Steganography... or Hiding In Plain Slight
Steganography is defined as -
Hiding a secret message within a larger one in such a way that others can not discern the presence or contents of the hidden message. For example, a message might be hidden within an image by changing the least significant bits to be the message bits. (( Definition Source - Dictionary.com ))
Gary Kessler defines Steganography as - the science of hiding information. Whereas the goal of cryptography is to make data unreadable by a third party, the goal of steganography is to hide the data from a third party. (( Gary Kessler definition source. ))
Basically, it is the act of hiding a message inside another object. That message can be a encoded text or a file that is hidden inside another object like a zip file, video/audio file or image, where the container file is still able to function as it was intended (i.e. a .jpg file with a hidden message or file inside it is still able to be opened and viewed as an image file). Steganography - derived from the Greek words "steganos" and "graphein", which mean "covered" and "writing" (( Source for word entomology here. )) - is often used with cryptography so that, should the hidden text or hidden file be found it cannot be read without decryption. While steganography can be done without a computer - look at the recent discovery on Leonardo Da Vinci's Mon Lisa - I am concerning myself with the digital version here. From Wikipedia -
Modern steganography entered the world in 1985 with the advent of the personal computer being applied to classical steganography problems. Development following that was slow, but has since taken off, going by the number of "stego" programs available: Over 800 digital steganography applications have been identified by the Steganography Analysis and Research Center. Digital steganography techniques include:
Concealing messages within the lowest bits of noisy images or sound files.
Concealing data within encrypted data or within random data. The data to be concealed is first encrypted before being used to overwrite part of a much larger block of encrypted data or a block of random data (an unbreakable cipher like the one-time padgenerates ciphertexts that look perfectly random if you don't have the private key).
Mimic functions convert one file to have the statistical profile of another. This can thwart statistical methods that help brute-force attacks identify the right solution in a ciphertext-only attack.
Concealed messages in tampered executable files, exploiting redundancy in the targeted instruction set.
Pictures embedded in video material (optionally played at slower or faster speed).
Injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data.
Changing the order of elements in a set.
Content-Aware Steganography hides information in the semantics a human user assigns to a datagram. These systems offer security against a non-human adversary/warden.
Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are added as comments of orphaned web-logs (or pin boards on social network platforms). In this case the selection of blogs is the symmetric key that sender and recipient are using; the carrier of the hidden message is the whole blogosphere.
On a Windows based PC, a simple way to encode information into another file is, from the command prompt -
COPY /B original.image.jpg + file.to.add.zip new.image.name.jpg
Watch the video below for a better explanation -Using this method, I have created the following - [caption id="attachment_47" align="alignnone" width="408" caption="lily.jpg - Original Image - 809KB"][/caption] [caption id="attachment_48" align="alignnone" width="408" caption="WaterLily.jpg - Image With Data Added - 812KB"][/caption] The top image, lily.jpg, is a regular image file. WaterLily.jpg has a .zip file embeded in it. Below is an example of embedding text inside an image file. In this case I used the same image as above (( Reduced in size due to requirements from the webservice that encoded it. )) , and added the text of the London and Egyptian Letters. [caption id="attachment_49" align="alignnone" width="384" caption="Original Image - 24.4KPB JPG"][/caption] [caption id="attachment_50" align="alignnone" width="384" caption="Image With Data Added - 219KB PNG"][/caption] If you take the bottom image and upload it to Mozaiq with the password 'LondonLetter' you will see the decrypted text. To add files to non-image files, other tools are needed. There is a lot of freeware and commercial programs out there that will allow you to create steganographic files, below is a short sampling. (( List taken from COTSE. ))
BlindsideBlindside is an application of steganography that allows one to conceal a file, or set of files within a standard computer image. The new image looks identical to the human eye, but can contain up to 50k or so of secret data. The hidden files can also be password encrypted, to prevent unauthorised access to their data.DataMark TechnologiesDataMark Technologies currently market four digital steganography products - StegComm for confidential multimedia communication, StegMark for digital watermarking of digital storage media, StegSafe for digital storage and linkage and StegSign for e-commerce transactions. Each software product is packaged into a Standard version and a Professional version. While the Standard versions cater to the general needs of our customers, additional security and accessibility features are found in our Professional versions. Please select and view the various product descriptions, and contact us for further information.BitCryptBitCrypt is an elegant encryption utility that allows for storage and transmission of information in an undetectable manner. The software may be used to store plain text and hide it from any third party, or to send or publish the information through the means provided by the Internet. The software processes the user supplied text: firstly encrypting it with the ciphers, and subsequently storing it in a user selected bitmap image.gifshuffleThe program gifshuffle is used to conceal messages in GIF images by shuffling the colourmap, which leaves the image visibly unchanged. gifshuffle works with all GIF images, including those with transparency and