8/7/2019 The Basics of Data Hiding on the Internet-handout
1/67
WORLDCOMP'10
The 2010 World Congress in Computer Science,
Computer Engineering, and Applied Computing
The Basics of Data Hiding
on the Internet(Tutorial)
Prof. Gevorg Margarov
Head of Information Security and Software Development Department,
State Engineering University of Armenia, Yerevan, Armenia
WORLDCOMP'10
July 12-15, 2010
Las Vegas, Nevada, USAhttp://www.world-academy-of-science.org
8/7/2019 The Basics of Data Hiding on the Internet-handout
2/67
8/7/2019 The Basics of Data Hiding on the Internet-handout
3/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet i
DESCRIPTION
This tutorial is devoted to problems of data hiding on the Internet by means of steganography and
detection of steganographic content by means of steganalysis. Rumors in mass media about terrorists
using steganography are revealed. The basic idea of steganography, its history and application on theInternet is considered. Classification and examples of available software are outlined. Main principles
of steganalysis and detection of steganographic content are discussed. The modern Internet is
becoming a more and more suitable environment for storage and the multi-user access to big volumes
of data. Thus, digital steganographic techniques can be applied to hide sensitive data from undesired
eyes. The basis of data hiding on the Internet is Steganography and accordingly Steganalysis.
Steganographic systems can hide secret messages inside images or other digital objects on a local
computer, LAN or the Internet. Secret messages remain invisible to a casual observer inspecting these
files.
What is Steganography? Someone unfamiliar with this term, like a friend of mine, can ask Maybe it
is Stenography (shorthand notation) or a Stegosaurus (one of the most recognizable dinosaurs)?
Certainly it is not. In fact, there are several different technical definitions of the term
"Steganography". For instance, in April 2006, the US National Science and Technology Council
released the Federal Plan for Cyber Security and Information Assurance Research and
Development, which defines steganography as "the art and science of writing hidden messages in
such a way that no one apart from the intended recipient knows of the existence of the message".
Generally speaking there are two main approaches to the information protection against the
purposeful influence:
Cryptography - literally means "secret writing" Steganography - literally means "covered writing"
In cryptography, one can say that the message has been encrypted, but it cannot be decoded without
the proper key. While, in steganography the message itself may be easy to decode, but the majority
will not be aware of the presence of it. It is alleged that steganography provides a higher security than
cryptography. Why so? You will be able to learn about it from the tutorial.
OBJECTIVES
This tutorial will:
enable the participants to understand more about the basics of steganography andsteganalysis
describe the history of steganography, and identify the lessons of history suitable for themodern practice
8/7/2019 The Basics of Data Hiding on the Internet-handout
4/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet ii
survey various available steganographic software and demonstrate their practical applicationon various examples
provide the peculiarities of data hiding on the Internet and the basic approaches to furtherdevelopment
INTENDED AUDIENCE
This tutorial:
does not require any special knowledge and can be available for a wide range ofWorldComp10 participants.
is intended for faculty, engineers, scientists, department managers and policy makers, andstudents who are interested in data hiding and investigation of hidden data.
BIOGRAPHY OF INSTRUCTOR
Gevorg Margarov has obtained a Degree in Computer Engineering from Yerevan Polytechnic
Institute (now State Engineering University of Armenia - SEUA) (Armenia) in 1976, Ph.D. in
Organization of Structures and Computing Processes in Computers, Complexes and Systems from
Moscow Institute of Radio Engineering, Electronics and Automation (Russia) in 1983. Since 1976 he
has been teaching at SEUA and State Institute of Skill Advance in Informatics (SISAI) (Armenia).
1988 - 2004 he was the Head of the Systemotechniques Department of SISAI. Since 2004 till now he
has been holding the position of the head of Information Security and Software Development
Department of the SEUA. The current research interests are in the fields of organization of computer
systems, principles of the information security management and engineering, digital steganograpy,
applied cryptography, e-Learning systems. Prof. Margarov has over 160 publications in these areas.
CONTACT INFORMATION
Professor Gevorg Margarov
Information Security and Software Development Department,
State Engineering University of Armenia,
105 Terian Street, Yerevan, Armenia, 0009
tel: + (374) 93 401895 fax: + (374) 10 544006
email: [email protected]
http://www.seua.am/eng/comp/depar1.htm#2
8/7/2019 The Basics of Data Hiding on the Internet-handout
5/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 1
The Basics of Data Hidingon the Internet
(Tutorial - July 14, 2010, 6:00-9:00 PM)
State Engineering University of Armenia
Instead of Preamble
This chair is the best
from all existing
But it is not so .
