Monday, August 5, 2019

Steganography: Uses, Methods, Tools and Examples

Steganography: Uses, Methods, Tools and Examples Steganography by Mohammed Almintakh ABSTRACT This paper talks about steganography, steganography is the art or hiding data within a medium without letting others to know about that data is exsisting. I will go through an introduction about it , then explaining the background of it and more information about the uses of this technique , and how organization use it in their own good. This topic surprisingly is new for most of people who read its name , ill try to simplify the idea of this approach as much as possible. 1. Introduction Steganography is the art of hiding a message. The purpose of steganography is to hide a message from a someone you don’t want to see it. It is different than cryptography, the art of secret writing, which is intended to make a message cannot be read , but does not hide the existence of the secret communication. Although steganography differs from cryptography, there are many analogies between the two, and some authors classify steganography as a form of cryptography since hidden communication is a type of secret writing. Steganography works by changing bits of useless or bot used  data in regular computer  files  (such as graphics, sound, text,  HTML) with bits of different, invisible information. This hidden information can be  plain text,  cipher text, or even images. 2. Steganography Background: Information hiding is related to two fields, Steganography and watermarking. There are three main aspects for information hiding, capacity, security, and robustness. Capacity means the amount of information that can be hidden, security refers to the unability of an eavesdropper to detect hidden information, and robustness to the amount of modification the cover medium can resist before the hidden information is corrupted. In general, information hiding goes through these processes: 1. Identification of redundant bits in a cover medium. Redundant bits are those bits that can be edited without taking care of the quality of the cover medium. 2. Then, we select a subset of the redundant bits to be replaced with data from a private message. The stage medium is created by replacing the selected redundant bits with message bits. The modification of redundant bits can change the statistical properties of the cover medium. As a result, statistical analysis may reveal the hidden content. 3. Uses of Steganography Steganography means of storing data in a way that it hides the existence of them. Steganography used to carry out hidden exchanges .For example, Governments are interested in two types of communication of hidden data: first, which supports national security and second, which does not. Steganography support both types, also business have similar concerns, about trade secrets for new technologies or products information. Of course, using steganography to communicate greatly reduces the risk of information leakage. Businesses takes advantage of another form of steganography, called watermarking. Watermarking is mainly used to identify and entails hidden unique part of information within a medium without touching the medium. For example , let’s say that I have design an image , with that image , I have embedded a watermark that identifies me as the one who created this image, later on , when this image is spread with people , I can later identify myself as the creator and I can of course prove that I am the owner of this. This approach is used by companies for the copyrighted digital media a lot for the purpose of protection. Also, steganography enhances the privacy individually, although it is not a substitute for encryption, of course this is effective only if the hidden embedded information is not detected. If the communication is almost never exists, this will becomes so private to be caught. Like many tools, steganography: 1. Steganography can be a way which makes it possible to send news and information without being censored and without the fear of the messages being intercepted and traced back to us. 2. It is also possible to simply use steganography to store information on a location. For example, several information sources like our private banking information, some military secrets, can be stored in a cover source. When we are required to unhide the secret information in our cover source, we can easily reveal our banking data and it will be impossible to prove the existence of the military secrets inside. 3. Steganography can also be used to implement watermarking. Although the concept of watermarking is not necessarily steganography, there are several steganography techniques that are being used to store watermarks in data. The main difference is on intent, while the purpose of steganography is hiding information, watermarking is merely extending the cover source with extra information. Since people will not accept noticeable changes in images, audio or video files because of a watermark, steganography methods can be used to hide this. 4- Steganographic Methods: The formula below describes the process of steganography as discussed above: cover_medium + hidden_data + stego_key = stego_medium The explanation of this formula is, The cover medium refers to the file that we are going to put our information on it. Hidden data obviously is the data we want to keep secret. An encryption advanced which is a choice for us. The result shall be a stego medium , which is the same file as the cover medium. The easiest way to hide the data in an image , is called LSB(least significant bit) insertion. Figure 1: shows a common taxonomy of steganographic techniques. 