fbpx
Wikipedia

Steganography

December 18, 2023

For the process of writing in shorthand, see Stenography. For the prefix "Stego-" as used in taxonomy, see List of commonly used taxonomic affixes.

Steganography (/ˌstɛɡəˈnɒɡrəfi/ STEG-ə-NOG-rə-fee) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós (στεγανός), meaning "covered or concealed", and -graphia (γραφή) meaning "writing".[1]

The same image viewed by white, blue, green, and red lights reveals different hidden numbers.

The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography, disguised as a book on magic. Generally, the hidden messages appear to be (or to be part of) something else: images, articles, shopping lists, or some other cover text. For example, the hidden message may be in invisible ink between the visible lines of a private letter. Some implementations of steganography that lack a formal shared secret are forms of security through obscurity, while key-dependent steganographic schemes try to adhere to Kerckhoffs's principle.[2]

The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable they are, arouse interest and may in themselves be incriminating in countries in which encryption is illegal.[3]

Whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing both the fact that a secret message is being sent and its contents.

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program, or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the color of every hundredth pixel to correspond to a letter in the alphabet. The change is so subtle that someone who is not specifically looking for it is unlikely to notice the change.

History edit

 
A chart from Johannes Trithemius's Steganographia copied by Dr John Dee in 1591

The first recorded uses of steganography can be traced back to 440 BC in Greece, when Herodotus mentions two examples in his Histories.[4] Histiaeus sent a message to his vassal, Aristagoras, by shaving the head of his most trusted servant, "marking" the message onto his scalp, then sending him on his way once his hair had regrown, with the instruction, "When thou art come to Miletus, bid Aristagoras shave thy head, and look thereon." Additionally, Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand.

In his work Polygraphiae, Johannes Trithemius developed his so-called "Ave-Maria-Cipher" that can hide information in a Latin praise of God. "Auctor Sapientissimus Conseruans Angelica Deferat Nobis Charitas Potentissimi Creatoris" for example contains the concealed word VICIPEDIA.[5]

Techniques edit

Main article: List of steganography techniques
 
Deciphering the code. Steganographia

Numerous techniques throughout history have been developed to embed a message within another medium.

Physical edit

Placing the message in a physical item has been widely used for centuries.[6] Some notable examples include invisible ink on paper, writing a message in Morse code on yarn warn by a courier,[6] microdots, and even the pitches of musical notes in sheet music. [7]

Social steganography edit

In communities with social or government taboos or censorship, people use cultural steganography—hiding messages in idiom, pop culture references, and other messages they share publicly and assume are monitored. This relies on social context to make the underlying messages visible only to certain readers.[8][9] Examples include:

  • Hiding a message in the title and context of a shared video or image.
  • Misspelling names or words that are popular in the media in a given week, to suggest an alternate meaning.
  • Hiding a picture that can be traced by using Paint or any other drawing tool.[citation needed]

Digital messages edit

 
Image of a tree with a steganographically hidden image. The hidden image is revealed by removing all but the two least significant bits of each color component and a subsequent normalization. The hidden image is shown below.
 
Image of a cat extracted from the tree image above.

Since the dawn of computers, techniques have been developed to embed messages in digital cover mediums. The message to conceal is often encrypted, then used to overwrite part of a much larger block of encrypted data or a block of random data (an unbreakable cipher like the one-time pad generates ciphertexts that look perfectly random without the private key).

Examples of this include changing pixels in image or sound files,[10] properties of digital text such as spacing and font choice, Chaffing and winnowing, Mimic functions, modifying the echo of a sound file (Echo Steganography).[11], and including data in ignored sections of a file.[12]


Images hidden in sound files
 
1. The word "Wikipedia" is drawn using computer software
2. The image is converted into an audio file
 
3. Finally, the audio is analysed through a spectrogram, revealing the initial image
 
Spectrogram of a hidden image encoded as sound in the song "My Violent Heart" by Nine Inch Nails from the Year Zero album (2007)

Steganography in streaming media edit

Since the era of evolving network applications, steganography research has shifted from image steganography to steganography in streaming media such as Voice over Internet Protocol (VoIP).

In 2003, Giannoula et al. developed a data hiding technique leading to compressed forms of source video signals on a frame-by-frame basis.[13]

In 2005, Dittmann et al. studied steganography and watermarking of multimedia contents such as VoIP.[14]

In 2008, Yongfeng Huang and Shanyu Tang presented a novel approach to information hiding in low bit-rate VoIP speech stream, and their published work on steganography is the first-ever effort to improve the codebook partition by using Graph theory along with Quantization Index Modulation in low bit-rate streaming media.[15]

In 2011 and 2012, Yongfeng Huang and Shanyu Tang devised new steganographic algorithms that use codec parameters as cover object to realise real-time covert VoIP steganography. Their findings were published in IEEE Transactions on Information Forensics and Security.[16][17][18]

Cyber-physical systems/Internet of Things edit

Academic work since 2012 demonstrated the feasibility of steganography for cyber-physical systems (CPS)/the Internet of Things (IoT). Some techniques of CPS/IoT steganography overlap with network steganography, i.e. hiding data in communication protocols used in CPS/the IoT. However, specific techniques hide data in CPS components. For instance, data can be stored in unused registers of IoT/CPS components and in the states of IoT/CPS actuators.[19][20]

Printed edit

Digital steganography output may be in the form of printed documents. A message, the plaintext, may be first encrypted by traditional means, producing a ciphertext. Then, an innocuous cover text is modified in some way so as to contain the ciphertext, resulting in the stegotext. For example, the letter size, spacing, typeface, or other characteristics of a cover text can be manipulated to carry the hidden message. Only a recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon developed Bacon's cipher as such a technique.

The ciphertext produced by most digital steganography methods, however, is not printable. Traditional digital methods rely on perturbing noise in the channel file to hide the message, and as such, the channel file must be transmitted to the recipient with no additional noise from the transmission. Printing introduces much noise in the ciphertext, generally rendering the message unrecoverable. There are techniques that address this limitation, one notable example being ASCII Art Steganography.[21]

 
Yellow dots from a laser printer

Although not classic steganography, some types of modern color laser printers integrate the model, serial number, and timestamps on each printout for traceability reasons using a dot-matrix code made of small, yellow dots not recognizable to the naked eye — see printer steganography for details.

Network edit

In 2015, a taxonomy of 109 network hiding methods was presented by Steffen Wendzel, Sebastian Zander et al. that summarized core concepts used in network steganography research.[22] The taxonomy was developed further in recent years by several publications and authors and adjusted to new domains, such as CPS steganography.[23][24][25]

In 1977, Kent concisely described the potential for covert channel signaling in general network communication protocols, even if the traffic is encrypted (in a footnote) in "Encryption-Based Protection for Interactive User/Computer Communication," Proceedings of the Fifth Data Communications Symposium, September 1977.

In 1987, Girling first studied covert channels on a local area network (LAN), identified and realised three obvious covert channels (two storage channels and one timing channel), and his research paper entitled “Covert channels in LAN’s” published in IEEE Transactions on Software Engineering, vol. SE-13 of 2, in February 1987.[26]

In 1989, Wolf implemented covert channels in LAN protocols, e.g. using the reserved fields, pad fields, and undefined fields in the TCP/IP protocol.[27]

In 1997, Rowland used the IP identification field, the TCP initial sequence number and acknowledge sequence number fields in TCP/IP headers to build covert channels.[28]

In 2002, Kamran Ahsan made an excellent summary of research on network steganography.[29]

In 2005, Steven J. Murdoch and Stephen Lewis contributed a chapter entitled "Embedding Covert Channels into TCP/IP" in the "Information Hiding" book published by Springer.[30]

All information hiding techniques that may be used to exchange steganograms in telecommunication networks can be classified under the general term of network steganography. This nomenclature was originally introduced by Krzysztof Szczypiorski in 2003.[31] Contrary to typical steganographic methods that use digital media (images, audio and video files) to hide data, network steganography uses communication protocols' control elements and their intrinsic functionality. As a result, such methods can be harder to detect and eliminate.[32]

Typical network steganography methods involve modification of the properties of a single network protocol. Such modification can be applied to the protocol data unit (PDU),[33][34][35] to the time relations between the exchanged PDUs,[36] or both (hybrid methods).[37]

Moreover, it is feasible to utilize the relation between two or more different network protocols to enable secret communication. These applications fall under the term inter-protocol steganography.[38] Alternatively, multiple network protocols can be used simultaneously to transfer hidden information and so-called control protocols can be embedded into steganographic communications to extend their capabilities, e.g. to allow dynamic overlay routing or the switching of utilized hiding methods and network protocols.[39][40]

Network steganography covers a broad spectrum of techniques, which include, among others:

  • Steganophony – the concealment of messages in Voice-over-IP conversations, e.g. the employment of delayed or corrupted packets that would normally be ignored by the receiver (this method is called LACK – Lost Audio Packets Steganography), or, alternatively, hiding information in unused header fields.[41]
  • WLAN Steganography – transmission of steganograms in Wireless Local Area Networks. A practical example of WLAN Steganography is the HICCUPS system (Hidden Communication System for Corrupted Networks)[42]

Additional terminology edit

Further information: Security through obscurity

Discussions of steganography generally use terminology analogous to and consistent with conventional radio and communications technology. However, some terms appear specifically in software and are easily confused. These are the most relevant ones to digital steganographic systems:

The payload is the data covertly communicated. The carrier is the signal, stream, or data file that hides the payload, which differs from the channel, which typically means the type of input, such as a JPEG image. The resulting signal, stream, or data file with the encoded payload is sometimes called the package, stego file, or covert message. The proportion of bytes, samples, or other signal elements modified to encode the payload is called the encoding density and is typically expressed as a number between 0 and 1.

