Archive for Steganography

Practical Privacy Guide:Steganography

{ May 12, 2008 @ 4:13 pm } · { Steganography }
{ Leave a Comment }

When the Greek tyrant Histiaeus was held as a virtual prisoner of king Darius in Susa in the 5th century BCE, he had to send a secret message to his son-in-law Aristagoras to the Anatolian city of Miletus. Histiaeus shaved the head of a slave and tattooed a message on his scalp. When the slave’s hair had grown long enough he was dispatched to Miletus. That’s how Herodotus describes one of the first cases of using steganography in the ancient world, the art of covered writing.

As the art developed it eventually became a science that has been helping people throughout the ages to disguise the very fact of information transmission. Ancient Romans used to write between lines using invisible ink based on various natural substances such as fruit juices, urine, and milk. Their experience was not forgotten: even nowadays children play spies and write secret messages that appear only when heated.

During the World War II the Germans developed the microdot. A secret message was photographically reduced to the size of a period, and affixed as the dot for the letter ‘i’ or other punctuation on a paper containing a written message. Microdots permitted the transmission of large amounts of printed data, including technical drawings, and the fact of the transmission was effectively hidden.

The wide usage of steganography during the war and the atmosphere of suspiciousness caused the institution of many restrictions that seem very funny today. In USA banned in advance were the international mailing of postal chess games, knitting instructions, newspaper clippings, children’s drawings. It was also illegal to send cables ordering that specific types of flowers be delivered on a specific date, and eventually all international flower orders were banned by the US and British governments. In the USSR all international mailings were screened in attempt to detect any hostile activities.

The rapid progress of computer technology made all these restrictions obsolete. Nowadays everyone can make use of the advantages steganography can offer as a tool for hidden data transmission as well as for copyright protection. You can find more information on steganography on this site. Here we’ll take a brief look at how steganography can help us protect our privacy.

Steganographic Software
Computer steganography is based on two principles. The first one is that the files that contain digitized images or sound can be altered to a certain extend without loosing their functionality unlike other types of data that have to be exact in order to function properly. The other principle deals with the human inability to distinguish minor changes in image color or sound quality, which is especially easy to make use of in objects that contain redundant information, be it 16-bit sound, 8-bit or even better 24-bit image. Speaking of images, changing the value of the least significant bit of the pixel color won’t result in any perceivable change of that color.

One of the best and most widely spread steganographic product for Windows95/98/NT is S-Tools (check this site for a huge list of steganograhic products and download links). This freeware program lets you hide files of any type in .gif and .bmp images as well as in .wav sounds. Moreover, S-Tools is actually a steganographic and cryptographic product in one, because the file to be hidden is encrypted using one of the symmetric key algorithms: DES (it’s time has gone), Triple DES, and IDEA – the latter ones are very secure as of today. Working with the program is fun! You just drag the carrier file into the program window, then you drag the file you want to hide, choose an algorithm and a password, and here we go!

One can tell the difference between the clean and the loaded file only by comparing them, so if you look at the resulting file only, it looks totally innocent. For better security it is recommended that one uses images with many halftones and preferably unknown to the public because minor changes in them will not be noticed. Using Henri Matisse’s The Dance is not a very good idea, because everyone (at least in our old good intellectual Europe) knows what it looks like, besides there are large spots of the same color. Try using your dog’s photo. Let’s have a look at what we can do with this program:

 

Image 1 Image 2
Sound 1 Sound 2

The left image in the first row (8.9K) contains no hidden data while the right one (11.2K) contains about 5K of password-protected text. In the second row the left sound file (4.6K) is also empty, while the right file contains 0.5K of text (the file size remained the same). Amazing, isn’t it? Almost no distinctions. The ratio of the image file size and the text file size to be hidden depends on the image. Sometimes the maximum allowed text file size is even higher than the image size. Anyway, even if someone suspects that you are hiding something it’s no help: without the password one cannot tell if an image has been processed by S-Tools.