The basis is too weak
The basis is very important
The chair from blocks
8/7/2019 The Basics of Data Hiding on the Internet-handout
6/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 2
Instead of PreambleThe modern design chair
This chair seems to
be much better
The Robotic Chair
This chair which canreconstitute itself is really
excellent because of its
strong scientific basis
Data Hiding on the Internet
Steganography Steganalysis
Steganography can hide
secret messages inside
images or other digital
objects on a localcomputer or Internet
[1]
8/7/2019 The Basics of Data Hiding on the Internet-handout
7/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 3
Data Hiding on the Internet
Secret messages remain
invisible to a casual observer
inspecting these files
More suitable
environment for
storage and themulti-user access to
big volume of dataSteganog
raphy
+
Rumors - Terrorists Use Steganography
Terrorist instructions hidden online Terror groups hide behind Web
encryption
February 5, 2001
Lately, al-Qaeda operatives have been sending hundredsof encrypted messages that have been hidden in files ondigital photographs on the auction site eBay.com
Militants wire Web with links to jihadJuly 10, 2001
[2]
[3]
[4]
[5]
8/7/2019 The Basics of Data Hiding on the Internet-handout
8/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 4
Rumors - Terrorists Use Steganography
The investigation of the terrorist attacks on the United
States is drawing new attention to a stealthy method of
sending messages through the Internet. The method,
calledsteganography, can hide messages in digitalphotographs or in music files but leave no outward trace
that the files were altered
Veiled Messages of Terror May Lurk in CyberspaceOctober 30 , 2001
Latest Publications
Another technique employed by terrorists is
steganography that is used to embedmessages in pictures and audio files
Terror flows out of hi-tech boom Law & orderJuly 14, 2007
[6]
[7]
8/7/2019 The Basics of Data Hiding on the Internet-handout
9/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 5
Latest Publications
Internet jihadists hide their messages with
pirated encryption software and steganography,
a technology that embeds messages into
photographs making them undetectable
August 21, 2007
Latest Publications
He used a technique called steganography whichenabled him to encrypt and send data inside music
and picture files using third-party software. He wascaught after an elaborate investigation process
Data leak: Cyber sherlocks outwit hackersOctober 12, 2007
[8]
[9]
8/7/2019 The Basics of Data Hiding on the Internet-handout
10/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 6
Latest Publications
Anti-forensics tools are being used morefrequently by cyber-criminals to cover their
tracks and to prevent monitoring The use of
steganography is very easy for a forensicinvestigator to overlook and is thus becoming
popular with cyber-criminals
Steganography is key ingredient to anti-forensicsOctober 31, 2008
Latest Publications
Examiners need to look for the presence of
steganography tools on the suspectscomputer. If no tools are discovered, possibly
theirartifacts can be found in the registery.
Digital Insider: Anti-DigitalForensics, The Next Challenge
December 01, 2008
[10]
[11]
8/7/2019 The Basics of Data Hiding on the Internet-handout
11/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 7
Latest Publications
Its easy. All one has to do is use any of the
more than 1,000 digitalsteganographyapplications available as freeware or
shareware on the Internet to hide information
that the current generation ofe-discovery
toolswill not detect.
Defeating E-DiscoveryEnterprise Search Tools
January 23, 2009
Latest Publications
The internet's underlying technology can be
harnessed to let people exchangesecret
messages, perhaps allowing free speech anoutlet in oppressive regimes.
Fake Web Traffic Can Hide Secret ChatMay 26, 2009
[12]
[13]
8/7/2019 The Basics of Data Hiding on the Internet-handout
12/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 8
Magazine Available on the Internet
Section 1: CovertCommunications
andHidingSecrets Inside Images
Technical Mujahid, a TrainingManual for Jihadis
February, 2007
One more interesting publication
The next time your internet (VoIP) phone call
sounds a bit fuzzy, it might not be your ISP
that's to blame. Someone could be trying to
squeeze a secret message between thepackets of data carrying the caller's voice.
Secret messages could be hidden in net phone callsMay 30, 2008
[14]
[15]
8/7/2019 The Basics of Data Hiding on the Internet-handout
13/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 9
Steganalysis vs. Steganography
Steganography is a tool for information
support of terrorist activity
To struggle against such use of
the Internet it is necessary to
have adequate means of
detecting the steganographic
content in files automatically
These problems are subject to
investigation for steganalysis
What Is Steganography?
Stega-what?
Stenography? (shorthand notation)
Stegosaurus ? (type of dinosaurs)
8/7/2019 The Basics of Data Hiding on the Internet-handout
14/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 10
What Is Steganography?
Steganography is
the art and science of writing
hidden messages in such a waythat no one apart from the
intended recipient knows of the
existence of the message
Steganography is the art andscience of writing hidden
messages in such a way that no
one even realizes there is a
hidden message
What Is Steganography?
Two main approaches to information protection:
Cryptography - secret writingSteganography - covered writing
Cryptography - It is visible, that a message
has been encrypted, but it cannot be
decoded without the proper key
Steganography - The message itself may
not be difficult to decode, but the majority
will not perceive the presence of it
[16]
[17]
8/7/2019 The Basics of Data Hiding on the Internet-handout
15/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 11
What Is Steganography?
Steganography is transparent, but not virtual
Virtual is when you think its there
but it really isnt.
Transparent is when its really there
but you just cant see it.
Steganography provides highersecurity than cryptography
Steganography vs. Cryptography
Steganography
Cryptography
?
