steganographytutorial

March 23, 2018 | Author: Sanjeev Kumar Sinha | Category: Cryptography, Cryptanalysis, Online Safety & Privacy, Cyberwarfare, Secure Communication
Share
Report this link


Comments



Description

THE LOST SYMBOL1. Srijan’10 This is the primary tutorial on Steganography ….you may find it helpful for the “The Lost Symbol” event of Srijan’10…hope it serves bit of your purpose….SEE YOU @ SRIJAN’10. ©Srijan’10 Visit us @ www.srijanju.com Introduction 1.1 Digital Image A 1.2 digital image is an image f(x,y) that has been discretized both in spatial coordinates and in brightness. We may consider a digital image as a matrix whose row and column indices identify a point in the image and the corresponding matrix element value identifies the gray level at that point. The elements of such a digital array are called image elements, picture elements, pixels or pels. Steganography Steganography comes from the Greek word “Steganos” meaning “covered or secret”, basically hidden writing. Steganography is the art of hidden information in a cover media. The media may be still image, video, audio, text file etc. and the hidden message may be text, still image, audio, video etc. (Image, Video, Audio, Text, Fax) (Image, Text,) (Pseudo Random no. generator, Hash function) Cover(X) Steganography Encoder F (X, M, K) Stego Media Message (M) Stego Key (K) Fig 1.2.1 Block Diagram of Steganography Encoder ©Srijan’10 Page 2 It is a non-cryptographic technique for hiding data in the natural noise component of some other signal. It simply takes one piece of information and hides it within another. Steganography dates back to ancient Greece, where common practices consisted of etching messages in wooden tablets and covering them with wax, and tattooing a shaved messenger's head, letting his hair grow back, and then shaving it again when he arrived at his contact point. While encryption is detectable and a target for questions by Government as well as hackers, Steganography takes it one step further and hides the message within an encrypted message or other mediums; such as images, making it virtually impossible to detect. It is a method related to the art of hiding a secret message within a larger one in such a way that the unwanted person cannot make out the presence or contents of the hidden message being sent. It can be hidden in a picture, sound or a video file. Steganography uses computer files (images, sounds recordings, even disks), which contain unused or insignificant areas of data. Invisible inks, microdots, character arrangement, digital signatures, covert channels, and spread spectrum communications also use steganography. Steganography takes advantage of these areas, replacing them with information (encrypted mail, for instance). The least significant bits (LSBs) of most digitized signals; music or images for instance; are randomly distributed. Most communication channels like telephone lines and radio broadcasts transmit signals, which are always followed by some kind of, noise. This noise can be replaced by a secret signal that has been changed into a form that is not detectable from noise without knowledge of a secret key and this way, the secret signal can be transmitted undetectable. 1.3 Basic Terminologies Steganography is art of hiding information (message) within information (cover) in an innocuous way – the very existence of hidden message remains concealed. Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. ©Srijan’10 Page 3 Steganography is considered broken even when the mere presence of the secret message is detected.Digital Watermarking is a technique to emboss copyright information. practical steganographic schemes must have usable steganographic capacity. just as cryptology refers to both cryptography and cryptanalysis. extracting the tampered bits and reconstructing the hidden message. steganographic capacity is therefore much less than the embedding capacity. Steganographic Capacity refer to the maximum number of bits that can be hidden in a given cover work. ©Srijan’10 Page 4 . information security services. more generally. of the owner for authentication. Embedding Capacity refer to the maximum number of bits that can be hidden in a given cover work. Indeed. the fact that we know that certain parties are communicating secretly is often a very important piece of information. Indeed. The primary goal of Steganalysis is to detect when a covert communication is occurring. Steganalysis is concerned with developing methods for detecting the presence of secret messages and eventually extracting them. such that the probability of detection by an adversary is negligible. the image that contains some hidden data is known as steganographic image Steganology refer to both steganography and Steganalysis. The term Steganology is not commonly used but is more precise than using steganography. one probably cannot develop a good steganographic method without spending a substantial amount of time on how to break it. to digital media. . Steganalysis is the practice of defeating the goal of steganography by detecting. Therefore primary goal of new Steganographic algorithms are – develop undetectable methods with high steganographic capacity. Steganographic Image. Detection by Steganalysis can be avoided simply by decreasing the amount of information embedded (payload) in a cover work. Steganography is an inseparable part of steganography. However. Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques and. Hence. ©Srijan’10 Page 5 . M.y) = 1 For x <> y.4 Different types of Steganography In the literature there are three types of steganographic protocols: Pure steganography Secret key steganography Public key steganography 1. y Є C sim(x. A function sim: C2 (-1 .