Steganography - cysecure.orgcysecure.org/470/19s/GP/indF0_rramadhinRajkumar-steganograph…  · Web viewSteganography is the process of hiding a file inside of another file. In this

Mercy College

Steganography

IASP 470 Capstone System Security

Rajkumar Ramadhin

3-11-2019

1

Abstract.......................................................................................................................................................2

Introduction.................................................................................................................................................3

Preliminaries................................................................................................................................................3

Problem.......................................................................................................................................................6

My Approach to Cyber Defense...................................................................................................................7

Conclusion...................................................................................................................................................8

References.................................................................................................................................................10

2

AbstractSteganography is the process of hiding a file inside of another file. In this paper I will

discuss the benefits of using steganography. This project will discuss flaws and security issues

that exist within steganography. I will discuss the different methods of steganography and how it

can be paired with cryptography. With social media growing as well, I will look at which sites

and services allows us to use steganography. I will be using Kali Linux and Steghide to hide

messages in files.

3

IntroductionWith the ever-growing need for privacy it is important to be ensure only the intended

party can read the message. The most common way to protect messages is through cryptography,

but if the attacker is aware the message with important data has been sent, they can intercept it

and decrypt the message. Hiding a message in plain site is known as steganography.

Steganography is considered the cousin to cryptography. In cryptography the goal is the encrypt

and confuse, while in steganography the goal is to hide the message.

A Brief History

Steganography roots can be traced back to ancient Rome and Greek. Steganography was

originally done by shaving slaves’ heads and allowing the hair to grow back covering the

message. Steganography eventually turned in writing in invisible ink during the American

revolution, used by both the British and the Americans. As time and technology so did the

techniques. Eventually in World War II full messages were hidden within a period. As the digital

age progressed so did the method of delivering messages through the internet. With the ever-

growing rise of social media, it allows us to send images and files almost unnoticed.

PreliminariesTechnology Used

This project utilizes steganography software and Linux. While any Linux distribution will

work, Kali Linux was used for the project. Kali is a security focused Linux distribution that

comes pre-installed with a variety of tools to detect and conduct different attacks. Users are not

limited to only the program used in this project as there are different tools available for each OS,

for example Steghide is only available for Linux and uses the command line, while Stegosuite

4

can be used for all operating systems and has a graphical user interface (GUI). Steghide was used

as the primary tool for this project due to its ability to embed messages into .wav files as well as

any image file. Steghide does not come preinstalled either and can be put on the system using the

command apt-get install steghide. The project will also use image comparison tools to identify

altered images.

Steghide can embed any file into a JPEG, BMP, WAV, and AU file. Steghide uses a

graph-theoretic approach to steganography. To do this the data being hidden is compressed then

encrypted. Using pseudo-random number generator started by the passphrase, the positions of

pixels are chosen. Pixels that already have the correct value are not changed. The graph-theoretic

matching algorithm finds the positions to match the hidden data. The same is done for audio

files, but instead of pixels it is using audio samples. Steghide uses AES encryption algorithm

Rijndael but allows the user to select a different method if they choose. (Hetzl, 2002)

Using Steganography programs

Using a steganography program is simple and effective. Using Stegosuite only allows

images and text files to be embedded. With Stegosuite the user uploads the file and message in a

GUI interface and type embed. When extracting the user uploads the file that has the message

hidden in it and presses extract. The benefit of Stegosuite is that it is simple to use with the GUI

interface

5

Figure 1: Stegosuit in Kali Linux

Using Steghide the user accesses the program using the command line. to begin using steghide

enter the following command in the terminal steghide embed -cf filename.filetype -ef filetoembed.filetype.

The steghide command opens the program allowing the other commands to be understood, while embed

tells the program you are inserting data. The -cf (--coverfile) command allows the user to select the file

that is the cover image, this is the image or audio file where the message will be hidden. The -ef (--

embedfile) command selects the file that you want to be hidden in the cover file. The user extracts the file

in a similar fashion, the command line is steghide extract -sf filename.filetype -xf filetoembed.filetype. The

extract command allows the program to know it is going to extract and -sf (--stegofile) chooses the file to

extract the data. The command -xf (--extractfile) allows the user to know what to name the file. It is

important to note to extract the file the same program needs to be used that was used to embed it.

Figure 2: Embedding an image using Steghide

Figure 3: Extracting an image from Steghide

6

Figure 4: List of commands for Steghide

ProblemSteganography plays a role in copyright. Using water mark methods allows companies to

find media that was posted without their consent. For example, an audio file can be digital

watermarked where it is not noticeable to the human ear, by adjusting the last bit of the audio

sample. This method is known as the Least Significant Bit (LSB), while it is not good for

security as it is easy for programs to decrypt, but it still does well against visual attacks. Doing

the least significant bit also works in photos, the color changes unnoticeable to the human eye.