8/7/2019 The Basics of Data Hiding on the Internet-handout
16/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 12
Steganography hides a message inside another messageand looks like a normal graphic, sound, or other file
steganography
Steganography vs. Cryptography
Steganography hides a message inside another message
and looks like a normal graphic, sound, or other file
In case of cryptography an encrypted message looks
like a meaningless jumble of characters
cryptography steganography
Steganography vs. Cryptography
From this point of view as well steganography is more secure
8/7/2019 The Basics of Data Hiding on the Internet-handout
17/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 13
Steganography vs. Cryptography
Cryptography
SteganographyThe message is hidden in another
message without disturbing the
perception of the last
The message is
encrypted and getskind of meaningless characters
Steganography vs. Cryptography
Cryptography
SteganographyA set of similar graphics, sound and
other files do not cause suspicion
A set of files containing
arbitrarycharacters raises suspicions
8/7/2019 The Basics of Data Hiding on the Internet-handout
18/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 14
Steganography vs. Cryptography
Cryptography
SteganographyA well-prepared enemy can detect some
inconsistencies in the format
of the message
Unprepared enemy
can easily detect the fact ofthe transfer of encrypted message
Steganography vs. Cryptography
Cryptography
SteganographyIt is dangerous to reuse graphics,
sound and other files
It is dangerous to
reuse cryptographic keys
8/7/2019 The Basics of Data Hiding on the Internet-handout
19/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 15
Steganography vs. Cryptography
Cryptography
SteganographyThe software development is relatively
simple and its application does not
require special skills
The software development is
relatively complex and its applicationrequires special skills and knowledge
Steganography vs. Cryptography
Cryptography
SteganographyUsing usually not advertised
Using mostly obvious
8/7/2019 The Basics of Data Hiding on the Internet-handout
20/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 16
Steganography + Cryptography
Steganography and cryptography
can amplify each other
Cryptography can be applied
to the data before hiding it
Once the presence of hidden
data is suspected, the goal of
steganography is defeated
The History of Steganography
Steganography was widely used in historical times,
especially before cryptographic systems were developed
Ancient Sumerians in 4-3 millennium BC
were one of the first to use steganography
The same technique of the covered
writing was used in the ancient
kingdom of Urartu (13-5 centuries BC)
Clay cuneiform tablets
found on the territory
of Armenian highlands
[18]
[19]
[20]
8/7/2019 The Basics of Data Hiding on the Internet-handout
21/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 17
The History of Steganography
Wax covered tablet
To send the message without
being discovered, one scraped
the wax from the surface and
wrote his message on the bare
wood beneath
The History of Steganography
He then covered the wood with a fresh coat of wax andwrote on the wax a harmless text
thus let the tablet pass
without awaking any
suspicion with the guard
[21]
8/7/2019 The Basics of Data Hiding on the Internet-handout
22/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 18
The History of Steganography
Another steganographic method was to shave
the head and tattoo a message on the scalp
The History of Steganography
Another steganographic method was to shave
the head and tattoo a message on the scalp
Once the hair grew
back, the messenger
could be sent to deliver
the message
To retrieve the message the receiver simply
had to re-shave the messengers head
8/7/2019 The Basics of Data Hiding on the Internet-handout
23/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 19
The History of Steganography
In 1499 Johannes Trithemius
wrote a book Steganographia
It was published in
1606 in Frankfurt
Some of described
methods can be effective till now
Later they were replaced byinvisible inks, newspaper code,
microdots and null cipher
messages
The History of Steganography
Johannes Trithemius, as authorof the first printed work on
cryptography, the Polygraphiapublished in 1518, is one of the
founders of modern cryptography.His earlier famous work, thethree books of Steganographia,
composed 1499-1500 but notprinted until 1606, has been the
uncertain foundation of adifferent reputation: blackmagic.
Uncertain, because the
Steganographia is, at least onfirst reading, deeply ambiguous.The work itself seems to be about
using spirits to send secretmessages. But the preface to Book
I of the Steganographia explainsthat the cryptographic techniquesare purely natural. These are
valuable techniques of statecraft
- 2 -
and in order to keep them out ofthe hands of the enemies of the
state (planning conspiracies) andadulterers (planning trysts) they
are disguised by the use of af i g u r a t i v e l a n g u a g e o fdemonology.
Another letter from the
mathematician Carolus Bovillus(1479-1567) to Germanus de Ganay( a l s o a c o r r e s p o n d e n t o f
Trithemius's), described a 1504visit to Trithemius.
Shocked by the strange namesof spirits or demons, Bovillus
asserted that the book should beburned and that Trithemius must
have consorted with demons. Thisletter was published in 1510 andthe Trithemius's reputation as an
occultist was established, in
- 3 -
Invisible ink
Covered writingCovered writing
[22]
[23]
8/7/2019 The Basics of Data Hiding on the Internet-handout
24/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 20
Johannes Trithemius, as authorof the first printed work on
cryptography, the Polygraphiapublished in 1518, is one of the
founders of modern cryptography.His earlier famous work, thethree books of Steganographia,
composed 1499-1500 but notprinted until 1606, has been the
uncertain foundation of adifferent reputation: blackmagic.
Uncertain, because the
Steganographia is, at least on
first reading, deeply ambiguous.The work itself seems to be about
using spirits to send secretmessages. But the preface to Book
I of the Steganographia explainsthat the cryptographic techniquesare purely natural. These are
valuable techniques of statecraft
- 2 -
and in order to keep them out ofthe hands of the enemies of the
state (planning conspiracies) andadulterers (planning trysts) they
are disguised by the use of af i g u r a t i v e l a n g u a g e o fdemonology.
Another letter from the
mathematician Carolus Bovillus(1479-1567) to Germanus de Ganay( a l s o a c o r r e s p o n d e n t o f
Trithemius's), described a 1504visit to Trithemius.
Shocked by the strange namesof spirits or demons, Bovillus
asserted that the book should beburned and that Trithemius must
have consorted with demons. Thisletter was published in 1510 andthe Trithemius's reputation as an
occultist was established, in
- 3 -
The History of Steganography
Newspaper code
Shocked by the strange namesof spirits or demons, Bovillus
asserted that the book should beburned and that Trithemius must
have consorted with demons. Thisletter was published in 1510 andthe Trithemius's reputation as an
occultist was established, in
.
. .
. . . . . .. .
3, 3, 1-1,6, 5-17, 23,
Johannes Trithemius, as authorof the first printed work on
cryptography, the Polygraphiapublished in 1518, is one of the
founders of modern cryptography.His earlier famous work, thethree books of Steganographia,
composed 1499-1500 but notprinted until 1606, has been the
uncertain foundation of adifferent reputation: blackmagic.
