HackingStopped

Discover what hackers know that you do not
Tips and Articles


Article:

Steganography in Principle
(By Emmanuel Sodipo)

1.0 Introduction

Steganography is one of the oldest arts that people have always wanted to have since they started communicating with each other, but sadly the least researched. Most people study steganography either as academic discipline or out of curiosity and I belong to the latter camp. Although steganography is used in military and commercial circuits the level of application and understanding is very low.

The term steganography as well cryptography was derived from the Greek language. The prefix crypto comes from the Greek word kryptos, which means hidden or secret. The suffix graphy was derived from graphia, which means writing. Cryptography is essentially the art of secret writing and the goal is to maintain the secrecy of the message even if it is visible. Steganography is also a form of writing (concealed writing). The Greek word steganos means unseen or hidden. Steganography is a form of hidden communication, it should not be seen as a replacement for cryptography but rather as a complement to it. Steganography, although closely related to cryptography, is different. The goal of cryptography is to conceal the content of a message, while the goal of steganography is to conceal the existence of a message. However, these two techniques can be combined effectively by first encrypting the secret message before embedding in a cover data. Concealing the transmission of encrypted messages enhances their overall security since outsiders are unaware of the communication.



Encrypted data can attract the attention of hackers and investigators through its mere existence, however if concealed, no attempt would be made to break the code or to obtain the secret key. Steganographic methods primarily use image or audio files to hide encrypted data, such techniques conceal information in the least significant bits of the carrier medium, which serves as a hiding place. It is important that the carrier medium does not lose its appearance after the embedding process.

Another technique similar to steganography is watermarking, the goal of watermarking is to mark an image or sound file to the owner by making elusive modifications to the file. These modifications should not be noticeable but rather, very robust; nobody should be able to remove an existing mark or mark an already marked file as belonging to him. This technique is of great interest to the entertainment industry because it gives an efficient way to determine if a file was illegally downloaded from the web or rightfully purchased.

A good steganography system should fulfil the same requirements posed by the Kerckhoff principle in cryptography that security of a system should not rely on the on its method of operation being unknown to the enemy, but rather on the choice of a secret key.

1.1 Background

In recent years there has been an exciting convergence of information protection technologies and the main emphasis is information hiding as oppose to encryption. The two big policy issues of copyright protection and state surveillance motivated this development. The more information that is placed on the Internet or public media, the more the owner of the information need to protect themselves from theft and abuse. The entertainment industry is particularly very nervous due to the ease at which exact copies of digital music and video can be made. The way forward is to embrace advance technology to protect investment rather than oppose it. Part of the solution may be a change in the sale process of music and video; one mechanism is copyright marking (hiding notices and serial numbers in a way that would be difficult for pirates to remove). Systems and techniques that can uncover hidden information will be useful in computer forensics and digital traffic analysis. Understanding the limitations of current techniques can help develop more robust techniques. The principal focus is hiding information or at least stopping other people from hiding information.

2.0 Steganography

Steganographic techniques have been used since World War I and World War II, Chemicals were developed and used as secret inks that become visible when brought in contact with other chemicals. A brief history of steganography would give us a valuable background.

2.1 History

Greek historian Herodotus recorded the earliest records of steganography. When Histiaeus had to send a secret message to his son-in-law, he shaved the head of a slave and tattooed a message, he waited till the hair had grown before dispatching him in order to avoid detection. Another Greek history was when Demeratus scraped the wax off tablets and wrote messages on the underlying wood he then covered the wood with wax again to conceal the message. The tablets appear to be blank and unused when inspected.

Invisible ink has always been a popular method of steganography. Ancient Romans wrote between lines using invisible inks made from substances like milk, urine and fruit juices. When it is heated, the invisible ink would darken and become legible.

Gaspari Schotti wrote the earliest book on steganography in 1665 called Steganographica. A major development in the field occurred in 1883 with the publication of Auguste Kerckhoffs cryptographie militaire. Although the work was mostly on cryptography, it provides valuable principle in the design of new steganographic systems [SEL03].

2.2 Steganography In Principle

Bruce Schneier describes steganography as follows: Steganography serves to hide secret messages in other messages, such that the secret’s very existence is concealed [SCH96]. Another basic definition would simply be the act of hidden communication. Whatever definition you find suitable the fundamental principle should be the same. The message is the information to be hidden and may be an image, audio or anything that can be embedded into a bitstream. The cover and the embedded message create a stego-carrier that may require a stegokey. The stegokey is additional secret information such as a password. A possible formula for the process is represented as follows:

Cover medium + embedded message + stegokey = stego-medium

Hiding information in electronic media requires alterations to the media properties, which may introduce some form of degradation. This degradation can sometimes be visible and point to the signatures of the steganographic methods and tools. These signatures may actually broadcast the existence of the embedded message thereby defeating the purpose of steganography.

Steganographic system is considered broken:

• If the attacker can detect the use of steganography.

• If the attacker can read the embedded message.

Traditional cryptography succeeds by locking up messages in a mathematical safe, but steganography offers some stealth and exploit bit randomness. The possible techniques are as follows:

Noise: The simplest technique is to replace the noise in a sound or image file with the message. For example, one spot in a picture may have 220units of pink on a scale of 0 to 255. The average eye would not notice if that one spot was converted to 219 units of pink. It is possible to hide volumes of information below the threshold of perception if done systematically.

Spread information: Spreading the information increases the resilience to destruction, the algorithm distribute the information in such a way that not all the bits are required to reassemble the original data. Data usually falls into patterns, observing the patterns will enable you to exploit decision process of computers.

Randomness: Information can be hidden in place of the random bits. A few algorithms allow the broadcast of information without revealing its identity [WAY02].


2.5 Steganographic Methods

The task of embedding a secret message could be performed by the combination of various techniques. Usually most steganographic programs follow these steps:

• Finding the Redundant Bits.

• Choosing the Cover Bits.

• Embedding the Data.


2.7 Steganalysis

Steganalysis is the art of discovering hidden data in covert messages, as in cryptanalysis we assume that the steganographic method is publicly known with exception of a secret key. A more practical definition of steganalysis is by Neil Johnson the art of discovering and rendering useless such covert messages Identifying the existence of a hidden message is often enough for an attacker, the messages are often fragile and the attacker can destroy the message without reading it. A steganalyst is one who applies steganalysis in an attempt to detect the existence of hidden information.

There are four basic approaches to a successful attack:

• Visual or Aural attack.

• Structural attack.

• Statistical attack.



Review

Digital steganography and its derivatives are growing in use and application. Majority of steganographic algorithms suffers from fundamental weaknesses. Many of the older steganographic software leave behind statistical anomalies that can be detected by steganalysis.

The embedding techniques must not cause significant changes to the properties of the cover data such that the use of steganography is perceptible.

The development of attacks is necessary to assess security, the most common attacks are statistical and visual attack. Statistical test are superior to visual attack, this is because statistical attack is less dependent on the cover, which allows it to be automated and deployed on large scale.


Back

Buy Now





A Few Useful Resources:

http://trendmicro.com

http://en.wikipedia.org/wiki/Computer_Security_Audits

http://isc.sans.org/

http://www.fbi.gov/page2/feb05/martinez020905.htm

http://www.securityfocus.com/

http://www.securitypark.co.uk/

http://www.nsa.gov/ia/

http://www.itsecurity.com/

http://www.astalavista.com

 

Copyright . hackingstopped. All rights reserved. Security challenges to information technology, when hackers break-in are ethical
Web Hosting Companies