Modern Cryptography: Applied Mathematics for Encryption and Informanion Security (2016)

PART IV. Applications

Chapter 16. Steganography

In this chapter we will cover the following:

image   Steganography basics

image   The history of steganography

image   Modern methods and algorithms

image   Tools for steganography

image   Steganalysis

image   Distributed steganography

Strictly speaking, steganography is not cryptography, but the topics are often covered in the same course or textbook, as they are here, because both technologies seek to prevent unwanted parties from viewing certain information. Cryptography attempts to accomplish this by applying mathematics to make the message undecipherable without a key. Steganography attempts to secure data by hiding it in other innocuous media. In this chapter, we will examine how steganography works, the history of steganography, methods and tools used in steganography, and how to detect the use of steganography.

Steganography Basics

Steganography is the art and science of writing a hidden message in such a way that no one, apart from the sender and intended recipient, suspects that the message exists; it’s a form of security through obscurity. Often the message is hidden in some other file, such as a digital picture or audio file, to defy detection.

The advantage of steganography over cryptography alone is that messages do not attract attention to themselves. If no one is aware that the message exists, then no one will try to decipher it. In many cases, messages are encrypted and also hidden via steganography.

The most common implementation of steganography uses the least significant bits (LSBs) in a file to store data. By altering the LSB, you can hide additional data without altering the original file in any noticeable way.

There are a few basic steganography terms you should know:

image   Payload    The data to be covertly communicated—in other words, the message you want to hide

image   Carrier    The signal, stream, or data file into which the payload is hidden

image   Channel    The type of medium used, such as still photos, video, or sound files

The most common way steganography is accomplished today is by manipulating the LSBs in a graphics file. Every graphics file includes a certain number of bits per unit of the file. For example, an image file in Windows has 24 bits per pixel—8 bits for red, 8 bits for green, and 8 bits for blue. If you change the least significant of those bits, then the change is not noticeable with the naked eye. And you can hide information in the LSBs of an image file.

Let’s walk through the basic concept of altering the LSB. Consider the cover of this book, shown in Figure 16-1.

Images

FIGURE 16-1    This book’s cover

Let’s select a single pixel—in this case, it’s located in the lower-right part of the image, circled in white in Figure 16-2. You can see the RGB (Red, Green, and Blue) settings in the figure: Red 91, Green 16, and Blue 10.

Images

FIGURE 16-2    Selecting a single pixel

Let’s change the color red by just 1 bit—the LSB. Decimal value 91, when converted to binary, is 1011011. So let’s change that last bit, resulting in 1011010, which would be 90 in decimal. Figure 16-3 shows the difference that occurs by changing 1 bit of that pixel. As you can see, it is impossible to tell a difference.

Images

FIGURE 16-3    One bit changed in a picture

Given that the average picture is made of tens of thousands of pixels, you could change the LSB of thousands of these pixels, and in those LSBs, you could store some covert message. That message would be undetectable to the human eye. This is the basic concept behind modern steganography.

Steganography History

In modern times, steganography involves the digital manipulation of files to hide messages. However, the concept of hiding messages is nothing new, and many methods have been used to do this throughout history.

For example, in ancient China, message senders wrapped notes in wax and the messenger swallowed them for transport. If the messenger was intercepted in transit, no matter how thoroughly he was searched, the message could not be found. In ancient Greece, a messenger’s head might be shaved, a message written on his head, then his hair was allowed to grow back. Obviously, this method had some significant drawbacks—in particular, it took a long time to prepare a message for transport. This method was reported by the Greek historian Herodotus, who claimed that this method was used to warn Greece of the impending Persian invasion.

Another method used by ancient Greeks was to scrape the wax off of a wooden folding table, and then write on the wood. New wax was then applied to cover up the message. The recipient needed to remove the wax to see the message. This was reportedly used by a Greek named Demaratus, who warned the Spartans of the impending invasion by Xerxes.