Uncertain, because the
Steganographia is, at least onfirst reading, deeply ambiguous.The work itself seems to be about
using spirits to send secretmessages. But the preface to Book
I of the Steganographia explainsthat the cryptographic techniquesare purely natural. These are
valuable techniques of statecraft
- 2 -
and in order to keep them out ofthe hands of the enemies of the
state (planning conspiracies) andadulterers (planning trysts) they
are disguised by the use of af i g u r a t i v e l a n g u a g e o fdemonology.
Another letter from the
mathematician Carolus Bovillus(1479-1567) to Germanus de Ganay( a l s o a c o r r e s p o n d e n t o f
Trithemius's), described a 1504visit to Trithemius.
Shocked by the strange namesof spirits or demons, Bovillus
asserted that the book should beburned and that Trithemius must
have consorted with demons. Thisletter was published in 1510 andthe Trithemius's reputation as an
occultist was established, in
- 3 -
The History of Steganography
Microdot
The idea and practice of hiding
information exchange has a long
history. Sumerians in 4-3 millen.
BC used steganography.
8/7/2019 The Basics of Data Hiding on the Internet-handout
25/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 21
The History of Steganography
Null cipher
Johannes Trithemius, as authorof the first printed work on
cryptography, the Polygraphiapublished in 1518, is one of the
founders of modern cryptography.His earlier famous work, thethree books of Steganographia,
composed 1499-1500 but notprinted until 1606, has been the
uncertain foundation of adifferent reputation: blackmagic.
Uncertain, because the
Steganographia is, at least on
first reading, deeply ambiguous.The work itself seems to be about
using spirits to send secretmessages. But the preface to Book
I of the Steganographia explainsthat the cryptographic techniquesare purely natural. These are
valuable techniques of statecraft
- 2 -
and in order to keep them out ofthe hands of the enemies of the
state (planning conspiracies) andadulterers (planning trysts) they
are disguised by the use of af i g u r a t i v e l a n g u a g e o fdemonology.
Another letter from the
mathematician Carolus Bovillus(1479-1567) to Germanus de Ganay( a l s o a c o r r e s p o n d e n t o f
Trithemius's), described a 1504visit to Trithemius.
Shocked by the strange namesof spirits or demons, Bovillus
asserted that the book should beburned and that Trithemius must
have consorted with demons. Thisletter was published in 1510 andthe Trithemius's reputation as an
occultist was established, in
- 3 -
3, 3, 1-1,6, 5-6, 11, 13,
The History of Steganography
Hollywood blockbusters
1998
2001
2002
2007
8/7/2019 The Basics of Data Hiding on the Internet-handout
26/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 22
under the image in a PowerPoint fileby coloring like the background
Digital Steganography
The boom of the Internet rose increasing
interest in digital steganography
Low-tech Data Hiding
It is not necessary to have any special tools or skills for
data hiding using computer variants of null cipher
using functions of a MS WordSecret
message
in comments within PowerPoint file,Web page, Source code, etc.
Digital Steganography
ABBYY FineReader
Microsoft
Word
Steganography
in the software
Easter Eggs
Help -> About -> 2x
[24]
[25]
8/7/2019 The Basics of Data Hiding on the Internet-handout
27/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 23
Digital Steganography
EasterEggs
www. eeggs.com
Who Can Know About
Steganography Today?
1,020,000
8/7/2019 The Basics of Data Hiding on the Internet-handout
28/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 24
How Big is the Problem?
Number of available steganographic software
2003 2004 2005 2006 2007 2008 2009
1200
1000
800
600
400
200
0
How Big is the Problem?
At least 1 million copies of steganographic software were
downloaded or purchased over the Internet during 2 years
Eventually the very knowledge of it
might not be of a great importance
The use of steganography is sure to increase and
will be a growing hurdle for anti-terrorism activities
Ignoring the significance of steganography
is most likely not a good strategy
[26]
8/7/2019 The Basics of Data Hiding on the Internet-handout
29/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 25
Generalized Structure of
Steganographic System
Review
features
Embedding
algorithm
Pre-
processing
Filled
container
Extracting
algorithm
Post-
processing
Key
Container
Message
Key
Message
Sender Recipient
The Main Applications of
SteganographyThere are many practical applications of steganography,
which can be divided into:
data embedding for hiddentransmission or storage
embedding digital watermarks(Watermarking)
embedding authentication data (Fingerprinting)embedding headers and annotations (Captioning)
Embedding data for hidden transmission and storage is
the most obvious application of steganography
[21]
8/7/2019 The Basics of Data Hiding on the Internet-handout
30/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 26
The Main Applications of
SteganographyDigital watermarks are used mainly forprotection of information materials (first
of all software and multimedia files) from
copying and unauthorized use
Unlike watermarks authentication
data is unique for each of the
protected sample (therefore called
fingerprint)
The purpose of captioning is
to gather different data of the
object into a single file
Requirements of Steganography
Data
Hiding
Water-
marking
Finger-
printing
Capti-
oning
4Payload 1 2 3
3Inalterability 5 5 4
1Embedding
Speed1 1 2
5Invisibility 3 3 3
5Security 5 5 1
1ExtractingSpeed
1 4 5
Applications
8/7/2019 The Basics of Data Hiding on the Internet-handout
31/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 27
Trade-off Between Requirements
System is considered secure if it is impossible to
detect the presence of steganographic content
Payload is the
maximum amount
of data which
can be hidden
Security
Steganography
RobustnessPayload
Robustness is the
hidden data
survivability
factor
Increasing the security willdecrease payload and robustness
Increasing the payload willdecrease robustness and security
Data Hiding on the Internet
Main ideas:
Regular e-mail scenario
Web site scenario
Shared e-mail scenario
[27]
[28]
8/7/2019 The Basics of Data Hiding on the Internet-handout
32/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 28
Data Hiding on the Internet
Firewall
InternetFirewall
Regular e-mail Scenario
Data Hiding on the Internet
Web Site Scenario
8/7/2019 The Basics of Data Hiding on the Internet-handout
33/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 29
Data Hiding on the Internet
Shared Free Web-based e-mail Scenario
Recent Research Effort
About 60
steganographic
software have
been checked up
The majority of them appeared simple enough
for use and showed high functional qualities.
