Transcript
8/8/2019 Cs9 Batch 1 Steganography
1/39
P a g e | 1
CHAPTER 1 : INTRODUCTION
1.1 INFORMATION SECURITY
Information security means protecting information and information systems from unauthorized access, use,
disclosure, disruption, modification or destruction.[1]The terms information security, computer security
and information assurance are frequently incorrectly used interchangeably. These fields are interrelated
often and share the common goals of protecting the confidentiality, integrity and availability of
information; however, there are some subtle differences between them. These differences lie primarily in
the approach to the subject, the methodologies used, and the areas of concentration. Information security is
concerned with the confidentiality, integrity and availability of data regardless of the form the data may
take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct
operation of a computer system without concern for the information stored or processed by the computer.
1.1.1 BASIC PRINCIPLE
For over twenty years information security has held that confidentiality, integrity and availability (known
as the CIA triad) as the core principles of information security.
1.1.1.1 Confidentiality
Confidentiality is the property of preventing disclosure of information to unauthorized individuals or
systems. For example, a credit card transaction on the Internet requires the credit card number to be
transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The
system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting
the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by
restricting access to the places where it is stored. If an unauthorized party obtains the card number in any
way, a breach of confidentiality has occurred. Confidentiality is necessary (but not sufficient) for
maintaining the privacy of the people whose personal information a system holds.[citation needed]
1.1.1.2 Integrity
In information security, integrity means that data cannot be modified without authorization. This is not the
same thing as referential integrity in databases. Integrity is violated when an employee accidentally or with
malicious intent deletes important data files, when a computer virus infects a computer, when an employee
is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site,
when someone is able to cast a very large number of votes in an online poll, and so on.
There are many ways in which integrity could be violated without malicious intent. In the simplest case, a
user on a system could mis-type someone's address. On a larger scale, if an automated process is not
written and tested correctly, bulk updates to a database could alter data in an incorrect way, leaving the
8/8/2019 Cs9 Batch 1 Steganography
2/39
P a g e | 2
integrity of the data compromised. Information security professionals are tasked with finding ways to
implement controls that prevent errors of integrity.
1.1.1.3 Availability
For any information system to serve its purpose, the information must be available when it is needed. This
means that the computing systems used to store and process the information, the security controls used to
protect it, and the communication channels used to access it must be functioning correctly. High
availability systems aim to remain available at all times, preventing service disruptions due to power
outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-
service attacks.
FIG 1.
1.2 TOOLS TO OBTAIN SECURITY
1.2.1 EncryptionEncryption is where data is rendered hard to read by an unauthorised party. Since encryption can be made
extremely hard to break, many communication methods either use deliberately weaker encryption than
possible, or have backdoors inserted to permit rapid decryption. In some cases government authorities have
required backdoors be installed in secret. Many methods of encryption are also subject to "man in the
middle" attack whereby a third party who can 'see' the establishment of the secure communication is made
privy to the encryption method, this would apply for example to interception of computer use at an ISP.
8/8/2019 Cs9 Batch 1 Steganography
3/39
P a g e | 3
Provided it is correctly programmed, sufficiently powerful, and the keys not intercepted, encryption would
usually be considered secure. The article on key size examines the key requirements for certain degrees of
encryption security.
The encryption can be implemented in way to require the use of encryption, i.e. if encrypted
communication is impossible then no traffic is sent, or opportunisticly. Opportunistic encryption is a lower
security method to generally increase the percentage of generic traffic which is encrypted. This is
analogous to beginning every conversation with "Do you speak Navajo?" If the response is affirmative,
then the conversation proceedes in Navajo, otherwise it uses the common language of the two speakers.
This method does not generally provide authentication or anonymity but it does protect the content of the
conversation from eavesdropping.
1.2.2 Steganography: Hiding Information
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the
sender and intended recipient, suspects the existence of the message, a form of security through obscurity.
The word Steganography is of Greek origin and means "concealed writing". The first recorded use of the
term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and
Steganography disguised as a book on magic. Generally, messages will appear to be something else:
images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in
invisible ink between the visible lines of a private letter.
While we are discussing it in terms of computer security, Steganography is really nothing new, as it has
been around since the times of ancient Rome. For example, in ancient Rome and Greece, text was
traditionally written on wax that was poured on top of stone tablets. If the sender of the information wanted
to obscure the message - for purposes of military intelligence, for instance - they would use Steganography:
the wax would be scraped off and the message would be inscribed or written directly on the tablet, wax
would then be poured on top of the message, thereby obscuring not just its meaning but its very
existence[2].
According to Dictionary.com, steganography (also known as "steg" or "stego") is "the art of writing in
cipher, or in characters, which are not intelligible except to persons who have the key; cryptography" [3]. In
computer terms, steganography has evolved into the practice of hiding a message within a larger one in
such a way that others cannot discern the presence or contents of the hidden message[4]. In contemporary
terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such
as an image, an audio file (like a .wav or mp3) or even a video file.
8/8/2019 Cs9 Batch 1 Steganography
4/39
P a g e | 4
Signal Security Signal Intelligence
Communication Security Communication Intelligence
y Steganography (invisible inks, open codes,
messages in hollow heels) and Transmission
Security (spurt radio and spread spectrum systems)
y Interception and direction-finding
y Cryptography(codes and ciphers) y Cryptanalysis
y Traffic security(call-sign changes, dummy
messages, radio silence)
y Traffic analysis (direction-finding,
message-flow studies, radio finger
printing)
Electronic Security Electronic Intelligence
yEmission Security (shifting of radar frequencies,spread spectrum)
yElectronic Reconnaissance (eaves-dropping on radar emissions)
y Counter-Countermeasures "looking through"
(jammed radar)
y Countermeasures (jamming radar
and false radar echoes)
Table 1: Kahn's Security Table
The advantage of steganography, over cryptography alone, is that messages do not attract attention to
themselves. Plainly visible encrypted messagesno matter how unbreakablewill arouse suspicion, and
may in themselves be incriminating in countries where encryption is illegal. [5] Therefore, whereas
cryptography protects the contents of a message, steganography can be said to protect both messages and
communicating parties.
1.2.3 Steganography and Security
As mentioned previously, steganography is an effective means of hiding data, thereby protecting the data
from unauthorized or unwanted viewing. But stego is simply one of many ways to protect the
confidentiality of data. It is probably best used in conjunction with another data-hiding method. When usedin combination, these methods can all be a part of a layered security approach. Some good complementary
methods include:
y Encryption - Encryption is the process of passing data or plaintext through a series of
mathematical operations that generate an alternate form of the original data known as ciphertext.
The encrypted data can only be read by parties who have been given the necessary key to decrypt
8/8/2019 Cs9 Batch 1 Steganography
5/39
P a g e | 5
the ciphertext back into its original plaintext form. Encryption doesn't hide data, but it does make
it hard to read!
y Hidden directories (Windows) - Windows offers this feature, which allows users to hide files.
Using this feature is as easy as changing the properties of a directory to "hidden", and hoping that
no one displays all types of files in their explorer.
y Hiding directories (Unix) - in existing directories that have a lot of files, such as in the /dev
directory on a Unix implementation, or making a directory that starts with three dots (...) versus
the normal single or double dot.
y Covert channels - Some tools can be used to transmit valuable data in seemingly normal network
traffic. One such tool is Loki. Loki is a tool that hides data in ICMP traffic (like ping).
Steganography has its place in security. It is not intended to replace cryptography but supplement it. Hiding
a message with steganography methods reduces the chance of a message being detected. However, if that
message is also encrypted, if discovered, it must also be cracked (yet another layer of protection).
1.3 History and Steganography
Throughout history, a multitude of methods and variations have been used to hide information. David
Kahn's The Codebreakers provides an excellent accounting of this history [Kahn67]. Bruce Norman
recounts numerous tales of cryptography and steganography during times of war in Secret Warfare: The
Battle of Codes and Ciphers.
One of the first documents describing steganography is from the Histories of Herodotus. In ancient Greece,
text was written on wax covered tablets. In one story Demeratus wanted to notify Sparta that Xerxes
intended to invade Greece. To avoid capture, he scraped the wax off of the tablets and wrote a message on
the underlying wood. He then covered the tablets with wax again. The tablets appeared to be blank and
unused so they passed inspection by sentries without question.
