Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Services
Capture
Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

twi-cloud-lock-color-svg
Managed Security Services

Expand your team’s capabilities and strengthen your security posture

twi-briefcase-color-svg
Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

twi-dashboard-color-svg
Penetration Testing

Subscription- or project-based testing, delivered by global experts

twi-database-color-svg
Database Security

Get ahead of database risk, protect data and exceed compliance requirements

twi-email-color-svg
Email Security & Management

Catch email threats others miss with layered security & maximum control

twi-managed-portal-color
Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Steganography... what is that?

When people think about Information Security the first word that generally comes mind is "Hacking", but there are many disciplines in security and one of them is called "Steganography", an offshoot of encryption and "data hiding".

The word "steganography" can be divided in two parts: stegano + graphy. "Stegano" comes from the Greek word "steganos" meaning "covered" and "graphy" which comes from the Greek word "graphein" meaning "writing:". Thus, steganography literally means "covered writing".

Steganography is an ancient art of covering messages in a secret way such that only the sender and receiver know the presence of the message. This allows one party to communicate with another party without the third party being aware that communication is occurring. Usually, the data is concealed inside an innocuous cover so that even if a third party discovers the cover, there are no suspicions about the data hiding inside the cover. If the hidden data is detected by a third party the steganography technique fails.

Steganography and cryptography are cousins in the spy craft family. However, cryptographic and steganographic techniques differ from each other. In cryptography, the original message is scrambled (i.e. its original structure is changed in order to make it meaningless). Thus, when an attacker discovers the message it is still difficult for him to get the original message back. Cryptography does not try to hide the message. In steganography, the message is secretly hidden inside a digital file, so there arises no suspicion to the attacker. Steganography does not attempt to scramble the original message but the intent is the same as in cryptography; to protect the original message. Steganography is sometimes combined with cryptography for added protection.

There is something really important about steganography: There must not be any easily perceived change in the file that is hiding the message.

Basic Steganographic Model

A basic steganographic model is shown in Figure 1. First we need to understand the three blocks in the left of the image:

  • Cover File, 'X': This is the file that we will use for hiding the information.
  • Message, 'M': This is the secret information that we want to hide into 'X'.
  • Stego-Key, 'K': Some steganographic methods need to use specific keys, or data, for hiding and recovering 'M' from 'X'.

Once we have this information, we can apply the steganographic method, 'f(X,M,K)'. The output after applying the method is called "Stego-File", denoted with 'Z'.

For recovering the message, we will apply the inverse process using the same Stego-Key used for hiding the message. It is important to mention that the Cover File is not important after obtaining the secret message, so it does not matter if we cannot recover the data we modified for embedding the Message.

Figure1
Figure 1. Basic Steganographic Model

LSB Method

The Least Significant Bit (LSB) method is a really common and famous steganographic method in which the secret information is hidden in the least significant bits of the image.

There are 2 different LSB steganographic methods: LSB Replacement and LSB Matching.

In LSB Replacement, all we need to do is to change the least significant bit with one bit of the secret message which we want to hide. It is really easy to detect if this method has been used because the algorithm complexity is almost null. In LSB Matching, we will also modify the LSB with one of the bits of the secret message but it uses some probabilistic and statistic operations for spreading the hidden information across the entire the cover file without modifying all the bits that contain part of the secret message.

Characteristics of Steganographic Techniques

In steganography, the message to be hidden inside the cover–media must consider the following features.

  • Hiding Capacity: This feature deals with the size of information that can be hidden inside the cover file. A larger hiding capacity allows use of a small cover and thus reduces the band-width required to transmit the stego–media. For example, if we have an RGB image with a size of 200 x 200 pixels, that means that we have 120,000 color values to be used as cover values for the secret message (200:width x 200:height x 3:R,G,B), then if we use only one bit per color channel for hiding the message we have a hiding capacity of 120,000 bits or 15,000 bytes, if we use 2 bits per color channel for hiding the message we have 30,000 bytes, but if we use only one color channel and one bit per pixel, the hiding capacity will be 40000 bits or 5000 bytes.
  • Perceptual Transparency: Perceptual transparency is an important feature of steganography. Each cover-media has certain information hiding capacity. If more information or data is hidden inside the cover, then it results in degradation of the cover–media. As a result, the stego–media and cover–media will appear to be different. If the attacker notices this distortion, then our steganographic technique fails and there is the possibility that our original message can be extracted or damaged by the attacker. Figure 2 illustrates the Perceptual Transparency concept, it is almost impossible to detect any difference between Figure 1.a and Figure 1.b only by watching them.

Figure2

Figure 2. a) Image without any modification. B) Image after using steganography

  • Robustness: Robustness is the ability of the hidden message to remain undamaged even if the stego–media undergoes transformation, sharpening, linear and non-linear filtering, scaling and blurring, cropping and various other techniques.
  • Tamper–resistance: Of all the features, this feature is very important. This is because, if the attacker is successful in destroying the steganographic technique then the tamper–resistance property makes it difficult for the attacker or pirates to alter or damage the original data.

In the end, any application of strong steganography must ensure that the above features are satisfied, in other words they must ensure better perceptual transparency, robustness and tamper–resistance so that the integrity of the original work is maintained.

I hope that after this small introduction of steganography you can understand a little more about this field. If you have any question about this topic please post a comment below.

Latest SpiderLabs Blogs

Trustwave SpiderLabs Report: LockBit 3.0 Ransomware Vs. the Manufacturing Sector

As the manufacturing sector continues its digital transformation, Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) are becoming...

Read More

Overview of the Cyberwarfare used in Israel – Hamas War

On October 7, 2023, the Palestinian organization Hamas launched the biggest attack on Israel in years, resulting in numerous casualties and hostages taken. Israel responded with a large-scale ground...

Read More

The 2023 Retail Services Sector Threat Landscape: A Trustwave Threat Intelligence Briefing

The annual holiday shopping season is poised for a surge in spending, a fact well-known to retailers, consumers, and cybercriminals alike. The latter group, however, is poised to exploit any...

Read More