∀ m Є M and ∀ c Є C is called pure steganographic system. ∀ m Є M and ∀ c Є C.1 Pure steganography A steganographic system which does not require the prior exchange of some secret information (like stego-key) is called pure steganography. The embedding process is defined in a way that a cover and the corresponding stego object are perceptually similar. with the property that C the D (E(c.E(c. Definition (Pure Steganography): The quadruple S=<C. Definition (Similarity Function): Let C be a nonempty set. 1] is called similarity function on C for x.y) < 1 x=y So. the most practical steganographic systems try to fulfill the condition sim(c.m)) 1. E: C X M embedding function and D: C M. where C is the set of possible covers. perceptual similarity can be defined via a similarity function. the extraction function. sim(x. D. m)) = m. Formally. E>. the set of secret messages M with |M| = <|C|.1.4. If the embedding process does not change the “feature. If the key used in embedding process is known to the receiver.2 Secret key steganography Pure Steganography is not very secure in practice as no information (apart from E and D as mentioned in section 1. K. one could take all most significant of the cover’s color values as a “feature. he can reverse the process and extract the secret message. where C is the set of possible covers.” the receiver is able to recalculate the key. the stego-key. Dk. A secret key steganography system is a system where the sender chooses a cover c and embeds the secret message into c using a secret key k. In that type of steganography also.k ) = m ∀ m belongs to M.4. Ek: C X M X K C and Dk: C X K |C| >= |M|. K the M with the property that Dk ( Ek( c . However. Without any knowledge of that stego-key. the security of process depends entirely on its secrecy. So we assume that all communication parties are able to trade the secret keys through a secure channel. m . Ek >. k ) . If the cover is a digital image. nobody should able to extract secret information out of the cover.1) is required to start the process. M.” ©Srijan’10 Page 6 .4. Secret key steganography requires the exchange of some key. The security of the secrecy should rely on some secret information. by using some characteristic features of the cover and a secure hash function H is possible to calculate a key used for secret communication directly out of the cover: k = H (feature). the set of secret messages with set of secret keys. Obviously such a feature has to be highly “cover dependent” to reach an adequate level of security. ∀ c Є C and ∀ k ЄK is called the secret key steganographic method. although the transmissions of additional secret information subvert the original intension of invisible communication. Definition (Secret key steganography): The quadruple S=<C.1. the cover c and the stego-object can be perceptually similar. whether or not it already contains a secret message. In the latter case. a secure steganography system can be build by embedding the cipher text rather than unencrypted secret messages. Whereas the public key is used in embedding process. In the public key steganography. the secret key is used to reconstruct the secret message.1. One way to build a public key steganography system is the use of a public key cryptosystem. ©Srijan’10 Page 7 . we will call it “natural randomness” of the cover. one private and another public key. Figure. Data hiding typical scenario. a random element of M will be the result.3 Public key steganography Public key steganographic system require the steganography system require the use of two keys.4. the decoding function D in the steganography system can be applied to any cover c. the public key stored in public database. If one assumes that this natural randomness is statistically indistinguishable from cipher text produced by some public key cryptosystem. We want to follow the second approach and group steganographic methods in six categories.g. ©Srijan’10 Page 8 . steganographic algorithms are based on replacing a noise component of a digital object with a pseudorandom secret message. Statistical methods encode information by changing several statistical properties of a cover and use hypothesis testing in the extraction process. A classification according to the cover modifications applied in the embedding process is another possibility. Transform domain techniques embed secret information in a transform space of the signal (e..1. Spread spectrum techniques adopt ideas from spread spectrum communication. One could categorize them according to the types of covers used for secret communication. There are several approaches in classifying steganographic systems.5 Different procedures used for steganography. Cover generation methods encode information in the way a cover for secret communication is created. although in some cases an exact classification is not possible: Substitution systems substitutes redundant parts of a cover with a secret message. Distortion techniques store information by signal distortion and measure the deviation from the original cover in the decoding step. in the frequency domain). In general. Detection of the presence of hidden message Extraction of hidden message Reconstruction of the hidden message (if possible) Hidden Message & Password (If present) Level ‘0’ DFD ©Srijan’10 Page 9 .2. Data Flow Diagram (DFD) Input BMP Image or TEXT file Cracking the input Image/Text file. 1 BMP/Text cracking process.2 Detection process Data file 1. Data file 1.3 Extraction process Output Level ‘1’ DFD ©Srijan’10 Page 10 .Input BMP Image/ Text file 1. 