Another ingenious method was to shave the head of a messenger and tattoo a message or image on the
messengers head. After allowing his hair to grow, the message would be undetected until the head was
shaved again.
Another common form of invisible writing is through the use of Invisible inks. Such inks were used with
much success as recently as WWII. An innocent letter may contain a very different message written
between the lines [Zim48]. Early in WWII steganographic technology consisted almost exclusively of
invisible inks [Kahn67]. Common sources for invisible inks are milk, vinegar, fruit juices and urine. All of
these darken when heated.
With the improvement of technology and the ease as to the decoding of these invisible inks, more
sophisticated inks were developed which react to various chemicals. Some messages had to be "developed"
much as photographs are developed with a number of chemicals in processing labs.
8/8/2019 Cs9 Batch 1 Steganography
6/39
P a g e | 6
Null ciphers (unencrypted messages) were also used. The real message is "camouflaged" in an innocent
sounding message. Due to the "sound" of many open coded messages, the suspect communications were
detected by mail filters. However "innocent" messages were allowed to flow through. An example of a
message containing such a null cipher from [JDJ01] is:
Fishing freshwater bends and saltwater
coasts rewards anyone feeling stressed.
Resourceful anglers usually find masterful
leapers fun and admit swordfish rank
overwhelming anyday.
By taking the third letter in each word, the following message emerges [Zevon]:
Send Lawyers, Guns, and Money.
The following message was actually sent by a German Spy in WWII [Kahn67]:
Apparently neutral's protest is thoroughly discountedand ignored. Isman hard hit. Blockade issue affects
pretext for embargo on by products, ejecting suets and
vegetable oils.
Taking the second letter in each word the following message emerges:
Pershing sails from NY June 1.
As message detection improved, new technologies were developed which could pass more information and
be even less conspicuous. The Germans developed microdot technology which FBI Director J. Edgar
Hoover referred to as "the enemy's masterpiece of espionage." Microdots are photographs the size of a
printed period having the clarity of standard-sized typewritten pages. The first microdots were discovered
masquerading as a period on a typed envelope carried by a German agent in 1941. The message was not
hidden, nor encrypted. It was just so small as to not draw attention to itself (for a while). Besides being so
small, microdots permitted the transmission of large amounts of data including drawings and photographs
[Kahn67].
With many methods being discovered and intercepted, the Office of Censorship took extreme actions such
as banning flower deliveries which contained delivery dates, crossword puzzles and even report cards as
they can all contain secret messages. Censors even went as far as rewording letters and replacing stamps on
envelopes.
With every discovery of a message hidden using an existing application, a new steganographic application
is being devised. There are even new twists to old methods. Drawings have often been used to conceal or
reveal information. It is simple to encode a message by varying lines, colors or other elements in pictures.
Computers take such a method to new dimensions as we will see later.
8/8/2019 Cs9 Batch 1 Steganography
7/39
P a g e | 7
Even the layout of a document can provide information about that document. Brassil et al authored a series
of publications dealing with document identification and marking by modulating the position of lines and
words [Brassil-Infocom94, Brassil- Infocom94, Brassil-CISS95]. Similar techniques can also be used to
provide some other "covert" information just as 0 and 1 are informational bits for a computer. As in one of
their examples, word-shifting can be used to help identify an original document [Brassil-CISS95]. Though
not applied as discussed in the series by Brassil et al, a similar method can be applied to display an entirely
different message. Take the following sentence (S0):
We explore new steganographic and cryptographic
algorithms and techniques throughout the world to
produce wide variety and security in the electronic web
called the Internet.
and apply some word shifting algorithm (this is sentence S1).
We explore new steganographic and cryptographic
algorithms and techniques throughout the world toproduce wide variety and security in the electronic web
called the Internet.
By overlapping S0 and S1, the following sentence is the result:
We explore new steganographic and cryptographic
algorithms and techniques throughout the world to
produce wide variety and security in the electronic web
called the Internet.
1.4 TYPES OF STEGANOGRAPHY
This is achieved by expanding the space before explore, the, wide, and web by one point and condensing
the space after explore, world, wide and web by one point in sentence S1. Independently, the sentences
containing the shifted words appear harmless, but combining this with the original sentence produces a
different message: explore the world wide web.
FIG 2.
8/8/2019 Cs9 Batch 1 Steganography
8/39
P a g e | 8
1.4.1 Physical Steganography
Steganart example. Within this picture, the letters position of a hidden message are represented by
increasing numbers (1 to 20), and a letter value is given by its intersection position in the grid. For instance,
the first letter of the hidden message is at the intersection of 1 and 4. So, after a few tries, the first letter of
the message seems to be the 14th letter of the alphabet; the last one (number 20) is the 5th letter of the
alphabet.
y Hidden messages within wax tablets: in ancient Greece, people wrote messages on the wood, then
covered it with wax upon which an innocent covering message was written.
y Hidden messages on messenger's body: also in ancient Greece. Herodotus tells the story of a
message tattooed on a slave's shaved head, hidden by the growth of his hair, and exposed by
shaving his head again. The message allegedly carried a warning to Greece about Persian invasion
plans. This method has obvious drawbacks such as delayed transmission while waiting for the
slave's hair to grow, and its one-off use since additional messages requires additional slaves. In
WWII, the French Resistance sent some messages written on the backs of couriers using invisible
ink.
y Hidden messages on paper written in secret inks, under other messages or on the blank parts of
other messages.
y Messages written in morse code on knitting yarn and then knitted into a piece of clothing worn by
a courier.
y Messages written on the back of postage stamps.
y During and after World War II, espionage agents used photographically produced microdots to
send information back and forth. Microdots were typically minute, about or less than the size of
the period produced by a typewriter. WWII microdots needed to be embedded in the paper and
covered with an adhesive (such as collodion). This was reflective and thus detectable by viewing
against glancing light. Alternative techniques included inserting microdots into slits cut into the
edge of post cards.
y During World War II, a spy for the Japanese in New York City, Velvalee Dickinson, sent
information to accommodation addresses in neutral South America. She was a dealer in dolls, and
her letters discussed how many of this or that doll to ship. The stegotext was the doll orders, the
concealed 'plaintext' was itself encoded and gave information about ship movements, etc. Her casebecame somewhat famous and she became known as the Doll Woman.
y Cold War counter-propaganda. During 1968, crew members of the USS Pueblo (AGER-2)
intelligence ship held as prisoners by North Korea, communicated in sign language during staged
photo opportunities, informing the United States they were not defectors but rather were being
held captured by the North Koreans. In other photos presented to the US, crew members gave "the
8/8/2019 Cs9 Batch 1 Steganography
9/39
P a g e | 9
finger" to the unsuspecting North Koreans, in an attempt to discredit photos that showed them
smiling and comfortable.[6]
1.4.2 Digital Steganography
Modern steganography entered the world in 1985 with the advent of the personal computer applied to
classical steganography problems. [7] Development following that was slow, but has since taken off, going
by the number of 'stego' programs available: Over 725 digital steganography applications have been
identified by the Steganography Analysis and Research Center. [8] Digital steganography techniques
include:
Image of a tree. By removing all but the last 2 bits of each color component, an almost completely black
image results. Making the resulting image 85 times brighter results in the image below.
Image of a cat extracted from above image.
y Concealing messages within the lowest bits of noisy images or sound files.
y Concealing data within encrypted data. The data to be concealed is first encrypted before being
used to overwrite part of a much larger block of encrypted data.
y Chaffing and winnowing.
y Mimic functions convert one file to have the statistical profile of another. This can thwart
statistical methods that help brute-force attacks identify the right solution in a ciphertext-only
attack.
y Concealed messages in tampered executable files, exploiting redundancy in the i386 instruction
set.
y Pictures embedded in video material (optionally played at slower or faster speed).
y Injecting imperceptible delays to packets sent over the network from the keyboard. Delays in key
presses in some applications (telnet or remote desktop software) can mean a delay in packets, and
the delays in the packets can be used to encode data.
y Content-Aware Steganography hides information in the semantics a human user assigns to a
datagram. These systems offer security against a non-human adversary/warden.
y Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are added as
comments of orphaned web-logs (or pin boards on social network platforms). In this case the
selection of blogs is the symmetric key that sender and recipient are using; the carrier of the
hidden message is the whole blogosphere.
