STAGANOGRAP

HY
Hiding Data Within
Data
Talha fatima,

ECE , IV year,

SPMVV.

ABSTRACT

For years, people have devised different techniques for encrypting

data while others have attempted to break these encrypted codes. For our
project we decided to put our wealth of DSP knowledge to use in the art of
steganography.

Steganography is a technique that allows one to hide binary data

within an image while adding few noticeable changes. Technological
advancements over the past decade or so have brought terms like “mp3,”
“jpeg,” and “mpeg” into our everyday vocabulary. These lossy compression
techniques lend themselves perfectly for hiding data. We have chosen this
project because it gives a chance to study several various aspects of DSP.
First, we devised our own compression technique which we loosely based
off jpeg. There have been many steganographic techniques created so far,
which compelled us to create two of our own strategies for hiding data in the
images we compress.

Our first method, zero hiding, adds the binary data into the DCT
coefficients dropped in compression. Our other method, which we called bit-
o-steg, uses a key to change the values of coefficients that remain after
compression. Finally, we had to find ways to analyze the success of our data
hiding strategies, so through our research we found both DSP and statistical
methods to qualitatively measure our work.
 STAGANOGRAP
HY
Hiding Data Within
Data

Talha fatima,

ECE , IV year,

SPMVV.

INTRODUCTION

Cryptography — the science of writing in secret codes — addresses all of

the elements necessary for secure communication over an insecure
channel, namely privacy, confidentiality, key exchange, authentication,
and non-repudiation. But cryptography does not always provide safe
communication.

Consider an environment where the very use of encrypted messages

causes suspicion. If a nefarious government or Internet service provider
(ISP) is looking for encrypted messages, they can easily find them.
Consider the following text file; what else is it likely to be if not
encrypted?

qANQR1DBwU4D/TlT68XXuiUQCADfj2o4b4aFYBcWumA7hR1Wvz9rbv2BR6WbEUsy
ZBIEFtjyqCd96qF38sp9IQiJIKlNaZfx2GLRWikPZwchUXxB+AA5+lqsG/ELBvRa
c9XefaYpbbAZ6z6LkOQ+eE0XASe7aEEPfdxvZZT37dVyiyxuBBRYNLN8Bphdr2zv
z/9Ak4/OLnLiJRk05/2UNE5Z0a+3lcvITMmfGajvRhkXqocavPOKiin3hv7+Vx88
uLLem2/fQHZhGcQvkqZVqXx8SmNw5gzuvwjV1WHj9muDGBY0MkjiZIRI7azWnoU9
3KCnmpR60VO4rDRAS5uGl9fioSvze+q8XqxubaNsgdKkoD+tB/4u4c4tznLfw1L2
YBS+dzFDw5desMFSo7JkecAS4NB9jAu9K+f7PTAsesCBNETDd49BTOFFTWWavAfE
gLYcPrcn4s3EriUgvL3OzPR4P1chNu6sa3ZJkTBbriDoA3VpnqG3hxqfNyOlqAka
 mJJuQ53Ob9ThaFH8YcE/VqUFdw+bQtrAJ6NpjIxi/x0FfOInhC/bBw7pDLXBFNaX
HdlLQRPQdrmnWskKznOSarxq4GjpRTQo4hpCRJJ5aU7tZO9HPTZXFG6iRIT0wa47
AR5nvkEKoIAjW5HaDKiJriuWLdtN4OXecWvxFsjR32ebz76U8aLpAK87GZEyTzBx
dV+lH0hwyT/y1cZQ/E5USePP4oKWF4uqquPee1OPeFMBo4CvuGyhZXD/18Ft/53Y
WIebvdiCqsOoabK3jEfdGExce63zDI0=
=MpRf

The message above is a sentence in English that is encrypted using Pretty

Good Privacy (PGP), probably the most commonly used e-mail encryption
message appear more-or-less at random and do not adhere to the relative
frequency counts that one would expect in a non-encrypted message.
Encrypted data sticks out like a sore thumb.