In a set of files, the files that are considered likely to contain a payload are suspects. A suspect identified through some type of statistical analysis can be referred to as a candidate.

Countermeasures and detection edit

Detecting physical steganography requires a careful physical examination, including the use of magnification, developer chemicals, and ultraviolet light. It is a time-consuming process with obvious resource implications, even in countries that employ many people to spy on their fellow nationals. However, it is feasible to screen mail of certain suspected individuals or institutions, such as prisons or prisoner-of-war (POW) camps.

During World War II, prisoner of war camps gave prisoners specially-treated paper that would reveal invisible ink. An article in the 24 June 1948 issue of Paper Trade Journal by the Technical Director of the United States Government Printing Office had Morris S. Kantrowitz describe in general terms the development of this paper. Three prototype papers (Sensicoat, Anilith, and Coatalith) were used to manufacture postcards and stationery provided to German prisoners of war in the US and Canada. If POWs tried to write a hidden message, the special paper rendered it visible. The US granted at least two patents related to the technology, one to Kantrowitz, U.S. Patent 2,515,232, "Water-Detecting paper and Water-Detecting Coating Composition Therefor," patented 18 July 1950, and an earlier one, "Moisture-Sensitive Paper and the Manufacture Thereof," U.S. Patent 2,445,586, patented 20 July 1948. A similar strategy issues prisoners with writing paper ruled with a water-soluble ink that runs in contact with water-based invisible ink.

In computing, steganographically encoded package detection is called steganalysis. The simplest method to detect modified files, however, is to compare them to known originals. For example, to detect information being moved through the graphics on a website, an analyst can maintain known clean copies of the materials and then compare them against the current contents of the site. The differences, if the carrier is the same, comprise the payload. In general, using extremely high compression rates makes steganography difficult but not impossible. Compression errors provide a hiding place for data, but high compression reduces the amount of data available to hold the payload, raising the encoding density, which facilitates easier detection (in extreme cases, even by casual observation).

There are a variety of basic tests that can be done to identify whether or not a secret message exists. This process is not concerned with the extraction of the message, which is a different process and a separate step. The most basic approaches of steganalysis are visual or aural attacks, structural attacks, and statistical attacks. These approaches attempt to detect the steganographic algorithms that were used.[43] These algorithms range from unsophisticated to very sophisticated, with early algorithms being much easier to detect due to statistical anomalies that were present. The size of the message that is being hidden is a factor in how difficult it is to detect. The overall size of the cover object also plays a factor as well. If the cover object is small and the message is large, this can distort the statistics and make it easier to detect. A larger cover object with a small message decreases the statistics and gives it a better chance of going unnoticed.

Steganalysis that targets a particular algorithm has much better success as it is able to key in on the anomalies that are left behind. This is because the analysis can perform a targeted search to discover known tendencies since it is aware of the behaviors that it commonly exhibits. When analyzing an image the least significant bits of many images are actually not random. The camera sensor, especially lower-end sensors are not the best quality and can introduce some random bits. This can also be affected by the file compression done on the image. Secret messages can be introduced into the least significant bits in an image and then hidden. A steganography tool can be used to camouflage the secret message in the least significant bits but it can introduce a random area that is too perfect. This area of perfect randomization stands out and can be detected by comparing the least significant bits to the next-to-least significant bits on an image that hasn't been compressed.[43]

Generally, though, there are many techniques known to be able to hide messages in data using steganographic techniques. None are, by definition, obvious when users employ standard applications, but some can be detected by specialist tools. Others, however, are resistant to detection—or rather it is not possible to reliably distinguish data containing a hidden message from data containing just noise—even when the most sophisticated analysis is performed. Steganography is being used to conceal and deliver more effective cyber attacks, referred to as Stegware. The term Stegware was first introduced in 2017[44] to describe any malicious operation involving steganography as a vehicle to conceal an attack. Detection of steganography is challenging, and because of that, not an adequate defence. Therefore, the only way of defeating the threat is to transform data in a way that destroys any hidden messages,[45] a process called Content Threat Removal.

Applications edit

Use in modern printers edit

Main article: Printer steganography

Some modern computer printers use steganography, including Hewlett-Packard and Xerox brand color laser printers. The printers add tiny yellow dots to each page. The barely-visible dots contain encoded printer serial numbers and date and time stamps.[46]

Example from modern practice edit

The larger the cover message (in binary data, the number of bits) relative to the hidden message, the easier it is to hide the hidden message (as an analogy, the larger the "haystack", the easier it is to hide a "needle"). So digital pictures, which contain much data, are sometimes used to hide messages on the Internet and on other digital communication media. It is not clear how common this practice actually is.

For example, a 24-bit bitmap uses 8 bits to represent each of the three color values (red, green, and blue) of each pixel. The blue alone has 28 different levels of blue intensity. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used more or less undetectably for something else other than color information. If that is repeated for the green and the red elements of each pixel as well, it is possible to encode one letter of ASCII text for every three pixels.

Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) because of the injection of the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible. The changes are indistinguishable from the noise floor of the carrier. All media can be a carrier, but media with a large amount of redundant or compressible information is better suited.

From an information theoretical point of view, that means that the channel must have more capacity than the "surface" signal requires. There must be redundancy. For a digital image, it may be noise from the imaging element; for digital audio, it may be noise from recording techniques or amplification equipment. In general, electronics that digitize an analog signal suffer from several noise sources, such as thermal noise, flicker noise, and shot noise. The noise provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data. In addition, lossy compression schemes (such as JPEG) always introduce some error to the decompressed data, and it is possible to exploit that for steganographic use, as well.

Although steganography and digital watermarking seem similar, they are not. In steganography, the hidden message should remain intact until it reaches its destination. Steganography can be used for digital watermarking in which a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified (for example, Coded Anti-Piracy) or even just to identify an image (as in the EURion constellation). In such a case, the technique of hiding the message (here, the watermark) must be robust to prevent tampering. However, digital watermarking sometimes requires a brittle watermark, which can be modified easily, to check whether the image has been tampered with. That is the key difference between steganography and digital watermarking.

Alleged use by intelligence services edit

In 2010, the Federal Bureau of Investigation alleged that the Russian foreign intelligence service uses customized steganography software for embedding encrypted text messages inside image files for certain communications with "illegal agents" (agents without diplomatic cover) stationed abroad.[47]

On 23 April 2019 the U.S. Department of Justice unsealed an indictment charging Xiaoqing Zheng, a Chinese businessman and former Principal Engineer at General Electric, with 14 counts of conspiring to steal intellectual property and trade secrets from General Electric. Zheng had allegedly used steganography to exfiltrate 20,000 documents from General Electric to Tianyi Aviation Technology Co. in Nanjing, China, a company the FBI accused him of starting with backing from the Chinese government.[48]

Distributed steganography edit

There are distributed steganography methods,[49] including methodologies that distribute the payload through multiple carrier files in diverse locations to make detection more difficult. For example, U.S. Patent 8,527,779 by cryptographer William Easttom (Chuck Easttom).

Online challenge edit

The puzzles that are presented by Cicada 3301 incorporate steganography with cryptography and other solving techniques since 2012.[50] Puzzles involving steganography have also been featured in other alternate reality games.