1.4.3 Printed Steganography
Digital steganography output may be in the form of printed documents. A message, the plaintext, may be
first encrypted by traditional means, producing a ciphertext. Then, an innocuous covertext is modified in
some way to as to contain the ciphertext, resulting in the stegotext. For example, the letter size, spacing,
8/8/2019 Cs9 Batch 1 Steganography
10/39
P a g e | 10
typeface, or other characteristics of a covertext can be manipulated to carry the hidden message. Only a
recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon
developed Bacon's cipher as such a technique.
1.5 METHODS FOR HIDING INFORMATION
1.5.1 Encoding Secret Messages in Text
Encoding secret messages in text can be a very challenging task. This is because text files have a very small
amount of redundant data to replace with a secret message. Another drawback is the ease of which text
based Steganography can be altered by an unwanted parties by just changing the text itself or reformatting
the text to some other form (from .TXT to .PDF, etc.). There are numerous methods by which to
accomplish text based Steganography. I will introduce a few of the more popular encoding methods below.
= AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Line-shift encoding involves actually shifting each line of text vertically up or down by as little as 3
centimeters. Depending on whether the line was up or down from the stationary line would equate to a
value that would or could be encoded into a secret message.
Word-shift encoding works in much the same way that line-shift encoding works, only we use the
horizontal spaces between words to equate a value for the hidden message. This method of encoding is less
visible than line-shift encoding but requires that the text format support variable spacing.
Feature specific encoding involves encoding secret messages into formatted text
by changing certain text attributes such as vertical/horizontal length of letters such as b, d, T, etc. This is by
far the hardest text encoding method to intercept as each type of formatted text has a large amount of
features that can be used for encoding the secret message.
All three of these text based encoding methods require either the original file or
the knowledge of the original files formatting to be able to decode the secret message.
1.5.2 Encoding Secret Messages in Images
Coding secret messages in digital images is by far the most widely used of all methods in the digital world
of today. This is because it can take advantage of the limited power of the human visual system (HVS).
Almost any plain text, cipher text, image and any other media that can be encoded into a bit stream can be
hidden in a digital image. With the continued growth of strong graphics power in computers and the
8/8/2019 Cs9 Batch 1 Steganography
11/39
P a g e | 11
research being put into image based Steganography, this field will continue to grow at a very rapid pace.
Before diving into coding techniques for digital images, a brief explanation of digital image architecture
and digital image compression techniques should be explained.
As Duncan Sellars [7] explains "To a computer, an image is an array of numbers that represent light
intensities at various points, or pixels. These pixels make up the images raster data." When dealing with
digital images for use with Steganography, 8-bit and 24-bit per pixel image files are typical. Both have
advantages and disadvantages, as we will explain below.
8-bit images are a great format to use because of their relatively small size. The drawback is that only 256
possible colors can be used which can be a potential problem during encoding. Usually a gray scale color
palette is used when dealing with 8-bit images such as (.GIF) because its gradual change in color will be
harder to detect after the image has been encoded with the secret message. 24-bit images offer much more
flexibility when used for Steganography. The large numbers of colors (over 16 million) that can be used gowell beyond the human visual system (HVS), which makes it very hard to detect once a secret message, has
been encoded. The other benefit is that a much larger amount of hidden data can be encoded into a 24-bit
digital image as opposed to an 8-bit digital image. The one major drawback to 24-bit digital images is their
large size (usually in MB) makes them more suspect than the much smaller 8-bit digital images (usually in
KB) when sent over an open system such as the Internet.
Digital image compression is a good solution to large digital images such as the 24-bit images mentioned
earlier. There are two types of compression used in digital images, lossy and lossless. Lossy compression
such as (.JPEG) greatly reduces the size of a digital image by removing excess image data and calculating a
close approximation of the original image. Lossy compression is usually used with 24-bit digital images to
reduce its size, but it does carry one major drawback. Lossy compression techniques increase the possibility
that the uncompressed secret message will lose parts of its contents because of the fact that lossy
compression removes what it sees as excess image data. Lossless compression techniques, as the name
suggests, keeps the original digital image in tact without the chance of loss. It is for this reason that it is the
compression technique of choice for steganographic uses. Examples of lossless compression techniques are
(.GIF and .BMP). The only drawback to lossless image compression is that it doesn't do a very good job at
compressing the size of the image data.
We will now discuss a couple of the more popular digital image encoding techniques used today. They are
least significant bit (LSB) encoding and masking and filtering techniques.
Least significant bit (LSB) encoding is by far the most popular of the coding techniques used for digital
images. By using the LSB of each byte (8 bits) in an image for a secret message, you can store 3 bits of
data in each pixel for 24-bit images and 1 bit in each pixel for 8-bit images. As you can see, much more
8/8/2019 Cs9 Batch 1 Steganography
12/39
P a g e | 12
information can be stored in a 24-bit image file. Depending on the color palette used for the cover image
(i.e., all gray), it is possible to take 2 LSB's from one byte without the human visual system (HVS) being
able to tell the difference. The only problem with this technique is that it is very vulnerable to attacks such
as image changes and formatting (i.e., changing from .GIF to .JPEG).
Masking and filtering techniques for digital image encoding such as Digital Watermarking (i.e.- integrating
a companies logo on there web content) are more popular with lossy compression techniques such as
(.JPEG). This technique actually extends an images data by masking the secret data over the original data
as opposed to hiding information inside of the data. Some experts argue that this is definitely a form of
Information Hiding, but not technically Steganography. The beauty of Masking and Filtering techniques are
that they are immune to image manipulation which makes there possible uses very robust.
There are techniques that use complex algorithms, image transformation techniques and image encryption
techniques which are still, relatively new, but show promise to be more secure and robust ways to usedigital images in Steganography.
1.5.3 Encoding Secret Messages in Audio
Encoding secret messages in audio is the most challenging technique to use when dealing with
Steganography. This is because the human auditory system (HAS) has such a dynamic range that it can
listen over. To put this in perspective, the (HAS) perceives over a range of power greater than one million
to one and a range of frequencies greater than one thousand to one making it extremely hard to add or
remove data from the original data structure. The only weakness in the (HAS) comes at trying to
differentiate sounds (loud sounds drown out quiet sounds) and this is what must be exploited to encode
secret messages in audio without being detected.
There are two concepts to consider before choosing an encoding technique for audio. They are the digital
format of the audio and the transmission medium of the audio. There are three main digital audio formats
typically in use. They are Sample Quantization, Temporal Sampling Rate and Perceptual Sampling. Sample
Quantization which is a 16-bit linear sampling architecture used by popular audio formats such as (.WAV
and. AIFF). Temporal Sampling Rate uses selectable frequencies (in the KHz) to sample the audio.
Generally, the higher the sampling rate is, the higher the usable data space gets. The last audio format is
Perceptual Sampling. This format changes the statistics of the audio drastically by encoding only the parts
the listener perceives, thus maintaining the sound but changing the signal. This format is used by the most
popular digital audio on the Internet today in ISO MPEG (MP3). Transmission medium (path the audio
takes from sender to receiver) must also be considered when encoding secret messages in audio. W. Bender
[8] introduces four possible transmission mediums:
8/8/2019 Cs9 Batch 1 Steganography
13/39
P a g e | 13
1) Digital end to end - from machine to machine without modification.
2) Increased/decreased resampling - the sample rate is modified but remains digital.
3) Analog and resampled - signal is changed to analog and resampled at a different rate.
4) Over the air - signal is transmitted into radio frequencies and resampled from a microphone.
We will now look at three of the more popular encoding methods for hiding data inside of audio. They are
low-bit encoding, phase-coding and spread spectrum.
Low-bit encoding embeds secret data into the least significant bit (LSB) of the audio file. The channel
capacity is 1KB per second per kilohertz (44 kbps for a 44 KHz sampled sequence). This method is easy to
incorporate but is very susceptible to data loss due to channel noise and resampling.