In the fourth century B.C.E., the Greek Aeneas Tacitus wrote about the art of war and is considered one of the first to provide a guide for secure military communications. Among his writings on secure military communications is this:

Those who employ traitors must know how they should send in messages. Dispatch them, then, like this. Let a man be sent openly bearing some message about other matters. Let the letter be inserted without the knowledge of the bearer in the sole of his sandals and be sewed in, and, to guard against mud and water, have it written on beaten tin so that the writing will not be effaced by the water. And when he reaches the one intended and goes to rest for the night, this person should pull out the stitches of the sandals, take out and read the letter, and, writing another secretly, let him send the man back, having dispatched some reply and having given him something to carry openly. For in this way no one else, not even the messenger, will know the message.1

Among Aeneas’s innovations was the astragal, a hollow sphere with holes representing letters. String was threaded through the holes, and the order of the strings that passed through various holes spelled out words.

In 1499, Johannes Trithemius (1462–1516) wrote a three-volume book entitled Steganographia, which included the first known use of the term “steganography.” The book is about the occult, but hidden within the text is a message concerning cryptography and steganography.

Note

Trithemius was a Benedictine abbot, but also a cryptographer who was involved in the occult, particularly regarding contacting spirits to communicate over long distances. He wrote extensive histories, but it was later discovered that he had inserted several fictional portions into his historical works.

Another interesting form used to hide messages was the Cardan grille, invented by Girolamo Cardano (1501–1576). Essentially, after a message is written on paper, a grille containing strategically placed holes is laid over the paper, revealing certain letters that combine to form the hidden message. You can see an example of this technique in Figure 16-4.

Images

FIGURE 16-4    An example of a Cardan grille

Note

Cardano was known for significant contributions to mathematics, especially for his contributions to algebra. He also wrote about physics, philosophy, medicine, and other topics and was well-known as both a gambler and chess player.

During WWII, the French Resistance sent messages written on the backs of couriers using invisible ink. If the courier was intercepted, even a strip search would not reveal the message. When the courier reached his or her destination, the message was retrieved.

Microdots, text or images reduced to the size of a typewriter period and embedded in innocuous documents, were said to be used by spies during the Cold War. A very close examination of a document using a magnifying class might reveal the microdot, but the detection process was so tedious that detection was highly unlikely. Also during the Cold War, the U.S. Central Intelligence Agency used various devices to hide messages. For example, they developed a working tobacco pipe that included a small space in which to hide microfilm.

Steganography Methods and Tools

As stated earlier, using the LSB is the most common method for performing steganography. However, it is not the only method. As you know, a number of steganography methods predate computers. Even in this digital age, there are alternative ways to hide data and different carrier files. Most books and tutorials focus on hiding data in an image, but you can also hide data in a sound file (Waveform Audio File Format, or .wav), a video file, or in any sort of digital file.

Whatever the technique used for steganography, issues of capacity (the amount of information that can be hidden) and security (how well the data is hidden) exist. Obviously, there is a relationship between the size of the carrier file and the size of data that can be hidden in that file. And security is measured by the ease with which the hidden message can be detected using steganalysis techniques, which we will examine later in this chapter.

A number of tools are available for implementing steganography. Many are free or at least offer a free trial version. The sections that follow examine a few such tools. As you will see, some tools do a better job of providing security than others. First, let’s look at some of the classes of steganography.

Steganographic Methods

Although the LSB is the most common method used in steganography, it is one of three general classes of steganographic methods: injection-based methods, substitution-based methods, and generation-based methods.

image   Injection-based methods    These methods hide data in sections of a file that are not processed by the processing applications—such as in comment blocks of an HTML file. Using this method changes the file size.2

image   Substitution-based methods    These methods literally substitute some bits of the data to be hidden for some bits of the carrier file. This replaces bits in the carrier file and does not increase file size. The LSB method is the most obvious example of a substitution method.

image   Generation-based methods    Using these methods, the file that is to be hidden is altered to create a new file. There is no carrier file. Obviously, there are limits to what one can do with generation-based techniques.

