Steganography has gained a significant amount of press over the past several years when the technique hit the press as a possible method that many of the terrorists involved with the 9/11 attacks used to plan the operation. Similar to the use of encryption, steganography techniques have become one of the basic methods that organizations or individuals can keep information confidential for a given time frame. In many cases, although the technique can be deciphered or decrypted in a given time frame given sufficient resources, it can provide operational security for tasks that don’t require long-term privacy of the protected data.
What is Steganography?
Steganography is not a new technique for hiding information. It has been in existence since at least the times of ancient Rome and Greece. In this timeframe, one use of the method was to write on was that was poured onto the top of stone tablets. If the sender desired to further hide or obscure the message, they would scrape off the wax. The message would then be written directly onto the tablet with the wax poured on top of the real message. The sender could then write another message on the wax to hide the fact that the real information was directly on the tablet.
The definition of steganography; however, is method of writing in characters or ciphers who are not understood by anyone who does not have the key to the message. In the computer age, this definition has transformed into the act of hiding information or a message inside of a larger one where it cannot be detected. In recent years, the method has evolved to hiding a message inside of a multimedia file such as a MP4, MP3, or WAV formatted file.
Over the course of history, there have been a large number of techniques used for hiding data or messages. One of the early uses of the wax tablet methods mentioned earlier in this article was in ancient Greece. Demeratus had a need to let Sparta know that invasion of Greece by Xerxes was imminent. To ensure the message was not intercepted, he wrote the message on the wood beneath the wax and then covered them in wax a second time. Since the tablets appeared to be blank, they were able to pass a close inspection by sentries and make it to the intended recipients.
Another early use of stego was to tattoo images or messages on the shaved head(s) of messenger(s). Once the person’s hair grew back, the message would be able to be delivered to the intended recipient without being detected. Of course this early use was limited by the time it took for human hair to grow, and the limited amount of space on the human head.
Throughout the 1800s and both World Wars, the use of invisible ink to hide messages became very commonplace. These inks allowed information to be overwritten on seemingly innocuous letter(s) that could only be read or seen when the ink was heated or placed under a special light. In this time, many of the invisible inks were created from one or more of the following ingredients: urine, fruit juice, vinegar, and milk. As technology continued to improve, the chemicals used to create invisible ink significantly grew in complexity requiring specialized chemicals to see the hidden data similar to the photograph development process.
In this same timeframe, null ciphers started to be used to hide unencrypted messages embedded within a traditional message. These became more popular due to encoded messages being blocked by filters put into place by adversaries. Typical null cipher use would use a pre-identified offset (ie the second letter in each word) to comprise the primary message for the intended recipient. An example use of the null cipher by German agents that used the second letter method was, “Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by products, ejecting suets and vegetable oils.” When applying the null cipher technique, the hidden message included was, “Pershing sails from NY June 1.”
There were a number of stego techniques created in this timeframe that were able to deliver information without arousing suspicion. The Allies were able to discover that the Germans had developed microdot technology that was able to create an extremely small photograph (approximately the size of a period in a written sentence) that could contain a large amount of information without drawing attention. The first use was found on an envelope carried by German spy in 1941. The primary drawback to microdots is that once discovered, the information contained within the dot was not encrypted and could be viewed easily.
Due to the many methods intercepted during WW2, many Allied governments took action to prevent information from being sent using stego within their respective borders. Some of the measures taken included banning deliveries of flowers, crossword puzzles, and rewording letters being sent out of the country.
Another famous case of stego use in WW2 was that of the “Doll Woman” in New York City. Velvalee Dickinson was a Japanese spy during the war tasked with providing information regarding ship movements out of the city. In order to send her information to the Japanese, she would include letters in her doll orders (she ran a business that specialized in selling dolls) that were sent to neutral addresses in South America. These letters included stegotext that included encoded information regarding the ship movements. Once she was caught providing the information, the papers famously labeled her as the “Doll Woman.”