3 Message length detection process Message Length Data file 1.Input Data file 1.3.2 Password breaking process Password Data file 1.3.1 Password position finding process.4 Message Extraction process Message Output Level ‘2’ DFD ©Srijan’10 Page 11 .3. Password location 1.3. In known cover attack. A chosen-stego attack is when access to the message extraction tool is available so the attacker does not have to deduce the decoding algorithm. chosen message and stego-only. chosen stego. where the steganalyst has the access to the steganography encoding tool itself and can embed and analyze messages of his/her choice. Understanding the means by which attackers can defeat steganographic systems is necessary for the design and development of superior. known message. for a secret communication application the mere detection and proof that some kind of data is hidden within the stego-image is successful attack Levels of Attack There are five levels of attack of steganography: known cover. So the known cover attack is not very practical attack. both the original cover and the corresponding stego-image are available. or modification (or even destruction) of embedded data. Steganalysis − Different Levels & Stages of Attack S teganalysis is the practice of attacking steganographic methods by detection. ©Srijan’10 Page 12 . more robust systems. In a stego-only attack. In a known cover attack. only the stego-image is available for Steganalysis. The known message attack is when the steganalyst knows the secret message embedded in a stego-image. The meaning of a successful attack is dependent on the application. the cover image is required which is almost impossible.3. The most powerful attack is the chosen message attack. extraction. stego message and key all are absent. Stages of Attack The stego object is attacked in three stages: Detection: The first stage is to detect whether a message is hidden within the object or not. the hidden message is reconstructed. Extraction of message bit stream: After the confirmation of message hiding. cover image. the message bit stream is easy to extract.The stego-only attack is the most common and difficult to detect. Analysis of image statistics reveals the existence of hidden message. ©Srijan’10 Page 13 . Reconstruction of Hidden Message: Reconstruction of hidden message from the extracted bit stream is not a very easy job to perform. Here. Details of decryption will be discussed in the next chapter of Cryptanalysis. Decrypting the message bit stream. This may require the knowledge of stego key. some encryption algorithm like DES. the steg-analyst aims to identify the positions where the message is hidden. In most of the cases. IDEA etc. encrypts the message. Once the message positions are identified. The cipher text ‘c’ is transmitted to other. The other person turns the cipher text back into the plain text by decryption. One objective of cryptography is to provide methods for preventing such Cryptanalysis is the science of studying attacks against cryptographic schemes. ©Srijan’10 Page 14 . Service used to keep the content of information from all but those authorized to have it. he needs some secret information. C attacks. The message could be intercepted and read by an eavesdropper. The message to be transmitted – can be some text. To decrypt. A general review of Cryptography and Cryptanalysis. ryptography is the science of keeping secrets secret. numerical data. Successful attacks may. One encrypts the plain text m and obtains the cipher text ‘c’. Encryption and Secrecy The fundamental and classical task of cryptography is to provide confidentiality by encryption methods. substitute parts of the original message. The Objective of Cryptography Providing confidentiality is not the only objective of cryptography.is called the plain text. Cryptography is also used to provide solutions for other problems: 1. He uses an insecure communicational channel like computer network or a telephone line. Cryptography and cryptanalysis are often subsumed by the more general term cryptology.4. recover the plain text (or parts of the plain text) from the cipher text. There is a problem if the message contains confidential information. or forge digital signatures. Confidentiality. Assume a sender want to send a message ‘m’ to a receiver. an executable program or any other kind of information . a secret decryption key. When initiating a communication between two. A fundamental assumption in cryptanalysis was first stated by A. It states that the adversary knows all the details of the cryptosystem. message. Non-repudiation. 3. ©Srijan’10 Page 15 . Eavesdropper has the ability to obtain cipher texts. An encryption method that cannot resist a cipher text .2. one must assume that he can get access to encrypted messages. No one should be able to send a message to other and pretend to be another (data origin authentication). both should b able to identify each other (entity authentication). They are usually classified as follows: 1.only attack is completely insecure. Data Integrity. the security of a cryptosystem must be entirely based on the secret keys. 4. The possible attacks depend on the actual resources of the adversary eavesdropper. The receiver of a message should be able to verify its origin. Even if eavesdropper cannot perform the more sophisticated attacks described below. It is usually referred to as Kerkoff’s principle.only attack. The sender should not be able to later deny that he sent a Attacks The primary goal of cryptography is to keep the plain text secret from eavesdroppers trying to get some information about the plain text. Authentication. or for part of it. Cipher text . According to the principle. either accidentally or deliberately. No one should be able to substitute a false message for the original message. including algorithms and their implementations. This is likely to be the case in any encryption situation. The receiver of a message should be able to check whether the message was modified during transmission.Kerkoff in the nineteenth century. These two attacks are similar to the above plain text attacks. This means that she only needs access to the encrypting device once. Chosen – plain text attack. he sends some interesting information to his intended victim. Chosen – and adaptively – chosen – cipher text attack. While again this may seem unlikely.2. 