8/7/2019 The Basics of Data Hiding on the Internet-handout
34/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 30
Practical Steganography
In all practical methods of digital steganography,
something is done to hide the data in carrier file
These methods can be
broke down into the
three categories on base
of both how and where
the data is hidden Generation
Substitution
Insertion
Insertion Based Steganography
These methods find places in a file that
are ignored by the application reading it
In this case, the size of the file
may increase, but its processing
by the appropriate software will
remain unchanged
For example the MS WORD file format can
contain quite a lot of data that is not
reflected when viewing the file.
[21]
8/7/2019 The Basics of Data Hiding on the Internet-handout
35/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 31
Start End
Text
Insertion Based Steganography
This file contains the flags of the Start
and End between which the actual Text is
In general, most files containthe flag end of file (EOF) after
which the file processing stops
Insertion Based Steganography
Data placed after the EOF flag will be
imperceptible when processing the
file by standard application software
The main advantage here is that
one can hide theoretically
unlimited amount of data without
breaking the integrity and
perception of the container fileThe main drawback - the file
size can significantly increase
causing a reasonable suspicion
8/7/2019 The Basics of Data Hiding on the Internet-handout
36/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 32
Example of Insertion Based
Steganography softwareInstalling the Camouflage software addstwo new options to Windows context menu
Names of new options and their
icons can be changed so as not
to cause suspicion (hide options)
Camouflage in Action
Data Embedding (Hiding)
[29]
8/7/2019 The Basics of Data Hiding on the Internet-handout
37/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 33
Camouflage in Action
The size of the filled container is the sum of thesizes of the empty container and hidden data
70KB
Camouflage in Action
Data Extraction
8/7/2019 The Basics of Data Hiding on the Internet-handout
38/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 34
Camouflage in Action
Camouflaging to Image File
FF D9
Original file
Camouflaged file
Camouflage in Action
Camouflaging to Image File
FF D9
Original file
Camouflaged file
433 KB
8/7/2019 The Basics of Data Hiding on the Internet-handout
39/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 35
Camouflage in Action
Camouflaging to Image File
FF D9
Original file
Camouflaged file
433 KB
Original file Camouflaged file
Data Hiding Using Means
of the Operating SystemTwo elements determine the effectiveness of steganography:
Invisibility of hidden dataInvisibility of steganographic tools
Invisibility of hidden data can be achieved by:
Digital steganographyConcealing (hidden) data
For example:
c:\windows
\system32\secret.doc btreza.dll
8/7/2019 The Basics of Data Hiding on the Internet-handout
40/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 36
The use of undocumented features of the operatingsystem
Data Hiding Using Means
of the Operating SystemInvisibility of steganographic tools can be achieved by:Installation on the mobile carriers (e.g. USB Drive)Concealing steganographic tools
For example:
c:\games
\chess\stego.exe setup.exe
Unconventional use of softwareFor example:
Data Hiding Using Means
of the Operating SystemCommand Prompt
R+
Start, All Programs, Accessories, Command Prompt
This commands are
fairly similar to
classic MS-DOScommands
8/7/2019 The Basics of Data Hiding on the Internet-handout
41/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 37
copycommand with the switch/b combines(concatenates) binary files without disrupting their structure
file1 file2
Data Hiding by copy Command
Data Hiding by copy Command
from End to Start (Type 2)
from Start to End (Type 1)
The extensionex3 is chosentaking into account the types
of combinable files (ex1,ex2)
There are two main principles of reading
the file by corresponding software:
8/7/2019 The Basics of Data Hiding on the Internet-handout
42/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 38
Data Hiding by copy Command
In case of ex1=ex2=ex3 whencombining two similar files:
if the files are of type 1 the content of the file1willappear while reading the file3
if the files are of type 2 the content of the file2 willappear while reading the file3
file1 file2
Data Hiding by copy Command
Most interesting is the case when two files of
different types file1 and file2are combined
In this case:
ifex3 = ex1 while reading the file3 will appearthe content of the file1
ifex3 = ex1 while reading the file3 will appearthe content of the file2
file1 file2
8/7/2019 The Basics of Data Hiding on the Internet-handout
43/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 39
Data Hiding by copy CommandThe Case Study:
copy /b text.doc + secret.zip result.doc
result.doc
result.zip
result. doc
Open With
WinZip
Data Hiding byNotepadNotepad - a simple text editor
Several text files can be attached to the same file text.txt
Size of file
text.txt remainsunchanged
Data Hiding in text files
8/7/2019 The Basics of Data Hiding on the Internet-handout
44/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 40
Data Hiding Using Means
of the Operating System
copy
Notepad
file3.ex3, ex2
text.txt:secret.txt
The main advantage here is that special steganographic
tools are not used and therefore they can not be found
Substitution Based Steganography
These methods overwrite (substitute)
the information that is already in the file
