Steganography Kati Reiland CS 419 April 7, 2003. What is Steganography? Technically meaning “covered writing” Anything that hides information in another.

Steganography

Kati ReilandCS 419

April 7, 2003

What is Steganography?

• Technically meaning “covered writing”

• Anything that hides information in another media without making any visible changes to the media.

• Not cryptography

History of Steganography

• In 440 b.c. Demeratus warned Sparta

• Shaved messenger’s head• “Invisible Inks”• A Beautiful Mind• Hidden Data in i’s, j’s, and periods• Today, used to protect currency

from counterfeiting

Uses of Steganography

• Hiding of information to avoid observation or detection

• Protection of intellectual property rights.

Possible Uses of Steganography Drawbacks

Used to combine explanatory information with an image (e.g. doctor’s notes with an x-ray)

Could accidentally degrade or render an image misleading

Embedding corrective audio or image data in case corrosion occurs from a poor transmission or connection

Could counteract with the original image

Peer-to-peer private communications Doesn’t hide the fact that an e-mail was sent

Posting secret communications on the web to avoid transmission

Anyone with a cracking tool could expose and read the message

Copyright protection Hardware tools needed to protect the watermarking.

Maintaining Anonymity It is easier to use free web-based e-mail or cloaked e-mail

Hiding data on the network in case of a breach

Better to understand and effectively use standardized encryption

Table from ComputerWorld, 2002

Avoiding Detection

• Binary Data– ASCII text– Graphics

• Cover Object• Where is it hidden?

– TCP/IP Headers– Spaces in Text– “Noise” in sound files– Least Significant Bits in image files

Example of Hidden Data

• Camouflaging– Fishing freshwater bends and saltwater

coasts rewards anyone feeling stressed. Resourceful anglers usually find masterful leapers fun and admit swordfish rank overwhelming anyday.

Fishing freshwater bends and saltwater coasts rewards anyone feeling stressed. Resourceful anglers usually find masterful leapers fun and admit swordfish rank overwhelming anyday.

An Easier Example

• After the theater, all clients keep a tab down at Wesley’s Nook.

After the theater, all clients keep a tab down at Wesley’s Nook.

ATTACK AT DAWN

Data in Audio

• Uses Least Significant Bits to hold data

• May retain data in the “unhearable” areas of the audio file

Data in Images• Large files offer the best option for

concealment but they are also the most difficult to transmit.– Compression

• Lossless• Lossy

• 3 Types of Hiding in Digital Images– Least Significant Bit (LSB) Insertion– Masking and Filtering– Algorithms and Transformations

From Protecting Personal Data

Various Color Palettes

LSB Insertion

• Can be destroyed by any compression

• On average, only alters 50% of the bits

• Works best with 24-bit cover images

• Undetectable to the human eye

From Protecting Personal Data

Masking and Filtering

• Used for 24-bit and Gray-scale images

• “Watermarking”• Extend the image to

include the information as a part of the cover image.

• Generally unchanged by compression

Algorithms and Transformations

• Discrete Cosine Transform– A lossy compression (cosines are not

exact calculations)• Redundant Pattern Encoding

– Also called Spread Spectrum Methods– Scatters info in the image and

“marks” the significant areas– The rules for scattering and swapping

are kept by the “stego-key”

Most Popular Stego Tools

• StegoDos

• White Noise Storm

• S-Tools

• Hide and Seek

Protection of Rights

• Digital Watermarking • Digital Fingerprinting

Uses

• Copyright Information– Integrity– Informs of Ownership

• Stop Piracy– Ruins the use of pirated software,

music, or data– Simply doesn’t allow duplicates to be

made• Keep track of where the

music/software is being used

Digital Watermarking

• Places a piece of information, usually copyright information about the owner, repeated within the data.

• MagicGate and OpenMG• MP3Stego • PictureMarc

Digital Fingerprinting

• An embedded unique pattern into each distributed copy of the data.

• The unique data needs to appear normal to the user.

Steganalysis

• The process of finding hidden data in other media.

• Corporate Data Theft• 4 Types of Attacks

– Stego-only Attack– Chosen Stego Attack– Known Cover Attack– Known Stego Attack

BibliographyThe Code Book by Simon Singh

Steganography and Steganalysis by Joshua Silman

Steganography by Neil Johnson

Steganography: The New Terrorist Tool? By Danley Harrison

TechTV’s various articles on Copy Protection and Digital Watermarking

Protecting Personal Data by Simone Fischer-Hubner