confirm that the hidden text was successfully extracted from the GIF image.
Concluding Points of Interest
-It is important to note that the GIF image injected with the hidden text is actually a little smaller than the original. A better steganographic tool would be more discrete, with an inconspicuous change in file size.
Original: 566 KB (614,166 bytes)
Hidden: 599 KB (613,846 bytes)
-With a tool like GIF-It Up, it is in one’s best interest to use a one way hash function to encrypt the original input, that way you'll have a smaller resulting string to inject (anywhere from 6 to N characters depending on the hash function used). The resulting hash output will have fewer characters than the original message; fewer characters means fewer bits injected into the file thus resulting in a less discernable change in file size.
-Steganography tools like GIF-It-Up usually work by storing information in the least significant bits of digitized files. These bits are modified inconspicuously making the changes very difficult for an individual to detect.
-The advantage of steganography over cryptography is that the message itself does not attract attention. With cryptography, the existence of the message is known despite the fact that it may be difficult to decrypt. With steganography, the existence of the message itself is unknown. Only the sender and most likely the intended receiver are aware of the hidden message’s existence.
0 cries of outrage:
Post a Comment