Phase coding substitutes the phase of an initial audio segment with a reference phase that represents the
hidden data. This can be thought of, as sort of an encryption for the audio signal by using what is known as
Discrete Fourier Transform (DFT), which is nothing more than a transformation algorithm for the audio
signal.Spread spectrum encodes the audio over almost the entire frequency spectrum. It then transmits the audio
over different frequencies which will vary depending on what spread spectrum method is used. Direct
Sequence Spread Spectrum (DSSS) is one such method that spreads the signal by multiplying the source
signal by some pseudo random sequence known as a (CHIP). The sampling rate is then used as the chip
rate for the audio signal communication.
Spread spectrum encoding techniques are the most secure means by which to send hidden messages in
audio, but it can introduce random noise to the audio thus creating the chance of data loss. There are many
applications for Steganography, some good and some bad, which brings us to the closing section of our in-
depth look at Steganography in which we will look at Steganalysis. Steganalysis is the art and science of
stopping or detecting the use of all steganographic techniques mentioned earlier. In Steganalysis, the goal is
to be able to compare the cover-object (cover message), the stego-object (the cover message with the
hidden data embedded in it) and any possible portions of the stego-key (encryption method) in an effort to
intercept, analyze and/or destroy the secret communication. As Fabien A.P. Petitcolas [2] points out in his
book, there are six general protocols used to attack the use of Steganography.
1) Stego only attack - only the stego object is available for analysis.
2) Known cover attack - the original cover object and the stego object are available for analysis.
3) Known message attack - the hidden message is available to compare with the stego-object.
4) Chosen stego attack - the stego tool (algorithm) and stego-object are available for analysis.
5) Chosen message attack - takes a chosen message and generates a stego object for future analysis.
6) Known stego attack - the stego tool (algorithm), the cover message and the stego-objects are available
for analysis.
8/8/2019 Cs9 Batch 1 Steganography
14/39
P a g e | 14
This discussion of Steganalysis by showing the reader one example of how someone could detect the use of
steganographic tools that change the least significant bit (LSB) of an image in order to embed secret data
inside of it.
Generally, bitmap images (.BMP) have known and predictable characteristics. One such characteristic is
the probability of near duplicate colors. Bitmap images get their color from a central color table, which by
its nature have little, or no near duplicate colors. When hidden data is embedded into the (LSB) of a bitmap
image, it increases the number of near duplicate colors dramatically. Generally speaking, any bitmap image
with more than fifty near duplicate colors should raise the suspicion of embedded data being present.
1.6 COUNTER MEASURES
Detection of physical steganography requires careful physical examination, including the use of
magnification, developer chemicals and ultraviolet light. It is a time-consuming process with obvious
resource implications, even in countries where large numbers of people are employed to spy on their fellow
nationals. Targeted mail screening is however feasible in the case of certain suspected individuals or
institutions, such as prisons or prisoner of war camps. During World War II, a technology used to ease
monitoring of POW mail was specially treated paper that would reveal invisible ink. An article in the June
24, 1948 issue of Paper Trade Journal by the Technical Director of the United States Government Printing
Office, Morris S. Kantrowitz, describes in general terms the development of this paper, three prototypes of
which were named Sensicoat, Anilith, and Coatalith paper. These were for the manufacture of postal cards
and stationery to be given to German prisoners of war in the U.S. and Canada. If POWs tried to write a
hidden message the special paper would render it visible. At least two U.S. patents were granted related to
this technology, one to Mr. Kantrowitz, No. 2,515,232, "Water-Detecting paper and Water-Detecting
Coating Composition Therefor", patented July 18, 1950, and an earlier one, "Moisture-Sensitive Paper and
the Manufacture Thereof," No. 2,445,586, patented July 20, 1948. A similar strategy is to issue prisoners
with writing paper ruled with a water-soluble ink that 'runs' when in contact with a water-based invisible
ink.
In computing, detection of steganographically encoded packages is called steganalysis. The simplest
method to detect modified files, however, is to compare them to known originals. For example, to detect
information being moved through the graphics on a website an analyst can maintain known-clean copies of
these materials and compare them against the current contents of the site. The differences, assuming the
carrier is the same, will compose the payload. In general, using extremely high compression rate makes
steganography difficult, but not impossible. While compression errors provide a hiding place for data, high
compression reduces the amount of data available to hide the payload in, raising the encoding density and
facilitating easier detection (in the extreme case, even by casual observation).
8/8/2019 Cs9 Batch 1 Steganography
15/39
P a g e | 15
1.7 APPLICATIONS
1.7.1 Usage in modern printers
Steganography is used by some modern printers, including HP and Xerox brand color laser printers. Tiny
yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers,as well as date and time stamps.
1.7.2 Example from modern practice
The larger the cover message is (in data content termsnumber of bits) relative to the hidden message, the
easier it is to hide the latter. For this reason, digital pictures (which contain large amounts of data) are used
to hide messages on the Internet and on other communication media. It is not clear how commonly this is
actually done. For example: a 24-bit bitmap will have 8 bits representing each of the three color values
(red, green, and blue) at each pixel. If we consider just the blue there will be 28 different values of blue. The
difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by
the human eye. Therefore, the least significant bit can be used (more or less undetectably) for something
else other than color information. If we do it with the green and the red as well we can get one letter of
ASCII text for every three pixels.
Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to
ensure that the changes to the carrier (the original signal) due to the injection of the payload (the signal to
covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are
indistinguishable from the noise floor of the carrier.
From an information theoretical point of view, this means that the channel must have more capacity than
the 'surface' signal requires, that is, there must be redundancy. For a digital image, this may be noise from
the imaging element; for digital audio, it may be noise from recording techniques or amplification
equipment. In general, electronics that digitize an analog signal suffer from several noise sources such as
thermal noise, flicker noise, and shot noise. This noise provides enough variation in the captured digital
information that it can be exploited as a noise cover for hidden data. In addition, lossy compression
schemes (such as JPEG) always introduce some error into the decompressed data; it is possible to exploit
this for steganographic use as well.
Steganography can be used for digital watermarking, where a message (being simply an identifier) is
hidden in an image so that its source can be tracked or verified.
In fact, not only picture files can host hidden information, but other file formats can also hide data such as
audio files, text files, web pages[6]
and many other file formats.
1.7.3 Alleged usage by terrorists
When one considers that messages could be encrypted steganographically in e-mail messages, particularly
e-mail spam, the notion of junk e-mail takes on a whole new light. Coupled with the "chaffing and
winnowing" technique, a sender could get messages out and cover their tracks all at once.
8/8/2019 Cs9 Batch 1 Steganography
16/39
P a g e | 16
An example showing how terrorists may use forum avatars to send hidden messages. This avatar contains
the message "Boss said that we should blow up the bridge at midnight." encrypted with
http://mozaiq.org/encrypt using "vxj" as password.
FIG 3.
Rumors about terrorists using steganography started first in the daily newspaper USA Today on February 5,
2001 in two articles titled "Terrorist instructions hidden online" and "Terror groups hide behind Web
encryption". In July of the same year, the information looked even more precise: "Militants wire Web with
links to jihad". A citation from the USA Today article: "Lately, al-Qaeda operatives have been sending
hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site
eBay.com". These rumors were cited many timeswithout ever showing any actual proofby other media
worldwide, especially after the terrorist attack of 9/11. The Italian newspaper Corriere della Sera reported
that an Al Qaeda cell which had been captured at the Via Quaranta mosque in Milan had pornographic
images on their computers, and that these images had been used to hide secret messages (although no other
Italian paper ever covered the story). The USA Today articles were written by veteran foreign
correspondent Jack Kelley, who in 2004 was fired after allegations emerged that he had fabricated stories
and invented sources.
In October 2001, the New York Times published an article claiming that al-Qaeda had used steganographic
techniques to encode messages into images, and then transported these via e-mail and possibly via
USENET to prepare and execute the September 11, 2001 Terrorist Attack. The Federal Plan for Cyber
Security and Information Assurance Research and Development,[7] published in April 2006 makes the
following statements:
y "immediate concerns also include the use of cyberspace for covert communications, particularly
by terrorists but also by foreign intelligence services; espionage against sensitive but poorly
defended data in government and industry systems; subversion by insiders, including vendors and
contractors; criminal activity, primarily involving fraud and theft of financial or identity
information, by hackers and organized crime groups"y "International interest in R&D for steganography technologies and their commercialization and
application has exploded in recent years. These technologies pose a potential threat to national
security. Because steganography secretly embeds additional, and nearly undetectable, information
content in digital products, the potential for covert dissemination of malicious software, mobile
code, or information is great."
