Steganography

For the process of writing in shorthand, see Stenography. For the prefix "Stego-" as used in taxonomy, see List of commonly used taxonomic affixes.

Steganography (i/ˌstɛɡ.əˈnɒɡ.rə.fi/, STEG-ə-NOG-rəfee) is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγανός), meaning "covered, concealed, or protected", and graphein (γράφειν) meaning "writing".

The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography, disguised as a book on magic. Generally, the hidden messages appear to be (or be part of) something else: images, articles, shopping lists, or some other cover text. For example, the hidden message may be in invisible ink between the visible lines of a private letter. Some implementations of steganography that lack a shared secret are forms of security through obscurity, whereas key-dependent steganographic schemes adhere to Kerckhoffs's principle.[1]

The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages—no matter how unbreakable—arouse interest, and may in themselves be incriminating in countries where encryption is illegal.[2] Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.

History

A chart from Johannes Trithemius's Steganographia copied by Dr John Dee in 1591

The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples in his Histories.[3] Histiaeus sent a message to his vassal, Aristagoras, by shaving the head of his most trusted servant, "marking" the message onto his scalp, then sending him on his way once his hair had regrown, with the instruction, “When thou art come to Miletus, bid Aristagoras shave thy head, and look thereon." Additionally, Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand.

In his work Polygraphiae Johannes Trithemius developed his so-called "Ave-Maria-Cipher" that can hide information in a Latin praise of God. "Auctor Sapientissimus Conseruans Angelica Deferat Nobis Charitas Potentissimi Creatoris" for example contains the concealed word VICIPEDIA.[4]

Techniques

Deciphering the code. Steganographia

Physical

Steganography has been widely used, including in recent historical times and the present day. Known examples include:

Digital messages

Modern steganography entered the world in 1985 with the advent of personal computers being applied to classical steganography problems.[5] Development following that was very slow, but has since taken off, going by the large number of steganography software available:

Digital text

Social steganography

In communities with social or government taboos or censorship, people use cultural steganography—hiding messages in idiom, pop culture references, and other messages they share publicly and assume are monitored. This relies on social context to make the underlying messages visible only to certain readers.[9][10] Examples include:

Network

All information hiding techniques that may be used to exchange steganograms in telecommunication networks can be classified under the general term of network steganography. This nomenclature was originally introduced by Krzysztof Szczypiorski in 2003.[11] In 2016, a first network steganography covering book was published by Mazurczyk et al.[12] However, network information hiding was already applied in the late 1980s by Girling[13] and Wolf.[14] Contrary to typical steganographic methods that use digital media (images, audio and video files) to hide data, network steganography uses communication protocols' control elements and their intrinsic functionality. As a result, such methods can be harder to detect and eliminate.[15]

Typical network steganography methods involve modification of the properties of a single network protocol. Such modification can be applied to the PDU (Protocol Data Unit),[16][17][18] to the time relations between the exchanged PDUs,[19] or both (hybrid methods).[20]

Moreover, it is feasible to utilize the relation between two or more different network protocols to enable secret communication. These applications fall under the term inter-protocol steganography.[21] Alternatively, multiple network protocols can be used simultaneously to transfer hidden information and so-called control protocols can be embedded into steganographic communications to extend their capabilities, e.g. to allow dynamic overlay routing or the switching of utilized hiding methods and network protocols.[22][23]

Network steganography covers a broad spectrum of techniques, which include, among others:

Printed

Digital steganography output may be in the form of printed documents. A message, the plaintext, may be first encrypted by traditional means, producing a ciphertext. Then, an innocuous covertext is modified in some way so as to contain the ciphertext, resulting in the stegotext. For example, the letter size, spacing, typeface, or other characteristics of a covertext can be manipulated to carry the hidden message. Only a recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon developed Bacon's cipher as such a technique.

The ciphertext produced by most digital steganography methods, however, is not printable. Traditional digital methods rely on perturbing noise in the channel file to hide the message, as such, the channel file must be transmitted to the recipient with no additional noise from the transmission. Printing introduces much noise in the ciphertext, generally rendering the message unrecoverable. There are techniques that address this limitation, one notable example is ASCII Art Steganography.[26]

Although no classic steganography, some types of modern color laser printers integrate the model, serial number and timestamps on each printout for traceability reasons using a dot-matrix code made of small, yellow dots not recognizable by the bare eye - see printer steganography for details.

Using puzzles

The art of concealing data in a puzzle can take advantage of the degrees of freedom in stating the puzzle, using the starting information to encode a key within the puzzle / puzzle image.

For instance, steganography using sudoku puzzles has as many keys as there are possible solutions of a sudoku puzzle, which is 6.71×1021. This is equivalent to around 70 bits, making it much stronger than the DES method, which uses a 56 bit key.[27]

Additional terminology

Discussions of steganography generally use terminology analogous to (and consistent with) conventional radio and communications technology. However, some terms show up in software specifically, and are easily confused. These are most relevant to digital steganographic systems.

