S TEGANOGRAPHY The Art of Message Hiding. Cryptography: Securing Information in the Digital Age Part 1: Introduction to Steganography Part 2: Hands-on.

STEGANOGRAPHY

The Art of Message Hiding

Cryptography: Securing Information in the Digital Age

Part 1: Introduction to Steganography

Part 2: Hands-on activity: Exchange of Steganographic Messages

Part 3: Research and Practice on Steganalysis

STEGANOGRAPHY

Steganography is an ancient technique (known from the Antiquity) for hiding information.

The hidden information can be additionally encrypted (in the digital age).

A Digital Message (the secret) can be hidden within- digital images- audio files- video files- … or even other text messages by storing the

secret information within inessential lines of code (bytes) that don't alter the look or sound of the original file.

Modern Use of Steganographyhttp://usatoday30.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm

Terror groups hide behind Web encryption by Jack Kelley, USA TODAY 02/05/2001

… (Islamist groups) are hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other Web sites, U.S. and foreign officials say.

New York Times, August 3rd, 2001 - http://www.nytimes.com/images/2001/10/30/science/sci_STEGO_011030_00.jpg

http://www.youtube.com/watch?v=O5boXjbqeFA : How 2 convert binary to colors

How Steganography Works

Steganography versus Cryptography 1/2

Although Steganography and Cryptography seem to be practically closely related they are technically different

Steganography hides the existence of a secrete message,

whereas

Cryptography only scrambles the original message (plain text) so it cannot be understood

Steganography versus Cryptography 2/2

Steganography cannot replace cryptography, because the containers must have a much larger size than the embedded “secret” message

Steganography necessitates the transmission of the encoding key, and possibly more information to decode the message.

The transmission of this vital information must be accomplished using a different communication channel

Note: Asymmetric Encryption (e.g. PGP), does not require the transmission of a secret key.

Terminology of Steganography

Cover data (a.k.a: Carrier, Container)– The original, innocent message, be it audio, video, text

or an image

Embedded data (a.k.a: Secret)– The data that is to be hidden with the ccarrier

Stego data– A message that includes both the cover and embedded

data

Historical Forms of Steganography

- Tattoos ( Herodotus)

- Invisible Inks (lemon juice, milk, urine, …)

- Microdots in paper

- Text– Can one man pace up to empty rooms?– Can One Man Pace Up To Empty Rooms?

http://blog2life.com/steganography-the-secret-tool/

http://ladyastridslaboratory.com/tag/invisible-ink/

http://www.pinewswire.net/article/new-steganography-technique-relies-on-letter-shapes/

Modern Steganography

Types of covers (carriers) include

– Text– Images– Audio files– Video files

Details and Examples

Steganography in TEXTExamples of Encoding Algorithms

• Line-shift coding– Moving lines of text up and down by 1/300th of an

inch

• Word-shift coding– Moving words left and right

• Feature coding– Changing the heights of letters

• Other methods

Steganography in Images

• Least significant bit insertion (GIF, BMP)– Changing the least significant bit in order to

store other data

• Discreet Cosine Transform (JPG)– Applying a Cosine function to approximate

hidden data

Examples

Injected Data Extracted Data

Previous slide’s image from Hawaiipictures.com and this slide’s images fom spacedaily.com

Steganography in AudioExamples of Encoding Algorithms

• Low bit encoding– Similar to Least Significant bit insertion

• Phase encoding– Similar to Discreet Cosine Transform function

• Spread Spectrum– Using entire bandwidth to encrypt data. Number

of jumps determines amount of data able to hide.

• Echo Data Hiding– Next slide

Several Free Steganography Programs are available on the Internet

- S-tools

- OpenPuff (Free, Open-Source and Portable)

- . . .

Exercise 1 in class: OpenPUFF

You work in team

Use OpenPuff to hide a secret

eMail your partner and attach the file with the secret

Give your partner the password and the algorithm used for the encoding (“by phone”)

Decode the message sent by your partner

Exercise 2: SteganalysisDetection of Hidden Information

You work individually

Use a Hash generator to detect the existence of hidden informatin inside a file

Use your favorite Hash Generator or this one:

( Free Portable: http://www.paehl.de/dp_hash.7z )

Exercise 3: Research on SteganalysisExtracting Hidden Information

without knowing the Key

On the following pages, you will find collections of tools for detecting the existence of a secret.

1)Get a Steganographic message for which you do not know the key

2)Try to extract the secret

http://www.guillermito2.net/stegano/index.html

http://www.spy-hunter.com/stegspydownload.htm