“The hiding of a secret message within an ordinary message and the extraction of it at its destination. Steganography takes cryptography a step farther by hiding an encrypted message so that no one suspects it exists.”

Steganography(STEHG-uh-NAH-gruhf-ee,) Steganography:

Hiding in Plain Sight

Steganography is useful because it not only conceals a message, but tries to conceals the fact that a message has even been sent. Messages and information can be concealed within text, image, video, and audio files.

Why Do People Use Steganography?

Non-Malicious Uses: • Watermarking images for copyright protection • To tag notes to online images (like post-it notes)• To maintain the confidentiality of valuable information, and/or protect it from possible sabotage, theft, or unauthorized viewing.• Persecuted citizens and dissidents under authoritarian regimes to evade government censorship• Investigators to “bait and trap” criminals/spies• The Military researches steganographic & steganylitic techniques in order to partake in and discover covert communication.

EvolutionOriginated as simply concealing images or sound files, but then quickly evolved to include larger files such as video. Now limitations on length are virtually negligible, thanks to the development of Network Steganography aka Steganography 2.0.

Types of Steganography• digital media steganography (1970s)• linguistic steganography• file system steganography• network steganography

Criminal Uses of Steganography:• Hackers (see: recent examples)• Child pornographers

• Example: The leader of a child pornography distribution ring can put legitimate items up for sale on eBay. The products are still bought and shipped, but at some pre-arranged time during the week, photos of the items for sale are posted that contain hidden pictures.

• Terrorists (see: contemporary examples)

• It is suspected that steganography played a role in the September 11 attack in 2001. A New York Times article described fake ebay listings in which routinely altered pictures of a sewing machine contained “malevolent cargo”. However, the link to 9/11 was never proved.• 1980s - In order to trace press leaks of cabinet documents, Margaret Thatcher had government word processors altered to encode a specific user identity in the spaces between words. Thus, when leaked material was recovered, the identity of the leaker could be established by analyzing the pattern of those spaces.

Contemporary Examples

• The variety of carriers is rising rapidly and becoming increasingly covert.• Computer Games - private chatrooms are not monitored• Printed Array of Microbes - color coded fluorescent bacteria• Medical - Embedding patient-related information in medical imagery. • Printer Manufacturers - hid tracking information within printouts in “yellow tracking dots”• Malware- Hijacking of private information. Ex. Shady RAT, Duqu Worm

Recent Advances in Steganography

Images are composed of pixels, which are represented by bits (0’s and 1’s). 8 bits constitute a byte, and each byte represents a combination of colors designated “RGB”: red, green, and blue. In order to hide a message within an image, one must manipulate the binary (series of 0’s and 1’s) of an image in such a way that does not distort the appearance. This can be done by editing what is called the least significant bit (LSB) because it contains the least amount of information. If the enough LSBs are replaced, extra information can be covertly included within the carrier image.

How Steganography WorksAncient Greece 440 BC• The Trojan Horse• Greek Historian Herodotus hid war messages inside of hare corpses.• Began with physical carriers (skin, game, clothing, pottery, etc.) and developed into technological carriers (electromagnetic waves, digital media, etc.)

History

Step 1: Each English letter is assigned a 5 character sequence of A’s and B’s (ex. A → AAAAA)

Step 2: Come up with a fake phrase with an equal amount of characters as there are A’s and B’s in the original encoded message.

Step 3: Line up the series of A’s and B’s with your fake message.

Step 4: All characters that correspond with (are below) A’s are capitalized (bold, italicized, etc). Another typeface is chosen for all characters that correspond with B’s. Example: “Boklan” → “aaaab abbab abaab ababa aaaaa abbaa” → “MAGIc BeaNs StEAl MaJoR IDEAS AheAD”

Highlight: Bacon Cipher (1605)

http://cacm.acm.org/magazines/2014/3/172511-trends-in-steganography/fulltexthttp://searchsecurity.techtarget.com/definition/steganography

http://stegano.net/http://www.cryptool-online.org/index.php?option=com_content&view=article&id=98&Ite

mid=119&lang=enhttp://www.giac.org/paper/gsec/707/steganalysis-overview/101589

http://secs.oakland.edu/~gpcorser/stego.pdf-http://www.sans.org/reading-room/whitepapers/stenganography/steganalysis-detect-

ing-hidden-information-computer-forensic-analysis-1014http://www.jjtc.com/ihws98/jjgmu.html

http://www.underurhat.com/cryptography/tutorial-what-is-steganography-how-does-it-work/

http://www.giac.org/paper/gsec/1943/steganography-evil-hear-evil-speak-evil/103398http://www.symantec.com/connect/articles/steganography-revealed

http://www.nij.gov/topics/forensics/evidence/digital/analysis/pages/steganography.aspxhttp://spectrum.ieee.org/telecom/internet/vice-over-ip-the-voip-steganography-threathttp://theartofmemory.blogspot.com/2008/01/angelic-language-has-nothing-in-com-

mon.html

Sources

By Dina Pugliesi, Emily Urgiles, Alina Peña, Odette Colangeli & Dillon Scibelli

Steganalysis is the detection of the use of steganography.

Steganalysis

• General types of detection (passive attacks)• Stego-only: only stego-object obtained• Known message: stego-signatures• Known-cover: original and stego-object• Chosen stego: stego-software and stego-object• Chosen message: recreate stego-object to discover software signature• Known stego: stego-software, stego-object, and original obtained

• Visual Detection (for use with images)• Repetitive patterns signifying a steganography software signature• Distortions • Black space bordering an image (padding)

• File compression (type of known-cover attack):• Compressing an original bitmap file and the suspected stego-file to see if the original compresses more, exposing the use of steganography

• Entropy: (measure of randomness of data)• The more data hidden in a file, the higher the entropy of [the more random] the file may be.

• Detection Software• A few softwares exist that perform passive attacks to detect steganography