Steganography - The art of hiding information

WHAT IS STEGANOGRAPHY

Also known as Stego Comes from the Greek meaning covered or secret writing There are some legitimate reasons for using Stego As cyber-security consultants, we are more interested in the illegal uses

Can you tell the difference b/w Stego Image and Original Image

Here is the hidden Image..

Stego vs. encryption

When you seen an encrypted message you know that

it is encrypted Might raise suspicion With Stego, you dont have any idea that there is a hidden message The Internet is a great place for Stego, since there are hundreds of thousands of images Does it make sense to scan all of the images on the Internet?

Stego and encryption

You can go one step further encrypt the image before you hide it Not only would you have to know that there is a hidden information but also have to decrypt it A challenge for forensic investigators

Stego in images
A computer image is an array of points called pixels Digital images are stored in either 24- bit or 8bit pixel files 24- bit images are larger and not ideal for Internet uses A pixel makes up the images raster data

Compression in images
Lossy compression provides high Compression rates But sacrifices data image integrity loss JPEG is an example Lossless compression does not lose image integrity GIF and BMP are examples of this image

Where is the hidden image stored?

There are 8 bits in each pixel The 4 bits to the left are most significant bits (MSB) The 4 bits to the right are least significant bits (LSB) Changes to the MSB will result in a drastic change in the color and image quality Changes in the LSB will have minimal impact

Using the LSB

Stego uses the LSB to hide the desired information The human eye cannot usually detect changes to 1 or 2 bits in of the LSB If a bit pattern of 11001101 is changed to 11001100, they will essentially look the same to the naked eye

Practical Stego uses

Embedding copyright information on images Legitimate hiding of information on images on later retrieval Used in convert data transmissions where encryption is not adventageous

Defeating Stego
Steganalysis is the technique of discovering and recovering the hidden message Determine first if the image has some hidden information Check file size, color palate Dictionary attacks against steganographic systems All stego software use a password to create the stego image

Defeating Stego (2)

Stego-only attack analyzes the stego host file

Known cover attack is used if both the original and the stego infected file is available Known message attack is used when the hidden message is revealed Chosen stego attack is performed when the algorithm is used is known and the stego host is available A chosen message attack is performed when a stego-media is generated using a predetermined algorithm

Defeating Stego (3)

Information is embedded in the header of the image that contains the length of the hidden message If the size of the image header embedded by the various tools is known, this information could be used to verify the correctness of the guess password

Defeating Stego (4)

Use Software that can take a snapshot of the appropriate images and create a hash value Most popular package is Tripwire

Demos
Invisible Secrets Tools that hides an image in another Camera Shy Hacker browser that can hide images on friendly websites

Summary
Reported uses for illicit activity and by terrorist groups. Can we really Defeat Stego? Example: I embed data in a picture that I can post on my website You visit the website You browse and select the image You download the image and extract the secret message How would one detect that? Is scanning all images on the Internet really practical?