8/8/2019 Cs9 Batch 1 Steganography
17/39
P a g e | 17
y "The threat posed by steganography has been documented in numerous intelligence reports." (p
42)
Moreover, a captured terrorist training manual, the "Technical Mujahid, a Training Manual for Jihadis"
contains a section entitled "Covert Communications and Hiding Secrets Inside Images." A brief summary is
provided by the Jamestown Foundation.[8]
The above considered, there are no known instances of islamists actually using computer steganography.
Islamist utilisation of steganography is somewhat simpler: In 2008 a British Muslim, Rangzieb Ahmed,
was alleged to have a contact book with Al-Qaeda telephone numbers, written in invisible ink. He was
convicted on terrorism charges.[9]
8/8/2019 Cs9 Batch 1 Steganography
18/39
P a g e | 18
CHAPTER 2: LITERATURE, SURVEY AND ITS ANALYSIS
2.1 USE OF STEGANOGRAPHY
Like many security tools, Steganography can be used for a variety of reasons, some good, some not so
good. Legitimate purposes can include things like watermarking images for reasons such as copyright
protection. Digital watermarks (also known as fingerprinting, significant especially in copyrighting
material) are similar to Steganography in that they are overlaid in files, which appear to be part of the
original file and are thus not easily detectable by the average person. Steganography can also be used as a
way to make a substitute for a one-way hash value (where you take a variable length input and create a
static length output string to verify that no changes have been made to the original variable length input)[4].
Further, steganography can be used to tag notes to online images (like post-it notes attached to paper files).
Finally, steganography can be used to maintain the confidentiality of valuable information, to protect the
data from possible sabotage, theft, or unauthorized viewing[5].
2.2 IMPORTANCE OF STEGANOGRAPHY
Steganography or Stego as it is often referred to in the IT community, literally means, "Covered writing"
which is derived from the Greek language. Steganography is defined by Markus Kahn [5] as follows,
"Steganography is the art and science of communicating in a way which hides the existence of the
communication. In contrast to Cryptography, where the enemy is allowed to detect, intercept and modify
messages without being able to violate certain security premises guaranteed by a cryptosystem, the goal of
Steganography is to hide messages inside other harmless messages in a way that does not allow any enemy
to even detect that there is a second message present".
In a digital world, Steganography and Cryptography are both intended to protect information from
unwanted parties. Both Steganography and Cryptography are excellent means by which to accomplish this
but neither technology alone is perfect and both can be broken. It is for this reason that most experts would
suggest using both to add multiple layers of security.
Steganography can be used in a large amount of data formats in the digital world of today. The most
popular data formats used are .bmp, .doc, .gif, .jpeg, .mp3, .txt and .wav. Mainly because of their popularity
on the Internet and the ease of use of the steganographic tools that use these data formats. These formats
are also popular because of the relative ease by which redundant or noisy data can be removed from them
and replaced with a hidden message.
Steganographic technologies are a very important part of the future of Internet security and privacy on open
systems such as the Internet. Steganographic research is primarily driven by the lack of strength in the
cryptographic systems on their own and the desire to have complete secrecy in an open-systems
environment. Many governments have created laws that either limit the strength of cryptosystems or
prohibit them completely. This has been done primarily for fear by law enforcement not to be able to gain
intelligence by wiretaps, etc. This unfortunately leaves the majority of the Internet community either with
8/8/2019 Cs9 Batch 1 Steganography
19/39
P a g e | 19
relatively weak and a lot of the times breakable encryption algorithms or none at all. Civil liberties
advocates fight this with the argument that these limitations are an assault on privacy. This is where
Steganography comes in. Steganography can be used to hide important data inside another file so that only
the parties intended to get the message even knows a secret message exists. To add multiple layers of
security and to help subside the "crypto versus law" problems previously mentioned, it is a good practice to
use Cryptography and Steganography together. As mentioned earlier, neither Cryptography nor
Steganography are considered "turnkey solutions" to open systems privacy, but using both technologies
together can provide a very acceptable amount of privacy for anyone connecting to and communicating
over these systems.
E169 4E46
2.3 STEGANOGRAPHIC METHODS
The following formula provides a very generic description of the pieces of the steganographic process:
cover_medium + hidden_data + stego_key = stego_medium
In this context, the cover_medium is the file in which we will hide the hidden_data, which may also beencrypted using the stego_key. The resultant file is the stego_medium (which will, of course. be the same
type of file as the cover_medium). The cover_medium (and, thus, the stego_medium) are typically image
or audio files. In this article, I will focus on image files and will, therefore, refer to the cover_image and
stego_image.
Before discussing how information is hidden in an image file, it is worth a fast review of how images are
stored in the first place. An image file is merely a binary file containing a binary representation of the color
or light intensity of each picture element (pixel) comprising the image.
Images typically use either 8-bit or 24-bit color. When using 8-bit color, there is a definition of up to 256
colors forming a palette for this image, each color denoted by an 8-bit value. A 24-bit color scheme, as the
term suggests, uses 24 bits per pixel and provides a much better set of colors. In this case, each pix is
represented by three bytes, each byte representing the intensity of the three primary colors red, green, and
blue (RGB), respectively. The Hypertext Markup Language (HTML) format for indicating colors in a Web
page often uses a 24-bit format employing six hexadecimal digits, each pair representing the amount of red,
blue, and green, respectively. The color orange, for example, would be displayed with red set to 100%
(decimal 255, hex FF), green set to 50% (decimal 127, hex 7F), and no blue (0), so we would use
"#FF7F00" in the HTML code.
The size of an image file, then, is directly related to the number of pixels and the granularity of the color
definition. A typical 640x480 pix image using a palette of 256 colors would require a file about 307 KB in
size (640 480 bytes), whereas a 1024x768 pix high-resolution 24-bit color image would result in a 2.36
MB file (1024 768 3 bytes).
To avoid sending files of this enormous size, a number of compression schemes have been developed over
time, notably Bitmap (BMP), Graphic Interchange Format (GIF), and Joint Photographic Experts Group
(JPEG) file types. Not all are equally suited to steganography, however.
8/8/2019 Cs9 Batch 1 Steganography
20/39
P a g e | 20
GIF and 8-bit BMP files employ what is known as lossless compression, a scheme that allows the software
to exactly reconstruct the original image. JPEG, on the other hand, uses lossy compression, which means
that the expanded image is very nearly the same as the original but not an exact duplicate. While both
methods allow computers to save storage space, lossless compression is much better suited to applications
where the integrity of the original information must be maintained, such as steganography. While JPEG can
be used for stego applications, it is more common to embed data in GIF or BMP files.
The simplest approach to hiding data within an image file is called least significant bit (LSB) insertion. In
this method, we can take the binary representation of the hidden_data and overwrite the LSB of each byte
within the cover_image. If we are using 24-bit color, the amount of change will be minimal and
indiscernible to the human eye. As an example, suppose that we have three adjacent pixels (nine bytes)
with the following RGB encoding:
10010101 00001101 11001001
10010110 00001111 11001010
10011111 00010000 11001011
Now suppose we want to "hide" the following 9 bits of data (the hidden data is usually compressed prior to
being hidden): 101101101. If we overlay these 9 bits over the LSB of the 9 bytes above, we get the
following (where bits in bold have been changed):
10010101 00001100 11001001
10010111 00001110 11001011
10011111 00010000 11001011
Note that we have successfully hidden 9 bits but at a cost of only changing 4, or roughly 50%, of the LSBs.
This description is meant only as a high-level overview. Similar methods can be applied to 8-bit color but
the changes, as the reader might imagine, are more dramatic. Gray-scale images, too, are very useful for
steganographic purposes. One potential problem with any of these methods is that they can be found by an
adversary who is looking. In addition, there are other methods besides LSB insertion with which to insert
hidden information. Without going into any detail, it is worth mentioning steganalysis, the art of detecting
and breaking steganography. One form of this analysis is to examine the color palette of a graphical image.