The communications[51][52] of The May Day mystery incorporate steganography and other solving techniques since 1981.[53]

Computer malware edit

Main article: Stegomalware

It is possible to steganographically hide computer malware into digital images, videos, audio and various other files in order to evade detection by antivirus software. This type of malware is called stegomalware. It can be activated by external code, which can be malicious or even non-malicious if some vulnerability in the software reading the file is exploited.[54]

Stegomalware can be removed from certain files without knowing whether they contain stegomalware or not. This is done through content disarm and reconstruction (CDR) software, and it involves reprocessing the entire file or removing parts from it.[55][56] Actually detecting stegomalware in a file can be difficult and may involve testing the file behaviour in virtual environments or deep learning analysis of the file.[54]

Steganalysis edit

Main article: Steganalysis

Stegoanalytical algorithms edit

Stegoanalytical algorithms can be cataloged in different ways, highlighting: according to the available information and according to the purpose sought.

According to the information available edit

There is the possibility of cataloging these algorithms based on the information held by the stegoanalyst in terms of clear and encrypted messages. It is a technique similar to cryptography, however, they have several differences:

  • Chosen stego attack: the stegoanalyst perceives the final target stego and the steganographic algorithm used.
  • Known cover attack: the stegoanalyst comprises the initial conductive target and the final target stego.
  • Known stego attack: the stegoanalyst knows the initial carrier target and the final target stego, in addition to the algorithm used.
  • Stego only attack: the stegoanalyst perceives exclusively the stego target.
  • Chosen message attack: the stegoanalyst, following a message selected by him, originates a stego target.
  • Known message attack: the stegoanalyst owns the stego target and the hidden message, which is known to him.

According to the purpose sought edit

The principal purpose of steganography is to transfer information unnoticed, however, it is possible for an attacker to have two different pretensions:

  • Passive steganalysis: does not alter the target stego, therefore, it examines the target stego in order to establish whether it carries hidden information and recovers the hidden message, the key used or both.
  • Active steganalysis: changes the initial stego target, therefore, it seeks to suppress the transfer of information, if it exists.

See also edit

References edit

  1. ^ "Definition of STEGANOGRAPHY". Merriam-webster.com. Retrieved 14 December 2021.
  2. ^ Fridrich, Jessica; M. Goljan; D. Soukal (2004). Delp Iii, Edward J; Wong, Ping W (eds.). "Searching for the Stego Key" (PDF). Proc. SPIE, Electronic Imaging, Security, Steganography, and Watermarking of Multimedia Contents VI. Security, Steganography, and Watermarking of Multimedia Contents VI. 5306: 70–82. Bibcode:2004SPIE.5306...70F. doi:10.1117/12.521353. S2CID 6773772. Retrieved 23 January 2014.
  3. ^ Pahati, OJ (29 November 2001). . AlterNet. Archived from the original on 16 July 2007. Retrieved 2 September 2008.
  4. ^ Petitcolas, FAP; Anderson RJ; Kuhn MG (1999). "Information Hiding: A survey" (PDF). Proceedings of the IEEE. 87 (7): 1062–78. CiteSeerX 10.1.1.333.9397. doi:10.1109/5.771065. Retrieved 2 September 2008.
  5. ^ "Polygraphiae (cf. p. 71f)" (in German). Digitale Sammlungen. Retrieved 27 May 2015.
  6. ^ a b "The Wartime Spies Who Used Knitting as an Espionage Tool – Atlas Obscura". Pocket. Retrieved 4 March 2020.
  7. ^ Newman, Lily Hay. . Wired. ISSN 1059-1028. Archived from the original on 8 June 2022. Retrieved 9 June 2022.
  8. ^ Social Steganography: how teens smuggle meaning past the authority figures in their lives, Boing Boing, 22 May 2013. Retrieved 7 June 2014.
  9. ^ Social Steganography, Scenario Magazine, 2013.
  10. ^ Cheddad, Abbas; Condell, Joan; Curran, Kevin; Mc Kevitt, Paul (2010). "Digital image steganography: Survey and analysis of current methods". Signal Processing. 90 (3): 727–752. doi:10.1016/j.sigpro.2009.08.010.
  11. ^ . Archived from the original on 6 November 2018. Retrieved 17 September 2019.{{cite web}}: CS1 maint: archived copy as title (link)
  12. ^ Bender, W.; Gruhl, D.; Morimoto, N.; Lu, A. (1996). (PDF). IBM Systems Journal. IBM Corp. 35 (3.4): 313–336. doi:10.1147/sj.353.0313. ISSN 0018-8670. S2CID 16672162. Archived from the original (PDF) on 11 June 2020.
  13. ^ Giannoula, A.; Hatzinakos, D. (2003). "Compressive data hiding for video signals". Proceedings 2003 International Conference on Image Processing (Cat. No.03CH37429). Vol. 1. IEEE. pp. I–529–32. doi:10.1109/icip.2003.1247015. ISBN 0780377508. S2CID 361883.
  14. ^ Dittmann, Jana; Hesse, Danny; Hillert, Reyk (21 March 2005). Delp Iii, Edward J; Wong, Ping W (eds.). "Steganography and steganalysis in voice-over IP scenarios: operational aspects and first experiences with a new steganalysis tool set". Security, Steganography, and Watermarking of Multimedia Contents VII. SPIE. 5681: 607. Bibcode:2005SPIE.5681..607D. doi:10.1117/12.586579. S2CID 206413447.
  15. ^ B. Xiao, Y. Huang, and S. Tang, "An Approach to Information Hiding in Low Bit-Rate Speech Stream", in IEEE GLOBECOM 2008, IEEE, pp. 371–375, 2008. ISBN 978-1-4244-2324-8.
  16. ^ Huang, Yong Feng; Tang, Shanyu; Yuan, Jian (June 2011). "Steganography in Inactive Frames of VoIP Streams Encoded by Source Codec" (PDF). IEEE Transactions on Information Forensics and Security. 6 (2): 296–306. doi:10.1109/tifs.2011.2108649. ISSN 1556-6013. S2CID 15096702.
  17. ^ Huang, Yongfeng; Liu, Chenghao; Tang, Shanyu; Bai, Sen (December 2012). "Steganography Integration Into a Low-Bit Rate Speech Codec" (PDF). IEEE Transactions on Information Forensics and Security. 7 (6): 1865–1875. doi:10.1109/tifs.2012.2218599. ISSN 1556-6013. S2CID 16539562.
  18. ^ Ghosal, Sudipta Kr; Mukhopadhyay, Souradeep; Hossain, Sabbir; Sarkar, Ram (2020). "Application of Lah transform for security and privacy of data through information hiding in telecommunication". Transactions on Emerging Telecommunications Technologies. 32 (2). doi:10.1002/ett.3984. S2CID 225866797.
  19. ^ Wendzel, Steffen; Mazurczyk, Wojciech; Haas, Georg. "Don't You Touch My Nuts: Information Hiding In Cyber Physical Systems Using Smart Buildings". Proceedings of the 2017 IEEE Security & Privacy Workshops. IEEE.
  20. ^ Tuptuk, Nilufer; Hailes, Stephen. "Covert channel attacks in pervasive computing". Proceedings 2015 IEEE International Conference on Pervasive Computing and Communications (PerCom).
  21. ^ Vincent Chu. "ASCII Art Steganography". Pictureworthsthousandwords.appspot.com.
  22. ^ Wendzel, Steffen; Zander, Sebastian; Fechner, Bernhard; Herdin, Christian (16 April 2015). "Pattern-Based Survey and Categorization of Network Covert Channel Techniques". ACM Computing Surveys. 47 (3): 1–26. arXiv:1406.2901. doi:10.1145/2684195. S2CID 14654993.
  23. ^ Mazurczyk, Wojciech; Wendzel, Steffen; Cabaj, Krzysztof (27 August 2018). "Towards Deriving Insights into Data Hiding Methods Using Pattern-based Approach". Proceedings of the 13th International Conference on Availability, Reliability and Security. pp. 1–10. doi:10.1145/3230833.3233261. ISBN 9781450364485. S2CID 51976841.
  24. ^ Hildebrandt, Mario; Altschaffel, Robert; Lamshöft, Kevin; Lange, Matthias; Szemkus, Martin; Neubert, Tom; Vielhauer, Claus; Ding, Yongjian; Dittmann, Jana (2020). "Threat Analysis of Steganographic and Covert Communication in Nuclear I&C Systems". International Conference on Nuclear Security: Sustaining and Strengthening Efforts.
  25. ^ Mileva, Aleksandra; Velinov, Aleksandar; Hartmann, Laura; Wendzel, Steffen; Mazurczyk, Wojciech (May 2021). "Comprehensive analysis of MQTT 5.0 susceptibility to network covert channels". Computers & Security. 104: 102207. doi:10.1016/j.cose.2021.102207. S2CID 232342523.
  26. ^ Girling, C.G. (February 1987). "Covert Channels in LAN's". IEEE Transactions on Software Engineering. SE-13 (2): 292–296. doi:10.1109/tse.1987.233153. ISSN 0098-5589. S2CID 3042941.
  27. ^ M. Wolf, “Covert channels in LAN protocols,” in Proceedings of the Workshop on Local Area Network Security (LANSEC’89) (T.A. Berson and T. Beth, eds.), pp. 91–102, 1989.
  28. ^ Rowland, Craig H. (5 May 1997). "Covert channels in the TCP/IP protocol suite". First Monday. 2 (5). doi:10.5210/fm.v2i5.528. ISSN 1396-0466.
  29. ^ Kamran Ahsan, “Covert Channel Analysis and Data Hiding in TCP/IP,” MSc Thesis, University of Toronto, 2002.
  30. ^ Murdoch, Steven J.; Lewis, Stephen (2005), "Embedding Covert Channels into TCP/IP", Information Hiding, Springer Berlin Heidelberg, pp. 247–261, doi:10.1007/11558859_19, ISBN 9783540290391
  31. ^ Krzysztof Szczypiorski (4 November 2003). "Steganography in TCP/IP Networks. State of the Art and a Proposal of a New System – HICCUPS" (PDF). Institute of Telecommunications Seminar. Retrieved 17 June 2010.
  32. ^ Patrick Philippe Meier (5 June 2009). "Steganography 2.0: Digital Resistance against Repressive Regimes". irevolution.wordpress.com. Retrieved 17 June 2010.
  33. ^ Craig Rowland (May 1997). . First Monday Journal. Archived from the original on 26 January 2013. Retrieved 16 June 2010.
  34. ^ Steven J. Murdoch & Stephen Lewis (2005). "Embedding Covert Channels into TCP/IP" (PDF). Information Hiding Workshop. Retrieved 16 June 2010.
  35. ^ Kamran Ahsan & Deepa Kundur (December 2002). (PDF). ACM Wksp. Multimedia Security. Archived from the original (PDF) on 29 October 2012. Retrieved 16 June 2010.
  36. ^ Kundur D. & Ahsan K. (April 2003). (PDF). Texas Wksp. Security of Information Systems. Archived from the original (PDF) on 29 October 2012. Retrieved 16 June 2010.
  37. ^ Wojciech Mazurczyk & Krzysztof Szczypiorski (November 2008). "Steganography of VoIP Streams". On the Move to Meaningful Internet Systems: OTM 2008. Lecture Notes in Computer Science. Vol. 5332. pp. 1001–1018. arXiv:0805.2938. doi:10.1007/978-3-540-88873-4_6. ISBN 978-3-540-88872-7. S2CID 14336157.
  38. ^ Bartosz Jankowski; Wojciech Mazurczyk & Krzysztof Szczypiorski (11 May 2010). "Information Hiding Using Improper Frame Padding". arXiv:1005.1925 [cs.CR].
  39. ^ Wendzel, Steffen; Keller, Joerg (20 October 2011). "Low-Attention Forwarding for Mobile Network Covert Channels". Communications and Multimedia Security. Lecture Notes in Computer Science. Vol. 7025. pp. 122–133. doi:10.1007/978-3-642-24712-5_10. ISBN 978-3-642-24711-8. Retrieved 4 September 2016.
  40. ^ Mazurczyk, Wojciech; Wendzel, Steffen; Zander, Sebastian; Houmansadr, Amir; Szczypiorski, Krzysztof (2016). Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications (1 ed.). Wiley-IEEE. ISBN 978-1-118-86169-1.
  41. ^ Józef Lubacz; Wojciech Mazurczyk; Krzysztof Szczypiorski (February 2010). "Vice Over IP: The VoIP Steganography Threat". IEEE Spectrum. Retrieved 11 February 2010.
  42. ^ Krzysztof Szczypiorski (October 2003). "HICCUPS: Hidden Communication System for Corrupted Networks" (PDF). In Proc. of: The Tenth International Multi-Conference on Advanced Computer Systems ACS'2003, pp. 31–40. Retrieved 11 February 2010.
  43. ^ a b Wayner, Peter (2009). Disappearing Cryptography: Information Hiding: Steganography & Watermarking, Morgan Kaufmann Publishers, Amsterdam; Boston[ISBN missing]
  44. ^ Lancioni, German (16 October 2017). "What's Hidden in That Picture Online? Seeing Through "Stegware"". McAfee.
  45. ^ Wiseman, Simon (2017). "Defenders Guide to Steganography". doi:10.13140/RG.2.2.21608.98561. {{cite journal}}: Cite journal requires |journal= (help)
  46. ^ "Secret Code in Color Printers Lets Government Track You; Tiny Dots Show Where and When You Made Your Print". Electronic Frontier Foundation. 16 October 2005.
  47. ^ "Criminal complaint by Special Agent Ricci against alleged Russian agents" (PDF). United States Department of Justice.
  48. ^ "GE Engineer Charged in Elaborate Theft of Trade Secrets". Twinstate Technologies.
  49. ^ Liao, Xin; Wen, Qiao-yan; Shi, Sha (2011). "Distributed Steganography". 2011 Seventh International Conference on Intelligent Information Hiding and Multimedia Signal Processing. IEEE. pp. 153–156. doi:10.1109/IIHMSP.2011.20. ISBN 978-1-4577-1397-2. S2CID 17769131.
  50. ^ Jane Wakefield (9 January 2014). "Cicada 3301: The darknet treasure trail reopens". BBC News. Retrieved 11 January 2014.
  51. ^ "The texts". Maydaymystery.org. Retrieved 23 November 2017.
  52. ^ "Recent things". Maydaymystery.org. Retrieved 23 November 2017.
  53. ^ "The Mystery". Maydaymystery.org. Retrieved 23 November 2017.
  54. ^ a b Chaganti, Raj; R, Vinayakumar; Alazab, Mamoun; Pham, Tuan (12 October 2021). "Stegomalware: A Systematic Survey of Malware Hiding and Detection in Images, Machine Learning Models and Research Challenges". doi:10.36227/techrxiv.16755457.v1. {{cite journal}}: Cite journal requires |journal= (help)
  55. ^ Votiro (30 November 2021). "Finding a Content Disarm & Reconstruction (CDR) Vendor". Votiro. Retrieved 11 January 2023.
  56. ^ "Content Disarm and Reconstruct – SecureIQLab". 12 April 2022. Retrieved 11 January 2023.