In addition to classifying steganography by the techniques used to hide data, we can categorize steganographic techniques based on the medium used. As stated earlier, hiding files within images is the most common technique, but literally any medium can be used.

Discrete Cosine Transform

The discrete cosine transform (DCT) is referenced throughout the literature on steganography. It has been applied to image steganography, audio steganography, and video steganography, so it is important that you be familiar with this technique.

A DCT expresses a finite sequence of data points in terms of the sum of cosine functions oscillating at different frequencies. It expresses a function or a signal in terms of a sum of sinusoids with different frequencies and amplitudes.

Note

A sinusoid is a curve similar to the sine function but possibly shifted in phase, period, amplitude, or any combination thereof.3

DCTs work on a function only at a finite number of discrete data points. They use only cosine functions. Variations of the DCT are simply termed DCT-I, DCT-II, DCT-III, DCT-IV, DCT-V, DCT-VI, DCT-VII, and DCT-VIII (that is, DCT 1 through 8).

Note

DCTs are a type of Fourier-related transform that are similar to the discrete Fourier transform (DFT). DFTs can use cosine or sine functions to convert a list of samples of a function that are equally spaced into a list of coefficients ordered by their frequencies. This is a somewhat simplified definition; a full explanation is beyond the scope of this text, but you can consult one of these resources for more information: www.dspguide.com/ch8.htmwww.robots.ox.ac.uk/~sjrob/Teaching/SP/l7.pdf, or http://mathworld.wolfram.com/DiscreteFourierTransform.html.

It is not imperative that you master DCTs to understand steganography. However, having a general understanding of the concept will be helpful, because DCTs are frequently used to implement steganography. If you aspire to develop your own steganographic tools or techniques, you’ll need a deep understanding of DCTs.

Steganophony

In steganophony, messages are hidden in sound files. This can be done with the LSB method or using other methods, such as echo hiding, which adds extra sound to an echo inside an audio file, which conceals information.

Audio steganography can use the LSB method to encode hidden data. Usually, audio files such as MP3 or .wav files are large enough to hide data. MP3 files, which are often used with mobile music devices, are typically 4MB to 10MB and provide a large number of bytes wherein the LSB can be manipulated. For example, if you begin with a 6MB file and uses only 10 percent of the bytes in that file for storing data in the LSBs, that allows for approximately 600KB, or 75,000 bytes, of hidden data storage. To get some perspective on how much data this encompasses, a typical 20-plus–page Word document occupies far less space than 75,000 bytes!

Another method used with steganophony is parity coding, which divides the signal into separate samples and embeds the secret message into the parity bits. Phase coding can also be used to encode data, which is a bit more complex but very effective.

In their paper, “Information Hiding Using Audio Steganography–A Survey,” Jayaram, Ranganatha, and Anupam describe this method as follows:

The phase coding technique works by replacing the phase of an initial audio segment with a reference phase that represents the secret information. The remaining segments phase is adjusted in order to preserve the relative phase between segments. In terms of signal to noise ratio, Phase coding is one of the most effective coding methods. When there is a drastic change in the phase relation between each frequency component, noticeable phase dispersion will occur. However, as long as the modification of the phase is sufficiently small, an inaudible coding can be achieved. This method relies on the fact that the phase components of sound are not as perceptible to the human ear as noise is.

Phase coding is explained in the following procedure:

A.  Divide an original sound signal into smaller segments such that lengths are of the same size as the size of the message to be encoded.

B.  Matrix of the phases is created by applying Discrete Fourier Transform (DFT).

C.  Calculate the Phase differences between adjacent segments.

D.  Phase shifts between adjacent segments are easily detectable. It means, we can change the absolute phases of the segments but the relative phase differences between adjacent segments must be preserved. So the secret information is inserted only in the phase vector of the first signal segment.