When thinking of steganography, it can be used for more than copyright protection.

Important documentation is emailed and sent over the web all the time. Even if the information is

encrypted, if a malicious user intercepts the message, they may believe the information is worth

the time and resources to decrypt the message. A simple solution to this can be to not let the

attacker know that an important message has been sent. This simple tactic allows users to hide

7

their message in plain sight. This method can allow messages to slip pass unnoticed from

attackers and unwanted eyes. Users should still encrypt the messages prior to embedding into the

image as not all steganography programs will do it automatically before embedding, such as

JSteg.

In previous research, detection rates and mode of transportation have not been well

researched. Most research conducted on steganography involves analysis of stegofiles with the

message to test distortion on the original file. While this is useful for keeping the image

unnoticed, it is unnecessary when using an image no one else will have access to. Not enough

studies address if the file will be noticeable in transit or if intercepted.

While using steganography to protect assets can be useful, some use it for malicious

intent. An example of this is the DuQu malware. This was cause by a hacker known as Unit

8200. He created an executable embedded in a type font, that took advantage of a Microsoft Zero

Day exploit.

My Approach to Cyber DefenseThe proposed solution to avoiding interception attacks involve embedding important files

into pictures that the can not be found online. For example, Alice will encrypt her message then

embed it into an image or audio file uncommon to the internet. Bob can receive the message

through the internet knowing that the message is hidden in the file, and decrypt. Another way to

use steganography is to send a PGP key, hidden in a picture thus adding another layer of security

to PGP. The approach is as follow:

8

Figure 5: Using steganography to protect messages

The benefit of using this method, is that the file is disguised as an everyday picture. The

file remains integrity with the hidden message even when sent across various social media

platforms. Examples of social media that allows the movement of steganographic files include

Facebook Messenger, Google Photos, and WhatsApp. Twitter now post processes the images, so

the message will no longer be there.

As stated earlier for this method to work the file can not be easily found online. The

number one way someone can determine if the image has a hidden message is through a

statistical analysis. This involves comparing two files that, the original and new file and looking

for differences. Figure 6 shows the result after comparing one photo with out an embedded

message and one with it. While the images are unnoticeable to the naked eye, see Figure 7, by

comparing each pixel individually with the original photo it highlights all the changed pixels.

9

Figure 6: Online comparison tool highlights the different pixels compared to the original photo

Figure 7: Comparing both photos side by side

ConclusionIn closing relying on cryptography is enough to protect messages. An attacker will be

aware the message being sent is encrypted and if they feel as if the data can be worth the time

and resources, they will decrypt the data. Steganography on the other has not had a successful

documented attack, where the data was not destroyed or partially corrupted, the closet we have

seen is by two students who gained 90% confidence that a message was hidden but were still

unable to access the message. In a world where privacy is key and corporations are constantly

under attack, it is important to take an extra step to protect information being sent across the

internet.

10

ReferencesAnderson, R. J., & Petitcolas, F. A. (1998, May). On the Limits of Steganography. IEEE Journal on Selected

Areas in Communications, 16, 474-481.

Chugh, G., & Gaba, P. (2018, March). Review on Audio and Video Steganography Techniques. International Journal of Recent Research Aspects, 5(1), 115-119.

El-Sayed, E.-A. M., & Azzat, A.-S. A. (2012). Pixel-Value Differencing Steganography: Attacks and Improvements. ICCIT, 757-762.

Hetzl, S. (2002, May 14). Steghide - manual. Steghide - manual. Retrieved from http://steghide.sourceforge.net/documentation/manpage.php

Johnson, N. F., & Jajodia, S. (1998). Exploring Steganography: Seeing the Unseen. Computing Practices, 26-34.

Provos, N., & Honeyman, P. (2003). Hide and Seek: An Introduction to Steganography. IEEE SECURITY &PRIVACY, 32-44.

Saini, R. (2018, March). Comparative Study of Current Image Steganography Techniques. International Journal of Recent Research Aspects, 5, 308-310.

Wang, H., & Wang, S. (2004, October). Cyber Warfare: Steganography vs. Steganalysis. COMMUNICATIONS OF THE ACM, 47, 76-82.

Westfeld, A., & Pfitzmann, A. (n.d.). Attacks on Steganographic Systems Breaking the Steganographic Utilities EzStego, Jsteg, Steganos, and S-Tools—and Some Lessons Learned. 1-16.