Steganography- Hiding Information in Images..!!!

An image file is merely a binary file containing a binary representation of the color or light intensity of each picture element (pixel) comprising the image.

Images typically use either 8-bit or 24-bit color. When using 8-bit color, there is a definition of up to 256 colors forming a palette for this image, each color denoted by an 8-bit value. A 24-bit color scheme, as the term suggests, uses 24 bits per pixel and provides a much better set of colors as many as 2^(8*3) = 16777216. In this case, each pixel is represented by three bytes, each byte representing the intensity of the three primary colors red, green, and blue (RGB), respectively. The HTML format for indicating colors in a Web page often uses a 24-bit format employing six hexadecimal digits, each pair representing the amount of red, blue, and green, respectively. The color range, for example, would be displayed with red set to 100% (decimal 255, hex FF), green set to 50% (decimal 127, hex 7F), and no blue (0), so we would use "#FF7F00" in the HTML code. Though human eye is very sensitive, such an extreme variety of colors cannot be distinguished. The color change of a pixel is not visible if the LSBs of the color bytes are changed. (In fact the average number of changes affects half of the color bytes only)

The size of an image file, then, is directly related to the number of pixels and the granularity of the color definition. A typical 640x480 pix image using a palette of 256 colors would require a file about 307 KB in size (640 * 480 bytes), whereas a 1024x768 pix high-resolution 24-bit color image would result in a 2.36 MB file (1024 * 768 * 3 bytes).

A number of compression schemes (BMP, GIF, JPEG file types) have been developed over time, for reducing the size of image files, though all are not equally suited to Steganography.

The JPEG files uses lossy compression (means that the expanded image is very nearly the same as the original but not an exact duplicate). While the GIF and 8-bit BMP files employs what is known as lossless compression (which allows the software to exactly reconstruct the original image). While both methods allow computers to save storage space, lossless compression is much better suited to applications where the integrity of the original information must be maintained, such as steganography. While JPEG can be used for stego applications, it is more common to embed data in GIF or BMP files.

The simplest approach to hiding data within an image file is called least significant bit (LSB) insertion. In this method, we can take the binary representation of the hidden data and overwrite the LSB of each byte within the cover image. Take for example a True-Color BMP image file format. A color of pixel is coded in 3 byte array of indices to RGB palette. If you change only LSB bit in each color element, then the picture will seem still the same, but is not. It carries hidden information. A picture with size 120x100 pixels can hold approximately up to 4500B of hidden data, if this method is used. Now, the RGB value of a single pixel (shown at the exact point in the image) is “403728” hexadecimal.

We can embed number 6 (binary 110) by making just one change in the LSB.

RGB:    binary representation

40 à 0100 0000(change)à 0100 0001

37 à 0011 0111(hold)  à 0011 0111

28 à 0010 1000(hold)  à 0010 1000

This description is meant only as a high-level overview. Similar methods can be applied to 8-bit color but the changes, as the reader might imagine, are more dramatic. Gray-scale images, too, are very useful for steganographic purposes. One potential problem with any of these methods is that they can be found by an adversary who is looking. In addition, there are other methods besides LSB insertion with which to insert hidden information.

Let me demonstrate this by the use of steganographic tool, I have shown an original picture and the same picture containing this whole article (without cryptography) as the hidden message, using Quick Stego software.

Stego Image

Original Image 

Steganography is a fascinating and effective method of hiding data that has been used throughout history. Methods that can be employed to uncover such devious tactics, but the first step are awareness that such methods even exist. Without going into any detail, it is worth mentioning steganalysis, the art of detecting and breaking steganography. One form of this analysis is to examine the color palette of a graphical image. In most images, there will be a unique binary encoding of each individual color. If the image contains hidden data, however, many colors in the palette will have duplicate binary encodings since, for all practical purposes, we can't count the LSB. If the analysis of the color palette of a given file yields many duplicates, we might safely conclude that the file has hidden information.