The payload is the data covertly communicated. The carrier is the signal, stream, or data file that hides the payload—which differs from the channel (which typically means the type of input, such as a JPEG image). The resulting signal, stream, or data file with the encoded payload is sometimes called the package, stego file, or covert message. The percentage of bytes, samples, or other signal elements modified to encode the payload is called the encoding density, and is typically expressed as a number between 0 and 1.

In a set of files, those files considered likely to contain a payload are suspects. A suspect identified through some type of statistical analysis might be referred to as a candidate.

Countermeasures and detection

Detecting physical steganography requires careful physical examination—including the use of magnification, developer chemicals and ultraviolet light. It is a time-consuming process with obvious resource implications, even in countries that employ large numbers of people to spy on their fellow nationals. However, it is feasible to screen mail of certain suspected individuals or institutions, such as prisons or prisoner-of-war (POW) camps.

During World War II, prisoner of war camps gave prisoners specially treated paper that would reveal invisible ink. An article in the 24 June 1948 issue of Paper Trade Journal by the Technical Director of the United States Government Printing Office, Morris S. Kantrowitz, describes, in general terms, the development of this paper. They used three prototype papers named Sensicoat, Anilith, and Coatalith. These were for the manufacture of post cards and stationery provided to German prisoners of war in the US and Canada. If POWs tried to write a hidden message, the special paper rendered it visible. The U.S. granted at least two patents related to this technology—one to Kantrowitz, U.S. Patent 2,515,232, "Water-Detecting paper and Water-Detecting Coating Composition Therefor," patented 18 July 1950, and an earlier one, "Moisture-Sensitive Paper and the Manufacture Thereof", U.S. Patent 2,445,586, patented 20 July 1948. A similar strategy is to issue prisoners with writing paper ruled with a water-soluble ink that runs in contact with water-based invisible ink.

In computing, steganographically encoded package detection is called steganalysis. The simplest method to detect modified files, however, is to compare them to known originals. For example, to detect information being moved through the graphics on a website, an analyst can maintain known clean-copies of these materials and compare them against the current contents of the site. The differences, assuming the carrier is the same, comprise the payload. In general, using extremely high compression rates makes steganography difficult, but not impossible. Compression errors provide a hiding place for data, but high compression reduces the amount of data available to hold the payload, raising the encoding density, which facilitates easier detection (in extreme cases, even by casual observation).

Applications

Use in modern printers

Main article: Printer steganography

Some modern computer printers use steganography, including HP and Xerox brand color laser printers. These printers add tiny yellow dots to each page. The barely-visible dots contain encoded printer serial numbers and date and time stamps.[28]

Example from modern practice

The larger the cover message (in binary data, the number of bits) relative to the hidden message, the easier it is to hide the latter. For this reason, digital pictures (which contain large amounts of data) are used to hide messages on the Internet and on other communication media. It is not clear how common this actually is. For example: a 24-bit bitmap uses 8 bits to represent each of the three color values (red, green, and blue) at each pixel. The blue alone has 28 different levels of blue intensity. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used more or less undetectably for something else other than color information. If this is repeated for the green and the red elements of each pixel as well, it is possible to encode one letter of ASCII text for every three pixels.

Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) due to the injection of the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are indistinguishable from the noise floor of the carrier. Any medium can be a carrier, but media with a large amount of redundant or compressible information are better suited.

From an information theoretical point of view, this means that the channel must have more capacity than the "surface" signal requires; that is, there must be redundancy. For a digital image, this may be noise from the imaging element; for digital audio, it may be noise from recording techniques or amplification equipment. In general, electronics that digitize an analog signal suffer from several noise sources such as thermal noise, flicker noise, and shot noise. This noise provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data. In addition, lossy compression schemes (such as JPEG) always introduce some error into the decompressed data; it is possible to exploit this for steganographic use as well.

Steganography can be used for digital watermarking, where a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified (for example, Coded Anti-Piracy), or even just to identify an image (as in the EURion constellation).

Alleged use by intelligence services

In 2010, the Federal Bureau of Investigation alleged that the Russian foreign intelligence service uses customized steganography software for embedding encrypted text messages inside image files for certain communications with "illegal agents" (agents under non-diplomatic cover) stationed abroad.[29]

Distributed steganography

There are distributed steganography methods,[30] including methodologies that distribute the payload through multiple carrier files in diverse locations to make detection more difficult. For example, U.S. Patent 8,527,779 by cryptographer William Easttom (Chuck Easttom).