5. Using the information from these pairs. Messages may be sent in standard formats which the eavesdropper knows. it might appear that such information would not ordinarily be available to an attacker. Then he attempts to decrypt a cipher text for which he does not have a plain text. which he is confident that the other will encrypt and send out. ©Srijan’10 Page 16 . This means that he has either lengthy access to the encrypting device or can some-how make repeated use of it. At first glance. He may switch between gathering pairs and performing the analysis as often as he likes. The eavesdropper can choose cipher texts and get the corresponding plaintexts. without any further interaction. 3. there are many cases in which the eavesdropper can do just this. He has the access to the decryption device. and subsequently get some more pairs. This type of attack assumes that the eavesdropper must first obtain whatever plain text – cipher text pairs he wants and do his analysis. This is the same as the previous attack. 4. Eavesdropper has the ability to obtain plain text – cipher text pairs. he attempts to decrypt a cipher text for which he does not have the plain text. However. For example. it very often is available. Adaptively – chosen – plain text attack. Known – plain text attack. except now the eavesdropper may do some analysis on the plain text – cipher text pairs. Eavesdropper has the ability to obtain cipher texts for plain texts of his choosing. EXE files. as a header at the beginning of the file. since hide & seek will silently pull out garbage if given a wrong password. but does not mention which type.0 The latest version of Hide and Seek has been totally redesigned.COM and . It uses encryption as well. Hide and Seek v5. and if you do there is no way to know when you have cracked hide & seeks password. but now includes a user interface (no more command line operations) to hide info in GIF files. Pretty Good Envelope v1. You can hide encrypted data.0 Pretty Good Envelope (PGE) is a DOS based program that hides a message in the file by the very simple method of appending the message to the file. including . your file length. JP Hide and Seek JPHS is a DOS-based command-line stego program that hides data in the JPG image format.5. This information is later used to get the data out. Win95 and Linux version are also available. though. It is still a DOS based program. and then appending a 4 byte little endian number which points to the start of the message. ©Srijan’10 Page 17 . and your version number. Description of Commercial stego tools. Its small size is a major bonus as it easily fits on a disk. Hide & seek uses the blowfish algorithm to encrypt your random number seed. A companion program UNPGE retrieves the message. PGE can be used with graphic files (GIF and JPG) or any other binary files. The data itself is NOT encrypted. Steghide Steghide. 128 bit MD5 hashing of pass phrases to blowfish keys and pseudo-random distribution of hidden bits in the container data. The picture remains visibly intact. and OS/2 that hides data within BMP. Hide4PGP v2. The camouflaged file then looks and behaves like a normal file.0 has several new features.0 Gifshuffle is a command-line-only program for windows. which conceals messages in GIF images by shuffling the color map. wav and au files. including a new stego format. and can be stored or emailed without attracting attention. Password protection included. which is much more robust against format conversions . only the order of color within the palette is changed. Gifshuffle v2.only non . blowfish encryption.lossless compression formats will loose the hidden data. by Stefan Hetzl. is a command-line application that features hiding data in bmp. Works for pretty much any file type. including those with transparency and animation. Steghide is written in ANSI C so the source code should compile on many systems.0 by Heinz Repp is a command-line steganographic program for Windows. but also works well as a stand-alone program. and VOC files. WAV. ©Srijan’10 Page 18 . It is designed to use with both PGP and Stealth. and in addition provides compression and encryption of the concealed message.0 Hide4PGP v2. It works with all GIF images. DOS. The source is also included and should compile on any platform without major problems. Version 2.Camouflage Camouflage is an interesting Windows-based program that allows you to hide files by scrambling them and then attaching them to the end of the file of your choice. Image Hide Windows-based program which hide files in a number of different formats without increasing file size. and WAV files. with 21 ‘#’ as garbage followed by ‘0A’. The data is embedded in the image by LSB insertion serially. and PCX files. Includes encryption and has nice user interface. S-Tools S-Tools v4 is an excellent Win 95/NT based steganography tool that hides files in BMP. if needed. file name. ©Srijan’10 Page 19 . GIF.0 SecurEngine is nice little program that hides data in JPG files. In The