animation, and in addition provides compression and encryption of the concealed message.Hide4PGPHide4PGP is a freeware program distributed as source code in ANSI C and precompiled executables for DOS (any version but 1.x - is there one outside the museum?), OS/2 (Warp and up), and the Win32 console (9x and NT). It's purpose is to hide any data in a way that the viewer or listener does not recognize any difference. This is called steganography.Invisible SecretsInvisible Secrets hides your private data into innocent looking files, like pictures, or web pages. It also features: strong encryption algorithms; a locker that allows you to password protect certain applications; a password management solution and a real-random password generator; a shredder that helps you destroy beyond recovery files, folders and internet traces; the ability to create self-decrypting packages; secured password transfer.JPHIDE and JPSEEKJPHIDE and JPSEEK are programs which allow you to hide a file in a jpeg visual image. There are lots of versions of similar programs available on the internet but JPHIDE and JPSEEK are rather special. The design objective was not simply to hide a file but rather to do this in such a way that it is impossible to prove that the host file contains a hidden file. Given a typical visual image, a low insertion rate (under 5%) and the absence of the original file, it is not possible to conclude with any worthwhile certainty that the host file contains inserted data. As the insertion percentage increases the statistical nature of the jpeg coefficients differs from "normal" to the extent that it raises suspicion. Above 15% the effects begin to become visible to the naked eye. Of course some images are much better than others when used a host file - plenty of fine detail is good. A cloudless blue sky over a snow covered ski paradise is bad. A waterfall in a forest is probably ideal.MP3StegoMP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then hidden in the MP3 bit stream. Although MP3Stego has been written with steganographic applications in mind it might be used as a copyright marking system for MP3 files (weak but still much better than the MPEG copyright flag defined by the standard). Any opponent can uncompress the bit stream and recompress it; this will delete the hidden information -- actually this is the only attack we know yet -- but at the expense of severe quality loss.OutGuessOutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources. The nature of the data source is irrelevant to the core of OutGuess. The program relies on data specific handlers that will extract redundant bits and write them back after modification. In this version the PNM and JPEG image formats are supported. In the next paragraphs, images will be used as concrete example of data objects, though OutGuess can use any kind of data, as long as a handler is provided.ScramdiskScramdisk is a program that allows the creation and use of virtual encrypted drives. Basically, you create a container file on an existing hard drive which is created with a specific password. This container can then be mounted by the Scramdisk software which creates a new drive letter to represent the drive. The virtual drive can then only be accessed with the correct passphrase. Without the correct passphrase the files on the virtual drive are totally inaccessible.SnowThe program snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.TrueCryptIncludes Steganography features in its Plausible Deniability feature.SteganosSteganos hides secret information in sound, image, and text files. This sensitive data is being encrypted beforehand. That way files can be sent over the Internet without being discovered by a third party.StegoHide and recover encrypted data in your GIF files with StegoStegPartyStegParty is a system for hiding information inside of plain-text files. Unlike similar tools currently available it does not use random gibberish to encode data -- it relies on small alterations to the message, like changes to spelling and punctuation. Because of this you can use any plain-text file as your carrier , and it will be more-or-less understandable after the secret message is embedded.TextHideSoftware to hide any data in unsuspicious text in order to store or communicate secrets (textual steganography).wbStegowbStego is a tool that hides any type of file in bitmap images, text files, HTML files or Adobe PDF files. The file in which you hide the data is not optically changed. It can be used to exchange sensitive data securely or to add hidden copyright information to the file.
Since there is encoding software out there, I thought you should know that there is also software that will search web images and detect if they are steganography vessels.
SARC / StegAlyzerASThe Steganography Analysis and Research Center (SARC) is a Center of Excellence within Backbone Security focused exclusively on steganography research and the development of advanced steganalysis products and services. The SARC has developed state-of-the-art steganography detection and extraction capabilities that address the needs of digital investigation specialists and information technology security personnel in law enforcement, government, military, intelligence, and the private sector..StegDetectStegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images.Stego Suite, StegoHunter, and Gargoyle InvestigatorDesigned to quickly, accurately and easily detect steganography programs as a first look in the investigation process. Often we are asked "how do you know if steganography exists?" With Stego Hunter, results are easily reported back to the investigator of any installed or even previously installed applications. We even take this a step further and flag the suspected carrier types you should then look for to further your investigation process. We have the capability to scan forensic images of other popular forensic tools such as EnCase, FTK, dd, raw, ISO and safeback images.
Wikipedia - Steganography
What is Steganography? (.pdf)
Gary Kessler's Steganography
Gary Kessler's Steganography Detection
NIJ Digital Evidence Analysis: Steganography Detection
Detecting Steganographic Content on the Internet, Abstract
Steganography for DOS Programmers
