This article introduces steganography and explains some of its techniques and methods supported by examples. My objective was to make this post as short as possible while covering all important information. Your comments are welcome for any possible enhancements or for future articles about steganography by me or other people.
I have also posted this to HackThisSite.org articles.

Steganography

Steganography is all the techniques used to exchange secret messages without drawing attention. It is the science of hiding information.

Some of the old school methods to hide information are: invisible ink, null ciphers, microdots or the use of pinpricks, deliberate misspelling or slightly different font to mark certain words in messages and maps.

Null cipher

It’s a normal text written in the clear, but includes a hidden message. For example:

‘‘Fishing freshwater bends and saltwater coasts rewards anyone feeling stressed. Resourceful anglers usually find masterful leapers fun and admit swordfish rank overwhelming anyday.’’ [2]

If we take out the third letter in each word, we get: Send Lawyers, Guns, and Money.

Modern steganography refers to hiding information in digital images, audio files or even video. There are many methods and tools to do that. Nevertheless, and to have double protection, secret messages are first encrypted and then hidden using a steganography tool.

The steganographic process can be described with the following formula:

Cover medium + Data to hide + Stego key* = Stego Medium

* Note that if no encryption is added, there is no need for a Stego key.

Hiding messages in pictures

This is usually done by:

  • LSB (Least Significant Bit insertion).
  • Masking & filtering.
  • Algorithms & transformations.
  • Using LSB is famous, so I will choose it to explain how data can be hidden in images.

    LSB is always the last bit on the right-hand side of any binary number. Changing this bit causes the least possible effect to the original value.

    In a 24-bit image, there are 3 bytes of data to represent RGB values for every pixel in that image. This implies that we can store/hide 3 bits in every pixel. For example, if the image has the following bits:

    10010101 00001101 11001001
    10010110 00001111 11001010
    10011111 00010000 11001011

    To store 101101101. we replace with the original LSBs like this:

    10010101 00001100 11001001
    10010111 00001110 11001011
    10011111 00010000 11001011

    To reveal the stored message, the LSBs are extracted alone from the Stego Medium and combined together.

    Hiding messages in audio files

    Two known methods to store message in audio files are: Frequency Domain and Time Domain.

    In Frequency Domain, a message can be stored in practically unused frequencies of audio files. For instance, In a CD where the sample rate is 44.1 kHz, the highest frequency without aliasing is 22.05 kHz.

    Now, because the average peak frequency that an adult can hear is approximately 18 kHz, this leaves 4 kHz of frequency that is “practically unused”. This space can then be used to hide a message (a copyright message for example).

    In Time Domain, a message can be stored in the LSBs, something similar to what we saw with images. To maintain CD quality, it is important to encode at 16 bits per sample at a rate of 44.1kHz. However, we can also record at 8 bits per sample using the high significant bits (first bits on your left-hand side) and save the other 4 LSBs to hide our message without making any perceptible change to the audio quality.

    In a comparison between the two, detecting messages hidden with time domain is harder because it requires more resources. [4]

    Watermarking (digital watermarking)

    Whenever there is a topic about steganography now a day, Digital Watermarking is also mentioned. It refers to embedding hidden messages as well, but not for the purpose of sending secret information. Instead, Watermarking is usually used for the following:

    1. Copyright protection: include ownership information.
    2. Copy protection: include instructions to stop data copying devices from making and distributing copies of the original.
    3. Prove data authenticity.
    4. Tracking: If copies of a file are distributed illegally, the source can be revealed if the master copies had unique watermarks included.

    Stego Tools

    The following freeware tools have been tested by me on Windows 7 and they work great:

  • 4t HIT Mail Privacy LITE 1.01
  • S-Tools 4.0
  • To find more tools (commercials and freeware) make use of the following lists as they are the best I found online or do your own googling:

  • http://home.comcast.net/~ebm.md/stego/software.html
  • http://www.jjtc.com/Security/stegtools.htm
  • Steganalyses and countermeasures

    Steganalyses aim to investigate suspected information to determine whether they include any sealed data and reveal the hidden message if exist.

    Any unusual patterns (visual or statistical) are usually analyzed to detect suspected information. Hence, any method can be useful, for instance, image editors and hex editors (e.g. HEX Workshop).

    Some methods are designed and developed to detect and reveal information hidden by known steganography tools. There are also enhanced and powerful digital forensic analysis tools such as StegAlyzerSS (Steganography Analyzer Signature Scanner) developed by the Steganography Analysis and Research Center [5].

    Conclusion note

    The references at the end of this article are quite informative, have a go on them in your free time if you are looking for more details.

    References

    [1] Introduction to Steganography. [cited 2010 Jan 08]; Available from:

    http://www.infosyssec.com/infosyssec/Steganography/menu.htm

    [2] Johnson, N. F., Duric, Z., Jajodia, S. Information Hiding: Steganography and Watermarking – Attacks and Countermeasures. Kluwer Academic Press. Norwrll, MA, New York, The Hague, London, 2000.

    [3] Gary C. Kessler. Steganography: Hiding Data Within Data. 2001 [cited 2010 Jan 08]; Available from:

    http://www.garykessler.net/library/steganography.html

    [4] Steganography in Signals. [cited 2010 Jan 09]; Available from:

    http://www.owlnet.rice.edu/~elec301/Projects01/smokey_steg/steg.html

    [5] Steganography Analyzer Signature Scanner. [cited 2010 Jan 09]; Available from:

    http://www.sarc-wv.com/stegalyzerss.aspx

    [6] Gary C. Kessler. An Overview of Steganography for the Computer Forensics Examiner. [cited 2010 Jan 10]; Available from: http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htm

    3 Responses to “Introduction to Modern Steganography”

    Leave a Reply

    *

    Haider’s WebSpace
    Welcome to my technical blog. This is where I write, archive and share computer related articles. Subjects vary from posting technical solutions to researching particular topics. Feel free to comment and talk IT!
    Sponsored Links
    My Tweets