Picture In The Picture is a Win95-based stego program that hides data in BMP images. The Third Eye Hides files in BMP. It offers multiple unique keys so you can encrypt data intended for multiple recipients into the same file.SecurEngine 2. It has a drag and drop interface and can generate a random fractal image to use as a vessel image. GIF. followed by message length. It hides the message in the file by the very simple method of appending the message to the file. It encrypts the data with DES cryptosystem with the help of the password and distributes it in the image file by LSB insertion. Strong encryption and file wiping is included. and message after the ‘FF D9’ EOF marker of JPEG. 0 Gif-It-Up is a Win95-based stego program that hides data in GIF files.Gif-It-Up v1. It does not appear to have any additional encryption features. It has a professional-looking interface and includes a slick installation program. the resulting output file will be in the JPG format. you will need to save that file in the TGA (targa) format. JSteg JSteg. TIFF. only the order of color within the palette is changed. Prior to hiding data in a JPG file. GIF.1 based program with a nice interface that hides messages in GIF images by shuffling the color map. by Derek Upham. PNG or PCX file. hides data within the popular JPG format. with all of the compression advantages that JPG entails. After the data is embedded into the image. ©Srijan’10 Page 20 . of course) any data file inside a perfectly normal BMP. Stash-It v1. SGPO SGPO (Stegano Gif Palette Order) is a Java v1. The picture remains visibly intact.1 Stash is a simple Win95/98/NT-based stego program that will allow you to hide (and extract. The tampering is done serially in the LSB of the quantized DCT. Detecting an embedded message also defeats the primary goal of steganography. Our goal is not to advocate the removal of disabling of valid copyright information from stego images. where electronic media are used as such carriers.6. may be visible to the human eye and point to signatures of the steganographic methods and tools used. which may introduce some form of degradation. teganography encompasses methods of transmitting secret messages through innocuous cover carriers in such a manner that the very existence of the embedded messages is undetectable. If applied to images that degradation. that of concealing the very existence of a hidden message. at times.Software Package to detect Steganographic images. Any image can be manipulated with the intent of destroying some hidden information whether an embedded message exists or not. requires alteration of the media properties. An overview of current steganography software and methods applied to digital images is examined Hiding information. Creative methods have been devised in the hiding process to reduce the visible detection of the embedded messages. ©Srijan’10 Page 21 . but to point out the vulnerabilities of such approaches. S below. Two aspects of attacks on steganography are detection and destruction of the embedded message. which is hiding the existence of a message. thus defeating the purpose of steganography. as they are not as robust as is claimed. These signatures may actually broadcast the existence of the embedded message. luminance. in one bit shifts. stegokey is used. any manipulation to the image introduces some amount of distortion and degradation of some aspect in the “original” image’s properties. ©Srijan’10 Page 22 .6. Only after evaluating many original images and stego-images as to color composition. and pixel relationship do anomalies point to characteristics that are not “normal” in other images. The tools vary in their approaches for hiding information. fractals and clipart may shift greatly in the color values of adjacent pixels. the concept of defining a “normal” or average image was deemed desirable. Gray-scale image color indexes do shift in 1-bit increments. normally two of the RGB values are the same with the third generally being a much stronger saturation of color. having occurrences of single pixels outstanding may point to the existence of hidden information. Some images such as hand drawings. Applying a similar approach to monochromatic images other than gray-scale. Several patterns became visible when evaluating many images used for applying steganography. In any case. To begin evaluating images for additional. The changes between color values may change gradually but rarely. and graphics. if ever.1 Detecting Hidden Information: Steganography tools typically hide relatively large blocks of information serially or redundantly throughout the entire image. However. some of the tools produce stego-images with characteristics that act as signatures for the steganography method or tool used. Without knowing which tool is used and which. However. Defining a normal image is somewhat difficult when considering the possibilities of digital photographs. hidden information. these methods insert information and manipulate the images in ways as to remain invisible to the human eye. In images that have color palettes or indexes. if any. However. The chosen message and known cover attacks were quite useful in detecting these patterns. drawings. paintings. colors are typically ordered from the most used colors to the least used colors to reduce table lookup time. detecting the hidden information may become quite complex. but all the RGB values are the same. A possible solution is to convert the image back to an 8-bit image after the information is hidden in the LSBs.Added content to some images may be recognizable as exaggerated noise. sorting the palette may not be sufficient to keep from