E.  Using the new phase of the first segment a new phase matrix is created and the original phase differences.

F.  The sound signal is reconstructed by applying the inverse Discrete Fourier Transform using the new phase matrix and original magnitude matrix and then concatenating the sound segments back together.

The receiver must know the segment length to extract the secret information from the sound file. Then the receiver can use the DFT to get the phases and extract the secret information.4

Video Steganography

Information can also be hidden in video files using various methods, including LSB.5 DCT is often used for video steganography; this method alters values of certain parts of the individual frames, usually by rounding up the values.

Steganographic Tools

A number of steganographic tools are available on the Internet, either for free or at very low cost. Following are some of those.

QuickCrypto

Formerly called QuickStego, this software has been available as a free download for many years (http://quickcrypto.com/download.html). Along with the name change to QuickCrypto, new features were added. The main screen is shown in Figure 16-5, with the steganography options highlighted.

Images

FIGURE 16-5    QuickCrypto main screen

After you click Hide at the top or click Stego at the bottom of the screen (both are highlighted in Figure 16-5), the original QuickStego screen is displayed, as shown in Figure 16-6.

Images

FIGURE 16-6    QuickStego original screen

In this screen, you can either type in text you want to hide or open a text file to import the text to hide. For this demonstration, I’m assuming you’ve typed a message and then clicked Open File in the Picture Or Sound File Carrier section to select a carrier file from the window shown inFigure 16-7.

Images

FIGURE 16-7    Selecting a carrier file with QuickStego

Next, you click the Hide Data button. In the folder with the carrier file is a new file, carrierfilename 2. If you open the original and the new file side-by-side, you won’t be able to see any difference. The QuickStego tool works only with hiding text files and will not hide other images. Because of that limitation, the ratio of hidden data to carrier file is very large, making detection more difficult.

Invisible Secrets

You can download a trial version of the popular Invisible Secrets steganography tool at www.invisiblesecrets.com/download.html. This tool includes a number of capabilities, including encryption as well as steganography. The main screen is shown in Figure 16-8, with the steganography option highlighted.

Images

FIGURE 16-8    Invisible Secrets main screen

Let’s walk through the basic process of steganographically hiding data in an image using Invisible Secrets.

Click Hide Files in the area highlighted in Figure 16-8. That will take you to the screen shown in Figure 16-9, where you select the file or files you want to hide. Keep in mind that the smaller the ratio of hidden files to carrier file, the easier it will be to detect. So, for example, if you choose to hide five JPEGs in one JPEG carrier file, it will most likely be detectable. This demonstration selects only one text file.

Images

FIGURE 16-9    Selecting files to hide with Invisible Secrets

After clicking the Next button, you will be prompted to select a carrier file. One of the features that makes Invisible Secrets a preferable tool is that it gives you multiple options for a carrier file, including HTML or .wav (audio) files. You can see this in Figure 16-10, though for this demonstration, I’ve selected a JPEG image file.

Images

FIGURE 16-10    Selecting a carrier file with Invisible Secrets

After selecting the carrier file, you can enter a password that will be required to extract the hidden files. You can also choose to encrypt your hidden files with a number of symmetric algorithms, including AES and Blowfish; this is shown in Figure 16-11.

Images

FIGURE 16-11    Password and encryption with Invisible Secrets

Finally, you must select the name of the resulting file (the carrier with hidden files). You cannot select a file type here, because the final file will be the same type of file as the carrier file you selected previously. You can see this in Figure 16-12.

Images

FIGURE 16-12    Naming the resulting file with Invisible Secrets

The Internet is replete with free or low-cost steganography tools. However, Invisible Secrets is relatively sophisticated, supports multiple carrier types, and integrates encryption, making it one of the better low-cost tools.

