Join Trustwave at the 2023 Gartner Security & Risk Management Summit in London, September 26-28. Learn More

Request a Demo

Join Trustwave at the 2023 Gartner Security & Risk Management Summit in London, September 26-28. Learn More

Request a Demo
Services
Capture
Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

twi-cloud-lock-color-svg
Managed Security Services

Expand your team’s capabilities and strengthen your security posture

twi-briefcase-color-svg
Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

twi-dashboard-color-svg
Penetration Testing

Subscription- or project-based testing, delivered by global experts

twi-database-color-svg
Database Security

Get ahead of database risk, protect data and exceed compliance requirements

twi-email-color-svg
Email Security & Management

Catch email threats others miss with layered security & maximum control

twi-managed-portal-color
Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
A focus on threat detection and response
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Researchers, ethical hackers and responders
Trustwave Fusion Platform
Unprecedented security visibility and control
SpiderLabs Fusion Center
Our cybersecurity command center
Security Operations Centers
Distributed worldwide defense nodes
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

Steganography... what is that?

Jesus Olguin Sep 19, 2016

Contents

And Then? Where is the Risk with Steganography?

An Easy Introduction to Steganography

Steganalysis, the Counterpart of Steganography

When people think about Information Security the first word that generally comes mind is "Hacking", but there are many disciplines in security and one of them is called "Steganography", an offshoot of encryption and "data hiding".

The word "steganography" can be divided in two parts: stegano + graphy. "Stegano" comes from the Greek word "steganos" meaning "covered" and "graphy" which comes from the Greek word "graphein" meaning "writing:". Thus, steganography literally means "covered writing".

Steganography is an ancient art of covering messages in a secret way such that only the sender and receiver know the presence of the message. This allows one party to communicate with another party without the third party being aware that communication is occurring. Usually, the data is concealed inside an innocuous cover so that even if a third party discovers the cover, there are no suspicions about the data hiding inside the cover. If the hidden data is detected by a third party the steganography technique fails.

Steganography and cryptography are cousins in the spy craft family. However, cryptographic and steganographic techniques differ from each other. In cryptography, the original message is scrambled (i.e. its original structure is changed in order to make it meaningless). Thus, when an attacker discovers the message it is still difficult for him to get the original message back. Cryptography does not try to hide the message. In steganography, the message is secretly hidden inside a digital file, so there arises no suspicion to the attacker. Steganography does not attempt to scramble the original message but the intent is the same as in cryptography; to protect the original message. Steganography is sometimes combined with cryptography for added protection.

There is something really important about steganography: There must not be any easily perceived change in the file that is hiding the message.

Basic Steganographic Model

A basic steganographic model is shown in Figure 1. First we need to understand the three blocks in the left of the image:

  • Cover File, 'X': This is the file that we will use for hiding the information.
  • Message, 'M': This is the secret information that we want to hide into 'X'.
  • Stego-Key, 'K': Some steganographic methods need to use specific keys, or data, for hiding and recovering 'M' from 'X'.

Once we have this information, we can apply the steganographic method, 'f(X,M,K)'. The output after applying the method is called "Stego-File", denoted with 'Z'.

For recovering the message, we will apply the inverse process using the same Stego-Key used for hiding the message. It is important to mention that the Cover File is not important after obtaining the secret message, so it does not matter if we cannot recover the data we modified for embedding the Message.

Figure1
Figure 1. Basic Steganographic Model

LSB Method

The Least Significant Bit (LSB) method is a really common and famous steganographic method in which the secret information is hidden in the least significant bits of the image.

There are 2 different LSB steganographic methods: LSB Replacement and LSB Matching.

In LSB Replacement, all we need to do is to change the least significant bit with one bit of the secret message which we want to hide. It is really easy to detect if this method has been used because the algorithm complexity is almost null. In LSB Matching, we will also modify the LSB with one of the bits of the secret message but it uses some probabilistic and statistic operations for spreading the hidden information across the entire the cover file without modifying all the bits that contain part of the secret message.

Characteristics of Steganographic Techniques

In steganography, the message to be hidden inside the cover–media must consider the following features.

  • Hiding Capacity: This feature deals with the size of information that can be hidden inside the cover file. A larger hiding capacity allows use of a small cover and thus reduces the band-width required to transmit the stego–media. For example, if we have an RGB image with a size of 200 x 200 pixels, that means that we have 120,000 color values to be used as cover values for the secret message (200:width x 200:height x 3:R,G,B), then if we use only one bit per color channel for hiding the message we have a hiding capacity of 120,000 bits or 15,000 bytes, if we use 2 bits per color channel for hiding the message we have 30,000 bytes, but if we use only one color channel and one bit per pixel, the hiding capacity will be 40000 bits or 5000 bytes.
  • Perceptual Transparency: Perceptual transparency is an important feature of steganography. Each cover-media has certain information hiding capacity. If more information or data is hidden inside the cover, then it results in degradation of the cover–media. As a result, the stego–media and cover–media will appear to be different. If the attacker notices this distortion, then our steganographic technique fails and there is the possibility that our original message can be extracted or damaged by the attacker. Figure 2 illustrates the Perceptual Transparency concept, it is almost impossible to detect any difference between Figure 1.a and Figure 1.b only by watching them.

Figure2

Figure 2. a) Image without any modification. B) Image after using steganography

  • Robustness: Robustness is the ability of the hidden message to remain undamaged even if the stego–media undergoes transformation, sharpening, linear and non-linear filtering, scaling and blurring, cropping and various other techniques.
  • Tamper–resistance: Of all the features, this feature is very important. This is because, if the attacker is successful in destroying the steganographic technique then the tamper–resistance property makes it difficult for the attacker or pirates to alter or damage the original data.

In the end, any application of strong steganography must ensure that the above features are satisfied, in other words they must ensure better perceptual transparency, robustness and tamper–resistance so that the integrity of the original work is maintained.

I hope that after this small introduction of steganography you can understand a little more about this field. If you have any question about this topic please post a comment below.

And Then? Where is the Risk with Steganography?

An Easy Introduction to Steganography

Steganalysis, the Counterpart of Steganography
Previous

Necurs – the Heavyweight Malware Spammer
Next

RIG's Facelift