Steganography — Hiding in (Not-so-) Plain Sight

Steganography“Security through obscurity” is likely never enough by itself, but it can help, at least sometimes. It can sometimes provide another layer of defense. If a burglar doesn’t know you have a safe behind the bookshelf (I don’t!), she is less likely to find it and try to crack into it. Likewise if an attacker doesn’t know that there is data hidden in an image, he is less likely to find it.

Data can be concealed in all sorts of files or streams. While images are probably the most common, there are many others. I have even read of data being concealed in VoIP calls. To keep things simple, let’s look at hiding data in images, for now.

A full color, uncompressed image is often stored in 24-bit format that stores each pixel as three 8-bit bytes representing each of the three colors red, blue, and green. This means each 24-bit pixel can have 16,777,216 values. (Some file formats compress these — sometimes losing color fidelity — and some add more bits and store the colors differently.) A change of the least significant bit of a color, though, cannot generally be detected. Here is a pair of blocks of one color. The byte-values of the colors of the images in decimal are red: 177, green 3 and blue 252 for the first one and red: 177, green 3 and blue 253 for the second. You might be able to see the difference, but would you if it were a single pixel in a more complex image? Probably not. And if you could, would you know it was not that way in an original image you’d not seen?

Two purple blocks

It works with black and white images, too. Here is an image from Wikipedia.

 

By ribagorda garnacho (esteganografia, esteganalisis e internet) CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0/), via Wikimedia Commons
By ribagorda garnacho (esteganografia, esteganalisis e internet) CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0/), via Wikimedia Commons

Can you see the difference between the first image and the composite image?

So what type of data is generally hidden? Well, often it is encrypted data. That’s because encrypted data is designed to have a great deal of entropy – that is, it is designed to look random. That makes finding the concealed data even harder. The science behind looking for that data is called steganalysis.

Steganography did not originate with the advent of computers. The word means “concealed writing” and it was used as early as the fifteenth century. In those days images were hidden in other images and only those who were intended to know the meanings were told where to look.

If you have played with steganography or have a favorite tool for it, let us know in the comments below.

To your safe computing,
John McDermott

PS – For a great introduction to the four pillars of cyber security, have a look at Learning Tree’s new 1-day online course – Cyber Security: Key Elements for Success

Type to search blog.learningtree.com

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.