Over the past couple of years, steganography has been the source of a lot of
discussion, particularly as it was suspected that terrorists connected with the
September 11 attacks might have used it for covert communications. While no
such connection has been proven, the concern points out the effectiveness of
steganography as a means of obscuring data. Indeed, along with encryption,
steganography is one of the fundamental ways by which data can be kept
confidential. This article will offer a brief introductory discussion of
steganography: what it is, how it can be used, and the true implications it can have
on information security.

What is Steganography?

While we are discussing it in terms of computer security, steganography is really

nothing new, as it has been around since the times of ancient Rome. For example,
in ancient Rome and Greece, text was traditionally written on wax that was
poured on top of stone tablets. If the sender of the information wanted to obscure
the message - for purposes of military intelligence, for instance - they would use
steganography: the wax would be scraped off and the message would be inscribed
or written directly on the tablet, wax would then be poured on top of the message,
thereby obscuring not just its meaning but its very existence.
 According to Dictionary.com, steganography (also known as "steg" or "stego") is
"the art of writing in cipher, or in characters, which are not intelligible except to
persons who have the key; cryptography". In computer terms, steganography has
evolved into the practice of hiding a message within a larger one in such a way
that others cannot discern the presence or contents of the hidden message. In
contemporary terms, steganography has evolved into a digital strategy of hiding a
file in some form of multimedia, such as an image, an audio file (like a .wav or
mp3) or even a video file.

Therefore , Steganography is the science of hiding information. Whereas

the goal of cryptography is to make data unreadable by a third party, the
goal of steganography is to hide the data from a third party.

A Brief History of Steganography

Steganography, or “hidden writing” can be traced back to 440 BC

in ancient Greece. Often they would write a message on a wooden panel,
cover it in wax, and then write a message on the wax. These wax tablets
were already used as writing utensils, so the hiding of a message in a
commonly used device draws very little suspicion. In addition to use by
the Greeks, the practice of steganography was utilized by spies in World
War II. There were even rumors that terrorists made use of steganography
early in 2001 to plan the attacks of September 11

STEGANOGRAPHY

There are a large number of steganographic methods that most of us are

familiar with (especially if you watch a lot of spy movies!), ranging from
invisible ink and microdots to secreting a hidden message in the second
letter of each word of a large body of text and spread spectrum radio
communication. With computers and networks, there are many other ways
of hiding information, such as:

• Covert channels (e.g., Loki and some distributed denial-of-

service tools use the Internet Control Message Protocol, or ICMP,
as the communications channel between the "bad guy" and a
compromised system)
• Hidden text within Web pages
• Hiding files in "plain sight" (e.g., what better place to
"hide" a file than with an important sounding name in the
c:\winnt\system32 directory?)
• Null ciphers (e.g., using the first letter of each word to form
a hidden message in an otherwise innocuous text)

What is Steganography Used for?

 Like many security tools, steganography can be used for a variety of
reasons, some good, some not so good. Legitimate purposes can include
things like

• Digital watermarking: Watermarking images for reasons

such as copyright protection. A digital watermark can accomplish
the same function; a graphic artist, for example, might post sample
images on her Web site complete with an embedded signature so
that she can later prove her ownership in case others attempt to
portray her work as their own
• To maintain the confidentiality of valuable information, to
protect the data from possible sabotage, theft, or unauthorized
viewing
• Stego can also be used to allow communication within an
underground community. There are several reports, for example, of
persecuted religious minorities using steganography to embed
messages for the group within images that are posted to known
Web sites.

Unfortunately, steganography can also be used for Illegitimate reasons

• If someone was trying to steal data, they could conceal it in another file or
files and send it out in an innocent looking email or file transfer
• In the concern for terroristic purposes, it can be used as a means of covert
communication.