Sources edit

  • Wayner, Peter (2002). Disappearing cryptography: information hiding: steganography & watermarking. Amsterdam: MK/Morgan Kaufmann Publishers. ISBN 978-1-558-60769-9.
  • Wayner, Peter (2009). Disappearing cryptography 3rd Edition: information hiding: steganography & watermarking. Amsterdam: MK/Morgan Kaufmann Publishers. ISBN 978-0-123-74479-1.
  • Petitcolas, Fabien A.P.; Katzenbeisser, Stefan (2000). Information Hiding Techniques for Steganography and Digital Watermarking. Artech House Publishers. ISBN 978-1-580-53035-4.
  • Johnson, Neil; Duric, Zoran; Jajodia, Sushil (2001). Information hiding: steganography and watermarking: attacks and countermeasures. Springer. ISBN 978-0-792-37204-2.
  • Petitcolas, Fabien A.P.; Katzenbeisser, Stefan (2016). Information Hiding. Artech House Publishers. ISBN 978-1608079285.

External links edit

 
Wikimedia Commons has media related to Steganography.
  • An overview of digital steganography, particularly within images, for the computationally curious by Chris League, Long Island University, 2015
  • Steganography at Curlie
  • Examples showing images hidden in other images
  • Information Hiding: Steganography & Digital Watermarking. Papers and information about steganography and steganalysis research from 1995 to the present. Includes Steganography Software Wiki list. Dr. Neil F. Johnson.
  • Detecting Steganographic Content on the Internet. 2002 paper by Niels Provos and Peter Honeyman published in Proceedings of the Network and Distributed System Security Symposium (San Diego, CA, 6–8 February 2002). NDSS 2002. Internet Society, Washington, D.C.
  • Covert Channels in the TCP/IP Suite 23 October 2012 at the Wayback Machine – 1996 paper by Craig Rowland detailing the hiding of data in TCP/IP packets.
  • Network Steganography Centre Tutorials 16 December 2017 at the Wayback Machine. How-to articles on the subject of network steganography (Wireless LANs, VoIP – Steganophony, TCP/IP protocols and mechanisms, Steganographic Router, Inter-protocol steganography). By Krzysztof Szczypiorski and Wojciech Mazurczyk from Network Security Group.
  • Invitation to BPCS-Steganography.
  • Steganography by Michael T. Raggo, DefCon 12 (1 August 2004)
  • File Format Extension Through Steganography by Blake W. Ford and Khosrow Kaikhah
  • 2006 paper by Konakhovich G. F., Puzyrenko A. Yu. published in MK-Press Kyiv, Ukraine
  • stegano a Free and Open Source steganography web service.

