Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Steganography... what is that?

When people think about Information Security the first word that generally comes mind is "Hacking", but there are many disciplines in security and one of them is called "Steganography", an offshoot of encryption and "data hiding".

The word "steganography" can be divided in two parts: stegano + graphy. "Stegano" comes from the Greek word "steganos" meaning "covered" and "graphy" which comes from the Greek word "graphein" meaning "writing:". Thus, steganography literally means "covered writing".

Steganography is an ancient art of covering messages in a secret way such that only the sender and receiver know the presence of the message. This allows one party to communicate with another party without the third party being aware that communication is occurring. Usually, the data is concealed inside an innocuous cover so that even if a third party discovers the cover, there are no suspicions about the data hiding inside the cover. If the hidden data is detected by a third party the steganography technique fails.

Steganography and cryptography are cousins in the spy craft family. However, cryptographic and steganographic techniques differ from each other. In cryptography, the original message is scrambled (i.e. its original structure is changed in order to make it meaningless). Thus, when an attacker discovers the message it is still difficult for him to get the original message back. Cryptography does not try to hide the message. In steganography, the message is secretly hidden inside a digital file, so there arises no suspicion to the attacker. Steganography does not attempt to scramble the original message but the intent is the same as in cryptography; to protect the original message. Steganography is sometimes combined with cryptography for added protection.

There is something really important about steganography: There must not be any easily perceived change in the file that is hiding the message.

Basic Steganographic Model

A basic steganographic model is shown in Figure 1. First we need to understand the three blocks in the left of the image:

  • Cover File, 'X': This is the file that we will use for hiding the information.
  • Message, 'M': This is the secret information that we want to hide into 'X'.
  • Stego-Key, 'K': Some steganographic methods need to use specific keys, or data, for hiding and recovering 'M' from 'X'.

Once we have this information, we can apply the steganographic method, 'f(X,M,K)'. The output after applying the method is called "Stego-File", denoted with 'Z'.

For recovering the message, we will apply the inverse process using the same Stego-Key used for hiding the message. It is important to mention that the Cover File is not important after obtaining the secret message, so it does not matter if we cannot recover the data we modified for embedding the Message.

Figure 1. Basic Steganographic Model

LSB Method

The Least Significant Bit (LSB) method is a really common and famous steganographic method in which the secret information is hidden in the least significant bits of the image.

There are 2 different LSB steganographic methods: LSB Replacement and LSB Matching.

In LSB Replacement, all we need to do is to change the least significant bit with one bit of the secret message which we want to hide. It is really easy to detect if this method has been used because the algorithm complexity is almost null. In LSB Matching, we will also modify the LSB with one of the bits of the secret message but it uses some probabilistic and statistic operations for spreading the hidden information across the entire the cover file without modifying all the bits that contain part of the secret message.

Characteristics of Steganographic Techniques

In steganography, the message to be hidden inside the cover–media must consider the following features.

  • Hiding Capacity: This feature deals with the size of information that can be hidden inside the cover file. A larger hiding capacity allows use of a small cover and thus reduces the band-width required to transmit the stego–media. For example, if we have an RGB image with a size of 200 x 200 pixels, that means that we have 120,000 color values to be used as cover values for the secret message (200:width x 200:height x 3:R,G,B), then if we use only one bit per color channel for hiding the message we have a hiding capacity of 120,000 bits or 15,000 bytes, if we use 2 bits per color channel for hiding the message we have 30,000 bytes, but if we use only one color channel and one bit per pixel, the hiding capacity will be 40000 bits or 5000 bytes.
  • Perceptual Transparency: Perceptual transparency is an important feature of steganography. Each cover-media has certain information hiding capacity. If more information or data is hidden inside the cover, then it results in degradation of the cover–media. As a result, the stego–media and cover–media will appear to be different. If the attacker notices this distortion, then our steganographic technique fails and there is the possibility that our original message can be extracted or damaged by the attacker. Figure 2 illustrates the Perceptual Transparency concept, it is almost impossible to detect any difference between Figure 1.a and Figure 1.b only by watching them.


Figure 2. a) Image without any modification. B) Image after using steganography

  • Robustness: Robustness is the ability of the hidden message to remain undamaged even if the stego–media undergoes transformation, sharpening, linear and non-linear filtering, scaling and blurring, cropping and various other techniques.
  • Tamper–resistance: Of all the features, this feature is very important. This is because, if the attacker is successful in destroying the steganographic technique then the tamper–resistance property makes it difficult for the attacker or pirates to alter or damage the original data.

In the end, any application of strong steganography must ensure that the above features are satisfied, in other words they must ensure better perceptual transparency, robustness and tamper–resistance so that the integrity of the original work is maintained.

I hope that after this small introduction of steganography you can understand a little more about this field. If you have any question about this topic please post a comment below.

Latest SpiderLabs Blogs

2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies

Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as...

Read More

How to Create the Asset Inventory You Probably Don't Have

This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More

Guardians of the Gateway: Identity and Access Management Best Practices

This is Part 10 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More