1. STEGANOGRAPHY
Steganography is a useful tool that allows covert
transmission of information over an overt
communications channel. Combining covert channel
exploitation with the encryption methods of substitution
ciphers and/or one time pad cryptography, steganography
enables the user to transmit information masked inside of
a file in plain view. The hidden data is both difficult to
detect and when combined with known encryption
algorithms, equally difficult to decipher.
This paper provides a general overview of the following
subject areas: historical cases and examples using
steganography, how steganography works, what
steganography software is commercially available and
what data types are supported, what methods and
automated tools are available to aide computer forensic
investigators and information security professionals in
detecting the use of steganography, after detection has
occurred, can the embedded message be reliably
extracted, can the embedded data be separated from the
carrier revealing the original file, and finally, what are
some methods to defeat the use of steganography even if
it cannot be reliably detected.
INTRODUCTION
Within the field of Computer Forensics, investigators
should be aware that steganography can be an effective
means that enables concealed data to be transferred
2. inside of seemingly innocuous carrier files. Knowing
what software applications are commonly available and
how they work gives forensic investigators a greater
probability of detecting, recovering, and eventually
denying access to the data that mischievous individuals
and programs are openly concealing.
Generally speaking, steganography brings science to the
art of hiding information. The purpose of steganography
is to convey a message inside of a conduit of
misrepresentation such that the existence of the message
is both hidden and difficult to recover when discovered.
The word steganography comes from two roots in the
Greek language, “Stegos” meaning hidden / covered / or
roof, and “Graphia” simply meaning writing .
Similar in nature to the slight of hand used in traditional
magic, steganography uses the illusion of normality to
mask the existence of covert activity. The illusion is
manifested through the use of a myriad of forms
including written documents, photographs, paintings,
music, sounds, physical items, and even the human body.
Two parts of the system are required to accomplish the
objective, successful masking of the message and
keeping the key to its location and/or deciphering a
secret.
When categorized within one of the two fundamental
security mechanisms of computer science (cryptographic
protocols and maintaining control of the CPUs
instruction pointer), steganography clearly fits within
cryptography. It closely mirrors common cryptographic
protocols in that the embedded information is revealed in
3. much the same manner as substitution or Bacon cipher
mechanisms .
This paper will highlight some historical examples,
discuss the basic principles of steganography showing
how most instances work, identify software that can be
used for this purpose, and finally provide an overview of
current methods employed to detect and defeat it.
TOOLS
USED
FOR
STEGANOGRAPHY
StegFS
StegFS is a Steganographic File System for Linux. Not
only does it encrypt data, it also hides it such that it
cannot be proved to be there. Note that this is still 'under
development'. It is not bug-free yet. There may be
possibly serious problems. In short, if it destroys your
computer or your data or causes a minor nuclear
holocaust don't blame the programmers. Feel free to try
it, but don't get too upset if you have problems. There are
still bugs/misfeatures that want fixing. However, it
should be stable enough for use. You will need to know
how to patch and compile a kernel. It is strongly
recommended that you read "StegFS: A Steganographic
File System for Linux" before attempting to use this file
system. StegFS is distributed as a kernel patch and a
tarball containing a set of utilities. You need both to be
able to use StegFS. This package contains the utilities.
4. BMP Secrets
BMP Secrets is another steganography program that
allows you to store any information in a bitmap file. One
big advantage of BMP Secrets is that it has a very large
hiding capacity. Some features include:
• The program uses an original steganography method
developed by Parallel Worlds that allows you to
replace up to 65 percent of the true- color BMP file
with your data. You can convert the result image
only to lossless format; lossy formats will destroy
information inside. If you try to make any changes
to the result image, information will also be lost.
• You can choose hiding rate. The higher the hiding rate,
the lower the quality. However, if you use the
highest rate it is difficult to find any differences.
• A built-in to encoding compressor that allows the
storage of much more text files than binary.
• You can hide not only in whole image, but also in part.
You can choose a rectangle on the picture where
data will be stored. Sometimes you can store two
different files in two different squares of one image.
It also increases the security level.
• You can set an automatic quality option. The program
will search for the best quality when the whole file
can be stored.
• Hiding spreads data all over the image when you
provide a password. To withdraw an encoded file
and to decode it is very difficult, because nobody
except you knows the data-spreading order period.
• You can view results of your hiding and compare the
original with the result.
5. If the whole file cannot be placed in one picture, the file
can be split. When you unhide this file, you can bring
parts together into one file, allowing you to hide one big
file in several images. It also increases the security level,
as far as one needs all parts to extract hidden file.