Another good steganographic product is Steganos Security Suite (shareware). Unlike S-Tools it comprises a set of security tools including virtual encrypted drive, Internet Trace Destructor, clipboard encryption utility, shredder and several others. Steganos Security Suite employs AES and Blowfish encryption algorithms and is capable of hiding data in .bmp and .wav files after either finding them on your hard drive or creating them. As you surf the net your computer stores information about web sites that you visited, thus allowing other persons to trace your internet activities. The Internet Trace Destructor included into Steganos Suite can erase traces of your internet activities from your computer. Besides Steganos adds an option of sending files from your hard drive to the shredder which makes it impossible to recover them. Hey spies, get to the job!

A good file encryption utility with steganographic capabilities is Scramdisk. It is designed to create virtual encrypted drives and has an option to create a virtual drive out of .wav file and hide data inside it. The size of the encrypted partition varies between 25 and 50 percent of the original file size. The best thing about this program is that without knowing the pass-phrase it is not possible to prove that the file contains additional data.

Digital Watermarking
Speaking of commercial steganographic applications we should definitely mention digital watermarking which is a special technique of creating invisible digital marks in images and audio files that carry copyright information. These marks can be detected by special programs that can derive a lot of useful information from the watermark: when the file was created, who holds the copyright, how to contact the author etc. As you know tons of copyrighted material are reproduced , i.e. stolen on the Net every day so this technology might be useful if you are a designer.

There are many companies on the Net that sell watermarking products. One of the leaders is Digimarc that claims to have distributed over a million copies of its software. They offer a free download of PictureMarc which is a plug-in for Photoshop and CorelDraw, or stand-alone ReadMarc. Once you download and install it, you just open a file and read hidden watermarks embedded in it (if any). For those who want to go further Digimarc offers individual Creator ID (free for 1 year) that allows to embed watermarks in your own images before you put them on the Web. I believe many customers including designers, photographers and online galleries do it. Playboy magazine does it too. And then corporate users are offered to download MarcSpider that crawls the Web looking through all images and reports any unauthorized reproduction of them. Although in case of Playboy I can hardly believe anyone would put their photos on a site for commercial purposes because they can only attract schoolchildren…Anyway, it’s up to them.

So it looks like the golden age of integrity is coming: authors no longer suffer from thefts, thieves take cameras, brushes, mice in their hands and start creating beautiful artworks themselves… but no! In spite of the manufacturers’ claims watermarking didn’t prove to be robust enough. Watremarks can survive a lot of things: brightness and contrast adjustments, applying special filters and even printing and scanning, but they cannot survive the manipulations of special programs such as StirMark and UnZign that appeared on the Net soon after the new technology was introduced. Apparently these tools are not targeted against any specific steganographic algorithm, they are rather benchmarks that help customers choose the most robust watermarking software. And the conclusion they lead us to is: as of today all watermarks can be destroyed without significant loss in picture quality.

“Well, now what?” the reader might ask. I don’t know. Probably the algorithms will become more complicated or new image file formats will emerge. But any engineering entails reverse engineering, infinitely continuing the spiral of the technological progress. As it was written in my favorite book:

“What are your plans now?”
“My plans are whatever happens.”

 

Back to index

This Privacy Guide was originally written by Mr.Byte in 1997-1998.

INFOSYSSEC

{ April 28, 2008 @ 3:42 pm } · { Steganography }
{ Leave a Comment }

The Security Portal for Information System Security Professionals

 INFOSYSSEC

Slashdot /.News for Nerds.Stuff That matters

{ April 28, 2008 @ 3:37 pm } · { Steganography }
{ Leave a Comment }

THE Rise of Steganography

Posted by JonKatz on Tue May 08, 2001 11:30 AM
from the -Here-Come-The-Information-Hiding-Wars dept.
The next major battle between hackers and the Corporate Republic will almost surely involve the relatively unknown fields of steganography and digital watermarking, otherwise known as Information Hiding, a scientific discipline to take very seriously. This is where the big three digital policy issues — privacy, security and copyright — all collide head-on with corporatism. If they hated Napster, they’ll really go nuts over rapidly evolving research into how to hide data inside data. (Read more.)