Steganography Tools

There are a vast number of tools that are available for steganography. An
important distinction that should be made among the tools available today is the
difference between tools that do steganography, and tools that do steganalysis,
which is the method of detecting steganography and destroying the original
message. Steganalysis focuses on this aspect, as opposed to simply discovering
and decrypting the message, because this can be difficult to do unless the
encryption keys are known.There are many good places to find steganography
tools on the Net.
Steganography Tools: Hide data inside other data

Steganography is the art and science of writing hidden messages in such a way
that no one apart from the intended recipient knows of the existence of the
message; this is in contrast to cryptography, where the existence of the message
itself is not disguised, but the content is obscured. (Wikipedia)

In computing terms, this generally means hiding text or files inside other files
(generally an image or MP3). We have reviewed one piece of software which
does this before, but I’ve decided it’s worth writing about a few more.

Hide in Picture

The piece of steganography software we’ve already reviewed is called Hide in

Picture. Unfortunately, their website is no longer accessible and the only way to
download it is now through SourceForge. This piece of software allows you to
hide any file inside a GIF or BMP (which is a little restrictive). Also, a password
is required to encode/decode.Hide in Picture can be used through what looks like
a GTK GUI or through command prompt. Unfortunately, it is for Windows and
MS-DOS only.

wbStego

wbStego is software which allows you to hide files, and copyright information, inside
bitmaps, PDFs, HTMlL files and text documents. Unfortunately, it doesn’t support JPG
or GIF, and according to their FAQ page JPG or GIF support isn’t coming anytime soon.
view.
StegoMagic

StegoMagic allows you to hide any file or message inside text, Wave and Bitmap files.
The restriction of the software is that the file to be hidden can be a maximum of 1/8 of
the size as the file it’s to be hidden in. The software is operated through a simple GUI and
it also requires passwords. (Windows only)

mp3stego

mp3stego is a piece of software which allows to hide files inside MP3s. This is
unfortunately Windows only, and no GUI is provided (although one is downloadable).
This software also supports passwords. Also, mp3stego is only in proof of concept stage.
 STEGANOGRAPHIC METHODS

The following formula provides a very generic description of the pieces of

the steganographic process:

cover_medium + hidden_data + stego_key = stego_medium

In this context, the cover_medium is the file in which we will hide the
hidden_data, which may also be encrypted using the stego_key. The
resultant file is the stego_medium (which will, of course. be the same type
of file as the cover_medium). The cover_medium (and, thus, the
stego_medium) are typically image or audio files. In this article, we will
focus on image files and will, therefore, refer to the cover_image and
stego_image.

How images are stored :

An image file is merely a binary file containing a binary

representation of the color or light intensity of each picture element (pixel)
comprising the image.

Images typically use either 8-bit or 24-bit color. When using 8-bit color,
there is a definition of up to 256 colors forming a palette for this image,
each color denoted by an 8-bit value. A 24-bit color scheme, as the term
suggests, uses 24 bits per pixel and provides a much better set of colors. In
this case, each pix is represented by three bytes, each byte representing the
intensity of the three primary colors red, green, and blue (RGB),
respectively. The Hypertext Markup Language (HTML) format for
indicating colors in a Web page often uses a 24-bit format employing six
hexadecimal digits, each pair representing the amount of red, blue, and
green, respectively. The color orange, for example, would be displayed
with red set to 100% (decimal 255, hex FF), green set to 50% (decimal
127, hex 7F), and no blue (0), so we would use "#FF7F00" in the HTML
code.

The size of an image file, then, is directly related to the number of pixels
and the granularity of the color definition. A typical 640x480 pix image
using a palette of 256 colors would require a file about 307 KB in size
(640 • 480 bytes), whereas a 1024x768 pix high-resolution 24-bit color
image would result in a 2.36 MB file (1024 • 768 • 3 bytes).

To avoid sending files of this enormous size, a number of compression

schemes have been developed over time, notably Bitmap (BMP), Graphic
Interchange Format (GIF), and Joint Photographic Experts Group (JPEG)
file types. Not all are equally suited to steganography, however.

