Steganography

The Art of Covert Communication

Presented by LADA
Luiz, Angel, Dimitar and Andrew
Covert Communication
 What Is Steganography?
Steganography - \Steg`a*nog"ra*phy\,
n. [Gr. steganos (covered or secret) + graphy
(writing or drawing).] The art of writing in cipher,
or in characters which are not intelligible except
to persons who have the key; cryptography.

Steganography 2
Steganography v Cryptography
 Both have been used throughout recorded history
as means to protect information
 Cryptographic techniques "scramble" messages so
if intercepted, the messages cannot be understood
 Steganography, in an essence, "camouflages" a
message to hide its existence and make it seem
"invisible" thus concealing the fact that a message
is being sent altogether
History of steganography
 Herodotus mentions it for the first time in his
history
 Demeratus wanted to notify Sparta that Xerxes
intended to invade Greece

Shave the head of the messenger and tattoo the text on it

History of steganography
 Another common form of invisible writing is
through the use of Invisible inks
- Common sources for invisible inks are milk, vinegar,
fruit juices and urine
With improvements in technologies new methods
had to be discovered
- Some messages had to be "developed" much as
photographs are developed with a number of chemicals
in processing labs.
History of Steganography
 During WWII miniscule dots of invisible ink were
added directly above the letters of seemingly
innocuous text.
 In the resent century POW are known to have
used the dots in letters in such as i & j and t & f
to convey Morse code messages
flat . I just fall flat onto this.
-- . . - -- . - -- . - .--. -. .. --. …. –
m ee t m e t o n i g h t
Micro dots
 Microdots are photographs
the size of a printed period
having the clarity of standard-
sized typewritten pages.
 The first microdots were
discovered masquerading as a
period on a typed envelope
carried by a German agent in
1941.
Null ciphers (unencrypted messages)
 Fishing freshwater bends and saltwater coasts
rewards anyone feeling stressed. Resourceful
anglers usually find masterful leapers fun and
admit swordfish rank overwhelming anyday.

 Secret message: Send Lawyers, Guns, and Money

Hiding information in plain text
 We explore new steganographic and
cryptographic algorithms and techniques
throughout the world to produce wide variety
and security in the electronic web called the
Internet.
 Secret message: Explore the world wide web
 Recent examples
 Barcode images
Covert Communication
 Where the Hidden Data Hides?
 Where Did It Came From?
 Where It Is Going?
 DNA
 When Steganography Inspires Terror
 Who is Using Stego?
 Keeping Your Business Secure

Steganography 10
Hiding the Goods with Stego
 Overview of Steganography
 The Growth of Steganography – modern data
compression, info theory, spread spectrum and crypto
are brought together to satisfy the need for privacy on
the Internet
 Steganography in Use – powerful tool for secret
communication
 Flaws of Steganography – Stego is not perfect
 Algorithms are known
 Message is not encrypted
Steganography 11
Hiding the Goods with Stego Cont’
 Variations of Stego
 Trojan Horses – sneak viruses or other malicious code
 Covert Channels – subclass of Stego
 Two parties signal to each other without anyone else
knowing they are communicating. (Holland Windmills )
 Easter Eggs – hybrid between Trojan horses and Stego
 Hardware Keys – used for Copyright protection

Steganography 12
Hiding the Goods with Stego Cont’
 Security and Steganography
 Confidentiality – network security
 Survivability – hiding data in TCP/IP headers
 On a local Network you can use TTL (Time To Live) field
 Across the Internet though, each router will decrement the
TTL with one
 No Detection – Stego must be hard to find.
 Visibility – make sure that people can’t see any
changes to the host file in which data is hidden.

Steganography 13
Hiding the Goods with Stego Cont’
 Principles of Steganography
 Types of Steganography
 File Type – hide data in least significant bits of each
pixel of .bmp image
 Method of Hiding
 Injection – after EOF of audio file
 Substitution – replaces the insignificant info with covert
 Generation – creates new overt file from the covert

Steganography 14
Digital Watermarking
 What is Digital Watermarking?
 Types of Digital Watermarking
 Invisible Watermarking
 Visible Watermarking
 Digital Watermarking and Stego
 Uses of Digital Watermarking
 Removing Digital Watermarking

Steganography 15
Steganography 101
 Types of Steganography:
 Original Classification Scheme (how data is hidden)
 Insertion-Based
 Algorithmic-Based
 Grammar-Based
 New Classification Scheme (how and where data is
hidden)
 Insertion-Based
 Substitution-Based
 Generation-Based

Steganography 16
Steganography 101
 Types of Steganography:
 Insertion-Based – information is added that
increases the file
 Substitution-Based – substitute data for information
already in the file (overwriting)
 Generation-Based – the covert file created from
previous methods is used to create the overt file.