MP3stego

You can use MP3stego to hide data in MP3 files. Download it for free from www.petitcolas.net/steganography/mp3stego/. From the MP3stego readme file are the following instructions on how to encode or decode data into a .wav or .mp3 file:

image   encode -E data.txt -P pass sound.wav sound.mp3    Compresses sound.wav (the carrier file) and hides data.txt. This produces the output called sound.mp3. The text in data.txt is encrypted using the password “pass”.

image   decode -X -P pass sound.mp3    Uncompresses sound.mp3 into sound.mp3.pcm and attempts to extract hidden information. The hidden message is decrypted, uncompressed, and saved into sound.mp3.

This is a very simple program to use. It is used entirely from the command line and works only with sound files as the carrier file. Given the ubiquitous nature of sound files, this tool is a good choice for hiding data in a secure manner.

OpenStego

OpenStego is a simple, easy-to-use tool that you can download for free from http://openstego.sourceforge.net/. On the main screen shown in Figure 16-13, you select the file to hide, the carrier file, the resulting file, and a password. Then click the Hide Data button.

Images

FIGURE 16-13    OpenStego

Other Tools

A simple Internet search will reveal a host of free or low-cost steganography tools. Some are general purpose tools, much like Invisible Secrets, while others have narrowly defined functionality. With so many easy-to-use tools available, you need not have an understanding of steganographic methods or of programming to use steganography.

A few other widely used tools include the following:

image   SNOW    (www.darkside.com.au/snow/) Hides data in the white space of a document.

image   Camouflage    (http://camouflage.unfiction.com/Download.html) Adds the option to hide a file to the context menu (the menu available by right-clicking) in Windows (though it does not work in Windows 8). Although Camouflage is no longer supported, you can still find the product on the Web and use it to increase your understanding of steganography.

image   BMP Secrets    (www.download32.com/bmp-secrets-software.html) Works primarily with BMP files.

image   Hide4PGP    (www.heinz-repp.onlinehome.de/Hide4PGP.htm) Hides data in BMP, WAV, or VOC files.

Current Uses of Steganography

Steganography is a powerful tool for hiding data. For this reason it is widely used today, both for innocuous as well as nefarious purposes. As early as 2001, there was speculation that terrorists were using steganography to communicate.6 A 2015 paper from the SANS Institute has this to say about terrorists using steganography: “Using image files to transfer information is the method that first comes to mind.”7 Many newspapers have reported that some U.S. officials and foreign officials experts have claimed that terrorist groups are hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards, and other web sites. Confessions from actual terrorists have verified that Al-Qaeda used steganography to hide operations details, as well as training materials, in pornographic material.8

Steganography is not used only by international terrorists. Some criminals find it necessary to hide their communications—in particular, more technically savvy child pornographers have been known to use steganography to hide their illicit images in innocuous carrier files.9 This poses a significant issue for forensics analysts.

Steganography has also been used in industrial espionage cases. In one case, for example, an engineering firm suspected one of its employees of stealing intellectual property. Investigators found that this employee had sent out e-mails with pictures attached, all seemingly innocuous, but actually containing data hidden in them via steganography.10

These are just a few nefarious purposes that have used steganography. The wide proliferation of steganography tools, discussed earlier in this chapter, means that this technology is available to anyone who can use a computer, regardless of whether or not they understand the principles of steganography. Many forensics tools are now including functionality that attempts to detect steganography, and we should expect to see the use of steganography increase in the coming years.

Of course, not all uses of steganography involve illicit intent. One good example is watermarking, which embeds some identifying mark or text into a carrier file to identify copyright protected materials. For example, an artist who generates digital versions of his or her art may embed a watermark within the image to identify it should someone use that image without the artist’s permission.

