Steganography
-
Upload
bahaa-aladdin -
Category
Documents
-
view
2.249 -
download
2
Transcript of Steganography
Steganography
Bahaa Aladdin
Steganography – Definition and Origin
“The art of hiding messages in such a way that no one but the sender and the intended recipient knows about the very existence of the message”.
Greek Word, Steganos – “covered”, Graphie – “writing”The word steganography is derived from the Greek words
steganos which means covered and graphie which means writing. Thus, steganography literally means "covered writing."
The strength of Steganography is “ Stealth”
Steganography comes in different forms:
Hidden information in Text Files Hidden information in Image Files Hidden information in Document Files Hidden information in Video Files Hidden information in Audio Files Hidden information in E-Mails
Steganography Forms
Who’s Using It?• Kinds of users include:
Trade fraud Industrial espionage Organized crime Narcotics traffickers Child pornographers Criminal gangs Individuals concerned about perceived government “snooping” Those who want to circumvent restrictive encryption export rules Anyone who wants to communicate covertly and anonymously
A message sent by a German spy during World War II read: “Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects for pretext embargo on by-products, ejecting suets and vegetable oils.” By taking the second letter of every word the hidden message “Pershing sails for NY June 1” can be retrieved.
Economic espionage - used to exfiltrate information from a major European automaker
Political extremists - increasingly being used for secure communications.
Fraud - used as a “digital dead drop” to hide stolen card numbers on a hacked Web page
Pedophilia - used to store and transmit pornographic images Terrorism - used to hide terrorist communications over the
Internet, e.g, Osama bin Laden’s alleged use of steganography
Some Known Uses of Steganography
In a New York Times article that was published in October of 2001, French defense ministry officials reported the use of steganography by terrorists that were planning on blowing up the U.S. embassy in Paris. They were reportedly instructed to communicate solely through pictures on the internet, and supposedly had connections to
Al Qaeda .
Terrorism
Alleged use of stego by Osama bin Laden, (Feb ‘01)
Stego’d messages hidden on Web sites to plan attacks against the US
Maps, target photos hidden in sports chat rooms, pornographic bulletin boards, popular Web sites
Terrorism
Steganography It is the practice of disguising the existence of a message
stego-objectThe combination of hidden data-plus-cover is known as the stego-
object
CoverGenerally, innocent looking carriers, e.g., pictures, audio, video,
text, etc. that hold the hidden informationStegokey
An additional piece of information, such as a password or mathematical variable, required to embed the secret information
Terminology
cover_medium +
hidden_data +
stego_key
=
stego_medium
Formula for steganographic process:
Formula for steganographic process:
Steganography Today, however, is significantly more sophisticated than the examples above suggest, allowing a user to hide large amounts of information within image and audio files. These forms of steganography often are used in conjunction with cryptography so that the information is doubly protected; first it is encrypted and then hidden so that an adversary has to first find the information (an often difficult task in and of itself) and then decrypt it.
Steganography Today
Steganography can be split into two types, these are Fragile and Robust.
Fragile steganography involves embedding information into a file which is destroyed if the file is modified. This method is unsuitable for recording the copyright holder of the file since it can be so easily removed, but is useful in situations where it is important to prove that the file has not been tampered with, such as using a file as evidence in a court of law, since any tampering would have removed the watermark. Fragile steganography techniques tend to be easier to implement than robust methods.
Steganography types
Robust marking aims to embed information into a file which cannot easily be destroyed. Although no mark is truly indestructible, a system can be considered robust if the amount of changes required to remove the mark would render the file useless. Therefore the mark should be hidden in a part of the file where its removal would be easily perceived. There are two main types of robust marking. Fingerprinting involves hiding a unique identifier for the customer who originally acquired the file and therefore is allowed to use it. Should the file be found in the possession of somebody else, the copyright owner can use the fingerprint to identify which customer violated the license agreement by distributing a copy of the file. Unlike fingerprints, watermarks identify the copyright owner of the file, not the customer. Whereas fingerprints are used to identify people who violate the license agreement watermarks help with prosecuting those who have an illegal copy.