Steganography 17
Steganography 101
 Color Tables:
 Images are composed of dots called pixels
 Each pixel gets its own color by combining
percentages of red, green and blue (RGB)
 Each of these colors has value from 0 to 255
 Zero designates that the color is present
 255 designates complete saturation of that color
 RGB color model has 16,777,216 possible colors
 Total of 255x255x255

Steganography 18
Steganography 101
 Color Tables Cont’:
 Examples:
 255 0 0 is red
 0 255 0 is green
 0 0 255 is blue
 0 0 0 is black
 255 255 255 is white

Steganography 19
Steganography 101
 Color Tables Cont’:
 Color Tables are used by Entry R G B
several stego techniques
to hide data 0 24 104 155
1 41 100 65
2 24 120 179
3 33 83 49
4 82 132 90
Steganography 20
Steganography 101
 Products Implementing Stego
 S-Tools – freeware for hiding data in GIF or .bmp image files
or .wav files
 Hide and Seek
 J-Steg
 EZ Stego
 Image Hide
 Digital Picture Envelope
 Camouflage
 Gif Shuffle
 Spam Mimic

Steganography 21
Stego Files Across a Network
 Uses and Techniques of Network Stego
 Hiding in Network Traffic – making your connection emulate
the often-used port 80 traffic (HTTP), your message might pass
without raising anyone’s suspicions
 Stego Combined with Viruses – hide a virus in .txt using
Stego, avoiding detection. Later the virus could pull its payload
from .txt and infect the system
 Tracking Internet Usage – URL embedding, Hidden fields,
Cookies. Online stalking (Cyberstalking) is used to mimic your
behavior, leading to identity theft.

Steganography 22
Stego Files Across a Network
 Network Stego Techniques
 Hiding in an Attachment – file-based stego is used to hide the
covert message in a file and attach it to some other form of
network traffic (FTP, Web site posting)
 Hiding Data in an E-mail Attachment – send spam mail to
thousands of people, only the intended recipient will look for it
 Transmitting Hidden Data with FTP – hide the secret data in
picture and post it on FTP
 Posting Stego to a Web Site – pictures posted on your Web site
containing covert files.

Steganography 23
Stego Files Across a Network
 Hiding in a Transmission
 Using Invisible Secrets to Hide and Transmit Data
 Camera-Shy
 Hiding Data in Network Headers
 Using IP and TCP Headers for Stego
 UDP and ICMP Headers
 Covert TCP
 Hiding in an Overt Protocol

Steganography 24
Stego Files Across a Network
Using IP and TCP Headers for Stego
4-bit IP
 Using IP Headers for 4-bit
version
header
length
8-bit TOS 16-bit Total length (in bytes)

Stego 3-bit
16-bit IP identification number 13-bit fragment offset
 Hide data here flags

8-bit time to live

8-bit protocol 16-bit header checksum
(TTL)

IP identification number
is used to track packets 32-bit source IP address

that have to be
32-bit destination IP address
defragmented.
Any number can be used options (if any)

and the protocol will

data
still function properly.
Steganography 25
Stego Files Across a Network
Using IP and TCP Headers for Stego
 Using TCP Headers for 16-bit source port number 16-bit destination port number

Stego
 Hide data here 32-bit sequence number

Seq.& Acknow. numbers are 32-bit acknowledgement number

used to indicate how

much data is 32-bit source IP address
send/received.
Data can be hidden only at 32-bit destination IP address

initial handshake (first

packet). After that those options (if any)

fields are critical for valid

communication data

Steganography 26
Cracking Stego and Crypto
 Who’s Cracking What?
 Cracking Analysis
 Cryptanalysis
 Steganalysis
 The Role of Detection
 Detecting Encryption
 Randomness and Compression
 Detection and Image Files