The engineers and nerds who still run the Tech Nation generally keep their noses to the grindstone. They’re disinclined to ponder the long view when it comes to developing new technology, preparing for the many public-policy issues surrounding the things they create.

And policy and technology collide all the time, from the building of the Interstate Highway to the space program to the Net. Three particular hot points emerge, when it comes to civics and technology: security, privacy and intellectual property. Naturally, there’s very little rational public or media discussion of any of them, beyond hysteria about violence, cracking, theft and porn.

Steganography is the means by which two or more parties may communicate using invisible communications — even the act of communicating is disguised. This sort of Information hiding — as opposed to traditional cryptography — could upend conventional wisdom about copyright, intellectual property and control of data online. The very idea of digital information hiding is almost bitterly ironic: The Net is the most open information culture ever, yet encroachments by corporatism and government are spawning an entire movement and discipline devoted to new techniques for hiding rather than opening data.

Some parties already understand the import of this struggle. Several weeks ago, academic SDMI (Secure Digital Music Initiative) researchers canceled a presentation they’d planned at the Fourth Information Hiding Workshop in Pittsburgh. The reason: pressure from the Recording Industry of America (RIAA), concerned that the release of data about advances in watermarking would undermine its long, expensive and still largely unsuccessful efforts to shut down free music on the Net.

Last week, Declan McCullagh of Wired News reported from the conference that Microsoft has developed a prototype system that limits unauthorized music playback by embedding a watermark that remains permanently attached to audio files. (Note: A conventional watermark is a normally invisible pressure mark in expensive paper which can be seen only when the paper is held up to a strong light. Digital watermarks are embedded in computer files as a pattern of bits which appear to be part of the file and are not noticeable to the user. These patterns can be used to detect unauthorized copies.)

During a security panel, reported McCullagh, a Microsoft research scientist demonstrated how the hidden copyright infringement fingerprint is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded. If the recording industry begins to include watermarks in its song files, Windows would refuse to play copyrighted music that was obtained illegally (as defined by the Digital Millenium Copyright Act, written by corporate lobbyists, enthusiastically passed by a Congress besotted with corporate money, and signed by a pliant President Clinton two years ago).

Every few years, the war over control of information online seems to escalate. Cryptography suddenly became critical when businesses started to buy and build networked computer systems and people began exchanging money online. Viruses and other epidemics gained widespread national attention once substantial numbers of computer users began trading programs. When the Net exploded, manufacturing firewalls became an industry.

Now the digerati are making a lot of noise about collaborative filtering and blocking and discussions systems, from weblogs to blogs to other peer-to-peer systems, but steganography is a vastly more significant development. Information Hiding, driven by the most significant policy issues of the Digital Age — privacy, copyright protection and state surveillance — is the battleground. It comes as the stakes rise in the conflict between proprietary and open information systems.

This week, according to the New York Times, Microsoft will unveil a broad campaign to counter the open source and free software movements, arguing that it undermines the intellectual property of nations and businesses. The campaign, says John Markoff in the Times, is part of Microsoft’s new effort to raise questions about the limits of innovation in open-source approach, to advance the idea that companies who embrace open source are putting their intellectual property at risk. In this context, as the battle lines around content and property become clear, the role of Information Hiding grows more critical.

During much of its growth, the Net escaped the attention of government and politics. That’s hardly the case now. Federal law enforcement agencies want the right to track information online. Businesses are terrified about the rise in free and shared data. In the Corporate Republic, business and government both grasp the essence of copyright, security and privacy issues. The war over free music has, almost from the first, been the aspect of this Information Age conflict most visible to the public, a testing ground for new technologies and applications that bring new threats and spark the reinvention of new protection philosophies and mechanisms.

