Steganography
Steganography is the art and science of writing hidden messages.
- alt. definition: is a technique for obscuring the presence of a message, often by embedding information within a file or other entity.
- literally means “hidden writing”
- embeds information within an unexpected source
- goal: hide information so that even if it is intercepted, it is not clear that information is hidden there
- message is encrypted before embedding it
- provides confidentiality
- can provide integrity or non-repudiation
- e.g., could show that something was printed on a particular device at a particular time
- which could demonstrate that it was genuine or fake, depending on the context
- e.g., could show that something was printed on a particular device at a particular time
- most common method: hide info in pictures
- using the least significant bit (LSB) method
- the last bit or least significant bit is used to store data
- colored pixels are stored in bits
- Windows uses a 24-bit color resolution
- using the least significant bit (LSB) method
Terms
Payload is the information to be covertly communicated. In other words, it is the message you want to hide.
The carrier (or carrier file) is the signal, stream, or file in which the payload is hidden.
- aka covertext
The channel is the type of medium used.
- may be a:
- passive channel
- e.g., photos, video, or sound files
- or an active channel
- e.g., Voice over IP (VoIP) voice call or streaming video connection
- passive channel
Steganography Tools
- QuickStego
- is very easy to use, but very limited
- Invisible Secrets
- is much more robust
- both a free and a commercial version
- MP3Stego
- hides a payload in MP3 files
- Stealth Files 4
- works with sound files, video files, and image files
- StegVideo
- hides data in a video sequence
- Deep Sound
- hides data in sound files
Steganophony
Steganophony is hiding messages in sound files.
- can be done with LSB method
- adds extra sound to an echo inside an audio file
- can be used with static files or dynamic files
- e.g.,
- static: MP3 files
- dynamic: VoIP
- e.g.,
Video Steganography
- hiding information in video files
- can uses many methods
- including LSB
Advanced Steganography
Bit-Plane Complexity Segmentation Steganography
Bit-Plane Complexity Segmentation Steganography (BCPS) is a method of steganography that uses complex areas on bit planes to replace with a payload.
- common with images
- bit plane of any discrete digital file is the set of bits that correspond to a given bit position
- e.g., in 24-bit files,
- are 24 bit planes
- e.g., in 24-bit files,
- can be applied to signals too
Steganalysis
Steganalysis is the process of analyzing a file or files for hidden content.
- common method for detecting LSB steganography is to examine close-color pairs
- consist of two colors that have binary values that differ only in the Least Significant Bit (LSB)
- if this is seen too frequently in a file,
- can be indication of hidden info
- indicators of steganography
- metadata
- check created date and last-modified date
- most people do not modify music files
- check created date and last-modified date
- file size
- file with incongruous size
- metadata
Techniques for Analyzing Images
- Raw quick pair method
- based on statistics of the numbers of unique colors and close-color pairs in a 24-bit image
- performs a quick analysis to determine if there are more close-color pairs than would be expected
- Chi-square method
- calculates the average LSB and builds a table of frequencies and a second table with pairs of values
- performs a chi-square test on the two tables
- measures the theoretical versus calculated population difference
Detection Tools
- often built into modern forensics tools
- McAfee steganography
- free
- Steg Secret
- StegSpy