5. Steganography Tools: A  steganography  software tools allows a user to attach hidden data in a carrier file, such as an image or video, and sometimes it could be an audio , and later take off that data. It is not necessary to hide the message in the original file at all. Thus, it is not necessary to edit the original file and thus, it is hard to detect nothing. If a given part of the message is subjected to successive bitwise manipulation to generate the cyphertext, then there is no evidence in the original file to show that it is being used by a third party. to encrypt a file. An example of this method is described in a self-published science fiction novel. In that example a file is encrypted using a 1949 photo from a digital archive of National Geographic magazine. 6. Steganography Example: There are software that preform steganography, some of well knows programs are : Hide4PGP (http://www.heinz-repp.onlinehome.de/Hide4PGP.htm) MP3Stego (http://www.cl.cam.ac.uk/~fapp2/steganography/mp3stego/) Stash (http://www.smalleranimals.com/stash.htm) Steganos (http://www.steganos.com/english/steganos/download.htm) S-Tools (available fromhttp://www.webattack.com/download/dlstools.shtml) 7- Describing a tool of Steganography and how it works: Take a look on this picture Figure 2: Stego picture This picture looks ok , nothing suspicious , nothing wrong with it , but in reality it has a hidden message. If you use a software tool to analyze the pictures , this result will come up: Figure 3: QuickStego program Basically , this technique is done by these steps below : Figure 4: Steganography process 8- Deep knowledge of Steganography: Steganography comes from the Greek words for â€Å"covered writing†.It is the practice of disguising the existence of a message.Generally, innocent looking carriers, e.g., pictures, audio, video, text, etc. that hold the hidden information The combination of hidden data-plus-cover is known as the stego-object Stegokey An additional piece of information, such as a password or mathematical variable, required to embed the secret information Typical Scenario Sender Sender Hides Secret Message In a Cover Using a Stegokey Transmitted Carrier Appears Innocuous Receiver Decodes Secret Message by Removing the Cover Using the Stegokey Receiver Reads Secret Message 9.Steganography and Security As noted above , steganography is an effective and efficient way of hiding data, it is just protecting the data from the unauthorized or unwanted interception. But stego is merely one of many methods to defend the confidentiality of data. It is probably the best used in integration with another data-hiding method. When used in collection, these ways can all be a part of a layered security mechanism. Some good complementary methods include: Encryption-  Encryption  is the operation of crossing data or plaintext through a series of mathematical processes that generate an alternate form of the original text known as ciphertext. The encrypted text can only be read by one who have been given the proper key to decrypt the ciphertext back into its original plaintext form. Encryption doesnt hide data, but it does make it difficult to read! Hidden directories (Windows)- Windows provides this feature, which allows users to hide files. Using this mechanism is as easy as changing the characteristics of a directory to hidden, and hoping that no one can view all types of files in their explorer. Hiding directories (Unix)- in current directories that have a lot of files, such as in the /dev directory on a Unix implementation, or making a directory that starts with three dots () versus the normal single or double dot. Covert channels- Some tools can be used to transfer important data in seemingly normal network traffic. One such tool that does that is Loki. Loki is a tool that hides data in ICMP traffic (like ping). 10.  Steganography vs. Encryption The goal of steganography is to not keep others know the hidden information, of cource , to keep others from thinking that the information even exist.if a method of steganography causes someone to suspect the medium which carries the data , then the method has failed. Encryption and Steganography achieve separate goals, encryption is changing the meaning of the message so it cannot be read, steganography does not change the meaning or change the data to make it unusable or unintended, rather, it prevents the third party from suspecting that there is a communication or data even exists. For these people who want to reach ultimate in security or privacy , can combine both approaches , encryption and steganography. Encrypted data is difficult to be differentiate from normal occurring phenomena than a normal plain text (which is a raw text) in the medium, there are several steganography tools that can encrypt data before hiding them in a chosen medium. Steganography should not be confused with encryption .Encryption disguises the content of a message. The existence of the message is usually obvious.Steganography disguises the existence of the message .However, additional security can be obtained if steganography is combined with encryption. 