Corporate lobbyists have successfully advanced the idea — via an expensive, sophisticated media and political campaign — that new laws and initiatives (from the SDMI to the Sonny Bono Copyright Act to the Digital Millenium Copyright Act) — are necessary to protect intellectual property from pirates online. It’s not so simple. These laws, some horrific in their impact on free speech and the fluid movements of creative works, primarily protect corporate revenues, not intellectual freedom or the rights of creators and artists.

Hiding information in modern media, sometimes in plain sight, has cropped up in music and DVD battles, especially regarding DeCSS, the program developed to allow the descrambling of DVD movies. (The writers of the program reverse-engineered the CSS scrambling methods that the Motion Picture Association of America uses to prevent DVD’s from playing on unlicensed player.)

There’s little published material about steganography, and what has been written costs a fortune. Information Hiding: Techniques for Steganography and Digital Watermarking edited by Stefan Katzenbeisse and Fabien A.P. Petitcolas, published by Artech House, costs nearly $100. But for anyone whose future work in the future involves information, privacy, security or copyright, you couldn’t spend the money more wisely. Steganography manuals may be essential tools of the hacker nation in the coming years, as they fend off corporate and government regulations and intrusions.

The book provides an authorative overview of steganography and digital watermarking. Steganography, the book explains, studies ways to make communication invisible by hiding secrets in innocuous messages, whereas watermarking originates from the perceived need for copyright protection of digital media.

Until recently, traditional cryptography received much more attention in the tech world, but that’s changing quickly. The first academic conference on stenography took place in l996, driven by concern over copyright and the growing corporate panic over the ease of making perfect digital copies of audio, video and other works. Katzenbeisse and Petitcolas have assembled reports that describe the new field of information hiding and its many possible applications, and describes watermarking systems and digital fingerprinting. The book also talks about the increasingly complex legal implications of copyright.

Anyone interested in the future of open media, or in issues related to privacy, copyright or security, will be particularly mesmerized by the chapter “Fingerprinting,” written by John-Hyeon Lee. In this context, “fingerprints” are characteristics of an object that tend to distinguish it from similiar objects. The primary application of digital fingerprints is copyright protection. The techniques Lee describes don’t prevent users from copying data or works, but they enable owners to track down users distributing them illegally.

Since corporate lobbyists have re-defined what is and isn’t legal when it comes to copyright in the 21st Century, this kind of fingerprinting has stunning civil liberties implications. This technology goes well beyond the software programs tracking Web use and pages; it gives governments, lawyers and corporations a way to follow and identify, thus control, almost every kind of digitally transmitted information. Fingerprints can also be used for high speed searching.

“Fingerprinting,” writes Lee, “is not designed to reveal the exact relationship between the copyrighted product and the product owner unless he or she violates its legal use. Compared with cryptography, this property may look incomplete and imprecise, but it may appeal to users and markets.” It sure will.

Fingerprinting may not be designed to reveal relationships between copyrighted products and owners, but there’s no reason it wouldn’t be used for that purpose. That seems inevitable given the high priority billion dollar media and entertainment conglomerates have put on enforcing copyright online.

Information hiding arises against a backdrop of growing confusion and confrontation about security and copyright, which has no global standard. In China, intellectual property is owned by the state. In the United States, copyright is being redefined by corporatists to grant businesses total contol over ideas in perpetuity, a perversion of the original American idea, which was to give creators and the public both acess to intellectual property, never intended to fall exclusively and in perpetuity into private hands. How can these legal and technical applicatiions be handled rationally, let alone democratically, when every country that hosts the Net sets different standards for privacy and security?

Different cultures not only have radically different notions about copyright, but view culture itself very differently. What the United States considers pornographic might be perfectly acceptable in saner countries like Holland or Finland. Conversely, what is protected as free speech here isn’t protected at all in much of the world.

So Information Hiding becomes politically important, as well as technologically central. Steganographers may ultimately decide whether movements like open source and free software can prosper and grow in the face of well-funded and organized attacks by corporations like Microsoft and industries like the record companies. They may give music lovers a way to defy powerful corporations and retain the right of access to the culture they’ve experienced freely for years. They may preserve the idea of security against state surveillance, intrusive educational systems, or even the private businesses forever collecting personal data.