GIF and 8-bit BMP files employ what is known as lossless compression, a
scheme that allows the software to exactly reconstruct the original image.
JPEG, on the other hand, uses lossy compression, which means that the
expanded image is very nearly the same as the original but not an exact
duplicate. While both methods allow computers to save storage space,
lossless compression is much better suited to applications where the
integrity of the original information must be maintained, such as
steganography. While JPEG can be used for stego applications, it is more
common to embed data in GIF or BMP files.

The simplest approach to hiding data within an image file is called least
significant bit (LSB) insertion. In this method, we can take the binary
representation of the hidden_data and overwrite the LSB of each byte
within the cover_image. If we are using 24-bit color, the amount of change
will be minimal and indiscernible to the human eye. As an example,
suppose that we have three adjacent pixels (nine bytes) with the following
RGB encoding:

10010101 00001101 11001001

10010110 00001111 11001010
10011111 00010000 11001011

Now suppose we want to "hide" the following 9 bits of data (the hidden
data is usually compressed prior to being hidden): 101101101. If we
overlay these 9 bits over the LSB of the 9 bytes above, we get the
following (where bits in bold have been changed):

10010101 00001100 11001001

10010111 00001110 11001011
10011111 00010000 11001011
 Note that we have successfully hidden 9 bits but at a cost of only changing
4, or roughly 50%, of the LSBs.

This description is meant only as a high-level overview. Similar methods

can be applied to 8-bit color but the changes, as the reader might imagine,
are more dramatic. Gray-scale images, too, are very useful for
steganographic purposes. One potential problem with any of these
methods is that they can be found by an adversary who is looking. In
addition, there are other methods besides LSB insertion with which to
insert hidden information.

Users can simply hide information behind an image by following the

procedure,

• Inputting the ,bmp file on the window,

• Then dragging the data file that is being hidden .At this point the
program prompts the user for a pass phrase.

A STEGANOGRAPHY EXAMPLE

You can see, by the before and after pictures below, it is very hard to tell
them apart whether which one is embedded and which one is not.

Figure 2: .bmp file with embedded text Figure 1: .bmp file without embedded text

S-tools :

S-Tools allows users to hide information into BMP, GIF, or WAV

files. The basic scheme of the program is straight-forward; you drag an
 image or audio file into the S-Tools active window to act as the
cover_medium, drag the hidden_data file onto the cover_medium, and
then provide a stego_key for encryption. The result is the stego_medium.

1. Highlight the GIF image file 5th wave.gif and drag it to the
S-Tools active window. Note that S-Tools reports that up to
138,547 bytes can be hidden in this image file.
2. Next highlight a 14 KB text file called
virusdetectioninfo.txt and dragged it onto the image file in S-Tools.
3. A dialog box pops up telling that 6,019 bytes of data is
being hidden and asks for a passphrase with which to encrypt
the hidden text; the default secret key crypto scheme used by S-
Tools is the International Data Encryption Algorithm (IDEA).

Steganalysis

Without going into any detail, it is worth mentioning steganalysis,

the art of detecting and breaking steganography. One form of this analysis
is to examine the color palette of a graphical image. In most images, there
will be a unique binary encoding of each individual color. If the image
contains hidden data, however, many colors in the palette will have
duplicate binary encodings since, for all practical purposes, we can't count
the LSB. If the analysis of the color palette of a given file yields many
duplicates, we might safely conclude that the file has hidden information.

But what files would you analyze? Suppose for example someone decides
to post a hidden message by hiding it in an image file that is to be posted
at an auction site on the Internet and the item to be auctioned is real. So a
lot of people may access the site and download the file; only a few people
know that the image has special information that only they can read.

Now for the above image to be atganalysed :

Once the image file has been received,

• Drag the file to S-Tools and right-click over the image,

• Specify the Reveal option.
• Give a passphrase when a dialog box pops-up requesting the
passphrase.
• Now a pop-up shows the text file.
• Save the text file which now shows the information about the
hidden archive file, and allows the user to open the file.