broadcasting the existence of an embedded message. width. the first 54 bytes contain the image header (height. Grayscale images are special occurrences of 8-bit images and are very good covers because the shades gradually change from color entry to color entry in the palette. ©Srijan’10 Page 23 . The image data starts next. and the second one goes just to its right. Converting an 8-bit image to 24-bit provides direct access to the color values for manipulation and any alteration will be larger in size and may be unsuitable for electronic transmission. changes to the LSBs in the raster data may show dramatic changes in the stego-image. Using 8-bit BMP images without manipulating the palette will. Detecting in BMP images : Using images. Other bit-wise tools and a transform tool take it a step farther and create new palettes. If the adjacent palette colors are very similar. then the noise due to the manipulation of the LSBs is obvious. with vastly contrasting adjacent palette entries. Some of the bit-wise tools attempt to reduce this affect by ordering the palette. Without altering the 8-bit palette. in many cases. This is a common characteristic for many bit-wise tools as applied to 8-bit BMP and GIF images. The first pixel value in the file goes in the lower left hand corner. to foil steganography software so that small shifts to the LSBs of the raster data will cause radical color changes in the image that advertise the existence of a hidden message. until all the pixels have been specified. cause color shifts as the raster pointers are changed from one palette entry to another. bottom to top. In case of 8-bit BMP the next 1024 bytes (256 entries * 4 bytes = 1024) contain the color palette. if adjacent palette entries are dissimilar. The image is scanned from left to right. there may be little or no noticeable change. etc). Whereas. In a BMP image. this method may still hide the fact that a message exists. indicating the color value from the palette table by 8bit only. in case of 24-bit BMP the image data starts after the header with each pixel represented by 24-bit RGB value. Even if the colors in the image palette change radically. However. For this reason that many authors of steganography software and some articles stress the use of gray-scale images (those with 256 shades of gray). Even with a few numbers of distinct colors. These 32 colors are “expanded” up to eight palette entries by adding adjacent colors in the palette that are very close to the original color. consideration of the number of unique colors used by the image must be considered. This method produces a stego-image that is so close to the original cover image that virtually no visual differences are detected. Figure 1: Original BMP image and its palette. However. ©Srijan’10 Page 24 . This novel approach applies techniques and reduces the number of colors to no less than 32 unique colors. if an image contains 200 unique colors and steganography is applied then the number of unique colors could easily jump to 300(assuming that LSB steganography alters on average 50% of the bits and the new colors are added. this approach also creates a unique pattern.Since 8-bit images are limited to 256 unique color entries in the image palette. There is a high probability that some of the new colors created when modifying the LSBs will be lost. One method around this is to decrease the number of colors to a value that will maintain good image quality and ensure that the number of colors will not increase beyond 256. For example.) Reducing the image to 8-bit again will force the image into 256 colors. So instead of using 24 bits for each pixel. much like lines of characters on a page. there are over 2^24. It can be any 256 out of the 16 million. organized horizontally and vertically in lines. the first pixel in the file goes in the upper left hand corner. In a GIF image. or the file size (and Internet transport time) gets too large. or about 16 million possible colors. until all the pixels have been specified. Each pixel has a color. The first kind of compression that GIF uses is called a color map. But no more than 256 distinct colors can be used simultaneously in any one image. GIF compresses the data. (A 24-bit display of a modern computer can display all 16 million colors simultaneously. it would take 131 seconds. a color is specified using Red. to download the image. more than two minutes. ©Srijan’10 Page 25 . With 8 bits for each component. so there is no loss of richness of possible colors. and Blue components. The GIF must represent a rather large number of pixels efficiently.Detecting in TEXT file : fffffffffffffffffffffffffffffffffffffffffffff Detecting in GIF images Pictures in a computer are divided into pixels (picture elements). The colors are stored in a color map table. interlaced or animated. and the second one goes just to its right. At a modem speed of 56 kilobits per second. Green. Instead of allowing the image to contain all 16 million colors. A naive representation of the image would simply store three bytes for each pixel. a file only contains an 8-bit index. But then a 640x480 pixel image (which is a modest size) would be around a megabyte of data. GIF restricts the image to a maximum of. and the color for each pixel is specified as an index into the table.) A GIF image can be non-interlaced. say. reducing the number of bits to represent the image. In GIF images. top to bottom. 