December 18, 2023
steganography, process, writing, shorthand, stenography, prefix, stego, used, taxonomy, list, commonly, used, taxonomic, affixes, steg, practice, representing, information, within, another, message, physical, object, such, manner, that, presence, information, . For the process of writing in shorthand see Stenography For the prefix Stego as used in taxonomy see List of commonly used taxonomic affixes Steganography ˌ s t ɛ ɡ e ˈ n ɒ ɡ r e f i STEG e NOG re fee is the practice of representing information within another message or physical object in such a manner that the presence of the information is not evident to human inspection In computing electronic contexts a computer file message image or video is concealed within another file message image or video The word steganography comes from Greek steganographia which combines the words steganos steganos meaning covered or concealed and graphia grafh meaning writing 1 The same image viewed by white blue green and red lights reveals different hidden numbers The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia a treatise on cryptography and steganography disguised as a book on magic Generally the hidden messages appear to be or to be part of something else images articles shopping lists or some other cover text For example the hidden message may be in invisible ink between the visible lines of a private letter Some implementations of steganography that lack a formal shared secret are forms of security through obscurity while key dependent steganographic schemes try to adhere to Kerckhoffs s principle 2 The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny Plainly visible encrypted messages no matter how unbreakable they are arouse interest and may in themselves be incriminating in countries in which encryption is illegal 3 Whereas cryptography is the practice of protecting the contents of a message alone steganography is concerned with concealing both the fact that a secret message is being sent and its contents Steganography includes the concealment of information within computer files In digital steganography electronic communications may include steganographic coding inside of a transport layer such as a document file image file program or protocol Media files are ideal for steganographic transmission because of their large size For example a sender might start with an innocuous image file and adjust the color of every hundredth pixel to correspond to a letter in the alphabet The change is so subtle that someone who is not specifically looking for it is unlikely to notice the change Contents 1 History 2 Techniques 2 1 Physical 2 1 1 Social steganography 2 2 Digital messages 2 3 Steganography in streaming media 2 4 Cyber physical systems Internet of Things 2 5 Printed 2 6 Network 3 Additional terminology 4 Countermeasures and detection 5 Applications 5 1 Use in modern printers 5 2 Example from modern practice 5 3 Alleged use by intelligence services 5 4 Distributed steganography 5 5 Online challenge 5 6 Computer malware 6 Steganalysis 6 1 Stegoanalytical algorithms 6 1 1 According to the information available 6 1 2 According to the purpose sought 7 See also 8 References 9 Sources 10 External linksHistory edit nbsp A chart from Johannes Trithemius s Steganographia copied by Dr John Dee in 1591The first recorded uses of steganography can be traced back to 440 BC in Greece when Herodotus mentions two examples in his Histories 4 Histiaeus sent a message to his vassal Aristagoras by shaving the head of his most trusted servant marking the message onto his scalp then sending him on his way once his hair had regrown with the instruction When thou art come to Miletus bid Aristagoras shave thy head and look thereon Additionally Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface Wax tablets were in common use then as reusable writing surfaces sometimes used for shorthand In his work Polygraphiae Johannes Trithemius developed his so called Ave Maria Cipher that can hide information in a Latin praise of God Auctor Sapientissimus Conseruans Angelica Deferat Nobis Charitas Potentissimi Creatoris for example contains the concealed word VICIPEDIA 5 Techniques editMain article List of steganography techniques nbsp Deciphering the code SteganographiaNumerous techniques throughout history have been developed to embed a message within another medium Physical edit Placing the message in a physical item has been widely used for centuries 6 Some notable examples include invisible ink on paper writing a message in Morse code on yarn warn by a courier 6 microdots and even the pitches of musical notes in sheet music 7 Social steganography edit In communities with social or government taboos or censorship people use cultural steganography hiding messages in idiom pop culture references and other messages they share publicly and assume are monitored This relies on social context to make the underlying messages visible only to certain readers 8 9 Examples include Hiding a message in the title and context of a shared video or image Misspelling names or words that are popular in the media in a given week to suggest an alternate meaning Hiding a picture that can be traced by using Paint or any other drawing tool citation needed Digital messages edit nbsp Image of a tree with a steganographically hidden image The hidden image is revealed by removing all but the two least significant bits of each color component and a subsequent normalization The hidden image is shown below nbsp Image of a cat extracted from the tree image above Since the dawn of computers techniques have been developed to embed messages in digital cover mediums The message to conceal is often encrypted then used to overwrite part of a much larger block of encrypted data or a block of random data an unbreakable cipher like the one time pad generates ciphertexts that look perfectly random without the private key Examples of this include changing pixels in image or sound files 10 properties of digital text such as spacing and font choice Chaffing and winnowing Mimic functions modifying the echo of a sound file Echo Steganography 11 and including data in ignored sections of a file 12 Images hidden in sound files nbsp 1 The word Wikipedia is drawn using computer software source source source 2 The image is converted into an audio file nbsp 3 Finally the audio is analysed through a spectrogram revealing the initial image nbsp Spectrogram of a hidden image encoded as sound in the song My Violent Heart by Nine Inch Nails from the Year Zero album 2007 Steganography in streaming media edit Since the era of evolving network applications steganography research has shifted from image steganography to steganography in streaming media such as Voice over Internet Protocol VoIP In 2003 Giannoula et al developed a data hiding technique leading to compressed forms of source video signals on a frame by frame basis 13 In 2005 Dittmann et al studied steganography and watermarking of multimedia contents such as VoIP 14 In 2008 Yongfeng Huang and Shanyu Tang presented a novel approach to information hiding in low bit rate VoIP speech stream and their published work on steganography is the first ever effort to improve the codebook partition by using Graph theory along with Quantization Index Modulation in low bit rate streaming media 15 In 2011 and 2012 Yongfeng Huang and Shanyu Tang devised new steganographic algorithms that use codec parameters as cover object to realise real time covert VoIP steganography Their findings were published in IEEE Transactions on Information Forensics and Security 16 17 18 Cyber physical systems Internet of Things edit Academic work since 2012 demonstrated the feasibility of steganography for cyber physical systems CPS the Internet of Things IoT Some techniques of CPS IoT steganography overlap with network steganography i e hiding data in communication protocols used in CPS the IoT However specific techniques hide data in CPS components For instance data can be stored in unused registers of IoT CPS components and in the states of IoT CPS actuators 19 20 Printed edit Digital steganography output may be in the form of printed documents A message the plaintext may be first encrypted by traditional means producing a ciphertext Then an innocuous cover text is modified in some way so as to contain the ciphertext resulting in the stegotext For example the letter size spacing typeface or other characteristics of a cover text can be manipulated to carry the hidden message Only a recipient who knows the technique used can recover the message and then decrypt it Francis Bacon developed Bacon s cipher as such a technique The ciphertext produced by most digital steganography methods however is not printable Traditional digital methods rely on perturbing noise in the channel file to hide the message and as such the channel file must be transmitted to the recipient with no additional noise from the transmission Printing introduces much noise in the ciphertext generally rendering the message unrecoverable There are techniques that address this limitation one notable example being ASCII Art Steganography 21 nbsp Yellow dots from a laser printerAlthough not classic steganography some types of modern color laser printers integrate the model serial number and timestamps on each printout for traceability reasons using a dot matrix code made of small yellow dots not recognizable to the naked eye see printer steganography for details Network edit In 2015 a taxonomy of 109 network hiding methods was presented by Steffen Wendzel Sebastian Zander et al that summarized core concepts used in network steganography research 22 The taxonomy was developed further in recent years by several publications and authors and adjusted to new domains such as CPS steganography 23 24 25 In 1977 Kent concisely described the potential for covert channel