April 13th, 2003, 05:45 PM
Steganography article on SecurityFocus
There is a new article on SecurityFocus that provides a pretty good basic introduction and overview into what steganography is and how it works.
I am no steganography expert so I can't speak to the validity of this statement:
While we are discussing it in terms of computer security, steganography is really nothing new, as it has been around since the times of ancient Rome. For example, in ancient Rome and Greece, text was traditionally written on wax that was poured on top of stone tablets. If the sender of the information wanted to obscure the message - for purposes of military intelligence, for instance - they would use steganography: the wax would be scraped off and the message would be inscribed or written directly on the tablet, wax would then be poured on top of the message, thereby obscuring not just its meaning but its very existence
Is that accurate? Are there no tools or techniques currently to detect information hidden using steganography? If so, why? Is it not possible, or has it just not caught on yet? Could this be an area for security firms to jump on as the next big wave in security?
Unfortunately, all of the methods mentioned above can also be used to hide illicit, unauthorized or unwanted activity. What can you do to prevent or detect issues with stego? There is no easy answer. If someone has decided to hide their data, they will probably be able to do so fairly easily. The only way to detect steganography is to be actively looking for in specific files, or to get very lucky.
The article also has some links to other steganography information.
April 13th, 2003, 06:37 PM
There are tools on the net that can examine certain files, but basically in order to search for the hidden data you would need an original copy of all the files, then files that are suspected of containing hidden data, not sure if you noticed or not, but those pictures he showed, the one with data hidden in it was 2,000 bytes larger than the original picture, so basically all your doing is comparing an original file size with a suspected altered file size.
Mafia = Organized Crime
Government = Unorganized Crime
April 13th, 2003, 06:45 PM
Thanx for the info. It was very interresting. Good job.
April 13th, 2003, 08:05 PM
Using a good steganography algorithm *and* a reliable source of noise in the original data, you can make it impossible to detect.
Image files aren't that good - they aren't very random, and are often compressed using lossy compression.
WAV files are ideal - 16bit WAV files recorded of *analogue* media (Don't rip CDs) - for instance with an FM tuner card have more than enough noise in to hide 4 bits of covert data per 16 bits of sound.
Also they are usually nice and big.
So record your favourite radio programme from an FM tuner card, and stick your steganographically encrypted stuff in there, with a 4:1 ratio.
Assuming there aren't other weaknesses in your system (that is a BIG) assumption, it is then very difficult to prove that the file contains anything other than radio programme.
It is important that the file is *never* copied. It is important that it comes from an analogue source.
Backing up these encrypted data is an issue, because making a copy of the WAV file won't do. Each and every time you back it up, you must record a new WAV file, and copy the data in there in the same way, and back this new file up, immediately securely deleteing the original afterwards.
In countries like the UK with the RIP act, you also have to take draconian steps to justify the presence of encryption software on your machine, for instance by being prepared to give up the key to a decoy encrypted volume with legitimate data in, if your adversary is the state (or state sponsored)