256 out of the 16 million (the number of colors in the color map can be varied). so multiple GIF images with different color map tables can be simultaneously displayed with good color fidelity. The image is scanned from left to right. It is possible to extract out the palettes from the image and find distinguishing features from it that indicates that the image is tampered. The second kind of compression that GIF includes is called run-length coding. instead of storing them individually. the above scheme reduces the amount of data by a factor of three. they are stored as a run length followed by the color. Blue". For example. Figure 2: Original GIF image and its palette ©Srijan’10 Page 26 . This makes use of the fact that neighboring pixels are often the same color in a typical image.With color map table of 256 entries. a sequence of three Blue pixels could be stored as "Blue Blue Blue" or "3. Further more different tools have different signatures. But GIF does better than this. Different steganography tools have different methods of tampering. When several pixels have the same color. Some of them keep a definite signature in the GIF image. GIF uses a sophisticated variation of run-length coding known as Lempel-Ziv-Welch coding. The specifics of how this is done are a little complex. 5). the derived known signatures are enough to imply the existence of a message and identify the tool used to embed the message.0). with the help of the Steganography tool under consideration. patterns begin emerge as possible signatures to steganography software. Mechanism of Signature Detection: Known cover attack and known message attack. A fixed text message of fixed length say msg.6. An approach used to identify such patterns is to compare the original cover-images with the stego-images and note visible differences (known cover attack).1) and WbStego99 (V3. This message has been embedded in both the (known) covers. in some cases recurring. these two levels of attack of steganography have been used in order to analyze the steganography tools under consideration viz. These subtle distortions may go unnoticed without the benefit of such a comparison. So in tabular form we have- ©Srijan’10 Page 27 . PGE (V2. predictable patterns are not readily apparent even if distortion between the cover and stego-images is noticeable. say BLACK.bmp and WHITE. In making these comparison with numerous images. Some of these signatures may be exploited automatically to identify the existence of hidden messages and even the tools used in embedding the messages. to get the tampered / steganographic images as output. Distortion or patterns visible to the human eye are the easiest to detect.2 Looking for Signature: One method for detecting the existence of hidden messages in stego-images is to look for obvious and repetitive patterns that may point to the identification or signature of a steganography tool or hidden message. WbStego (V2. if the cover images are not available for comparison. However. two images (synthetic) of same dimensions. To perform Steganalysis.bmp were taken as covers (known).txt has been considered as the payload (known message). Minute changes are readily noticeable when comparing the cover and stegoimages. With this knowledge base. BLACK_msg.bmp msg. be the bit pattern of a certain position in the original image BLACK.bmp And ….01011000000000000000000….bmp In Set theory notations. being same and the covers being known and of same dimension it is expected that the same bit pattern (of the message/payload) will be embedded in the same positions of the original images. ….bmp WHITE_msg.bmp which has been changed to the bit pattern ….bmp) as the set A= {3. Thus. for the tool under consideration. WHITE. 6} and for the pair (WHITE. The individual pairs of original and the corresponding tampered images are studied (in hex editors.r.t (BLACK..bmp.t the BLACK.bmp BLACK_msg. let 10110 be the binary code of the (fixed) payload to be embedded in the given two images BLACK.bmp.r.bmp which has been changed to the bit pattern …. Now the positions where the bit patterns underwent changes considering both the pairs (union) will give the possible positions where the payload has been embedded. BLACK. For example. considering tampered positions for the pair (BLACK. the bit pattern underwent changes at the positions {3.00000000000000000000000….e.bmp.bmp) respectively i. BLACK_msg.bmp) in the original image WHITE. be the bit pattern of the same region (w. ….txt BLACK_msg.11011011111111111111111….bmp) and (WHITE. w.bmp) ©Srijan’10 Page 28 .01011000000000000000000….6} and {2.00000000000000000000000…. Let …. WHITE_msg. Let ….bmp The primary objective behind this is as followsThe payload.t the alterations in the bit patterns due to message embedding).r. ….bmp.bmp and WHITE.11011011111111111111111….4.bmp WHITE. in the tampered image BLACK_msg.bmp.bmp. in the tampered image WHITE_msg.11111111111111111111111….Known covers Known message Tampered/Steganographic Images BLACK. WHITE_msg.bmp.bmp WHITE_msg. giving the signature. Now considering the position of the 1st bit of the given bit patterns in the original images as 1st position ..txt msg.5} w.11111111111111111111111…. e. 4. 5} . it has the tendency to fill up the remaining of the color palette with zeros. ©Srijan’10 Page 29 . If the image has got 256 color values then it becomes difficult to distinguish the stego-image with that of the original as there is no difference in the two palette entries. 4. C=AUB. 4. 3. 5. 6} i. The Third Eye : Third Eye creates stego-images with a special characteristic in the palette. It so happens that when the color palette entry in a normal GIF image is less than 256. 6} i. 3. C= {2. 5. Example of palette signature in GIF images. 