Thursday, September 15, 2011

Steganography in depth

 This post was originally shared by www.pcclm.com

 

Steganography is the practice of hiding confidential or sensitive information within something that appears to be nothing out of the usual.Steganography is often confused with cryptography because the two are similar in the way that they both are used to protect important information.

If a someone views the object that the information is hidden inside of  , he or she will have no clue that there is any hidden information in it. As a result the person will not try to decrypt the information/object .That is the beauty of Steganography.

Steganography comes from the Greek words Steganós (Covered) and Graptos (Writing).

How Does It Work?


There are number of ways to hide information in pictures,audio and video using Steganography.Some the most common methods include are
LSB and Injection.

LSB Method of bit substitution

Some files usually have some bytes which are of no use or least importance. These bytes of the file can be filled with information to be hidden. Replacing these bytes doesn't damage or corrupt the file but might reduce the quality of the file which is not visible to human eye. For example , its very difficult for a human eye to differentiate between two pixels with a slight change in color.

Consider the fact that 1 pixel  = 0.264583333 millimeter (1 mm divided in 5 equal parts then 1 part is approx. equal to 1 pixel)  Can our eye find out the difference at this scale ??? propbably no ... and impossible if its an image of a beautiful lady ...


In this method we calculate the color code of each pixel in the RGB format (0-255,0-255,0-255) or directly in binary form (00110011,10011011,10100011)


In the below image we have lot of pixels with color code :

RGB (255,207,206) .. this is the color of the pixels near her nose, eyes and lips.



Lets zoom the image to verify this :


In the above  picture multiple pixels in the red box are same having same RGB code.
Now if we try to replay all pixels with color code RBG (255,207,207) there won't be a difference in the picture as this difference is not visible to human eye. Tell me if you can figure color change in the  below color codes :



206 = 11001110        207 = 11001111


Its Impossible for your eyes to distinguish the above two colors as 2 different colors. That's the catch where Steganography comes into picture. Just replace the colors which means you have now added new data to the picture. For example 11001110 and 11001111  can be two different shades of red, but since it is only the last bit that differs between the two, it is impossible to see the color difference.


So if you want to hide the letter  " I " in this image , find out the binary value for I which is 01001001.As a result the last bit of first 8 pixels in the picture is replaced with the corresponding bit from the letter.Because we replace the last bit we call it Least Significant Bit Steganography.


The LSB method usually does not increase the file size, but depending on the size of the

information that is to be hidden inside the file, the file can become noticeably distorted.

Injection based Steganography


Injection is quite a simple method which simply involves directly injecting the secret information

into the carrier file.
The main problem with this method is that it can significantly increase the size of the carrier file.

Steganography In Images


When hiding information inside images the LSB (Least Significant Byte) method is usually used.

For the computer an image file is nothing but a file with different colors/shades and intensities of light on different parts/areas of an image.24 Bit BMP (Bitmap) image is the best type of image file to hide information inside it.The reason being it is the largest type of file and of the highest quality. When an image is of high quality and resolution , its much easier to hide and mask information inside it.

Although 24 Bit images are best for hiding information inside of due to their size some people

may choose to use 8 Bit BMP’s or possibly another image format such as GIF, the reason being
is that posting of large images on the internet may arouse suspicion.
It is important to remember that if you hide information inside of an image file and that file is
converted to another image format, it is most likely the hidden information inside will be lost.

Steganography In Audio


While hiding information in an Audio file , usually low bit encoding is used which is very much similar to LSB based steganography which is generally used in Images.However the problem with low bit encoding is that it is sometimes noticeable to the human ear, hence a risky method for someone to use if they are trying to hide their top secrets/information in an audio file. Spread Spectrum is another method used to conceal information inside of an audio file.This method works by adding random noises to the signal the information is conceal inside a carrier and spread across the frequency spectrum.


Echo data hiding is another method of hiding confidential data in an audio file.This method uses the echoes in sound files in order to try and hide information.By simply adding extra sound to an echo inside an audio file, information can be concealed.The thing that makes this method of concealing information inside of audio files better than other methods is that it can actually improve the sound of the audio inside an audio file.


Steganography In Video


Steganography in Videos is similar to that of Steganography in Images, apart from information is

hidden in each frame of video.


Different Algorithms used for Information Hiding :


    


Steganography Detection Hardware Appliance

The art of detecting hidden messages in digital media like images , audio or video is known as Steganalysis.The goal of Steganalysis is to identify / detect suspected files and determine any secret or confidential information is hidden in them and if possible recover the information.

There are hundreds of stego applications available on Internet free of cost or as trial softwares. Most  of these applications take advantage of "image noise" in an image file, such as a typical JPG.Image noise is most apparent in image regions with low signal level, such as shadow regions. Application like JPGHide can be used to store information in these low bit regions of the image that are undetectable to the human eye. For example, picture of a sunset is not very clear but has lots of shadow regions. This suspects that it could easily contain store a secret message or another image entirely.

Most Data Leakage Prevention (DLP) solutions in the market provide a wide range of security applications and threat detection , but none of them provide detecting steganography in files flowing  inbound and outbound on the corporate firewall. Sensitive data loss is of utmost concern to a corporate management.

" Backbone Security - Steganography Analysis and Research Center (SARC) " is the first ever organization to provide a hardware appliance for steganalysis.The appliance is named as StegAlyzerRTS - Steganography Analyzer Real-Time Scanner. Its the world's first commercially available network security appliance capable of detecting digital steganography and its use in real-time network.


Detecting steganography here implies finding the signature or patterns that a steganoraphy application has created in a file used for hiding information. This is very much similar to detecting a virus signature in a file.

StegAlyzerRTS detects steganography by comparing the file fingerprints, or hash values, to a database of known file, or artifact, hash values associated with over 900 steganography applications .StegAlyzerRTS detects the theft of confidential information hidden inside other files which are then sent to an external recipient as an e-mail attachment or posted on a publicly accessible web site.

Some of the key-features of StegAlyzerRTS are :
 * Detect fingerprints of over 900 steganography applications
 * Detect signatures of over 55 steganography applications
 * Send real-time alerts to network security administrators
 * Retain copies of suspect files for further analysis
 * Does not impact network performance
 * Available in 100 Mbps and 1 Gbps throughput models

Why to buy StegAlyzerRTS ?

As the usage of computers by criminals increase , it will add up more to the rate of cyber crime compared to terrestrial/physical crime.Let’s define a cyber criminal as any human being who uses a computer to violate laws.

If only 1% of the estimated 2 billion Internet users were using steganography to steal sensitive information, that would be approximately 20 million cyber criminals. Now if from these 20 million cyber criminals about 1% are using steganography to steal information , it would count to 20,000 insiders , who could steal confidential data without ever being caught.Thus the StegAlyzerRTS is to detect such criminals who would steal and sell company's Intellectual Property which is the real asset of the company.

StegAlyzerRTS is the world’s first content-aware data loss prevention (DLP) technology capable of detecting digital steganography in real-time. According to Gartner, “Content-aware DLP technologies are becoming more mainstream in North America, Europe, and Asia.”

Reference : Internet World Stats, Usage and Population Statistics,
http://www.internetworldstats.com/stats.htm

0 comments:

Post a Comment