During the Vietnam War, American POW Jeremiah Denton was able to blink his eyes in Morse Code during a televised press conference by his captors to pass the message, “TORTURE” to the government. Until his passing of the message, the American military was not aware of the treatment that the American POW’s were receiving by the North Vietnamese.
During the Cold War, the crew of the USS Pueblo was taken prisoner by North Korea in 1968. In order to communicate with the United States, the crew would use sign language during staged photo ops held by the North Korean government to indicate that they were prisoners and not defectors as the government was claiming. Due to their efforts, the American public and government was able to continue to work on freeing the crew from captivity.
What are the Uses of Steganography?
Similar to other security applications and tools on the market, steganography is able to be used for a number of legitimate and nefarious purposes. One of the most common uses is for adding a digital watermark to images. The mark can either be obvious, or less-than-obvious, depending on the goals of the image owner. Additionally, steganography is able to be used to create a substitute for one-way hash values or to add tag notes to pictures saved online. The technique can also be used to keep confidentiality of important information to protect against theft, unauthorized viewing, or sabotage.
Unfortunately, the illegitimate methods for steganography get the most press today. The method has been used to hide information being stolen in another file that is less conspicuous. Additionally, computer users who like to save pornography to their computer can hide the images or movies through the use of steganography. Finally, the method can be used to conduct covert operations or communications between two or more people.
What Kind of Steganography Tools are Available?
There are a significant number of applications and tools available for steganography today. These tools can be categorized in two ways: applications that allow users to embed messages using steganography and programs which conduct steganalysis. Steganalysis is the act of analyzing a file to detect steganography and possibly destroying the embedded message. Steganalysis does not focus on decrypting the message due to the large number of resources required to decrypt the information without knowledge of the key used for the operation. The majority of tools for conducting steganography are tailored to hiding messages within image or text files, with newer tools available that hide information within audio and video files.
How easy are Steganography Tools to Use?
The majority of modern steganography tools require no knowledge of computer programming to use. Most are made to run on computers using the Windows operating system(OS) with many available to use as free or shareware. The following steps are based on common steps found across many of the available steganography tools available on the market today, but are not specific to any one tool:
Step 1 – Download and installed the desired steganography application to your computer. If installing free or shareware, make sure you read and understand the end user license agreement before proceeding with the installation process.
Step 2 – If the software application embeds messages within images, select one or pictures on your computer to use for the test. Alternatively, many applications will support one or many of the following file types: text, WAV, MP3, or MP4.
Step 3 – Verify the size requirements of the file to embed or hide your message. Some applications will require text files be equal to or greater in size than the message you intend to hide.
Step 4 – Load or enter the message to encode in the selected file using the “File” menu of the program. Some applications will have a text entry block to make the entry.
Step 5 – Enter a pass phrase or key depending on the application requirements. This will encode the information being hidden in the selected file type.
Step 6 – Click the “encode,” “go,” or equivalent menu option from the application menu options. Most programs will give you the option to provide a new file name for the newly created file.
Step 7 – Test the encoding process by loading the newly created file and select the “decode” menu option.
How Secure is Steganography?
Steganography has proven to be an effective method for hiding information over the years. Although it has proven effective, if an adversary suspects the technique is being used, information saved using the method can easily be viewed or further manipulated. As a result, modern use of steganography commonly sees it being combined with other information securing methods. This combination of methods is referred to as a layered security method. The common methods used in conjunction with stego include:
On computers that run the UNIX OS, stego can be combined with the hiding directories method. In Unix, there are a number of directories which have a large number of files such as the /dev that can be used, or a new directory can be created using “…” vice a single or double dot. A similar method can be used on computers running the Windows OS by hiding files. The property of single files or even an entire directory can be changed to “hidden” to help further hide messages created using the stego process.
Some commercial stego applications are designed with the capability to send information embedded within normal network traffic. This method can further be combined with encryption to provide several layers of security for the desired message.