signaling in general network communication protocols even if the traffic is encrypted in a footnote in Encryption Based Protection for Interactive User Computer Communication Proceedings of the Fifth Data Communications Symposium September 1977 In 1987 Girling first studied covert channels on a local area network LAN identified and realised three obvious covert channels two storage channels and one timing channel and his research paper entitled Covert channels in LAN s published in IEEE Transactions on Software Engineering vol SE 13 of 2 in February 1987 26 In 1989 Wolf implemented covert channels in LAN protocols e g using the reserved fields pad fields and undefined fields in the TCP IP protocol 27 In 1997 Rowland used the IP identification field the TCP initial sequence number and acknowledge sequence number fields in TCP IP headers to build covert channels 28 In 2002 Kamran Ahsan made an excellent summary of research on network steganography 29 In 2005 Steven J Murdoch and Stephen Lewis contributed a chapter entitled Embedding Covert Channels into TCP IP in the Information Hiding book published by Springer 30 All information hiding techniques that may be used to exchange steganograms in telecommunication networks can be classified under the general term of network steganography This nomenclature was originally introduced by Krzysztof Szczypiorski in 2003 31 Contrary to typical steganographic methods that use digital media images audio and video files to hide data network steganography uses communication protocols control elements and their intrinsic functionality As a result such methods can be harder to detect and eliminate 32 Typical network steganography methods involve modification of the properties of a single network protocol Such modification can be applied to the protocol data unit PDU 33 34 35 to the time relations between the exchanged PDUs 36 or both hybrid methods 37 Moreover it is feasible to utilize the relation between two or more different network protocols to enable secret communication These applications fall under the term inter protocol steganography 38 Alternatively multiple network protocols can be used simultaneously to transfer hidden information and so called control protocols can be embedded into steganographic communications to extend their capabilities e g to allow dynamic overlay routing or the switching of utilized hiding methods and network protocols 39 40 Network steganography covers a broad spectrum of techniques which include among others Steganophony the concealment of messages in Voice over IP conversations e g the employment of delayed or corrupted packets that would normally be ignored by the receiver this method is called LACK Lost Audio Packets Steganography or alternatively hiding information in unused header fields 41 WLAN Steganography transmission of steganograms in Wireless Local Area Networks A practical example of WLAN Steganography is the HICCUPS system Hidden Communication System for Corrupted Networks 42 Additional terminology editFurther information Security through obscurity Discussions of steganography generally use terminology analogous to and consistent with conventional radio and communications technology However some terms appear specifically in software and are easily confused These are the most relevant ones to digital steganographic systems The payload is the data covertly communicated The carrier is the signal stream or data file that hides the payload which differs from the channel which typically means the type of input such as a JPEG image The resulting signal stream or data file with the encoded payload is sometimes called the package stego file or covert message The proportion of bytes samples or other signal elements modified to encode the payload is called the encoding density and is typically expressed as a number between 0 and 1 In a set of files the files that are considered likely to contain a payload are suspects A suspect identified through some type of statistical analysis can be referred to as a candidate Countermeasures and detection editDetecting physical steganography requires a careful physical examination including the use of magnification developer chemicals and ultraviolet light It is a time consuming process with obvious resource implications even in countries that employ many people to spy on their fellow nationals However it is feasible to screen mail of certain suspected individuals or institutions such as prisons or prisoner of war POW camps During World War II prisoner of war camps gave prisoners specially treated paper that would reveal invisible ink An article in the 24 June 1948 issue of Paper Trade Journal by the Technical Director of the United States Government Printing Office had Morris S Kantrowitz describe in general terms the development of this paper Three prototype papers Sensicoat Anilith and Coatalith were used to manufacture postcards and stationery provided to German prisoners of war in the US and Canada If POWs tried to write a hidden message the special paper rendered it visible The US granted at least two patents related to the technology one to Kantrowitz U S Patent 2 515 232 Water Detecting paper and Water Detecting Coating Composition Therefor patented 18 July 1950 and an earlier one Moisture Sensitive Paper and the Manufacture Thereof U S Patent 2 445 586 patented 20 July 1948 A similar strategy issues prisoners with writing paper ruled with a water soluble ink that runs in contact with water based invisible ink In computing steganographically encoded package detection is called steganalysis The simplest method to detect modified files however is to compare them to known originals For example to detect information being moved through the graphics on a website an analyst can maintain known clean copies of the materials and then compare them against the current contents of the site The differences if the carrier is the same comprise the payload In general using extremely high compression rates makes steganography difficult but not impossible Compression errors provide a hiding place for data but high compression reduces the amount of data available to hold the payload raising the encoding density which facilitates easier detection in extreme cases even by casual observation There are a variety of basic tests that can be done to identify whether or not a secret message exists This process is not concerned with the extraction of the message which is a different process and a separate step The most basic approaches of steganalysis are visual or aural attacks structural attacks and statistical attacks These approaches attempt to detect the steganographic algorithms that were used 43 These algorithms range from unsophisticated to very sophisticated with early algorithms being much easier to detect due to statistical anomalies that were present The size of the message that is being hidden is a factor in how difficult it is to detect The overall size of the cover object also plays a factor as well If the cover object is small and the message is large this can distort the statistics and make it easier to detect A larger cover object with a small message decreases the statistics and gives it a better chance of going unnoticed Steganalysis that targets a particular algorithm has much better success as it is able to key in on the anomalies that are left behind This is because the analysis can perform a targeted search to discover known tendencies since it is aware of the behaviors that it commonly exhibits When analyzing an image the least significant bits of many images are actually not random The camera sensor especially lower end sensors are not the best quality and can introduce some random bits This can also be affected by the file compression done on the image Secret messages can be introduced into the least significant bits in an image and then hidden A steganography tool can be used to camouflage the secret message in the least significant bits but it can introduce a random area that is too perfect This area of perfect randomization stands out and can be detected by comparing the least significant bits to the next to least significant bits on an image that hasn t been compressed 43 Generally though there are many techniques known to be able to hide messages in data using steganographic techniques None are by definition obvious when users employ standard applications but some can be detected by specialist tools Others however are resistant to detection or rather it is not possible to reliably distinguish data containing a hidden message from data containing just noise even when the most sophisticated analysis is performed Steganography is being used to conceal and deliver more effective cyber attacks referred to as Stegware The term Stegware was first introduced in 2017 44 to describe any malicious operation involving steganography as a vehicle to conceal an attack Detection of steganography is challenging and because of that not an adequate defence Therefore the only way of defeating the threat is to transform data in a way that destroys any hidden messages 45 a process called Content Threat Removal Applications editUse in modern printers edit Main article Printer steganography Some modern computer printers use steganography including Hewlett Packard and Xerox brand color laser printers The printers add tiny yellow dots to each page The barely visible dots contain encoded printer serial numbers and date and time stamps 46 Example from modern practice edit The larger the cover message in binary data the number of bits relative to the hidden message the easier it is to hide the hidden message as an analogy the larger the haystack the easier it is to hide a needle So digital pictures which contain much data are sometimes used to hide messages on the Internet and on other digital communication media It is not clear how