But what files would you analyze? Suppose I decide to post a hidden message by hiding it in an image file that I post at an auction site on the Internet. The item I am auctioning is real so a lot of people may access the site and download the file; only a few people know that the image has special information that only they can read. And we haven't even discussed hidden data inside audio files! Indeed, the quantity of potential cover files makes steganalysis a Herculean task.

There are many good reasons as well to use this type of data hiding, including watermarking (for copy right protection) or a more secure central storage method for such things as passwords, or key processes. Regardless, the technology is easy to use and difficult to detect. The more that you know about its features and functionality, the more ahead you will be in the game. I will be discussing on audio and video steganography and steganalysis  next time.

Steganography- Hiding Information in Text..!!!

Now let us discuss various methods for hiding information using different covers:

Hiding Methods in WW2 (World War 2) :

In WW2 the hardly visible dots (microdot technology) still were used to denote the selected letters in a Newspaper. For example, many soldiers tried to send home hidden messages that way, but the method was well known by the censors. (If they cannot discover the hiding method, they mixed the words at least or put the stamp in another position, etc.)

Null ciphers (unencrypted messages) :

“Apparently neutral's protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by products, ejecting suets and vegetable oils.”

Sent by a German Spy in WWII, by taking the second letter in each word the following message emerges: Pershing sails from NY June 1.

Denoting some way the letters of the carrier text to hide a secret message in it. For example,

•    Microdot Technology : Shrinking messages down to the size of a dot became a popular method. Since the microdot could be placed at the end of a sentence or above a ‘j’ or an ‘i’.
•  Hardly visible dislocation of the selected letters.
•  Very little modification of the shapes of selected fonts.

Advantages :

•  Methods when the hidden information is carried by the appearance of the text, (not only the text file.)
• Such a way the printed or copied text also carries the hidden information. (E.g. a confidential circular letter.)

Disadvantages :

•  This makes difficult to select out the appropriate letters by a computer.
• The printing/copying/scanning processes bring additional problems to revoke the hidden text.

Marking the selected letters in the covering text by another ways : 

Each font in the text occupies a standard area. That area is not necessarily the same for each font. For example, the letter ‘m’ is generally wider than the letter ‘i’. (Proportional vs. fix font size.) Any letter could be moved or modified a bit within its standard font area. Such way particular letters of a carrier text could be marked. The marked letters can be selected out of the text by an appropriate program. (The text could be photocopied as well.)

Moving the selected fonts : 

Text processors, like Word, WordPerfect and Desktop publishing softwares, like Adobe’s PageMaker, FrameMaker, of ‘wysiwyg’ (what you see is what you get) generally cannot move the selected fonts. “Programmable” text processors (like LateX) are able to move the selected fonts. Such application needs a separate selecting program which is able to accept picture files as well. (E.g. scanned or copied texts). This is not a simple job and the addressee must have it in advance. The character recognizer software looses such hidden information.

Modifying fonts : 

This can be done by increasing the length of vertical lines in some of the characters like (b,d,h,k,l,p,q)  with the small amount is not prominent. This also may carry information. Arabic writing allows many decorative variations of the letters in a text, which may be used to mark selected letters.

Method for hiding the coded information into text : 


In this method, at the ends of rows we may insert extra spaces. Each space at a row-end may represent a single bit. (Max 3 spaces, for more than 3 could be conspicuous.) In an A4 page there are 50 rows and altogether 50x3 bit= 150 bits (less than 20 bytes) could be hidden such a way. This method can resist compression.

• One has to read the first letters of words preceded by double spaces.
• Modifying the font sizes or spaces.

Modifying the structure of text : 

In this method, synonyms of some words can be used instead of the original word, or changing the linguistic structure of the text (applicable in most cases). This method can be used to hide information. Revocation the hidden information the original text (like a key) is needed. Very small amount of information can be hidden that way.

History of Steganography

Steganography ancient origins can be traced back to,

• Herodotus, about 450 A.D., who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians.

• Demeratus sent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax.