Steganography 27
Cracking Stego and Crypto
 Cracking Crypto:
 General Attacks
 COA – Ciphertext-Only Attack
 KPA – Known Plaintext Attack
 CTA – Chosen Plaintext Attack
 CCA – Chosen Ciphertext Attack
 Specific Attacks
 Brute-Force Attack
 Replay Attack
 Man-in-the-Middle Attack
 Meet-in-the-middle Attack
 Birthday Attack

Steganography 28
Cracking Stego and Crypto
 Cracking Stego:
 Specific Techniques
 S-Tools V4.0

 Hide and Seek

 J-Steg

 EZ Stego

 StegDetect

 General Techniques for Detecting Stego

Steganography 29
Cracking Stego and Crypto
 Cracking Stego S-Tools V4.0 files with 8-bit color:
 Naturally 8-bit color files have few duplicated colors.
 Files that have data hidden with S-Tools have many duplicating
colors
 Program called sdetect examines the color table of .bmp
images for near duplicates and reports a measurement of
duplication:
C:\Data\forest.bmp C:\Data\forest_h.bmp
File Name: forest.bmp File Name: forest_h.bmp
Actual size: 66146 Reported: 66146 Actual size: 66146 Reported: 66146

Duplicate colors: 2 Duplicate colors: 1046

Steganography 30
Developing Secure Communication
Strategy
 Secure vs. Secret
 The Roles of Crypto and Stego in Business
 Why You Need Both Stego and Crypto
 Complimentary Services, providing more robust result
 Crypto and Stego in Business today
 How Crypto and Stego Make You More Secure
 Developing Strategy
 Common Problems with Secure Technologies
 Training the users
 Protecting your keys and passwords
 How detectable are yours stego tools

Steganography 31
Steganography at Large

 The Internet: A Climate for Deceit

 Corporate Espionage
 Who’s Playing?
 Information Attacks (software piracy)
 System Attacks ( Hidden viruses in e-mail)
Steganography at Large:
Corporate Espionage
Who’s Playing?
 Freelance – independent hacker who steals and sells to
highest bidder
 Outsourced – a company hires info broker to steal
information from competition
 State-sponsored – governments use intelligence to
discover secret projects at foreign companies and offer
it to their own countries to give them competitive edge
Steganography at Large:
Corporate Espionage
 June 1998
 More than $11.4 Billion has been lost due to piracy.
 Over 25% of all software applications are pirated in the
U.S.
 As high as 95% in Southeast Asia and Eastern Europe.
Steganography at Large:
Corporate Espionage
 February 1, 2003
 The release of The SoftwareShield System
 New Software Licensing System Embeds Sensitive Data Inside Images
through the use of Steganography.
 The SoftwareShield System has the ability to hide encrypted license
data inside images
 SoftwareShield primarily helps software developers who choose to
deliver or license their products in electronic format by the internet -
for the obvious cost benefit while maintaining security.
Steganography at Large:
 Option of using encrypted data hidden in the corners of
images to license and protect their applications.
 Doing this enables developers with the power to create
demo, trial, copy-protected, leased, pay-per-use and many
other editions of their software with a minimum of effort
and a solid level of security.

 www.softwareshield.com
Future of Steganography
 To ban technology that could be used in an
inappropriate manner would mean that few
technologies could ever be released.
 The more we look for where messages could be
hidden, the more one realizes that the possibilities
are limitless.
The Future of Steganography

 Improving the Techniques

 Improved Resistance to Analysis
 How much You Can Hide?
 Improved Attack Tools
 New and Improved Ways to Use Stegonography
 Law Enforcement
 Corporate Uses
 Illegal Uses
Future Legal uses
 Proof of ownership (better watermarking of
digital media)
 Protection of property: physical and intellectual.
 With advances in Steganography, it is possible
that it could be used as a secure transmission
medium.
Future Illegal Uses
 Criminal Communications
 Automatically extract a hidden message with
minimal user intervention.
 Circumventing network censors
 Porn behind audio or video files which are
undetectable to censors
 Computer Warfare
 Steganographically embedded Viruses
 Free Wallpaper E-mail or audio/video clips
Conclusion
 Steganography may have limited legitimate
uses, with the exception of watermarking due
to the abundance of other techniques.
 Location of some form of Steganography will
need techniques other than statistical profiling
in order to truly decipher steganography on the
web.
 On the other hand, hiding an object in plain
sight could sometimes be the best option.
Credits
 Cole, Eric - Hiding In Plain Sight ; Wiley
Publishing, Inc. 2003
 ISBN: 0-471-44449-9

Steganography 42