Steganography and Security

As mentioned previously, steganography is an effective means of hiding
data, thereby protecting the data from unauthorized or unwanted viewing. But
stego is simply one of many ways to protect the confidentiality of data. It is
probably best used in conjunction with another data-hiding method. When used in
 combination, these methods can all be a part of a layered security approach. Some
good complementary methods include:

• Encryption –

Encryption is the process of passing data or plaintext through a series of

mathematical operations that generate an alternate form of the original data
known as ciphertext. The encrypted data can only be read by parties who have
been given the necessary key to decrypt the ciphertext back into its original
plaintext form. Encryption doesn't hide data, but it does make it hard to read!

• Hidden directories (Windows) –

Windows offers this feature, which allows users to hide files. Using this
feature is as easy as changing the properties of a directory to "hidden", and hoping
that no one displays all types of files in their explorer.

• Hiding directories (Unix) –

In existing directories that have a lot of files, such as in the /dev directory
on a Unix implementation, or making a directory that starts with three dots (...)
versus the normal single or double dot.

• Covert channels –

Some tools can be used to transmit valuable data in seemingly normal

network traffic. One such tool is Loki. Loki is a tool that hides data in ICMP
traffic (like ping).

Protecting Against Malicious Steganography

Unfortunately, all of the methods mentioned above can also be used to
hide illicit, unauthorized or unwanted activity. What can you do to prevent or
detect issues with stego? There is no easy answer. If someone has decided to hide
their data, they will probably be able to do so fairly easily. The only way to detect
steganography is to be actively looking for in specific files, or to get very lucky.
Sometimes an actively enforced security policy can provide the answer: this
would require the implementation of company-wide acceptable use policies that
restrict the installation of unauthorized programs on company computers.
Using the tools that you already have to detect movement and behavior of traffic
on your network may also be helpful. Network intrusion detection systems can
help administrators to gain an understanding of normal traffic in and around your
network and can thus assist in detecting any type of anomaly, especially with any
changes in the behavior of increased movement of large images around your
network. If the administrator is aware of this sort of anomalous activity, it may
warrant further investigation. Host-based intrusion detection systems deployed on
computers may also help to identify anomalous storage of image and/or video
files.

SIDEBAR

Other forms of staganography

While much of the steganography employed today is quite high-

tech, steganography itself can make use of many low-tech methods. The
goal of stego is merely to hide the presence of a message; remember how
well the critical missive was hidden in plain sight in Poe's "The Purloined
Letter"?

One common, almost obvious, form of steganography is called a null

cipher. In this type of stego, the hidden message is formed by taking the
first (or other fixed) letter of each word in the cover message. Consider
this cablegram that might have been sent by a journalist/spy from the U.S.
to Europe during World War I:

PRESIDENT'S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE.

GRAVE
SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS
RUIN
OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL
EXCITEMENT
IMMENSELY.

The first letters of each word form the character string:

PERSHINGSAILSFROMNYJUNEI. A little imagination and some spaces yields
the real message:

“PERSHING SAILS FROM NY JUNE I.”

Another form of steganography uses a template (e.g., a piece of

paper with holes cut in it) or a set of preselected locations on the page to
hide a message. In this case, obviously, the sender and receiver must use
the same template or rules.

Consider this note:

 THE MOST COMMON WORK ANIMAL IS THE HORSE. THEY CAN BE USED
TO FERRY EQUIPMENT TO AND FROM WORKERS OR TO PULL A PLOW.
BE CAREFUL, THOUGH, BECAUSE SOME HAVE SANK UP TO THEIR
KNEES IN MUD OR SAND, SUCH AS AN INCIDENT AT THE BURLINGTON
FACTORY LAST YEAR. BUT HORSES REMAIN A SIGNIFICANT FIND. ON
A FARM, AN ALTERNATE WORK ANIMAL MIGHT BE A BURRO BUT THEY
ARE NOT AS COMFORTABLE AS A TRANSPORT ANIMAL.