Watermarks are typically hidden to prevent their detection and removal
Steganography types
One of the most widely used applications is for so-called digital watermarking. A watermark, historically, is the replication of an image, logo, or text on paper stock so that the source of the document can be at least partially authenticated. A digital watermark can accomplish the same function; a graphic artist, for example, might post sample images on her Web site complete with an embedded signature so that she can later prove her ownership in case others attempt to portray her work as their own.In these days, watermarking is popularly used as a proof of ownership of digital data by embedding copyright statements into the digital media. It's also used for fingerprinting and broadcast monitoring (in case of illegal broadcasting) etc.
Steganography and Cryptography
Known message passing Unknown message passing
Encryption prevents an unauthorized party from discovering the contentsof a communication
Steganography prevents discovery of the very existence of communication
Common technology Little known technology
Most of algorithm known by all Technology still being developed for certain formats
Strong current algorithms are currently resistant to attack, larger expensive computing power is required for cracking
Once detected messageis known
Cryptography alter the structure of the secret message
Steganography does not alter the structure of the secret message
Steganography and Cryptography
Encryption Steganography(Contains embedded encrypted message)
Example
There are three different techniques you can use to hide information in a cover file:
1. Injection or insertion
2. Substitution
3. Generation
Algorithms and Techniques
1-INJECTION (or insertion). you store the data you want to hide in sections of a file that are ignored by the processing application. By doing this you avoid modifying those file bits that are relevant to an end-user—leaving the cover file perfectly usable. For example, you can add additional harmless bytes in an executable or binary file. Because those bytes don't affect the process, the end-user may not even realize that the file contains additional hidden informationHowever, using an insertion technique changes file size according to the amount of data hidden and therefore, if the file looks unusually large, it may arouse suspicion.
Algorithms and Techniques
2-SUBSTITUTION. Using this approach, you replace the least significant bits of information that determine the meaningful content of the original file with new data in a way that causes the least amount of distortion. The main advantage of that technique is that the cover file size does not change after the execution of the algorithm. On the other hand, the approach has at least Two Drawbacks. First, the resulting stego file may be adversely affected by quality degradation—and that may arouse suspicion. Second, substitution limits the amount of data that you can hide to the to the number of insignificant bits in the file.
Algorithms and Techniques
3- GENERATION. Unlike injection and substitution, this technique doesn't require an existing cover file this technique generates a cover file for the sole purpose of hiding the message. The main flaw of the insertion and substitution techniques is that people can compare the stego file with any pre-existing copy of the cover file (which is supposed to be the same file) and discover differences between the two. You won't have that problem when using a generation approach, because the result is an original file, and is therefore immune to comparison tests.
Algorithms and Techniques
11100101 01001110 10101101 10010111 … 01011010
10110010…
Least Significant Bit
Hidden message
Cover
• The simpler techniques replace the least significant bit (LSB) of each byte in the cover with a single bit for the hidden message
• Frequently, these are encrypted as well
How Is Hiding Typically Done?
example
Detection and Analysis
Growing awareness of data hiding techniques and uses
Availability and sophistication of shareware and freeware data hiding software
Concerns over use to hide serious crimes, e.g., drug trafficking, pedophilia, terrorism
Frees resources currently spent on investigating cases with questionable/unknown payoff
Legislative calls
Need for Improved Detection
Evidence of steganography software on computerForensics examinationHashes of well-known files don’t match originals
Transmission logs Excessive/unusual e-mails involving pictures,
sound files, etc.Discernable (visual) changesStatistical analysis
Some Indicators of Data Hiding Activity
Detection
Can steganography be detected?Sometimes…many of the simpler steganographic
techniques produce some discernable change in the file size, statistics, or both. For image files, these include:Color variationsLoss of resolution or exaggerated noiseImages larger in size than that to be expectedCharacteristic signatures, e.g., distortions or patterns
However, detection often requires a priori knowledge of what the image or file should look like
Stego software developers understand their products’ weaknesses and have made significant improvements:minimal carrier degradation makes embedded data
harder to perceive visuallybetter modification immunity e.g., affine invariance,
immunity to channel noise, compression, conversionuse of error correction coding ensures integrity of hidden
dataThese improvements have led to even greater
difficulty in detection
Detection Challenges (1/2)
Lack of tools and techniques to recover the hidden dataNo commercial(effective) products exist for detectionCustom tools are analyst-intensiveFew methods beyond visual analysis of graphics files
have been exploredUsually, no a priori knowledge of existenceNo access to stegokeyUse of unknown applications
Detection Challenges (2/2)
Several on-going research activities for improving steganographic analysis methods
Some research is focusing on processing techniques to reveal features in files that will:Blindly, with no a priori knowledge, indicate the
presence of hidden dataUniquely identify known stego packages
Some explaining follow...