Online challenge

The puzzles presented by Cicada 3301 incorporates steganography with cryptography and other solving techniques since 2012.[31]

See also

Citations

  1. Fridrich, Jessica; M. Goljan; D. Soukal (2004). "Searching for the Stego Key" (PDF). Proc. SPIE, Electronic Imaging, Security, Steganography, and Watermarking of Multimedia Contents VI. 5306: 70–82. Retrieved 23 January 2014.
  2. Pahati, OJ (2001-11-29). "Confounding Carnivore: How to Protect Your Online Privacy". AlterNet. Archived from the original on 2007-07-16. Retrieved 2008-09-02.
  3. Petitcolas, FAP; Anderson RJ; Kuhn MG (1999). "Information Hiding: A survey" (pdf). Proceedings of the IEEE (special issue). 87 (7): 1062–78. doi:10.1109/5.771065. Retrieved 2008-09-02.
  4. "Polygraphiae (cf. p. 71f)" (in German). Digitale Sammlungen. Retrieved 2015-05-27.
  5. The origin of Modern Steganography
  6. Echo Data Hiding
  7. Secure Steganography for Audio Signals
  8. Akbas E. Ali (2010). "A New Text Steganography Method By Using Non-Printing Unicode Characters" (PDF). Eng. & Tech. Journal. 28 (1).
  9. Social Steganography: how teens smuggle meaning past the authority figures in their lives, Boing Boing, May 22, 2013. Retrieved June 7, 2014.
  10. Social Steganography, Scenario Magazine, 2013.
  11. Krzysztof Szczypiorski (4 November 2003). "Steganography in TCP/IP Networks. State of the Art and a Proposal of a New System - HICCUPS" (PDF). Institute of Telecommunications Seminar. Retrieved 17 June 2010.
  12. Mazurczyk, Wojciech; Wendzel, Steffen; Zander, Sebastian; Houmansadr, Amir; Szczypiorski, Krzysztof (1 February 2016). Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications (1 ed.). Wiley-IEEE. ISBN 978-1-118-86169-1.
  13. Girling, C. G. (1 February 1987). "Covert Channels in LAN's". IEEE Transactions on Software Engineering. 13 (2): 292–296.
  14. Manfred Wolf (1989). "Covert channels in LAN protocols". Retrieved 4 September 2016.
  15. Patrick Philippe Meier (5 June 2009). "Steganography 2.0: Digital Resistance against Repressive Regimes". irevolution.wordpress.com. Retrieved 17 June 2010.
  16. Craig Rowland (May 1997). "Covert Channels in the TCP/IP Suite". First Monday Journal. Retrieved 16 June 2010.
  17. Steven J. Murdoch & Stephen Lewis (2005). "Embedding Covert Channels into TCP/IP" (PDF). Information Hiding Workshop. Retrieved 16 June 2010.
  18. Kamran Ahsan & Deepa Kundur (December 2002). "Practical Data Hiding in TCP/IP" (PDF). ACM Wksp. Multimedia Security. Retrieved 16 June 2010.
  19. Kundur D. & Ahsan K. (April 2003). "Practical Internet Steganography: Data Hiding in IP" (PDF). Texas Wksp. Security of Information Systems. Retrieved 16 June 2010.
  20. Wojciech Mazurczyk & Krzysztof Szczypiorski (November 2008). "Steganography of VoIP Streams" (PDF). Lecture Notes in Computer Science (LNCS) 5332, Springer-Verlag Berlin Heidelberg, Proc. of The 3rd International Symposium on Information Security (IS'08), Monterrey, Mexico. Retrieved 16 June 2010.
  21. Bartosz Jankowski; Wojciech Mazurczyk & Krzysztof Szczypiorski (11 May 2010). "Information Hiding Using Improper Frame Padding". arXiv:1005.1925Freely accessible [cs.CR].
  22. Wendzel, Steffen; Keller, Joerg (20 October 2011). "Low-Attention Forwarding for Mobile Network Covert Channels". 12th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS): 122–133. doi:10.1007/978-3-642-24712-5_10. Retrieved 4 September 2016.
  23. Mazurczyk, Wojciech; Wendzel, Steffen; Zander, Sebastian; Houmansadr, Amir; Szczypiorski, Krzysztof (1 February 2016). Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications (1 ed.). Wiley-IEEE. ISBN 978-1-118-86169-1.
  24. Józef Lubacz; Wojciech Mazurczyk; Krzysztof Szczypiorski (February 2010). "Vice Over IP: The VoIP Steganography Threat". IEEE Spectrum. Retrieved 11 February 2010.
  25. Krzysztof Szczypiorski (October 2003). "HICCUPS: Hidden Communication System for Corrupted Networks" (PDF). In Proc. of: The Tenth International Multi-Conference on Advanced Computer Systems ACS'2003, pp. 31-40. Retrieved 11 February 2010.
  26. Vincent Chu. "ASCII Art Steganography".
  27. B.r., Roshan Shetty; J., Rohith; V., Mukund; Honwade, Rohan; Rangaswamy, Shanta (2009). "Steganography Using Sudoku Puzzle": 623–626. doi:10.1109/ARTCom.2009.116.
  28. "Secret Code in Color Printers Lets Government Track You; Tiny Dots Show Where and When You Made Your Print". Electronic Frontier Foundation. 16 October 2005.
  29. "Criminal complaint by Special Agent Ricci against alleged Russian agents" (PDF). United States Department of Justice.
  30. "Distributed Steganography". IEEE. October 2011.
  31. Jane Wakefield (9 January 2014). "Cicada 3301: The dark net treasure trail reopens". BBC News. Retrieved 11 January 2014.

References

External links

Wikimedia Commons has media related to Steganography.
This article is issued from Wikipedia - version of the 12/3/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.