In most images, there will be a unique binary encoding of each individual color. If the image contains
hidden data, however, many colors in the palette will have duplicate binary encodings since, for all
practical purposes, we can't count the LSB. If the analysis of the color palette of a given file yields many
duplicates, we might safely conclude that the file has hidden information.
But what files would you analyze? Suppose I decide to post a hidden message by hiding it in an image file
that I post at an auction site on the Internet. The item I am auctioning is real so a lot of people may access
the site and download the file; only a few people know that the image has special information that only they
8/8/2019 Cs9 Batch 1 Steganography
21/39
P a g e | 21
can read. And we haven't even discussed hidden data inside audio files! Indeed, the quantity of potential
cover files makes steganalysis a Herculean task.
2.4HOW DO STEGANOGRAPHY TOOLS WORK?
To show how easy Steganography is, I started out by downloading one of the more popular freeware tools
out now: F5, then moved to a tool called SecurEngine, which hides text files within larger text files, and
lastly a tool that hides files in MP3s called MP3Stego. I also tested one commercial Steganography
product, Steganos Suite.
F5 was developed by Andreas Westfield, and runs as a DOS client. A couple of GUIs were later developed:
one named "Frontend", developed by Christian Wohne and the other, named "Stegano", by Thomas Biel. I
tried F5, beta version 12. I found it very easy to encode a message into a JPEG file, even if the buttons in
the GUI are written in German! Users can simply do this by following the buttons, inputting the JPEG file
path, then the location of the data that is being hidden (in my case, I used a simple text file created in
Notepad), at which point the program prompts the user for a pass phrase. As you can see by the before and
after pictures below, it is very hard to tell them apart, embedded message or not.
Figure 4.1: JPEG file without embedded text Figure 4.2: JPEG file with embedded text
Granted, the file that I embedded here was very small (it included one line of text: "This is a test. This is
only a test."), so not that many pixels had to be replaced to hide my message. But what if I tried to hide a
larger file? F5 only hides text files. I tried to hide a larger word document and although it did hide the file, when I tried to decrypt it,
it came out as garbage. However, larger text files seemed to hide in the picture just as well as my small, one-line message.
8/8/2019 Cs9 Batch 1 Steganography
22/39
P a g e | 22
SecurEngine doesn't seem to be as foolproof as the tools that hide text within pictures. When I hid my small text file in a bigger text
file, I found an odd character at the bottom of the encoded file (""). This character was not in the original file. SecurEngine gives
users the option of just hiding the image, hiding the image as well as encrypting it, or both. The test message was encrypted and
decrypted without issue. SecurEngine also has a feature that helps to "wipe" files (to delete them more securely).
MP3Stego, a tool that hides data in MP3 files worked very well. How the process works is like this: you encode a file, a text file for
example, with a .WAV file, in order for it to be compressed into MP3 format. One problem that I ran into was that in order to hide
data of any size, I had to find a file that was proportional in size. So, for instance, my small text message from the previous exercise
was too big to hide in a .WAV file (the one that I originally tried was 121KB, and the text file was around 36 bytes). In order to
ultimately hide a file that was 5 bytes (only bearing the message "test."), I found a .WAV file that was 627 KB. The ultimate MP3
file size was 57KB.
Steganos Suite is a commercial software package of numerous stego tools all rolled into one. In addition to a nifty Internet trace
destructor function and a computer file shredder, it has a function called the File Manager. This allows users to encrypt and hide
files on their hard drive. The user selects a file or folder to hide, and then selects a "carrier" file, which is defined as a graphic or
sound file. It will also create one for you if you prefer, if you have a scanner or microphone available. If you don't have a file handy
or if you want to create one, the File Manager will search your hard drive for an appropriate carrier. This tool looks for a wider
variety of file types than the majority of the freeware tools that I perused (such as .DLL and .DIB files), so if you intend to do quite
a bit of file hiding, you might want to invest in a commercial package.
2.5 FEASIBILITY STUDY:
Feasibility study is about the viability of a system. The proposed system has to be examined for its technical, economical and
operational feasibility. This system for hiding text files within images was inspected with all these aspects in mind. Many
alternatives are found and the best among them, which suits our requirement in a better way, is chosen. One should keep following
points in mind to choose a better alternative.
Greater speed of processing
Effective procedures eliminating errors
Better accuracy
Fast retrieval of data
Data security
Efficient way to store data
These alternatives are taken into account and a better system is designed. Then, the system is thoroughly scrutinized to make sure of
its practicability.
2.5.1 Technical Feasibility:
8/8/2019 Cs9 Batch 1 Steganography
23/39
P a g e | 23
It is the process of assessing the development organization's ability to construct a proposed system. Test is made to see whether
reliable hardware and software, technical resources capable of meeting the needs of a proposed system can be acquired or developed
by an organization in the required time. While accessing the technical feasibility, the various issues that are considered are system
performance, system interfaces, development processes, risks, failure immunity and security.
2.5.2 Economical feasibility:
It is a process of identifying the financial benefits and costs associated with a development project. This project is found to be
economically feasible since security is the need of the time. A cost-benefit analysis is made considering the intricacies such as
development cost, time to implementation, support costs, business process effectiveness, and maintainable design.
2.5.3 Operational feasibility:
It is the process of assessing the degree to which a proposed system solves business problems or takes advantage of business
opportunities the questions that are assessed are
Will the solution fulfill the users requirements?
To what degree?
How will the solution change the users work environment?
How do users feel about such a solution?
The feedbacks for these questions are reviewed and the system proposed is found to be feasible.
2.6 PROTECTING AGAINST MALICIOUS STEGANOGRAPHY
Unfortunately, all of the methods mentioned above can also be used to hide illicit, unauthorized or unwanted activity. What can you
do to prevent or detect issues with stego? There is no easy answer. If someone has decided to hide their data, they will probably be
able to do so fairly easily. The only way to detect steganography is to be actively looking for in specific files, or to get very lucky.
Sometimes an actively enforced security policy can provide the answer: this would require the implementation of company-wide
acceptable use policies that restrict the installation of unauthorized programs on company computers.
Using the tools that you already have to detect movement and behavior of traffic on your network may also be helpful. Network
intrusion detection systems can help administrators to gain an understanding of normal traffic in and around your network and can
thus assist in detecting any type of anomaly, especially with any changes in the behavior of increased movement of large images
around your network. If the administrator is aware of this sort of anomalous activity, it may warrant further investigation. Host-
based intrusion detection systems deployed on computers may also help to identify anomalous storage of image and/or video files.
A research paper by Stefan Hetzel cites two methods of attacking steganography, which really are also methods of detecting it. They
are the visual attack (actually seeing the differences in the files that are encoded) and the statistical attack: "The idea of the statistical
attack is to compare the frequency distribution of the colors of a potential stego file with the theoretically expected frequency
distribution for a stego file." It might not be the quickest method of protection, but if you suspect this type of activity, it might be the
most effective. For JPEG files specifically, a tool called Stegdetect, which looks for signs of steganography in JPEG files, can be
8/8/2019 Cs9 Batch 1 Steganography
24/39
P a g e | 24
employed. Stegbreak, a companion tool to Stegdetect, works to decrypt possible messages encoded in a suspected steganographic
file, should that be the path you wish to take once the stego has been detected
2.7 SYSTEM ANALYSIS
2.7.1 EXISTING SYSTEM
Steganography is an evolving branch of cryptography. People not only want their messages to be encrypted but they want to hide
the existence of such information. A variety of systems are providing this facility of hiding information. But, nobody can deny the
fact that with a lot of hard work and sincere effort any good cryptologist could find whether an information is hidden in a file or
not. Since we dont want such persons to learn our information, we need some system such that even when the information is
revealed, it should be of no use.
2.7.2 PROPOSED SYSTEM
The system proposed by this project takes the above said problem into account and it combines the art of steganography with
cryptology. It encodes a message and then,hides it in a file. This makes the message unreadable even after it is disclosed. By this
way we can conceal our information. This project hides text files inside bmp files and creates a bmp file with secret message. A key
should be given by the user to encode the message. The message is first encoded with this key and then embedded inside the
specified file. It is then stored as per the name specified.