common this practice actually is For example a 24 bit bitmap uses 8 bits to represent each of the three color values red green and blue of each pixel The blue alone has 28 different levels of blue intensity The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye Therefore the least significant bit can be used more or less undetectably for something else other than color information If that is repeated for the green and the red elements of each pixel as well it is possible to encode one letter of ASCII text for every three pixels Stated somewhat more formally the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier the original signal because of the injection of the payload the signal to covertly embed are visually and ideally statistically negligible The changes are indistinguishable from the noise floor of the carrier All media can be a carrier but media with a large amount of redundant or compressible information is better suited From an information theoretical point of view that means that the channel must have more capacity than the surface signal requires There must be redundancy For a digital image it may be noise from the imaging element for digital audio it may be noise from recording techniques or amplification equipment In general electronics that digitize an analog signal suffer from several noise sources such as thermal noise flicker noise and shot noise The noise provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data In addition lossy compression schemes such as JPEG always introduce some error to the decompressed data and it is possible to exploit that for steganographic use as well Although steganography and digital watermarking seem similar they are not In steganography the hidden message should remain intact until it reaches its destination Steganography can be used for digital watermarking in which a message being simply an identifier is hidden in an image so that its source can be tracked or verified for example Coded Anti Piracy or even just to identify an image as in the EURion constellation In such a case the technique of hiding the message here the watermark must be robust to prevent tampering However digital watermarking sometimes requires a brittle watermark which can be modified easily to check whether the image has been tampered with That is the key difference between steganography and digital watermarking Alleged use by intelligence services edit In 2010 the Federal Bureau of Investigation alleged that the Russian foreign intelligence service uses customized steganography software for embedding encrypted text messages inside image files for certain communications with illegal agents agents without diplomatic cover stationed abroad 47 On 23 April 2019 the U S Department of Justice unsealed an indictment charging Xiaoqing Zheng a Chinese businessman and former Principal Engineer at General Electric with 14 counts of conspiring to steal intellectual property and trade secrets from General Electric Zheng had allegedly used steganography to exfiltrate 20 000 documents from General Electric to Tianyi Aviation Technology Co in Nanjing China a company the FBI accused him of starting with backing from the Chinese government 48 Distributed steganography edit There are distributed steganography methods 49 including methodologies that distribute the payload through multiple carrier files in diverse locations to make detection more difficult For example U S Patent 8 527 779 by cryptographer William Easttom Chuck Easttom Online challenge edit The puzzles that are presented by Cicada 3301 incorporate steganography with cryptography and other solving techniques since 2012 50 Puzzles involving steganography have also been featured in other alternate reality games The communications 51 52 of The May Day mystery incorporate steganography and other solving techniques since 1981 53 Computer malware edit Main article Stegomalware It is possible to steganographically hide computer malware into digital images videos audio and various other files in order to evade detection by antivirus software This type of malware is called stegomalware It can be activated by external code which can be malicious or even non malicious if some vulnerability in the software reading the file is exploited 54 Stegomalware can be removed from certain files without knowing whether they contain stegomalware or not This is done through content disarm and reconstruction CDR software and it involves reprocessing the entire file or removing parts from it 55 56 Actually detecting stegomalware in a file can be difficult and may involve testing the file behaviour in virtual environments or deep learning analysis of the file 54 Steganalysis editMain article Steganalysis Stegoanalytical algorithms edit Stegoanalytical algorithms can be cataloged in different ways highlighting according to the available information and according to the purpose sought According to the information available edit There is the possibility of cataloging these algorithms based on the information held by the stegoanalyst in terms of clear and encrypted messages It is a technique similar to cryptography however they have several differences Chosen stego attack the stegoanalyst perceives the final target stego and the steganographic algorithm used Known cover attack the stegoanalyst comprises the initial conductive target and the final target stego Known stego attack the stegoanalyst knows the initial carrier target and the final target stego in addition to the algorithm used Stego only attack the stegoanalyst perceives exclusively the stego target Chosen message attack the stegoanalyst following a message selected by him originates a stego target Known message attack the stegoanalyst owns the stego target and the hidden message which is known to him According to the purpose sought edit The principal purpose of steganography is to transfer information unnoticed however it is possible for an attacker to have two different pretensions Passive steganalysis does not alter the target stego therefore it examines the target stego in order to establish whether it carries hidden information and recovers the hidden message the key used or both Active steganalysis changes the initial stego target therefore it seeks to suppress the transfer of information if it exists See also edit40 track mode Method for hiding data on a floppy disk Acrostic Text formed from parts of another text BPCS Steganography computer message obfuscation technologyPages displaying wikidata descriptions as a fallback Camera Shy Canary trap Method for exposing an information leak Warrant canary Method of indirect notification of a subpoena Covert channel Computer security attack Cryptography Practice and study of secure communication techniques Deniable encryption Encryption techniques where an adversary cannot prove that the plaintext data exists Digital watermarking Marker covertly embedded in a signal Invisible ink Substance used for writing which is invisible and can later be made visible Polybius square Type of code Security engineering Process of incorporating security controls into an information system Semiotics Study of signs and sign processes Steganographic file system Steganography tools Software for embedding hidden data inside a carrier file Audio watermark Electronic identifier embedded in an audio signal Visual cryptography Security printing Field of the printing industry for banknotes and other security productsReferences edit Definition of STEGANOGRAPHY Merriam webster com Retrieved 14 December 2021 Fridrich Jessica M Goljan D Soukal 2004 Delp Iii Edward J Wong Ping W eds Searching for the Stego Key PDF Proc SPIE Electronic Imaging Security Steganography and Watermarking of Multimedia Contents VI Security Steganography and Watermarking of Multimedia Contents VI 5306 70 82 Bibcode 2004SPIE 5306 70F doi 10 1117 12 521353 S2CID 6773772 Retrieved 23 January 2014 Pahati OJ 29 November 2001 Confounding Carnivore How to Protect Your Online Privacy AlterNet Archived from the original on 16 July 2007 Retrieved 2 September 2008 Petitcolas FAP Anderson RJ Kuhn MG 1999 Information Hiding A survey PDF Proceedings of the IEEE 87 7 1062 78 CiteSeerX 10 1 1 333 9397 doi 10 1109 5 771065 Retrieved 2 September 2008 Polygraphiae cf p 71f in German Digitale Sammlungen Retrieved 27 May 2015 a b The Wartime Spies Who Used Knitting as an Espionage Tool Atlas Obscura Pocket Retrieved 4 March 2020 Newman Lily Hay How a Saxophonist Tricked the KGB by Encrypting Secrets in Music Wired ISSN 1059 1028 Archived from the original on 8 June 2022 Retrieved 9 June 2022 Social Steganography how teens smuggle meaning past the authority figures in their lives Boing Boing 22 May 2013 Retrieved 7 June 2014 Social Steganography Scenario Magazine 2013 Cheddad Abbas Condell Joan Curran Kevin Mc Kevitt Paul 2010 Digital image steganography Survey and analysis of current methods Signal Processing 90 3 727 752 doi 10 1016 j sigpro 2009 08 010 Archived copy Archived from the original on 6 November 2018 Retrieved 17 September 2019 a href Template Cite web html title Template Cite web cite web a CS1 maint archived copy as title link Bender W Gruhl D Morimoto N Lu A 1996 Techniques for data hiding PDF IBM Systems Journal IBM Corp 35 3 4 313 336 doi 10 1147 sj 353 0313 ISSN 0018 8670 S2CID 16672162 Archived from the original PDF on 11 June 2020 Giannoula A Hatzinakos D 2003 Compressive data hiding for video signals Proceedings 2003 International Conference on Image Processing Cat No 03CH37429 Vol 1 IEEE pp I 529 32 doi 10 1109 icip 2003 1247015 ISBN 0780377508 S2CID 361883 Dittmann Jana Hesse Danny Hillert Reyk 21 March 2005 Delp Iii Edward J Wong Ping W eds Steganography and steganalysis in voice over IP scenarios operational aspects and first experiences with a new steganalysis tool set Security Steganography and Watermarking of Multimedia Contents