Wednesday, August 24, 2011

Steganography for dummies

What is steganography?

The word steganography has Greek origins, it means concealed writing, in the digital world steganography (aka steg or stego) consists in hiding data inside data, it is mostly used to hide text inside pictures or sound files butany kind of data can be hidden and any kind of file can be used as a carrier file.

Steganographic software takes advantage of the way binary works where the bits towards the right of a file are the ones with less significance, changing them results in little distortion for the file, an example of this would be changing the red colour of a few pixels on a digital photography for a different tone of red that it is not noticeable to the human eye, since a photography can have millions of pixels slightly changing a thousand of them would be very hard to notice without the the original picture to compare with.

Another use for steganography is digital watermarking, the film industry is known to embed an invisible watermark in their preview films, before release, if one of these copies is leaked and found in a file sharing site they can track down who the person responsible for that copy was. Steganographic software is commonly used in conjunction with encryption, the data is encrypted before hiding it to add an extra layer of security, if the hidden data is ever found it would still be protected by a password.

Steganography advantages over encryption

It does not attract attention: Encrypting a message gives away that there is something of value and this will attract unwanted attention.

Packet sniffing barrier: Encrypted PGP email messages start with a line identifying them as an encrypted PGP message, making it easy for a packet sniffer on an ISP to flag encrypted PGP emails by just scanning for the word PGP or GnuPG, this can not be used against steganography.

Makes Internet surveillance difficult: If someone’s Internet activities are being monitored visiting Flickr and uploading personal family photos with hidden messages will not trigger any alarm but sending encrypted messages and visiting a political discussion forum will.

Difficult to prove it exists: In some countries like the United Kingdom you can be required by the police to provide the password to your encrypted files, refusing to do so carries a prison sentence, if the data has been hidden inside a photograph the police would first have to show beyond reasonable doubt that there is definitely something hidden inside the file.

Methods to detect steganography

Steganalysis is the art of discovering hidden steganographic messages, this science is not perfect, it is possible for steganalysis not to detect steganographic files if the data has been very well concealed and the original file, before data has been hidden within it, is not available for analysis.

Image steganalysis

Image steganalysis

Steganographic software embeds information in front of the hidden message, this information contains details about the length of the message, compression method, and anything else the developer chooses, after all the data has to be readable at some point, if the software used to hide the information (aka payload) inserts some unique characteristic in the header then it can be proved the file has been tampered with.

A good method to find hidden messages inside pictures is by using an hexadecimal editor and read the image header first bytes, for example a GIF image seen by an hexadecimal editor will always read “47 49 46 38″, it means “GIF” in ASCII code, if a GIF image has been used to hide a message within it when viewed with an hex editor the first identifying bytes will be different from the standard ones.

There are automated tools to detect steganography, one such tool is Stegdetect, capable of detecting messages in jpeg images, after a hidden message has been found a brute force attack can be launched, with dictionary words attempting to guess the password and expose the data.

Highly compressed data like .rar, .mp3 or .jpeg files make it more difficult to hide data inside because they have less “spare” bits available, if you want to make it tough for someone to find your hidden data use an uncompressed carrier file, like .bmp for images and .wav for sound.

How to hide text in pictures and other files

There are various steganography programs available to hide text or files inside photographs, sound files and executable files, you can even hide data inside documents and HTML code, any kind of electronic file can be used to hide data within it.

StegHide: Open source project, it can hide data inside images (.jpeg, .bmp) and audio files (.wav, .au)

MSU StegoVideo: It hides any kind of file inside a video and protects it with a password.

Steganos Privacy Suite (Not free): It hides data inside pictures and sound files and encrypts is with AES256.

Mp3Stego: It encrypts and hides data inside .mp3 files, free program with source code available to look at.


Tq http://www.hacker10.com

No comments:

kunkun-laptop .... ;)