What is Steganography? – Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data.
Utilizing a graphic image as a cover is the most popular method to conceal the data in files.
Attacker can use steganography to hide message such as list of the compromised servers, source code for the hacking tool, plans for future attacks, etc.
What is Steganography?
One of the shortcomings of various detection programs is their primary focus on streaming text data. What if an attacker bypasses normal surveilance techniques and steals of transmits sensitive data? In a typical situation, after an attacker manages to get inside a firm as a temporary or contract employee, he surreptitiously seeks out sensitive information.
While the organization may have a policy that does not allow removable electronic equipment in the facility, a determined attacker can still find ways to do so using techniques such as steganography.
Steganography refers to the art of hiding data “behind” other data withour the target’s knowledge. Thus. Steganography hides the existence of the message. It replaces bits of unused data into the usual files such as graphic, sound, text, audio, video, etc. with some other surreptitious bits. The hidden data can be plaintext or cipher text, or it can be an image.
Utilizing a graphic image as a cover is the most popular method to conceal the data in files. Unlike encryption, detection of steganography is not easy. Thus steganography techniques tempt attackers to use it for malicious purposes.
For example, attackers can hide a keylogger inside a legitimate image; so when the victim clicks on the image, the keylogger captures the victim’s keystrokes.
Attackers also use steganography to hide information when encryption is not feasible. In terms of security, it hides the file in an encrypted format, so that even if the attacker decrypts it, the message will remain hidden. Attacker can insert information such : source code for a hacking tool, list of compromised servers, plans for future attacks, communication and coordination channel, etc.
Classification of Steganography
Steganography is classified into two areas, according to technique: technical and linguistic. Technical steganography hides a message using scientific methods, whereas linguistic steganography hides it in a carrier; the specific medium used to communicate or transfer messages or files. The steganography medium is the combination of hidden message, carrier, and steganography key.
What is Steganography?
Technical steganography uses invisible ink, microdots, and other means, using physical or chemical methods to hide the message’s existence. It is almost difficult to categorize all the methods by which these goals are achieved, but some of these include:
- Invisible Ink – Invisible ink, or “security ink” is one of the methods of technical steganography. It is used for invisible writing with colorless liquids and can later be made visible by certain pre-negotiated manipulations such as lighting or heating. For example, if you use onion juice and milk to write a message, the writing will be invisible, but whn heat is applied, it turns brown and the message becomes visible. Applications of Invisible ink:
- Used in espionage
- Property marking
- Hand stamping for venue re-admission
- Marking for the purpose of identification in manufacturing
- Microdots – A microdot is text or an image considerbly condensed in size (with the help of a reverse microscope), up to one page in a single dot, to avoid detection by unintended recipients. Microdots are usually circular, about one milimeter in diameter, but are changeable into different shapes and sizes.
- Computer-Based Methods – A computer-based method makes changes to digital carriers to embed information foreign to the native carrier. Communication of such information occurs in the form of text, binary files, disk and storage devices, and network traffic and protocols, and can alter the software, speech, pictures, videos or any other digitally reprensented code for transmission.
Computer-Based Steganography Techniques
Classification of steganography techniques includes six groups, according to the cover modifications applied in the embedding process. They are:
- Substitution Techniques: In this technique, the attacker tries to encode secret information by substituting the insignificant bits with the secret message. If the reciever has the knowledge of the places where the attacker embeds secrets information, then she/he can extract the secret message.
- Transform Domain Techniques: The transform domain technique of steganography hides the information in significant parts of the cover image such as cropping, compression, and some other image processing areas. This makes it tougher for attacks. One can apply the transformations to blocks of images or over the entire image.
- Spread Spectrum techniques : This technique is less susceptible to interception and jamming. In this technique, communication siganals occupy more bandwidth that required to send the information. The sender increases the band spread by means of code (independent of data), and the reciever use a synchronized recrption with the code to recover the information from the spread spectrum data.
- Stastical Techniques : this technique utilize the existence of “1-bit” steganography schemes by modifying the cover in such a way that, when transmission of a “1” occurs, some of the statistical characterstics change significantly. In other cases, the cover remains unchanged, to distinguish between the modified and unmodified covers. the theory of hypothesis from mathematical stastics helps in extraction.
- Distortion Techniques : In this technique, user implements a sequence of modification to the cover in order to get a stego-object. the sequence of modifications is such that it reprensents the transformation of a specific message. The decoding process in this techniques requires knowledge about the original cover. The receiver of the message can measure the differences between the original cover and the received cover to reconstruct the sequence of modifications.
- Cover Generation Techniques : In This techniques, the development of digital objects is to cover secret communication. When this information is encoded, it ensures the creation of a cover for secret communication.
What is Steganography?
This type steganography hides the message in the carrier another file. Further classification of liguistic steganography includes Semagrams and Open codes.
- Semagrams – Semagrams involve the steganography technique that hides information with the help of signs or symbols. In this technique, the user embeds some objects or symbols in the data to change the appearance of data to a predetermined meaning. The classification of semagrams is as follows:
- Visual Semagrams : This technique of steganography hides information in drawing, painting, letter, music or a symbol.
- Text Semagrams : A text semagrams hides the text message by converting or transforming its look and apperance of the carrier text message, such as changing font sizes and styles, adding extra spaces as white space in the document, and different flourishes in letters or handwritten text.
- Open Codes – Open code hides the secret message in a legitimate carrier message specifically designed in a pattern on a document that is unclear to the average reader. the carrier message, sometimes also known as the overt communication and the secret message, is the covert communication. The open code technique consists of two main groups: Jargon codes and covered ciphers.
- Jargon Codes : In this type of steganography, a certain language is used that can be understood by a particular group of people for whom it is addressed, while being meaningless to others. A jargon message is like a substitution cipher in many respects, but instead of replacing individual letters, the words themeselves are changed. And example of the jargon code is “cue” code. a cue is a word that appears in text and then transports the message.
- Covered Ciphers : the technique hides the message in a carrier medium visible to everyone. This type of message can be extracted by any person with knowledge of the method used to hide it . Further calssification of covers ciphers includes null ciphers and grille ciphers.
- Null ciphers : A technique used to hide the message with a large amount of useless data. Mix the orginal data with the unused data in any order diagonally, vertically, or reverse so that no one can understand it other that those who know the order
- Grille Ciphers : A technique used to encrypt plaintext writing it onto a sheet of paper through a pierced sheet of paper or cardboard or any other similar material. In this technique, one can decipher a message using an identical grille. this system is thus difficult to crack and decipher, as only someone with the correct grille would be able to decipher the hidden message.
For More Hacking Content Click Here