Thursday, February 10, 2011

Steganography and its use with digital images

What would you need to do to send information in a secure manner? Some would immediately say the best way to protect it would be to encrypt the data, and for the most part, they would be correct. However, simply encrypting the information may draw unwanted attention to both the sender and the receiver if the data is intercepted. So, how would you keep anyone from knowing you are transmitting protected data? One solution is called steganography.

According to Wikipedia, "steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message". Steganography has been around, in one form or another, for centuries (as far back as 440 BC). The fact that it is still used today should prove how useful it can be. In today's digital age, you can hide data in pictures, audio & video files, text -- even network protocols. But, digital implementations of steganography don't just hide the information -- it encrypts it, as well. This makes it much more difficult to discover the payload (the hidden data).

Steganography in images occur as follows: The steganography program analyzes the carrier (the file that will store the hidden data) and the data to be hidden. It encrypts the data to be hidden, breaks it up in to tiny pieces, and replaces various unimportant bits in the carrier file with the hidden data. It then saves the new file to a place of your choosing. In order for someone to reveal the hidden data, they would generally need to use the same software that was used to create it, the encryption method used (if the software allows for more than one type of encryption), and the password/passphrase used to encrypt the data. For a more detailed explanation, please see the Digital Image and Audio section of Gary Kessler's paper "An Overview of Steganography for the Computer Forensics Examiner" or the Steganographic Methods section of his paper "Steganography: Hiding Data Within Data".

There are many steganography tools available on the Internet. Just to give you an idea of how many exist, I encourage you to check out Neil Johnson's list of steganography tools. Here is an example of steganography in action using a program called S-Tools:


The carrier file


Waterfalls By Saspotato


The hidden data file





The resulting stego file


Waterfalls By Saspotato


Here is a tutorial from YouTube that shows how to use S-Tools:







Disclaimer

All content in this post, including the images used, was created by me (except where otherwise noted by links and/or captions). All images were created using Visio and are copyrighted by me. Use of this material by anyone else is strictly prohibited (unless you ask me really, really, really nicely).

No comments:

Post a Comment