To reveal the message that is inside a file, one should give the right key and then this key will decrypt the message and then the
embedded message is extracted out for viewing. If an attempt is made with a wrong key, a warning is made to tell that that key is
invalid. By this method we hide our secret message from invalid users.
Several options are provided for the users so that they work in a modish environment. Users are provided with a facility to locate the
files on the system through browsing. The image files can be viewed on the display panel and we could select one.
Information about jpg as well as bmp files could be retrieved.
An additional facility for sending these secret message files over the net is offered. One could open the internet explorer and send
the relevant files to the intended destination.
The working of the system is very simple but powerful. It uses bit shift method to encrypt. The encrypted message is then
embedded inside the specified bmp file bit by bit after hard manipulations. The key is used to do this crypting works. The characters
in the key are converted into binary strings and they are manipulated against the binary streams that are obtained from the individual
characters of the secret message.
Since the key is used to encrypt and embed it would be hard to reveal a secret message that is embedded inside the picture.
8/8/2019 Cs9 Batch 1 Steganography
25/39
P a g e | 25
CHAPTER 3 : ALGORITHMS AND METHODOLOGIES
3.1 BLOWFISH (CIPHER)
Blowfish
8/8/2019 Cs9 Batch 1 Steganography
26/39
P a g e | 26
The round function (Feistel function) of Blowfish
General
Designers Bruce Schneier
First published 1993
Successors Twofish
Cipher detail
Key sizes 32448 bits in steps of 8 bits; default 128 bits
Block sizes 64 bits
Structure Feistel network
Rounds 16
Best public cryptanalysis
Four rounds of Blowfish are susceptible to a second-order differential attack (Rijmen, 1997); for a class
of weak keys, 14 rounds of Blowfish can be distinguished from a pseudorandom permutation (Vaudenay,
1996).
In cryptography, Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number
of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it
has been found to date. However, the Advanced Encryption Standardnow receives more attention.
8/8/2019 Cs9 Batch 1 Steganography
27/39
P a g e | 27
Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the aging DES and free of the problems
and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary,
encumbered by patents or were commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain
so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."
Notable features of the design include key-dependent S-boxes and a highly complex key schedule.
3.1.2 THE ALGORITHM
Blowfish has a 64-bit block size and a variable key length from 32 up to 448 bits. [1] It is a 16-round Feistel cipher and uses large
key-dependent S-boxes. It is similar in structure to CAST-128, which uses fixed S-boxes.
FIG 5. The Feistel structure of Blowfish
The diagram to the left shows the action of Blowfish. Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18-
entry P-array and four 256-entry S-boxes. The S-boxes accept 8-bit input and produce 32-bit output. One entry of the P-array is used
every round, and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries.
The diagram to the right shows Blowfish's F-function. The function splits the 32-bit input into four eight-bit quarters, and uses the
quarters as input to the S-boxes. The outputs are added modulo 232 and XORed to produce the final 32-bit output.
Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the reverse order. This is not so obvious because
xor is commutative and associative. A common mistake is to use inverse order of encryption as decryption algorithm (i.e. first
XORing P17 and P18 to the ciphertext block, then using the P-entries in reverse order).
Blowfish's key schedule starts by initializing the P-array and S-boxes with values derived from the hexadecimal digits of pi, which
contain no obvious pattern (see nothing up my sleeve number). The secret key is then XORed with the P-entries in order (cycling
8/8/2019 Cs9 Batch 1 Steganography
28/39
8/8/2019 Cs9 Batch 1 Steganography
29/39
P a g e | 29
3.2 ADVANCED ENCRYPTION STANDARD (Rijndael)
AES
The SubBytes step, one of four stages in a round of AES
General
Designers Vincent Rijmen, Joan Daemen
First
published
1998
Derived from Square
Successors Anubis, Grand Cru
Certification AES winner, CRYPTREC, NESSIE, NSA
Cipher detail
Key sizes 128, 192 or 256 bits[1]
Block sizes 128 bits[2]
Structure Substitution-permutation network
Rounds 10, 12 or 14 (depending on key size)
Best public cryptanalysis
A related-key attack can break 256-bit AES with a complexity of 2119, which is faster than brute force
but is still infeasible. 192-bit AES can also be defeated in a similar manner, but at a complexity of 2176.
128-bit AES is not affected by this attack. A chosen-plaintext attack can break 8 rounds of 192- and
256-bit AES, and 7 rounds of 128-bit AES, although the workload is impractical at 2128
- 2119
.
8/8/2019 Cs9 Batch 1 Steganography
30/39
P a g e | 30
(Ferguson et al., 2000).
In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The
standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as
Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have
been analyzed extensively and are now used worldwide, as was the case with its predecessor, [3] the Data Encryption Standard
(DES).
AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26,
2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was
selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May
26, 2002. As of 2009, AES is one of the most popular algorithms used in symmetric key cryptography. It is available in many
different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information
(see Security of AES, below).
The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the
AES selection process. Rijndael is a portmanteau of the names of the two inventors and is pronounced [rindal].[4]
3.2.1 DESCRIPTION OF THE AES CIPHER
AES is based on a design principle known as a Substitution
permutation network. It is fast in both software and
hardware,[5] is relatively easy to implement, and requires little
memory.[citation needed] Unlike its predecessor DES, AES does
not use a Feistel network.
AES has a fixed block size of 128 bits and a key size of 128,
192, or 256 bits, whereas Rijndael can be specified with
block and key sizes in any multiple of 32 bits, with a
minimum of 128 bits and a maximum of 256 bits.
Assuming one byte equals 8 bits, the fixed block size of 128
bits is 128 8 = 16 bytes. AES operates on a 44 array of
bytes, termed the state (versions of Rijndael with a larger
block size have additional columns in the state). Most AES
calculations are done in a special finite field.
The AES cipher is specified as a number of repetitions of
transformation rounds that convert the input plain-text into
the final output of cipher-text. Each round consists of several
processing steps, including one that depends on the
encryption key. A set of reverse rounds are applied to
transform cipher-text back into the original plain-text using
the same encryption key.
3.2.2 HIGH-LEVEL DESCRIPTION OF THE
ALGORITHM
y KeyExpansion using Rijndael's key schedule
y Initial Round
1. AddRoundKey
y Rounds
1. SubBytesa non-linear substitution step where
each byte is replaced with another according to a
lookup table.
2. ShiftRowsa transposition step where each row of
the state is shifted cyclically a certain number of
steps.
3. MixColumnsa mixing operation which operates
on the columns of the state, combining the four
bytes in each column
8/8/2019 Cs9 Batch 1 Steganography
31/39
P a g e | 31
4. AddRoundKeyeach byte of the state is combined
with the round key; each round key is derived from
the cipher key using a key schedule.
y Final Round (no MixColumns)
1. SubBytes
2. ShiftRows
3. AddRoundKey
3.2.2.1 THE SubBytes STEP
FIG 6.
In the SubBytes step, each byte in the state is replaced with
its entry in a fixed 8-bit lookup table, S; bij = S(aij).
In the SubBytes step, each byte in the array is updated using
an 8-bit substitution box, the Rijndael S-box. This operation
provides the non-linearity in the cipher. The S-box used is
derived from the multiplicative inverse over GF(2
8
), knownto have good non-linearity properties. To avoid attacks based
on simple algebraic properties, the S-box is constructed by
combining the inverse function with an invertible affine
transformation. The S-box is also chosen to avoid any fixed
points (and so is a derangement), and also any opposite fixed
points.
3.2.2.2 THE ShiftRows STEP
FIG 7.
In the ShiftRows step, bytes in each row of the state are
shifted cyclically to the left. The number of places each byte
is shifted differs for each row.
The ShiftRows step operates on the rows of the state; it
cyclically shifts the bytes in each row by a certain offset. For
AES, the first row is left unchanged. Each byte of the second
row is shifted one to the left. Similarly, the third and fourth
rows are shifted by offsets of two and three respectively. For
the block of size 128 bits and 192 bits the shifting pattern is
the same. In this way, each column of the output state of the
ShiftRows step is composed of bytes from each column of
the input state. (Rijndael variants with a larger block size
have slightly different offsets). In the case of the 256-bit
block, the first row is unchanged and the shifting for second,
third and fourth row is 1 byte, 3 bytes and 4 bytes
respectively - this change only applies for the Rijndael cipher
when used with a 256-bit block, AES doesn't use 256-bit
blocks.