Steganalysis

If you can hide data in images or other carrier files, is there some way to detect it? Fortunately there is. Steganalysis is the attempt to detect steganographically hidden messages or files within carrier files. Note, however, that any attempt to detect steganography is simply a best effort, because there is no guarantee of success. One of the most common methods is to analyze close-color pairs. By analyzing changes in an image’s close-color pairs, an analyst can determine whether it is likely that LSB steganography was used. Close-color pairs consist of two colors whose binary values differ only in their LSB. Of course, you would expect a certain number of pixels to vary only in the LSB, but if the number of pixels that meet this criteria is greater than the analyst expects, steganography may have been used to hide data.

A related method is the Raw Quick Pair (RQP) method, which is essentially an implementation of the close-color pair concept.11 The RQP method is based on statistics of the numbers of unique colors and close-color pairs in a 24-bit image. RQP analyzes the pairs of colors created by LSB embedding.

Another option uses the chi-squared method from statistics. Chi-square analysis calculates the average LSB and builds a table of frequencies and a pair of values. Then it performs a chi-square test on these two tables. Essentially, it measures the theoretical versus calculated population difference.

Note

The details of chi-square analysis are beyond the scope of this text. However, any introductory university text on statistics should provide a good description of this and other statistical techniques.

In their paper “Practical Steganalysis of Digital Images – State of the Art,” Fridrich and Goljan provide an overview of various steganalysis methods:

Pfitzman and Westfeld introduced a powerful statistical attack that can be applied to any steganographic technique in which a fixed set of Pairs of Values (PoVs) are flipped into each other to embed message bits. For example, the PoVs can be formed by pixel values, quantized DCT coefficients, or palette indices that differ in the LSB. Before embedding, in the cover image the two values from each pair are distributed unevenly. After message embedding, the occurrences of the values in each pair will have a tendency to become equal (this depends on the message length). Since swapping one value into another does not change the sum of occurrences of both colors in the image, one can use this fact to design a statistical Chi-square test. We can test for the statistical significance of the fact that the occurrences of both values in each pair are the same. If, in addition to that, the stego-technique embeds message bits sequentially into subsequent pixels/indices/coefficients starting in the upper left corner, one will observe an abrupt change in our statistical evidence as we encounter the end of the message.12

More advanced statistical methods can also be used—for example, Markov chain analysis has been applied to steganalysis. A Markov chain is a collection of random variables {X_t} that transitions from one state to another, and the current state does not depend on the sequence of events that preceded it. This is sometimes referred to as a “memoryless state.” It is named after famed Russian mathematician and statistician Andrey Markov (1856–1922). According to the article “Steganalysis for Markov Cover Data with Applications to Images” (Sullivan, et al.),

In this paper, we take the logical next step toward computing a more accurate performance benchmark, modeling the cover data as a Markov chain (MC). The Markov model has the advantage of analytical tractability, in that performance benchmarks governing detection performance can be characterized and computed explicitly.13

Another steganalysis method compares similar files. If, for example, several MP3 files all came from the same CD, the analyst can look for inconsistencies in compression, statistical anomalies, and similar issues to see if one of the files is different from the others. That difference might indicate the presence of steganography.

Distributed Steganography

Various techniques have been used for distributing payload across multiple carrier files. My first patent, U.S. Patent No. 8,527,779 B1 “Method and apparatus of performing distributed steganography of a data message,” was such a technique, so I will describe it in this section.

Note

This invention was designed specifically for covert communications for undercover law enforcement officers and intelligence agencies. Unfortunately, it can also be applied to nefarious communications, although the intent was a virtually undetectable communication channel for use with sensitive law enforcement and similar activities.

The purpose of steganography, regardless of the implementation, is to hide some underlying message so that an observer is not aware that the message is present. This is very useful in covert communications, particularly within the intelligence community. Most permutations of steganography deal with how to embed the message (text, image, video, or audio) into the carrier file. Some permutations, such as SNOW, even use blanks at the end of text files in which to hide messages. However, my invention is concerned with how to fragment the message and hide it in various carrier and cover files, making the detection of the entire message extremely difficult, approaching impossibility.