Applying a template or rule as to which words to read to this message

might yield the following:

HORSE
FERRY
SANK
IN BURLINGTON
FIND
ALTERNATE
TRANSPORT

There are other alternatives to the template method such as:

• Pinpricks in maps to use as an overlay for relevant letters in

messages
• Deliberate misspelling to mark words in the message
• Use of small changes in spacing to indicate significant letters or
words in a hidden message
• Use of a slightly different font in a typeset message to indicate the
hidden letters (e.g., the difference between Courier and Courier New is
barely noticeable unless you are looking for it)

Steganography doesn't just apply to written forms of

communication. Radio and TV messages, from World War II to today, can
be used to hide coded or hidden messages. Some government sources
suspect that Osama bin Laden's pre-recorded videos that are re-played on
TV stations around the world contain hidden messages.

Some argue that the U.S. Marine Corps Navaho code talkers of WWII
represent a form of steganography. The messages themselves weren't
encrypted; the plaintext was right there in the open, just in a language that
was unknown by the Japanese. Disappearing ink and microdots are other
ways in which messages can be hidden from the casual observer.

One of the oldest stego schemes was to shave the head of a messenger and
tattoo a message on the messenger's head. After the hair grows back, the
messenger can be sent to the intended recipient, where the messenger's
head can be shaved and the message recovered. This method is decidingly
clever, patient, and very low-tech, and goes right to the heart of
steganography's literal meaning of "covered writing."
Research papers
A research paper by Stefan Hetzel cites two methods of attacking
steganography, which really are also methods of detecting it. They are the visual
attack (actually seeing the differences in the files that are encoded) and the
statistical attack: "The idea of the statistical attack is to compare the frequency
distribution of the colors of a potential stego file with the theoretically expected
frequency distribution for a stego file." It might not be the quickest method of
protection, but if you suspect this type of activity, it might be the most effective.
For JPEG files specifically, a tool called Stegdetect, which looks for signs of
steganography in JPEG files, can be employed. Stegbreak, a companion tool to
Stegdetect, works to decrypt possible messages encoded in a suspected
steganographic file, should that be the path you wish to take once the

CONCLUSION

Steganography is a fascinating and effective method of hiding data that

has been used throughout history. It is a really interesting subject and
outside of the mainstream cryptography and system administration that
most of us deal with day after day. But it is also quite real; this is not just
something that's used in the lab or an arcane subject of study in academia.
Stego may, in fact, be all too real — there have been several reports that
the terrorist organization behind the September 11 attacks in New York
City, Washington, D.C., and outside of Pittsburgh used steganography as
one of their means of communication.
 Methods that can be employed to uncover such devious tactics, but the
first step are awareness that such methods even exist. There are many
good reasons as well to use this type of data hiding, including
watermarking or a more secure central storage method for such things as
passwords, or key processes. Regardless, the technology is easy to use and
difficult to detect. The more that you know about its features and
functionality, the more ahead you will be in the game.

software today. Besides being nonsensical to a casual reader, the other

indication that this is encrypted is that the characters comprising the

Rescent books:

• Information Hiding: Steganography and Watermarking - Attacks

and Countermeasures by N.F. Johnson, Z. Duric, and S. Jajodia (Kluwer
Academic Publishers, 2000)
• Information Hiding Techniques for Steganography and Digital
Watermarking, edited by S. Katzenbeisser and F.A.P. Petitcolas (Artech House
Books, 2000).

REFERENCES

[1] Steganography, by Neil F. Johnson, George Mason University,

http://www.jjtc.com/stegdoc/sec202.html

[2] http://dictionary.reference.com/search?q=steganography

[3] The Free On-line Dictionary of Computing, © 1993-2001 Denis Howe

http://www.nightflight.com/foldoc/index.html

[4] Applied Cryptography, Bruce Schneier, John Wiley and Sons Inc., 1996

[5] Steganography: Hidden Data, by Deborah Radcliff, June 10, 2002,

http://www.computerworld.com/securitytopics/security/story/0,10801,71726,00.ht
ml