In this case, the hidden data replaces
part of meaningful data in a container
file without changing its size
Consequently it is necessary to choose very carefully
and thoroughly containers substitute parts, so it does
not become noticeably changed or even useless for
processing by standard application software
8/7/2019 The Basics of Data Hiding on the Internet-handout
45/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 41
Substitution Based Steganography
For instance gaps in the MS WORDfile can be replaced by invisible
characters, colored as the background
A very common way of hiding data is to substitute
the least significant bits (LSB) of image or sound file
In such a file every element is represented by a single
byte1127=128 20=1
G = 01000111
10010101 00001101 11001001 10010110
00001111 11001011 10011111 00010000
10010100 00001101 11001000 10010110
00001110 11001011 10011111 00010001
LSB
MSB
Substitution Based Steganography
Data placed in the least significant parts
of the container modifies it slightly and
as a result imperceptibly for processing
the file by standard application software
The main advantage here is
that the container file size is
not increased, therefore there
is no undue suspicion
The main drawback - there is a
real limitation of hidden data
volume (size of least significant
parts of the container)
[30]
8/7/2019 The Basics of Data Hiding on the Internet-handout
46/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 42
Header Image Data Footer
7 6 5 4 3 2 1 0
M
SBlayer
LSBlay
er
1 pixel 1 byte
28=256 levels
8 binary layers
Substitution in Grayscale Image
0 1 1 0 0 1 1 0
1 LSB 480 000 bit 60 KB
MSB LSB
11100110 00100110 01000110 01110110 01101110 01100010 01100100 01100111
Example of the gray level
800x600 pixels
3 LSB 1 440 000 bit 180 KB
Substitution in Grayscale Image
8/7/2019 The Basics of Data Hiding on the Internet-handout
47/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 43
LSB layer of empty container
LSB layer of filled container
Difference of layers
39 pixels of 77
are modified
Statistical studies show that in average
about 50% of pixels are modified
Substitution in Grayscale Image
The primary statistical indicator of the image alteration isthe number of modified pixels
Substitution in Color Image
A color image is formed by the superposition of three
grayscale images in a range of red, green and blue
Red (R) Green (G) Blue (B) Color (RGB)
The volume of uncompressed image
file is determined by the physicaldimensions of the image (cm2),
pixel density (pixels/cm) and
storage format (plain , palette, ...)
[28]
8/7/2019 The Basics of Data Hiding on the Internet-handout
48/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 44
Substitution in Color Image
24 bit color image800600 pixel
1 LSB
180 Kbytes
3 LSB
540 Kbytes
Substitution in Color Image
Modification of the least significant bits (LSB)Red Green Blue Color
00000000 11111111 11111111
00000000 11111111 11111110
00000000 11111110 11111110
00000001 11111110 11111110
Modification of the most significant bits (MSB)
Red Green Blue Color
00000000 11111111 11111111
00000000 11111111 01111111
00000000 01111111 01111111
10000000 01111111 01111111
8/7/2019 The Basics of Data Hiding on the Internet-handout
49/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 45
8 bits7 bits6 bits
5 bits4 bits3 bits
2 bits1 bitOriginal
Substitution in Color Image
Example of Substitution Based
Steganography softwareThe most widely recognized
example of a substitution based
steganography is S-Tools which:
can hide data in BMP (BitMaP file format), GIF(Graphics Interchange Format) and WAV
(WAVeform audio format) filesallows data encryption with IDEA (International
Data Encryption Algorithm), DES (Data Encryption
Standard), Triple-DES or MDC (Message Digest
Cipher)can hide a secret message within the cover file using
pseudorandom number generator and password
[31]
8/7/2019 The Basics of Data Hiding on the Internet-handout
50/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 46
Example of Substitution Based
Steganography softwareSuch a nonlinear substitution makes very difficult to
detect and extract hidden data in the absence of secret
values (key, password)
Using
S-Tools is
very easy
because of its
drag-and-dropinterface
S-Tools in Action
Data Embedding (Hiding)
8/7/2019 The Basics of Data Hiding on the Internet-handout
51/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 47
S-Tools in Action
Hiding in 3 LSB - payload up to almost 40 %
Data Extraction
Generation Based Steganography
Both the insertion and substitution based
methods require a covert (hidden) and an
overt (carrier) file
With generation-based methods
the hiding data is used to create
the carrier file
In many cases such tools
can provide almost perfect
resistance to enemy attacks
8/7/2019 The Basics of Data Hiding on the Internet-handout
52/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 48
Generation Based Steganography
Hide data used to generate the filled container,
so the enemy does not have something to
compare with since the corresponding empty
container does not exist at all
The main advantage here is
that the container file size can
not even be assumed ,
therefore there is no suspicion
The main drawback - for a givenamount of hidden data container
file size can be very large, which
strictly limits the payload
Generation Based Steganography
The prime example is the generation
of graphical fractals, the parameters
of the elements of which are
determined by hidden data
Fractal in a sense consists of
similar parts, which are
frequently repeated with change
of size, position, color, etc.
