Steganography

Ben Lee III

Long Truong

ECE 478 - Spring 2002

Definition

Steganography: (from Greek steganos, or "covered," and graphie, or "writing") is the hiding of a secret message within an ordinary message and the extraction of it at its destination

Takes cryptography a step farther by hiding an encrypted message so that no one suspects it exists

Ideally, anyone scanning your data will fail to know it contains encrypted data

Introduction Computer Steganography: two principles

– Digitized images or sound can be altered without losing their functionality

– Human inability to distinguish minor changes in image color or sound quality

In modern digital steganography, data is first encrypted by the usual means and then inserted, using a special algorithm, into redundant data that is part of a particular file format

Changing the value of the least significant bit of the pixel color won’t result in any perceivable change of that color

History

Ancient Greece, text was written on wax covered tablets

During WWII, the Germans developed the microdot for the letter i

Invisible inks: some messages had to be "developed“ by using special chemicals

Unencrypted messages: the real message is "camouflaged" in an innocent sounding message

Algorithm - Pure

Pure steganography– No key is necessary– E: Ca x M -> Ca– D: Ca -> M– Relies on the secrecy of the method

Example– Using the first character in a letter to

hide the secret message

Example of Pure Steganography

Null cipher (unencrypted message)– News Eight Weather: Tonight increasing snow.

Unexpected precipitation smothers eastern towns. Be extremely cautious and use snowtires especially heading east. The highways are knowingly slippery. Highway evacuation is suspected. Police report emergency situations in downtown ending near Tuesday.

First letter of each word:– Newt is upset because he thinks he is President.

Algorithm – Secret Key

Secret key steganography– Uses a secret stego-key: sender and

receiver share stego-key– E: Ca x (K x M) -> Ca– D: Ca x K -> M

Example– Encrypt data using shared secret key

before hiding within the carrier

Example Secret Key Steganography

The left image (8.9K) contains no hidden data

The right one (11.2K) contains about 5K of password-protected text

Algorithm – Public Key

Public key steganography– Uses two keys: public/private key

combo•Public key encryption

– E: Ca x (U x M) -> Ca– D: Ca x R -> M

•Private key encryption– E: Ca x (R x M) -> Ca– D: Ca x U -> M

Example Programs

Various programs offered today– Freeware/Shareware include

• Hide and Seek: hides data in LSB of GIF & BMP

• Camouflage: hides data (ex: MP3’s) by encrypting and then appending the data to the end of a file

• S-Tools: LSB color reduction, then inserts additional data to hide color modification

– Commercial• PixelTag: uses pattern block encoding

• Steganos: multiple products for data hiding

Flaws with Steganography

Pictures– Color degradation

– Significant file size change

Audio– Distorted sounds

– Significant file size change

Manipulation of carrier may result in degraded or inability to extract the message

Difficulty in hiding large message inside small carriers

Attacks

Visual Attacks– LSB– Filtering image

Digital Manipulation– Color palette– Modification of carrier

Statistical Analysis– Mathematical manipulation of possible carrier

to determine if a hidden message exists

Visual Attack - LSB

Original Image

LSB of original image

Visual Attack - Filter

Applying a filter to the original image’s LSB shows that there is a hidden message

Countermeasure – Message Spreading

Spreading the message out evenly throughout the carrier conceals the hidden message

Filtering of image does not reveal hidden message

Countermeasure – Large Carrier

The use of larger carriers helps to hide the message better

8-bit palette 8-bit steganographic image

Countermeasure - Patterns

The use of unrecognizable patterns for the carrier prevents modification from being noticed

Extraction of LSB does not reveal existence of a hidden message (no hidden message in this image)

Application of Steganography

Enables secret communication Complements regular encryption

– How will someone decrypt your message if they cannot find it?

– Harder to break: need to first find the cipher text, then it needs to be decrypted

Any Questions?

References http://www.all-nettools.com/privacy/stegano.htm http://www.aces.att.com/glossary/steganog.htm http://www.cdt.luth.se/~peppar/kurs/smd074/lekt

/7/slide0.html http://www.ise.gmu.edu/~njohnson/ihws98/jjgmu.html http://www.jjtc.com/Steganography/ http://www.ise.gmu.edu/~njohnson/Steganography/

toolmatrix.htm