Steganography By: Brittany Bugg and Makenzie Young December 4, 2007 What is Steganography? The art of writing in code Hiding information by embedding messages within other messages Only the person receiving the message can decode it, but they have to have to the proper code or software to do so. Background Dates back as early as Ancient Rome where they would inscribe messages on stone tablets and then pour wax over it The wax would be scraped off to read the message Mostly used for military intelligence Another method used in ancient Greece, tattooing a message on someone’s head and then allowing their hair to grow back then the receiver of the message would shave their head Chinese used messengers on foot where they would hide messages on silk cased in wax and the messengers sometimes carried it in them Applications for Steganography Hide and Seek (versions 4.1 and 5.0) StegoDos By Colin Maroney Images 320x480 Spreads data throughtout the GIF in a random fashion Also known as Black Wolf’s Picture Encoder Public Domain software by an anonymous person Works with images that are 320x200 with 256 colors Steganos is a LSB embedding system that embeds data into images SecurEngine, an application in which small text files are hidden in larger text files White Noise By Ray Arachelian White Noise Example White Noise was the first software tested that could embed this message (to the left) into the picture above. Other Examples Invisible Ink Can be used in documents or even clothing Fingerprinting Peers communicating Doesn’t stop the fact that there is a message being sent between the peers, which can obviously be detected Chaffing and winnowing Where the recipient receives multiple messages where they can identify the true meaning, but only one of the messages is authentic and the rest are bogus Microdots Where only a microscope can read the message Pros Used for: Watermaking images for copyright protection Example: holding a $20 bill up to the light and seeing a watermark Hidden in images, video files, and audio files Confidentiality of valuable information to prevent theft Cons Unfortunately, steganography can also be used for illegal purposes: Concealing a plan for terroristic threats It is believed that al-Qaeda used steganographic software to communicate plans with each other before the 9-11 attacks, this has not yet been confirmed This is a huge threat to the gorvernment Hiding harmful files Stealing data http://youtube.com/watch?v=ySkhnqdptzs Steganalysis Steganalysis is a way to defeat steganography Stegdetect is a tool used for detecting the content in images. The only con to steganalysis is that steganography cannot always be detected Techniques on attack approach is important depending on what information is available: Steg-only attack: steganographic medium is available Known-carrier attack: the original cover and the medium are available Known message attack: when the hidden message is known Chosen message attack: when the steganalyst knows the message and has access to the steganography tool and can embed and analyze messages Applications for Steganalysis EnCase, by Guidance Software Inc. Ilook Investigator, by Electronic Crimes Program This is an example of a file without embedded text This is an example of a file with embedded text Algorithms Are step-by-step procedures in solving a problem It is used by steganalysts in decoding messages from images where the focus is right now Compare/contrast Stenography defined by dictionary.com, is “a person who specializes in taking dictation in shorthand” Cryptography transforming information into an unreadable format Digital Watermarking When an image is embedded with copyright information Stenography A stenographer should not be confused for a steganographer because they do not conceal messages they write in shorthand coding For example, court reporters They use stenotype machines to type up what the people are saying Type in codes, some reporters actually have a dictionary of codes that consist of common words, phrases, etc. Type up to 300 words per minute, the average is 230 In heated court cases up to 250 words can be said Cryptography Cryptography is transforming information into an unreadable format It is used to protect information such as credit card information, email messages, etc. Unlike steganography, you can tell a message has been encrypted, but in order to decode it you need to have the proper key Cryptanalysis is the code breaking method Digital Watermarking Digital watermarking is a pattern of bits inserted into a picture or file to identify the copyright information. Like steganography, it is meant to be invisible The bits within the image have to be scattered so that they cannot be tampered with or identified The actual watermark also has to be robust enough so that if the image is changed, the watermark is still there. Examples Sources http://www.securityfocus.com/infocus/1684 http://www.braingle.com/brainteasers/codes/steganograp hy.php http://www.outguess.org/detection.php http://palisade.plynt.com/issues/2005May/steganalysis/ http://www.strangehorizons.com/2001/20011008/stegan ography.shtml http://www.webopedia.com/TERM/C/cryptography.html http://www.jjtc.com/stegdoc/index2.html