11. Steganalysis and its techniques: Steganalysis , is the counter measure of steganography, is the art of detecting that there is a steganography exists , or a decoded data within a medium. There are two main major tools in Steganalysis, information theory and statistical analysis. Mainly , this reveals clearly the tremendous potential for hidden information in the interner data of course as long as a set of data can be compressed to smaller sizes.there should be a space for hidden data within the medium. Steganalysis can be classified in a similar way as cryptanalysis methods, largely based on how much prior information is known : Steganography-only attack: The steganography medium is the only item available for analysis. Known-carrier attack: The carrier and steganography media are both available for analysis. Known-message attack: The hidden message is known. Chosen-steganography attack: The steganography medium and algorithm are both known. Chosen-message attack: A known message and steganography algorithm are used to create steganography media for future analysis and comparison. Known-steganography attack: The carrier and steganography medium, as well as the steganography algorithm, are known. 12. Method of Steganography: A lot of methods are available for digital Steganography. But exploiting the lenient constraints of a file formats is the most famous one. There are a lot of softwares that uses this technique. a- Image as carriers: One of the ways to hide data is using images , which is a good method. The difficulty to reveal the data hidden increases with the detailed in an image, and that makes it harder to guess or to suspect that image. JPHIDE/JPSeek is a package that uses the coefficients to hide the information. (http://linux01.gwdg.de/~alatham/stego.html). There was a new method of that , that embeds data in visually insignificant parts of an image. These both methods modify the image. The user however can explore image degradation with different messages and images of different length. Another way is for GIF images, is to modify an image’s palette for hiding its data. Gifshuffle, which is a tool , that doesn’t modify the image itself, in any visible way. It permutes a GIF image’s color map, that will leave the original image completely intact. b- Audio File Carriers: A lot of packages also available for embedding and hiding data in the audio files. One of the tools for audio file hiding stego is the MP3Stego,which does not only hide information effectively , of cource arbitrary, rather also claims to be partly strong method of watermarking the targeted MP3 audio files. The WAV formal , which stands for Wavaform Audio File Format, is a Microsoft audio format which mainly windows depends on, however, this format lets users hide data using StegoWave or Steghide (http://www.radiusnet.net/crypto/steanography/Java/stegowav.zip) (http://steghide.sourceforge.net/). These sites refer to both programs in order. Steghide modifies the LSB of data to be transmit in the carrier medium. Using an audio file as a medium is less popular than using an image as a steganography medium. c- Data Ordering: The data ordering which does not have ordering constrains, is usually a very good method of steganography. Each change of a group of objects could be pointed to a positive integer. pointing can then be used to encode the hidden data by modifying the sequence of objects that are not considered in ordered by the carrier medium. While this technique mainly, does not change the information quality, the data which are hidden can of course easily get lost if the medium is encoded again. For example, if we have a GIF which its color map consist of hidden data, we could then open the GIF in our favorite graphics-editing tool package that will be used , and save it again. Visually, the result will be both identical , from the original file to the second file, but the ordering of the color map may have been lost. 13. Limitations: Steganography is limited just like that encryption is, if bob wants to send an image with a hidden message to alice , he have to first agree secretly with alice on a way of steganography. Underneath the encryption model , alice can be fairly sure when she has got some ciphertext. Let us have a scenario about alice ,when she wants to borrow bobs camera and neglects to tell him to be careful for every 73rd byte in the images she sends him.Bobs will be ignorant of Alice’s steganography efforts. The chanses that bob will let alice borrow his digital camera will decrease the large number of pictures he will receive from her.The amount of data that could be effectively hidden in a medium is heading to be limited by the size of the medium itselt. The less limitations that exist on the integrity of the medium, the more potential it has for hiding data. 14. Conclution I have briefly explained and defined steganography , which is in my opinion an effective tool to do so many things regarding security or reliability in any field of communication .what I mean that , this technique can be used in any section in real life, military , businesess, educational , governments and more.Also , I have shown varous tools and how they function well. 15- References: 1- Artz, D. (2001). Digital steganography: Hiding data within data. IEEE Internet Computing, 75-80. 2- Provos, N., Honeyman, P. (2012). Detecting Steganographic Content on the Internet. 3- Classification of Hiding Techniques Ref: F.A.P. Petitcolas, R.J. Anderson, and M.G. Kuhn, â€Å"Information Hiding A Survey,† in Proc. Of the IEEE , vol. 87, No. 7, July 1999, pg. 1063 Kessler, G. (2001, September 11). Steganography: Hiding Data Within Data. Retrieved December 6, 2014, from http://www.garykessler.net/library/steganography.htmlhttp://www.garykessler.net/library/fsc_stego.html Kessler, G. (2004, February 2). An Overview of Steganography for the Computer Forensics Examiner. Retrieved December 6, 2014, from http://www.garykessler.net/library/fsc_stego.html http://www.symantec.com/connect/articles/steganography-revealed http://en.wikipedia.org/wiki/Steganography#Network http://www.webopedia.com/TERM/S/steganography.html http://quickcrypto.com/free-steganography-software.htm

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.