• Aineas Taktikosz : Poliokretika (360 A.D.). Every nth letter of a plaintext had to be read, or nth letters of the words.

• Passing through a thread on holes of a pottery disc whose holes are meant different letters greed in advance.

• Letters on a certain page of a book signed by hardly visible dots. It is applicable for newspapers or letters as well.

• Sewing into clothes, shoes, collar of a dog, rein of a horse, or anything else.

• Writing it onto a blown bladder of a cow, then compressing the bladder.

• Writing between the rows of an innocent text by invisible ink.

  Naturally our ancestors applied secret writings as well. They used both substitution and permutation of letters and other codes for light signals.

What is Steganography?

While we are discussing it in terms of computer security, steganography is really nothing new, as it has been around since the times of ancient Rome and Greece. Steganography is taken from Greek words – στεγανός, ‘steganos’ (means covered or protected) and, γράφειν, ‘graphie’ (means to write). Steganography is the art and science of writing hidden messages in such a way that no one apart of the intended recipient knows of the existence of the message. The hidden message can be plain or can be encrypted using any cryptographic techniques to make it double secure. Steganography makes the cipher text invisible to the unauthorized users by the means of cover. Cover for hiding important data can be of the different file formats of the types – text, image, audio or even video files.

The following formula provides a very generic description of the pieces of the steganographic process:

cover_medium + hidden_data + stego_key = stego_medium

In this context, the cover_medium is the file in which we will hide the hidden_data, which may also be encrypted using the stego_key. The resultant file is the stego_medium (which will, of course. be the same type of file as the cover_medium). The cover_medium (and, thus, the stego_medium) are typically text, image, audio or even video files. 

One can ask, what is it good for? Well, imagine the common situation when you encrypt your important business data. Suddenly robbers capture and torture you into revealing cryptographic keys. As well police power may be abused. They ask you to give them the private keys or you are highly suspicious of committing crime. Next, what if the police are bribed? Would not it be better, if you can plausibly deny the existence of important data? The events of September 11, 2001 catapulted awareness of terrorism to the forefront of every mind in every civilized culture in the world. They have also raised interest in the ways that terrorists may have communicated and planed these events. In a USA Today article (2004), it was suggested that terror groups may be using the Internet to pass information using techniques including e-mail, chat rooms, bulletin boards and other web sites. There is also much speculation that these groups may be using technologies like encryption and steganography to help hide their communications.

When Cryptography is not enough, Use STEGANOGRAPHY...!!

INTRODUCTION


What if one day, everything seems to be okay and according to your routine and then just a sms comes on your cell which tells you that you have transferred all your money from your account to some other which you don’t even know…!!! How will you react to that...? You won’t have even imagined such things, right??

Let me give you an example which one of my teacher gave me while studying ‘Security problems’, in Database Management Systems. Once a man who was ex-employee of a well known bank in USA, deduced 1$ from each account and transferred it to his account, 1$ is not a big amount for any costumer and they might not worry about that. But what about that man who did this, he’s going to be rich for no reason, but unfortunately it was not India, and so he got caught soon. 

But you don’t worry, it might not happen with each and every one of you, but you can’t say that you are in totally secured environment when you are on the internet. Security is the major concern in today’s age. Unlike the past, most of the transactions between people take place over the internet. But internet itself is not a secure medium. So, when it comes to sending highly important documents over the internet, an extra precaution has to be taken. In other cases, authenticity of digital data is a big concern. With the widespread usage of the digital media, the demand for the copyright protection has increased manifold as it is evidently seen in the audio record industries. The extra precaution for copyrighting digital media is required here as well.

When it comes to security of digital data, the first thing that comes to our mind is cryptography. But do you know that there is one potential drawback in using cryptographic techniques? Using cryptography we can every well hide data by some powerful algorithm. But it may attract third party (which can try to find the loopholes in your technique), because they know that a secret message is present in the data, as the message itself is the evidence of valuable information. So we need to use something more advanced than cryptography, which must not attract the third party. And that is the technique that you people are going to get familiar with, Steganography.