Encryption is the most common method to secure data that is hidden using steganography. The message or information is first passed through an encryption algorithm designed to take plaintext and create ciphertext. Depending on the encryption method used, the person or organization receiving the message must have the appropriate secret key in order to decrypt the message. This helps guard against adversaries discovering the information hidden by stego from quickly reading the information being hidden.
How to Protect against Steganography
Over the past two decades, the ability of nefarious organizations, terrorist groups, or just individuals who are up to no good to obtain access to steganography and encryption tools has significantly increased. As a result, the only method to detect active stego use is to either rely on the adversary making a mistake or to actively scan files for potential information being hidden. In many cases, the use of an active security policy with strong enforcement provides a baseline defense against the use of stego to steal or report on organizational information.
One of the best techniques to detect potential use of stego is actually configuring and running tools that may already be resident on the network or computer system. For example, the majority of network IDSs (intrusion detection systems) are able to aid system admins in getting an understanding of the normal network traffic to expect. By understanding what is normal, changes in end-user behavior such as creating or moving large images can trigger additional investigation of the end-user. Additionally, employment of host-based IDS can further aid administrator detection of unusual storage of multimedia files that may have been created by a stego tool. If unusual behavior is discovered, using specific steganography detection tools to verify the existence of stego messages in multimedia files can further help determine if someone is sending unauthorized messages from within the network.
Steganography detection software
Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images.
OutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources. The nature of the data source is irrelevant to the core of OutGuess. The program relies on data specific handlers that will extract redundant bits and write them back after modification. In this version the PNM and JPEG image formats are supported. In the next paragraphs, images will be used as concrete example of data objects, though OutGuess can use any kind of data, as long as a handler is provided.
F5 is a publicly available steganography software package which hides messages in BMP, GIF, and JPG graphics.
Camera/Shy is the only steganographic tool that automatically scans for and delivers decrypted content straight from the Web. It is a stand-alone, Internet Explorer-based browser that leaves no trace on the user’s system and has enhanced security.
JPHIDE and JPSEEK are programs which allow you to hide a file in a jpeg visual image. There are lots of versions of similar programs available on the Internet but JPHIDE and JPSEEK are rather special. The design objective was not simply to hide a file but rather to do this in such a way that it is impossible to prove that the host file contains a hidden file. Given a typical visual image, a low insertion rate (under 5%) and the absence of the original file, it is not possible to conclude with any worthwhile certainty that the host file contains inserted data. As the insertion percentage increases the statistical nature of the jpeg coefficients differs from “normal” to the extent that it raises suspicion. Above 15% the effects begin to become visible to the naked eye. Of course some images are much better than others when used a host file – plenty of fine detail is good. A cloudless blue sky over a snow covered ski paradise is bad. A waterfall in a forest is probably ideal.
MP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then hidden in the MP3 bit stream. Although MP3Stego has been written with steganographic applications in mind it might be used as a copyright marking system for MP3 files (weak but still much better than the MPEG copyright flag defined by the standard). Any opponent can uncompress the bit stream and recompress it; this will delete the hidden information (actually this is the only attack we know yet) but at the expense of severe quality loss.
Steghide is a steganography program that is able to hide data in JPG, BMP, WAV, and AU files. The color frequencies are not changed thus making the embedding resistant against first-order statistical tests.
Hydan steganographically conceals a message ito an executable. It exploits redundancy in the i386 instruction set by defining sets of functionally equivalent instructions. It then encodes information in machine code by using the appropriate instructions from each set. The executable filesize remains unchanged. The message is Blowfish encrypted with a user-supplied passphrase before being embedded.
Further research on steganography
To learn more about steganography, read these papers on the subject:
- Detecting Steganographic Messages in Digital Images
- Attacks on Steganographic Systems: Breaking the Steganographic Utilities EzStego, Jsteg, Steganos, and S-Tools – and Some Lessons Learned