Parts of a fractal are described
by mathematical expressions,
the coefficients of which can
be specified by hidden data
[32]
[33]
8/7/2019 The Basics of Data Hiding on the Internet-handout
53/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 49
Generation Based Steganography
Examples of interesting fractals
Grammar Based Steganography
Effective kind of container
generation idea are
steganographic tools based
on a special grammar
For instance generated
message may have
grammar, specific to the
advertisement, commentof source code, joke, or
even spam
8/7/2019 The Basics of Data Hiding on the Internet-handout
54/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 50
Example of Grammar Based
Steganography softwareThe most interesting example ofgrammar (generation) based
steganography tool is SpamMimic
Web-based service which uses a
spam grammar and mimic
algorithm to produce spam-like
steganographic text
____ went to the city - He, She, It,
SpamMimic in Action
Hiding: www.spammimic.com
[34]
[35]
8/7/2019 The Basics of Data Hiding on the Internet-handout
55/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 51
SpamMimic in Action
Hiding: Secretwww.spammimic.com
SpamMimic in Action
Hiding: Secretwww.spammimic.com
8/7/2019 The Basics of Data Hiding on the Internet-handout
56/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 52
SpamMimic in Action
Extracting: www.spammimic.com
SpamMimic in Action
Extracting: www.spammimic.com
8/7/2019 The Basics of Data Hiding on the Internet-handout
57/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 53
SpamMimic in Action
Extracting: Secretwww.spammimic.com
SpamMimic in Action
Extracting: Secretwww.spammimic.com
Annual Communications
Intelligence Report
Spam volume increases by more
than 50 % annually and already
reaches 95 % of all correspondence
Some 94% of all e-mail
last December was spam
Postini's report
[36]
[37]
8/7/2019 The Basics of Data Hiding on the Internet-handout
58/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 54
Detection of Content
Steganalysis is the art and science of detecting
messages hidden using steganography
selection of features that hidden
message might exhibit
testing selected features for
the presence of hidden data
Art
Science
The Goal of Modern Steganalysis
The goal is to develop universal methods that can
work effectively for all steganographic methods
It is possible to design a reasonably good steganalysis
method for a specific steganographic algorithm
Current trend seems to suggest two extreme philosophies:
[38]
8/7/2019 The Basics of Data Hiding on the Internet-handout
59/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 55
Universal Steganalysis
steganalysis is an attempt to find common
properties in existing steganographic algorithms
Universal approaches can be broken down into three
categories:
Self-learning
Blind identification
Parametric statistical modeling
Self-learning Steganalysis
The methods based on these approaches use two phases:
In the training phase examples of
steganographic files are provided to the
system, which learns the best
classification rule using these examples
training phase testing phase
In the testing phase an unknown file isgiven as input to the trained system to
decide whether a secret message is
present or not
[39]
8/7/2019 The Basics of Data Hiding on the Internet-handout
60/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 56
Blind Identification Steganalysis
The methods based on these approaches formulate the
steganalysis as a system identification problem
The steganographic
algorithm is
represented as a
channel and the goal
is to invert this
channel to identify
the hidden data
Parametric Statistical Steganalysis
These approaches are based on certain parametric
statistical models for the carrier file, steganographic
file and the hidden data
Steganalysis is formulated as a
hypothesis testing problem:
no hidden data hidden data present
Content detection algorithm is then designed
to choose between the two hypotheses.
[40]
[41]
8/7/2019 The Basics of Data Hiding on the Internet-handout
61/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 57
Universal Steganalysis in Action
Steganography detection and extraction environment:
SAFDB (SteganographyApplication Fingerprint Database)
StegAlyzerAS (SteganographyAnalyzerArtifact Scanner)
StegAlyzerSS (SteganographyAnalyzerSignature Scanner)
StegAlyzerRTS (SteganographyAnalyzerReal-Time Scanner)
Real time detection of signatures of 55 and
fingerprints of 725 steganography applications
over various networks including the Internet
Universal Steganalysis in Action
StegAlyzerAS (Steganography AnalyzerArtifact Scanner)
[42]
8/7/2019 The Basics of Data Hiding on the Internet-handout
62/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 58
Specialized Steganalysis
steganalysis is an attempt to find weaknessesof specific steganographic methods on the basis of
detailed research of algorithms and results of their use
Specific steganographic algorithms:
Detecting Camouflage
Hidden file can be detected by examining
the camouflaged file data
FF D9
Hidden file
8/7/2019 The Basics of Data Hiding on the Internet-handout
63/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 59
Detecting S-Tools
alter only the least significant bits of carrier file
but still leave detectable traces
Two types of methods can be used for
detecting these traces:
direct (visual, auditory, etc.) algorithmic
Direct inspection can succeed when hidden
data is inserted in relatively smooth areas
Algorithmic analysis is more powerful
since it reveals tiny alterations in the
files statistical behavior caused by hiding
Detecting SpamMimic
The vulnerability in is the redundancy of
some patterns, which can be found by wide testing
An e-mail with few pattern matches is a real-spam,
while an email with more matches can be considered
to be a steganographic e-mail
How spam patterns change
through the years?
8/7/2019 The Basics of Data Hiding on the Internet-handout
64/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 60
Conclusion
Steganography is an ancient art which has experienceda surge of growth with the advent of the InternetSteganographic software is now available for public
over the Internet, and require no special training to use
Steganography defines the increased ability forterrorists to communicate undetectedly
Bans on the technology are not sufficient to eliminatecriminal useSteganalysis faces many obstacles in becoming a
reliable method of tracking steganographic activity
Summary
Steganography and steganalysis are still rapidlygrowing and
For every clever method and tool being
developed to hide data, the equal
number of clever methods and tools are
or will be developed to detect and
reveal the steganographic content
Real option - continue advancing andform a strong educational infrastructure
on steganography and steganalysis
[43]
8/7/2019 The Basics of Data Hiding on the Internet-handout
65/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 61
Paraphrased Aphorism
If somebody thinks
steganography
can solve his problem,
. . .
then he doesnt
understand steganography
. . .
and he doesnt
understand his problem
Thank you!