With distributed steganography, as described in U.S. Patent 8,527,779, the message is distributed across multiple carrier signals or sources in order to hide the message completely. For example, a single text message would be broken into blocks, with each block hidden in a different image. Note that the block size can vary, and the blocks are not necessarily stored in order; this means that permutation is applied to the blocks, and the first carrier file will not necessarily hold the first segment of the hidden message or file. Of course, the parties communicating would have to be able to reorder the blocks in their appropriate order.

Consider an example using 8-bit blocks for the message “Steganography is cool.” Each character represents 8 bits, so every eight characters would be a separate block. Keep in mind that blanks are also represented by 8 bits, so this message would comprise five separate blocks stored in five separate images, as shown in Figure 16-14.

Images

FIGURE 16-14    Distributing payload across multiple carrier files

The next obvious issue is how to retrieve the blocks. This would involve knowing how many blocks total were to be retrieved, knowing the order of each block (for example, is this block 2 of 4, 3 of 7, and so on), and knowing the carrier or cover file to retrieve the blocks from. This invention deals with all three issues.

Total Blocks and Block Order

In this method, each block stored in an image would have an additional 2 bytes (16 bits) appended to the image. The first byte would contain information as to which block this was (such as block 3 of 9), and the second byte would store the total number of blocks the message contained (such as 9 blocks).

Because 8 bits can store decimal numbers between 0 and 255, this would necessitate breaking a message down into no more than 255 blocks. The size of the block would be determined by the size of the original message divided by 255.

It would also be possible to use additional bytes to store the block-numbering data. For example, you could use 2 bytes (16 bits) to store the value of the current block and an additional 2 bytes (16 bits) to store the total number of blocks. This would allow a message to be divided into 65,535 total blocks. Using up to 4 bytes (64 bits) for the value of the current block and 4 bytes (64 bits) for the total number of blocks would enable a message to be divided into 4,294,967,295 blocks. This would be appropriate for video or audio messages hidden in audio or video signals. These additional bytes indicating block number and total blocks are called block pointers.

The use of block numbering is similar to how TCP packets are sent over a network. Each packet has a number such as “packet 2 of 10.” This same methodology is applied to hiding blocks of data in diverse images.

This requires distributed steganography to have a key, much like the keys used in encryption. However, this key would contain the following information:

image   Block size

image   Size of block pointer (the bytes used to indicate block numbering)

The preferred way to find the location of the images containing secret messages would be to add that information to the key. This information could be an IP address or URL to find the image (if images are stored at different locations) or the image name (if all images are on a single storage device). You can see this in Figure 16-15.

Images

FIGURE 16-15    Distributed steganography key

Images can be stored on web pages, file servers, or FTP servers, which means that the actual message could be fragmented and stored across the Internet at various locations. In some cases, the message could be stored on third-party servers without their knowledge. It is also possible, and even recommended, that different carrier file types be used so that parts of the hidden message could be stored in images such as JPEGs, while other parts could be stored in audio or video files.

It would also be possible to implement distributed steganography in such a manner that the locations where data would be hidden could be predetermined. For example, messages could always be hidden in specific images at predetermined locations; thus the person who needs to receive those messages would simply check those images at regular intervals. This would, obviously, be less secure.

The message could be encoded with any standard steganography technique, such as using the LSBs or discrete cosine transform to store the hidden message. It is also advisable to encrypt the message using an encryption algorithm before hiding it using distributed steganography. It would also be advisable to at least encrypt the steganography key.

Note

Combining encryption and steganography makes for a very powerful way to protect data. Some of the tools we examined in this chapter, such as Invisible Secrets, provide the option to encrypt the data as well as hide it in a carrier file.

Conclusions

In this chapter we have examined steganography, a fascinating area of data security. The most common way to perform steganography is via the LSB method. However, this chapter provided a brief overview of additional methods. You should be familiar with the concepts of steganography as well as at least one of the steganography tools mentioned in this chapter.

