Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
When people think about Information Security the first word that generally comes mind is "Hacking", but there are many disciplines in security and one of them is called "Steganography", an offshoot of encryption and "data hiding".
The word "steganography" can be divided in two parts: stegano + graphy. "Stegano" comes from the Greek word "steganos" meaning "covered" and "graphy" which comes from the Greek word "graphein" meaning "writing:". Thus, steganography literally means "covered writing".
Steganography is an ancient art of covering messages in a secret way such that only the sender and receiver know the presence of the message. This allows one party to communicate with another party without the third party being aware that communication is occurring. Usually, the data is concealed inside an innocuous cover so that even if a third party discovers the cover, there are no suspicions about the data hiding inside the cover. If the hidden data is detected by a third party the steganography technique fails.
Steganography and cryptography are cousins in the spy craft family. However, cryptographic and steganographic techniques differ from each other. In cryptography, the original message is scrambled (i.e. its original structure is changed in order to make it meaningless). Thus, when an attacker discovers the message it is still difficult for him to get the original message back. Cryptography does not try to hide the message. In steganography, the message is secretly hidden inside a digital file, so there arises no suspicion to the attacker. Steganography does not attempt to scramble the original message but the intent is the same as in cryptography; to protect the original message. Steganography is sometimes combined with cryptography for added protection.
There is something really important about steganography: There must not be any easily perceived change in the file that is hiding the message.
A basic steganographic model is shown in Figure 1. First we need to understand the three blocks in the left of the image:
Once we have this information, we can apply the steganographic method, 'f(X,M,K)'. The output after applying the method is called "Stego-File", denoted with 'Z'.
For recovering the message, we will apply the inverse process using the same Stego-Key used for hiding the message. It is important to mention that the Cover File is not important after obtaining the secret message, so it does not matter if we cannot recover the data we modified for embedding the Message.
Figure 1. Basic Steganographic Model
The Least Significant Bit (LSB) method is a really common and famous steganographic method in which the secret information is hidden in the least significant bits of the image.
There are 2 different LSB steganographic methods: LSB Replacement and LSB Matching.
In LSB Replacement, all we need to do is to change the least significant bit with one bit of the secret message which we want to hide. It is really easy to detect if this method has been used because the algorithm complexity is almost null. In LSB Matching, we will also modify the LSB with one of the bits of the secret message but it uses some probabilistic and statistic operations for spreading the hidden information across the entire the cover file without modifying all the bits that contain part of the secret message.
In steganography, the message to be hidden inside the cover–media must consider the following features.
Figure 2. a) Image without any modification. B) Image after using steganography
In the end, any application of strong steganography must ensure that the above features are satisfied, in other words they must ensure better perceptual transparency, robustness and tamper–resistance so that the integrity of the original work is maintained.
I hope that after this small introduction of steganography you can understand a little more about this field. If you have any question about this topic please post a comment below.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.