VII SPIE 5681 607 Bibcode 2005SPIE 5681 607D doi 10 1117 12 586579 S2CID 206413447 B Xiao Y Huang and S Tang An Approach to Information Hiding in Low Bit Rate Speech Stream in IEEE GLOBECOM 2008 IEEE pp 371 375 2008 ISBN 978 1 4244 2324 8 Huang Yong Feng Tang Shanyu Yuan Jian June 2011 Steganography in Inactive Frames of VoIP Streams Encoded by Source Codec PDF IEEE Transactions on Information Forensics and Security 6 2 296 306 doi 10 1109 tifs 2011 2108649 ISSN 1556 6013 S2CID 15096702 Huang Yongfeng Liu Chenghao Tang Shanyu Bai Sen December 2012 Steganography Integration Into a Low Bit Rate Speech Codec PDF IEEE Transactions on Information Forensics and Security 7 6 1865 1875 doi 10 1109 tifs 2012 2218599 ISSN 1556 6013 S2CID 16539562 Ghosal Sudipta Kr Mukhopadhyay Souradeep Hossain Sabbir Sarkar Ram 2020 Application of Lah transform for security and privacy of data through information hiding in telecommunication Transactions on Emerging Telecommunications Technologies 32 2 doi 10 1002 ett 3984 S2CID 225866797 Wendzel Steffen Mazurczyk Wojciech Haas Georg Don t You Touch My Nuts Information Hiding In Cyber Physical Systems Using Smart Buildings Proceedings of the 2017 IEEE Security amp Privacy Workshops IEEE Tuptuk Nilufer Hailes Stephen Covert channel attacks in pervasive computing Proceedings 2015 IEEE International Conference on Pervasive Computing and Communications PerCom Vincent Chu ASCII Art Steganography Pictureworthsthousandwords appspot com Wendzel Steffen Zander Sebastian Fechner Bernhard Herdin Christian 16 April 2015 Pattern Based Survey and Categorization of Network Covert Channel Techniques ACM Computing Surveys 47 3 1 26 arXiv 1406 2901 doi 10 1145 2684195 S2CID 14654993 Mazurczyk Wojciech Wendzel Steffen Cabaj Krzysztof 27 August 2018 Towards Deriving Insights into Data Hiding Methods Using Pattern based Approach Proceedings of the 13th International Conference on Availability Reliability and Security pp 1 10 doi 10 1145 3230833 3233261 ISBN 9781450364485 S2CID 51976841 Hildebrandt Mario Altschaffel Robert Lamshoft Kevin Lange Matthias Szemkus Martin Neubert Tom Vielhauer Claus Ding Yongjian Dittmann Jana 2020 Threat Analysis of Steganographic and Covert Communication in Nuclear I amp C Systems International Conference on Nuclear Security Sustaining and Strengthening Efforts Mileva Aleksandra Velinov Aleksandar Hartmann Laura Wendzel Steffen Mazurczyk Wojciech May 2021 Comprehensive analysis of MQTT 5 0 susceptibility to network covert channels Computers amp Security 104 102207 doi 10 1016 j cose 2021 102207 S2CID 232342523 Girling C G February 1987 Covert Channels in LAN s IEEE Transactions on Software Engineering SE 13 2 292 296 doi 10 1109 tse 1987 233153 ISSN 0098 5589 S2CID 3042941 M Wolf Covert channels in LAN protocols in Proceedings of the Workshop on Local Area Network Security LANSEC 89 T A Berson and T Beth eds pp 91 102 1989 Rowland Craig H 5 May 1997 Covert channels in the TCP IP protocol suite First Monday 2 5 doi 10 5210 fm v2i5 528 ISSN 1396 0466 Kamran Ahsan Covert Channel Analysis and Data Hiding in TCP IP MSc Thesis University of Toronto 2002 Murdoch Steven J Lewis Stephen 2005 Embedding Covert Channels into TCP IP Information Hiding Springer Berlin Heidelberg pp 247 261 doi 10 1007 11558859 19 ISBN 9783540290391 Krzysztof Szczypiorski 4 November 2003 Steganography in TCP IP Networks State of the Art and a Proposal of a New System HICCUPS PDF Institute of Telecommunications Seminar Retrieved 17 June 2010 Patrick Philippe Meier 5 June 2009 Steganography 2 0 Digital Resistance against Repressive Regimes irevolution wordpress com Retrieved 17 June 2010 Craig Rowland May 1997 Covert Channels in the TCP IP Suite First Monday Journal Archived from the original on 26 January 2013 Retrieved 16 June 2010 Steven J Murdoch amp Stephen Lewis 2005 Embedding Covert Channels into TCP IP PDF Information Hiding Workshop Retrieved 16 June 2010 Kamran Ahsan amp Deepa Kundur December 2002 Practical Data Hiding in TCP IP PDF ACM Wksp Multimedia Security Archived from the original PDF on 29 October 2012 Retrieved 16 June 2010 Kundur D amp Ahsan K April 2003 Practical Internet Steganography Data Hiding in IP PDF Texas Wksp Security of Information Systems Archived from the original PDF on 29 October 2012 Retrieved 16 June 2010 Wojciech Mazurczyk amp Krzysztof Szczypiorski November 2008 Steganography of VoIP Streams On the Move to Meaningful Internet Systems OTM 2008 Lecture Notes in Computer Science Vol 5332 pp 1001 1018 arXiv 0805 2938 doi 10 1007 978 3 540 88873 4 6 ISBN 978 3 540 88872 7 S2CID 14336157 Bartosz Jankowski Wojciech Mazurczyk amp Krzysztof Szczypiorski 11 May 2010 Information Hiding Using Improper Frame Padding arXiv 1005 1925 cs CR Wendzel Steffen Keller Joerg 20 October 2011 Low Attention Forwarding for Mobile Network Covert Channels Communications and Multimedia Security Lecture Notes in Computer Science Vol 7025 pp 122 133 doi 10 1007 978 3 642 24712 5 10 ISBN 978 3 642 24711 8 Retrieved 4 September 2016 Mazurczyk Wojciech Wendzel Steffen Zander Sebastian Houmansadr Amir Szczypiorski Krzysztof 2016 Information Hiding in Communication Networks Fundamentals Mechanisms and Applications 1 ed Wiley IEEE ISBN 978 1 118 86169 1 Jozef Lubacz Wojciech Mazurczyk Krzysztof Szczypiorski February 2010 Vice Over IP The VoIP Steganography Threat IEEE Spectrum Retrieved 11 February 2010 Krzysztof Szczypiorski October 2003 HICCUPS Hidden Communication System for Corrupted Networks PDF In Proc of The Tenth International Multi Conference on Advanced Computer Systems ACS 2003 pp 31 40 Retrieved 11 February 2010 a b Wayner Peter 2009 Disappearing Cryptography Information Hiding Steganography amp Watermarking Morgan Kaufmann Publishers Amsterdam Boston ISBN missing Lancioni German 16 October 2017 What s Hidden in That Picture Online Seeing Through Stegware McAfee Wiseman Simon 2017 Defenders Guide to Steganography doi 10 13140 RG 2 2 21608 98561 a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help Secret Code in Color Printers Lets Government Track You Tiny Dots Show Where and When You Made Your Print Electronic Frontier Foundation 16 October 2005 Criminal complaint by Special Agent Ricci against alleged Russian agents PDF United States Department of Justice GE Engineer Charged in Elaborate Theft of Trade Secrets Twinstate Technologies Liao Xin Wen Qiao yan Shi Sha 2011 Distributed Steganography 2011 Seventh International Conference on Intelligent Information Hiding and Multimedia Signal Processing IEEE pp 153 156 doi 10 1109 IIHMSP 2011 20 ISBN 978 1 4577 1397 2 S2CID 17769131 Jane Wakefield 9 January 2014 Cicada 3301 The darknet treasure trail reopens BBC News Retrieved 11 January 2014 The texts Maydaymystery org Retrieved 23 November 2017 Recent things Maydaymystery org Retrieved 23 November 2017 The Mystery Maydaymystery org Retrieved 23 November 2017 a b Chaganti Raj R Vinayakumar Alazab Mamoun Pham Tuan 12 October 2021 Stegomalware A Systematic Survey of Malware Hiding and Detection in Images Machine Learning Models and Research Challenges doi 10 36227 techrxiv 16755457 v1 a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help Votiro 30 November 2021 Finding a Content Disarm amp Reconstruction CDR Vendor Votiro Retrieved 11 January 2023 Content Disarm and Reconstruct SecureIQLab 12 April 2022 Retrieved 11 January 2023 Sources editWayner Peter 2002 Disappearing cryptography information hiding steganography amp watermarking Amsterdam MK Morgan Kaufmann Publishers ISBN 978 1 558 60769 9 Wayner Peter 2009 Disappearing cryptography 3rd Edition information hiding steganography amp watermarking Amsterdam MK Morgan Kaufmann Publishers ISBN 978 0 123 74479 1 Petitcolas Fabien A P Katzenbeisser Stefan 2000 Information Hiding Techniques for Steganography and Digital Watermarking Artech House Publishers ISBN 978 1 580 53035 4 Johnson Neil Duric Zoran Jajodia Sushil 2001 Information hiding steganography and watermarking attacks and countermeasures Springer ISBN 978 0 792 37204 2 Petitcolas Fabien A P Katzenbeisser Stefan 2016 Information Hiding Artech House Publishers ISBN 978 1608079285 External links edit nbsp Wikimedia Commons has media related to Steganography An overview of digital steganography particularly within images for the computationally curious by Chris League Long Island University 2015 Steganography at Curlie Examples showing images hidden in other images Information Hiding Steganography amp Digital Watermarking Papers and information about steganography and steganalysis research from 1995 to the present Includes Steganography Software Wiki list Dr Neil F Johnson Detecting Steganographic Content on the Internet 2002 paper by Niels Provos and Peter Honeyman published in Proceedings of the Network and Distributed System Security Symposium San Diego CA 6 8 February 2002 NDSS 2002 Internet Society Washington D C Covert Channels in the TCP IP Suite Archived 23 October 2012 at the Wayback Machine 1996 paper by Craig Rowland detailing the hiding of data in TCP IP packets Network Steganography Centre Tutorials Archived 16 December 2017 at the Wayback Machine How to articles on the subject of network steganography Wireless LANs VoIP Steganophony TCP IP protocols and mechanisms Steganographic Router Inter protocol steganography By Krzysztof Szczypiorski and Wojciech Mazurczyk from Network Security Group Invitation to BPCS Steganography Steganography by Michael T Raggo DefCon 12 1 August 2004 File Format Extension Through Steganography by Blake W Ford and Khosrow Kaikhah Computer steganography Theory and practice with Mathcad Rus 2006 paper by Konakhovich G F Puzyrenko A Yu published in MK Press Kyiv Ukraine stegano a Free and Open Source steganography web service Retrieved from https en wikipedia org w index php title Steganography amp oldid 1189965381, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.