Steganalysis
Blind detection:attempts to determine if a message may be hidden in a file without any prior knowledge of the specific steganography application used to hide the information. Several techniques may be employed to inspect suspect files including various visual, structural, and statistical methods.
"Blind" Steganography Detection
The suspect file may or may not have any information hidden in it in the first place The hidden message may have been encrypted before being hidden in the carrier fileSome suspect files may have had noise or irrelevant data encoded in them which reduces the stealth aspect (i.e., makes it easier to detect use of steganography) but makes analysis very time-consumingUnless the hidden information can be found, completely recovered, and decrypted (if encrypted), it is often not possible to be sure whether the suspect carrier file contained a hidden message in the first place- all the user end up with is a probability that the suspect carrier file may have something hidden within it
Complications blind detection
Four Complications are possible when implementing blind detection techniques for steganalysis:
The analytical approach to steganalysis has been developed by the Steganography Analysis and Research Center as a byproduct of extensive research of Steganography applications and the techniques they employ to embed hidden information within files. The premise of this approach is to first determine if any residual file and/or Microsoft Windows Registry artifacts from a particular Steganography application exist on the suspect media.•IF residual artifacts exist, then the application was probably installed•The application was installed, then it was probably used•IF the application was used, then something was probably hidden using itThe analytical approach attempts to determine if there is any evidence that a steganography application ever existed on the suspect media. Searching for files and registry entries that have been identified by the SARC as belonging to a steganography application will identify these residual artifacts. The goal is to determine what application was used, what type(s) of carrier files it may have been used on, and finding what was hidden by that particular application.
Analytical Steganography Detection
Software tools – Freeware, Commercial.
S – Tools Excellent tool for hiding files in GIF, BMP and WAV files
MP3Stego Mp3. Offers quality sound at 128 kbps
Hide4PGP BMP, WAV, VOC
JP Hide and Seek jpg
Text Hide ( commercial) text
Stego Video Hides files in a video sequence
Spam mimic encrypts short messages into email that looks like spam http://spammimic.com
Steganos Security Suite (Commercial)
and Many Many More………………………………………………………….
Steganography – Software Tools
Stegdetect Automated tool for detecting
steganographic content in images
Currently-claimed detection schemes: Jsteg JPHide Invisible Secrets Outguess 0.1.3b
Windermere’s analysis shows this program is extremely unreliable and provides excessive (i.e., near 100%) false-positives
S-tools
Hides info in BMP, GIF, and WAV files. just drag them over open sound/picture windowshide multiple files in one sound/picture and your data is compressed before being encrypted then hidden. Encryption services come courtesy of "cryptlib" by Peter Gutmann (and others).
Hide your Video or Audio File Behind ImageOmhiHide PRO is a powerful data-hiding utility that allows you to hide files within other files. The output files can be used or shared like a normal file would be without anyone ever knowing of the file hidden within it. That way, your data totally stays safe from prying eyes you want to hide it from.
OmhiHide
Xiad steganography
Summary Steganography is primarily used to maintain anonymity and is
easily available to most anyone Sophisticated tools are readily available on the Internet, and are
easy-to-use Lack of both awareness and developed tools and analysis
techniques Only recently has the security community started to concern itself with
this subject Little public information on the use of data hiding
Development/use of information hiding products far outpaces the ability to detect/recover them; this situation is not likely to change soon
A Final Thought
“ I think we are perilously close to a lose-losesituation in which citizens have lost their privacy to commercial interests and criminals have easy access to absolute anonymity. That's not a world
we want”.Philip ReitingerFormer Senior Counsel, US Justice DepartmentComputer Crime and Intellectual Property Division
Bahaa Aladdin