It’s not a huge stretch to say that steganographers may determine whether the Net — and much of the data that moves through it — stays free or not. All the more important to understand what they do.

QuickStudy: Steganography: Hidden Data

{ April 9, 2008 @ 1:21 pm } · { Steganography }
{ Leave a Comment }

:: Bismillahirrahmanirrahim ::

June 10, 2002 (Computerworld) — An engineering firm suspected that an insider was transmitting valuable intellectual property out of its network. When Seattle-based forensics consulting firm Electronic Evidence Discovery Inc. (EED) investigated the case in June 2000, it couldn’t find the evidence on the local hard drive. After checking mail logs, however, investigators found the smoking gun: two e-mails with harmless-looking image attachments sent by an engineer. Turns out, the images were hiding two of the company’s most precious engineering specifications.

The technique used to hide the specifications inside image files is a high-tech version of a process called steganography, which has been around since the beginning of recorded history, says Sayan Chakraborty, vice president of engineering at Sigaba Corp. in San Mateo, Calif.

During the Roman Empire, he explains, secret information was tattooed on a messenger’s shaved head. When the hair grew back, the messenger was sent out with the secret message on his scalp and a decoy message in hand.

In the IT realm, steganography replaces unneeded bits in image and sound files with secret data. Instead of protecting data the way encryption does, steganography hides the very existence of the data. And it’s undetectable under traditional traffic-pattern analysis.

There are few legitimate uses for steganography, say forensics professionals. And despite reports circulating about terrorists using steganography to communicate secretly, experts doubt that’s the case.

“Most people study steganography either as an academic discipline or a curiosity, but I don’t know if even terrorist groups would actually use it,” says Chakraborty.

Last year, after reading a USA Today article about steganography and terrorism, Neils Provos, a Ph.D. student in computer science at the University of Michigan in Ann Arbor, decided do his dissertation on steganography.

Provos developed detection and cracking tools to analyze images for signs of steganography, such as overly large files and uneven bit mapping. He tested the tools and then used them to compare 2 million images on San Jose-based eBay Inc.‘s Web site, which has been cited as a possible place for posting and retrieving hidden messages. Provos found no cases of steganography.

“Steganography becomes the focus of attention, dies down, and then the public is all over it again,” says Provos. “But it will never be pervasive, because the amount of data you can actually hide in the images is fairly small. And if someone wanted to steal intellectual property, it’d be easier to copy the data on a disk and carry it out in your pocket.”

Even if steganography is present, forensics experts prefer to start by investigating less complex areas. But in some cases, the only evidence might be hidden in image or sound files, so investigators need to be aware of steganography and the tools used to detect and crack it, say experts.

“It’s true that steganography is very little used, but we need to be aware of it when doing almost any forensics analysis,” advises Kenneth Shear, vice president of technology and law at EED.

POSSIBLE USES OF STEGANOGRAPHY DRAWBACKS
Used to combine explanatory information with an image (like doctor’s notes accompanying an X-ray) Could accidentally degrade or render an image misleading
Embedding corrective audio or image data in case corrosion occurs from a poor connection or transmission Could counteract and be counterproductive with the original image
Peer-to-peer private communications Doesn’t hide the fact that an e-mail was sent, negating the purpose of secret communications
Posting secret communications on the Web to avoid transmission Someone else with a steganography detection and cracking tool could expose the message
Copyright protection A form of this already exists, called digital watermarking, but requires use of separate hardware tools because steganographic software can’t use separate hardware tools. Steganographic software also can’t protect the watermark.
Maintaining anonymity Easier to open free Web-based e-mail or use cloaked e-mail
Hiding data on the network in case of a breach Better to understand and effectively use standardized encryption