You were also introduced to steganalysis and were provided with a brief description of common methods for detecting steganography. The chapter concluded with a good description of a specific patented method for distributed steganography.

Test Your Knowledge

1.  What is the most common method for doing steganography?

2.  Where was the first known use of the word “steganography”?

3.  What method uses a grill or mask to cover a paper to reveal only the hidden message?

4.  ___________ hide data in sections of file that are not processed by the processing applications.

5.  ___________ replace some bits of the carrier file with some bits of the data to be hidden.

6.  ___________ takes a finite sequence of data points and expresses them in terms of the sum of cosine functions oscillating at different frequencies.

7.  Parity coding is often used with what type of steganography?

8.  One of the most common methods of steganalysis is ___________.

9.  ___________ is a statistical test that can be used to detect steganography.

10.  The file in which data is hidden is called what?

Answers

1.  LSB (least significant bit)

2.  A book by Johannes Trithemius entitled Steganographia

3.  Cardan grille

4.  Injection-based techniques

5.  Substitution-based techniques

6.  Discrete cosine transform (DCT)

7.  Steganophony

8.  the close-color pair

9.  The chi-squared test

10.  The carrier file

Endnotes

1.  The Siege Defense by Aeneas Tacitus, http://penelope.uchicago.edu/Thayer/E/Roman/Texts/Aeneas_Tacticus/Fragments*.html.

2.  Mark Owens, “A Discussion of Covert Channels and Steganography,” SANS Institute, 2002, www.gray-world.net/cn/papers/adiscussionofcc.pdf.

3.  Wolfram MathWorld, definition of sinusoid, http://mathworld.wolfram.com/Sinusoid.html.

4.  P. Jayaram, H. R. Ranganatha, and H. S. Anupama, “Information Hiding Using Audio Steganography–A Survey,” The International Journal of Multimedia & Its Applications (IJMA), vol. 3, no. 3 (August 2011).

5.  A. Swathi and SAK Jilani, “Video Steganography by LSB Substitution Using Different Polynomial Equations,” International Journal of Computational Engineering Research (ijceronline.com), vol. 2, no. 5 (2012).

6.  Bruce Schneier, “Terrorists and Steganography,” ZD Net, 2001, www.zdnet.com/article/terrorists-and-steganography/.

7.  Tom Kellen, “Hiding in Plain View: Could Steganography Be a Terrorist Tool?” SANS Institute InfoSec Reading Room, http://www.sans.org/reading-room/whitepapers/stenganography/hiding-plain-view-steganography-terrorist-tool-551.

8.  “Al Qaeda Uses Steganography – documents hidden in porn videos found on memory stick,” InfoSecurity Magazine, 2002, www.infosecurity-magazine.com/news/al-qaeda-uses-steganography-documents-hidden-in/.

9.  B. Astrowsky, “Steganography: Hidden Images, A New Challenge in the Fight Against Child Porn,” www.antichildporn.org/steganog.html.

10.  Deborah Radcliff, “Steganography: Hidden Data,” Computer World, 2002, www.computerworld.com/article/2576708/security0/steganography--hidden-data.html.

11.  C. Easttom, System Forensics, Investigation and Response (Jones & Bartlett Learning, 2013).

12.  J. Fridrich and M. Goljan, “Practical Steganalysis of Digital Images – State of the Art,” 2002, www.ws.binghamton.edu/fridrich/Research/steganalysis01.pdf.

13.  K. Sullivan, U. Madhow, S. Chandrasekaran, and B. S. Manjunath, “Steganalysis for Markov Cover Data with Applications to Images,” IEEE Transactions on Information Forensics and Security, vol. 1, no. 2 (2012), www.ece.ucsb.edu/~manj/ManjBio2008/06_sullivan_TIFS06.pdf.