Questions, Comments,
if you please
Contact: Gevorg [email protected]
[44]
8/7/2019 The Basics of Data Hiding on the Internet-handout
66/67
GevorgMargarov WORLDCOMP'10
TheBasicsofDataHidingontheInternet 62
References
[1] http://www.roboticchair.com/description.php[2] G. Margarov, V. Markarov, A. Khachaturov, Steganographic system with dynamically reconfigurable
structure, In: Proceedings of the 2009 International Conference on Security & Management - SAM'09,
Volume 1. ISBN 1-60132-124-4. CSREA Press, Las Vegas, NV, 2009, pp. 43-45
[3] http://www.usatoday.com/tech/news/2001-02-05-binladen-side.htm[4] http://www.usatoday.com/tech/news/2001-02-05-binladen.htm[5] http://www.usatoday.com/news/world/2002/07/10/web-terror-cover.htm[6] http://query.nytimes.com/gst/fullpage.html?res=9B01E3D91730F933A05753C1A9679C8B63[7] http://www.hindu.com/2007/07/14/stories/2007071459570300.htm[8] http://video.msn.com/?mkt=en-us&brand=msnbc&vid=929b7491-95a6-4e18-add5-7c3c8205dd1e[9] http://economictimes.indiatimes.com/Infotech/Data_leak_Cyber_sherlocks_outwit_hackers/articlesho
w/2451089.cms
[10] http://www.infosecurity-magazine.com/news/081031_Steganography_RSA.html[11] http://www.forensicmag.com/articles.asp?pid=245[12] http://www.dfinews.com/articles.php?pid=160
[13]
http://www.newscientist.com/article/mg20227096.200-fake-web-traffic-can-hide-secret-chat.html
[14] http://www.jamestown.org/terrorism/news/article.php?articleid=2370293[15] http://www.tmcnet.com/usubmit/2008/05/30/3474046.htm[16] http://en.wikipedia.org/wiki/Steganography[17] http://www.nitrd.gov/Pubs/csia/csia_federal_plan.pdf[18] F.L. Bauer, Decrypted Secrets: Methods and Maxims of Cryptology, New York: Springer-Verlag,
2002
[19] M. L. Thomsen, The Sumerian Language: An Introduction to Its History and Grammatical Structure,Copenhagen, 1984
[20] J. J. Klein, Urartian Hieroglyphic Inscriptions from Altintepe, Anatolian Studies, Volume 24, 1974,pp. 77-94
[21] G. Kipper, Investigator's Guide to Steganography, Auerbach, 2004[22] J. Reeds, Solved: The Ciphers in Book III of Trithemiuss Steganographia, Cryptologia, Volume 22,
Issue 4, October 1998 , pp. 291 - 317
[23] http://www.esotericarchives.com/tritheim/stegano.htm[24] D. Artz, Digital Steganography: Hiding data within Data, IEEE Internet Computing, May/June 2001,
8/7/2019 The Basics of Data Hiding on the Internet-handout
67/67
GevorgMargarov WORLDCOMP'1075-80
[25] http://www.eeggs.com[26] C. Hosmer, and C. Hyde, Discovering Covert Digital Evidence, Proceedings of the 3th annual Digital
Forensic Research Workshop (DFRWS), Cleveland, Ohio August 2003
[27] S. Katzenbeisser, and F. Petitcolas, Defining security in steganographic systems, Proceedings of SPIE,Security and Watermarking of Multimedia Contents IV (San Jose, CA, Jan 2124), International
Society for Optical Engineering, 2002, pp. 5056
[28] H. Wang, and S. Wang, Cyber warfare: steganography vs. steganalysis, Communications of the ACM,Volume 47 , Issue 10, October 2004, pp. 76-82
[29] http://camouflage.unfiction.com/[30] F. A. P. Petitcolas, R. J. Anderson, M. G. Kuhn, Information Hiding - A Survey, Proceedings of the
IEEE, Volume 87(7), 1999, pp. 1062-1078
[31] ftp://ftp.ntua.gr/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/s-tools4.zip[32] S. Agaian, J.M. Susmilch, Fractal Steganography, IEEE Region 5 Technology and Science
Conference, San Antonio, USA, April 7-8, 2006
[33] M. F. Barnsley, Fractals everywhere, Second Edition, Academic Press, 1993[34] http://www.spammimic.com/[35] P. Wayner, Mimic Functions, Cryptologia, Volume 19, Issue 3, July 1995 , pp. 285299[36] http://www.postini.com[37] www.google.com/a/help/intl/en/security/pdf/cir_08.pdf[38] N. Provos, P. Honeyman, Detecting steganographic content on the Internet. Proceedings of Network
and Distributed System Security Symposium (San Diego, Feb. 68). Internet Society, Reston, VA,
2002
[39] J. Fridrich, M. Goljan, and R. Du, Detecting LSB steganography in color and gray-scale images, IEEEMultimedia, Volume 8, no. 4, 2001, pp. 2228
[40] R. Chandramouli, A mathematical framework for active steganalysis, ACM Multimedia Systems,Volume 9, no. 3, 2003, pp. 303311
[41] J. J. Harmsen and W. A. Pearlman, Steganalysis of additive noise modelable information hiding,Proceedings of the SPIE, Security, Steganography, and Watermarking of Multimedia Contents VI, San
Jose, CA, Jan. 2003, pp. 131142