June 10, 2002 (Computerworld) — Steganography strips less important information from digital content and injects hidden data in its place. This is done over the spectrum of the entire image. Here’s one way it could be implemented:

The following sequence of 24 bits represents a single pixel in an image. Its 3 bytes of color information provide a total of 256 different values for each color (red, green and blue) and thus can represent a total of 16.7 million colors. This particular value displays as a dark green:

How It Works

Now, let’s take 11 of these pixels that represent, say, part of a solid-color background. In the following sequence, the least significant (rightmost) bit of each 8-bit byte has been co-opted to hide a text message—the four characters Aha!—in ASCII binary:

How It Works

Here are the bits behind those 11 pixels:

How It Works

The hidden message occupies 32 of those 264 bits (about 12%) and contains four 8-bit bytes. In the diagram, each maroon or gold box represents a bit that had to be changed to include the hidden message. Notice that only 15 of 264 bits (less than 6%) had to be changed and only eight of the 11 pixels were altered.

The two figures below represent the 11 colored pixels we’ve been manipulating. The figure on the left is the original, unaltered version. The one on the right has been modified, as shown above. Can you see a difference? I can’t either.

How It Works

If instead of 11 pixels we had a 300KB bitmap file, we could accommodate a text message of 36KB, or about 6,000 words.

— Russell Kay

June 10, 2002 (Computerworld)Online Resources
There are about a dozen freeware sites on steganography. But data-hiding instructors at New Technologies Inc. in Gresham, Ore., recommend the Web site of Neil Johnson, IT consultant and associate director at the Center for Secure Information Systems at George Mason University in Fairfax, Va.
Favorite tool: F5 steganography with robust encryption.
Steganalysis tools by Niels Provos, doctoral candidate at the University of Michigan at Ann Arbor, include the following:

  • Stegdetect identifies possible steganographic images based on value distributions
  • Stegbreak, which uses dictionary guessing to break the encoding password
  • In development: self-teaching tools that will understand the common values in image and sound files

Books

Steganography and Digital Watermarking Vendors

Steganography an Introduction

{ April 9, 2008 @ 6:58 am } · { Steganography }
{ Leave a Comment }

:: Bismillahirrahmanirrahim ::

Hmm.. basically i had done this introduction for many times… however, as my supervisor said..” you must master it, starts from the fundamental part” hehe.. therefore, it is not a bored things if it is repetitious.. haha this will sharpen my fundamental in steganography rite?

Okey.. this is some of my research on the sub topic that i need to finish for my proposal “Steganography in many digital media”

what do i found ?

Steganography (literally “covered writing”) is a technique designed to secure a message for transit by hiding that message within another object so that the message is concealed to everyone but the intended recipient.

The word steganography is derived from the Greek words “steganos,” which means covered, and “graphia,” which means “writing”. In contrast, cryptography is about rendering the message (which is typically very noticeable) unintelligible to the unauthorized person. This technique differs from cryptography, which is the technique whereby the message is visible but encrypted to prevent access. Steganographic messages may, or may not be encrypted.

Modern advances in computer, communication, and signal processing have enabled the discovery of more sophisticated techniques of steganography. These advances have broadened steganography’s use to include various types of medium and various forms of information. The developed techniques allow text, audio, video, graphics, or codes to be concealed in printed or electronic documents containing text, graphics, or images. These techniques also let messages be embedded in electronic audio or video files.

When the concealed message is related to the cover media, or when the size of the concealed message is small, the underlying technology is commonly referred to as digital watermarking. Although digital watermarking techniques often focus on reducing the visibility of the hidden message, invisibility is not as critical a requirement in digital watermarking as it is in steganography.

Digital watermarks have been used as a means of hiding steganographic messages in a variety of objects, including media like images, audio, and video. The use of steganography and digital watermarking techniques is not exclusive to their intended applications. A digital watermarking technique can also be used for secret communication of information, and steganography can be used for one of the aforementioned applications of digital watermarking.

For more information on steganography:

source :http://www.digimarc.com/tech/steganography.asp