3.2.5 THE MixColumns STEP
8/8/2019 Cs9 Batch 1 Steganography
32/39
P a g e | 32
FIG 8.
In the MixColumns step, each column of the state is
multiplied with a fixed polynomial c(x).
In the MixColumns step, the four bytes of each column of the
state are combined using an invertible linear transformation.
The MixColumns function takes four bytes as input and
outputs four bytes, where each input byte affects all fouroutput bytes. Together with ShiftRows, MixColumns
provides diffusion in the cipher. Each column is treated as a
polynomial overGF(28) and is then multiplied modulo x4 + 1
with a fixed polynomial c(x) = 3x3 + x2 + x + 2. The
MixColumns step can also be viewed as a multiplication by a
particular MDS matrix in Finite field. This process is
described further in the article Rijndael mix columns.
3.2.2.3 THE AddRoundKey STEP
FIG 9.
In the AddRoundKey step, each byte of the state is combined
with a byte of the round subkey using the XOR operation
().
In the AddRoundKey step, the subkey is combined with the
state. For each round, a subkey is derived from the main key
using Rijndael's key schedule; each subkey is the same size
as the state. The subkey is added by combining each byte of
the state with the corresponding byte of the subkey using
bitwise XOR.
3.2.3 OPTIMIZATION OF THE CIPHER
On systems with 32-bit or larger words, it is possible to speed
up execution of this cipher by combining SubBytes and
ShiftRows with MixColumns, and transforming them into a
sequence of table lookups. This requires four 256-entry 32-
bit tables, which utilizes a total of four kilobytes (4096 bytes)
of memoryone kilobyte for each table. A round can now be
done with 16 table lookups and 12 32-bit exclusive-or
operations, followed by four 32-bit exclusive-or operations in
the AddRoundKey step.[6]
If the resulting four kilobyte table size is too large for a given
target platform, the table lookup operation can be performed
with a single 256-entry 32-bit table by the use of circular
rotates.
Using a byte-oriented approach it is possible to combine the
SubBytes, ShiftRows, and MixColumns steps into a single
round operation.
CHAPTER 4 : EXPERIMENTAL RESULTS
8/8/2019 Cs9 Batch 1 Steganography
33/39
P a g e | 33
FIG 10.
4.1 Some of the tools used for implementing
steganography with various algorithms are:
4.1.1. ABSOLUTE CHAOS 3.8
Absolute CHAOS allows to encrypt the files and folders and
to hide it as the files .ipg, .gif, .doc, .rtf or any others.
Absolute CHAOS has high speed and allows variable-length
keys, making it very reliable and easy to use. The program is
compact, efficient and user friendly. Absolute CHAOS has
comprehensive privacy tools including file/folder
compression, file/folder shredder.
4.1.2. ABSOLUTE PASSWORD PROTECTOR 1.0.547
Absolute Password Protector is a strong steganography utility that securely encrypts files. The program hides your
sensitive data into pictures. With the use of Absolute Password Protector, you can also hide encrypted files so that no
one would know it's an encrypted file. Encrypted files can be safely transferred via e-mail. Absolute Password
Protector adds "invisible" noise to digital photographic images. This noise will contain your sensitive data in an
encrypted form. There are a lot of password protection utilities on the market today that promise a secure storage for
your files. Unfortunately, simple password protection techniques do not guarantee safety and passwords are easily
cracked. LastBit Software is a company providing password recovery solutions since 1997. The company has a great
experience in this field and did the best to make the encryption utility as strong as possible. Absolute Password
Protector uses the CleverLock (TM) technology that dramatically increases the time and efforts needed to recover even
a short password. So, maximum possible brute-force attack speed is about 100 passwords per second (for example,search speed for Zip archives is up to tens of millions of passwords per second). There is no need to start the program
each time you wish to encrypt or decrypt a file. Absolute Password Protector integrates into the Windows shell and
can be invoked by a right click on a file, while in Windows Ex
4.1.3. COMPUTER SECURITY 1.5
Security should be a very important and concerning issue in
company or a home user, it is very important to protect your
sensitive data, hiding it in innocent carriers, allowing safe tr
files beyond recovery and locking application from your child
of over 20 algorithms like Twofish, Cast128, Blowfish or Shap
overwrites every bit of information with a random number of l
4.1.4. HIDE PRIVATE FILE PRO 6.01
Hide Private File Pro allows you to encrypt, compress and hid
BMP file so that the addition of the message to the container f
If the file which has been hidden is deleted then there is no in
from BMP file when you need to get at it, hide and recovered
file of any size in one BMP image files (automation conversio
hiding a message file in single BMP image file, (2) extract
Advanced differs from others of this sort in two respects: 1. Th
BMP is big enough. when you hidden, Hide2Image Advanced
hide in this file), the other is 'Source Image' (when you recove
support 8 kinds of encryption algorithms (for example: DES,
like this if no login password of other man can't login Hid
Manage BMP file.
4.1.5. ID IMAGE PROTECTOR 1.2
ID Image Protector is a program specifically designed to p
imagine encrypting and embossing facilities. It safely secures
keeping it away from unauthorized access. Main Features: - E
advanced encrypting methods - Compresses imagines up to 7
and a tutorial guide Detailed features: - ID Image Protector en
images, without changing the original content of the files an
other personal things you wish to keep private. It encodes
encoding method and jeopardize your files including spyware
its original size by the use of an integrated compressing system
keys for a professional secure encryption. It provides, at y
8/8/2019 Cs9 Batch 1 Steganography
34/39
P a g e | 34
between the original and the encoded image. - Encodes files professionally by providing advanced encrypting services.
ID Image Protector encodes files with a range starting from 8bits and reaching up to 16.384 bits and higher. - Offers a
step-by-step wizard service which guides you through the menu and the services it provides. ID Image Protector also
offers assistance with live tutorial presentations just in case you need them. - ID Image Protector has a convenient
graphic interface which is very simple to use. It requires minimal space on your computer to operate efficiently.
4.1.6. INVISIBLE SECRETS ENCRYPTION SOFTWARE 4.6
Invisible Secrets Encryption Software 4 not only encrypts your data and files for safe keeping or for secure transfer
across the net, it also hides them in places that on the surface appear totally innocent, such as picture or sound files, or
web pages. These types of files are a perfect disguise for sensitive information. Nobody, not even your wife, boss, or a
hacker would realize that your important papers or letters are stored in your last holiday pictures, or that you use your
personal web page to exchange messages or secret documents. Invisible Secrets Encryption Software 4 features:
strong encryption algorithms; steganography and a library of favorite carriers locations; a password management
solution that stores all your passwords securely and helps you create secure passwords, faster access to your passwords
by accessing the password manager directly from the tray menu; a virtual keyboard created in order to prevent any key
logger software from stealing your passwords; a shredder that helps you destroy beyond recovery files, folders and
internet traces; a locker that allows you to password protect certain applications; the ability to create self-decrypting
packages and mail them to your friends or business partners, you will be able to safely send the self-decrypting
packages as zip files; a tool that allows you to transfer a password securely over the internet; a cryptboard to help you
use the program from Windows Explorer and a real-time news system that allows you to be kept up-to-date with new
versions, new products, new features, and special offers, without having to browse our website searching for new
information. Invisible Secrets Encryption Software 4 is shell integrated and offers a wizard that guides you through all
the necessary steps needed to protect your data.
4.1.7. MESSAGE SMUGGLER 2.2.10.8.027
Message Smuggler is the leading software on the market of its kind, which used to smuggle or hide text message into
images. Create secret picture message with 256-bit encryption algorithm and password protection. This software gives
you: - end of censorship - absolute security - end of any suspicions - free choice of transfer method Message Smuggler
is an ideal tool for individuals who share very sensitive data with colleagues, family, or friends, and require that data
to remain secure. Main Features: - All messages smuggled into images are encrypted with special certified encryption
method based on 256-bit encryption algorithm and password protected. - Password isn't stored within file. - Images
containing hidden messages are fully functional and are identical to the original one. - Images absolutely don't lose on
quality. - Although images containing hidden messages, y
top related