1.as the set B= {2. Thus the region for signature detection for the considered tool is given by the set C whose elements are the positions {2.e. This is a unique signature for this particular steganography tool. ©Srijan’10 Page 30 . Investigation has been done for more than 200 color images. Stegano GIF Palette Order (SGPO) : Stegano GIF Palette Order is a steganography tool that changes the palette of a GIF image and orders them serially according to the red values or the blue values for the same red value. which shows that red value or the blue value of the tampered image increases gradually to a threshold value.3. The hidden message in steganography may or may not be encrypted. then this goal is defeated. Just as a cryptanalyst applies cryptanalysis in an attempt to decipher encrypted messages. The goal in this attack ©Srijan’10 Page 31 . The steganography tool and stego-object are known.e. Chosen message attack. the steganalyst is one who applies steganalysis in an attempt to detect the existence of hidden information. but decoding the hidden message. this may be very difficult and ma yeven be considered equivalent to the stego-only attack. Even with the message. A goal of steganography is to avoid drawing suspicion to the transmission of a hidden message. Known cover attack. If it is encrypted. The challenge with steganography is not only in detecting that something has been hidden. Some possible attack techniques used for steganalysis are given below. The steganalyst generates a stego-object from some steganography tool or algorithm from a chosen message. available. Analyzing the stego-object for patterns that corresponds to the hidden message may be beneficial for the future attacks against that system. • Known message attack. then if the message is extracted. The ‘original’ cover-object and stego-object are both message. non-cryptic) or cryptic form and serially or randomly embedded in the least significant bits or appended at the end of the image or by any other phenomenon. so it remains undetected. If suspicion is raised. The hidden message can be in a plain (i. Software Package to extract plain and encrypted message from steganographic images. Analysis on hidden information may take several forms: detecting. confusing and disabling hidden information. extracting.7. the attacker may know the hidden Only the stego-object is available for analysis. • • Chosen stego attack. • • Stego-only attack. Steg-analysis is the art of discovering and rendering such messages useless. At some point. cryptanalysis techniques may be applied to further understand the embedded message. 1 Extraction of serially embedded plain text : Envelope. being able to view the picture after inserting the data. • Known stego attack. and yet. ©Srijan’10 Page 32 . The steganography algorithm (tool) is known and both the original and stego-objects are available. Sometimes the approach is not to attack algorithm or images at all. This ‘brute force’ is successful against some tools.is to determine corresponding patterns in the stego-object that may point to the use of specific steganography tools or algorithms. Even given the best alternative for the attacker. 7. but still requires significant processing time to achieve favorable results. PGE inserts the data into a GIF or JPG file. but to attack the password used to encrypt or choose the bits to hide the message. Pretty Good Introduction : PGE is not an encryption program. PGE is just a special kind of envelope we use to send or receive our messages or data. Apparently. all that are done is transferring innocent pictures. A companion program UNPGE retrieves the message. the embedded message may still be difficult to extract. nor a safe tool to rely on privacy by itself. ©Srijan’10 Page 33 . So it is necessary to go to the directory where envelope file is located and run PGE. gives the hidden message. The next bytes are extracted till the 4 bytes from the end of the file.PGE and UNPGE procedure : PGE is a DOS based program. The binary code for nontampered and tampered image is shown below. The image is tampered with the message ‘kolkata’. and then appending a 4 byte little endian number. which points to the end of the message after the GIF image terminator “ 00 3B”. Method of Extraction : The image file is read till the last ’00 3B’ is obtained which indicates the end of GIF image. It is not very secure in hiding text since the text would be visible from an ordinary binary editor such as DEBUG or Hex-Editor. The ASCII values as obtained when printed in character format. which indicates the end of message. Exploration : It hides a message file in another file by the very simple method of appending the message to the file. For example. and can be stored or emailed without attracting attention. We can even camouflage files within camouflaged files. including the scrambled files attached. 'Camouflage' and 'Uncamouflage'. This can be any type of file. ©Srijan’10 Page 34 .2 Extraction of serially embedded encrypted text : Camouflage Introduction : Camouflage allows us to hide files by scrambling them and then attaching them to the file of our choice. avoid choosing a text file because Notepad would display the entire contents of it. In the second screen choose a file to be used as camouflage. Once you have selected a file. but some files work better than others. We can camouflage a file or several files at a time by highlighting them in Windows Explorer. then clicking the right mouse button and choosing 'Camouflage' from the pop-up menu. click 'Next'. This password will be required when extracting the files within. After installing Camouflage we will find two new menu options when right-clicking files in Windows Explorer. For example. Camouflaging and Uncamouflaging Procedure : Camouflage is a Windows based program. or we can hide a file inside a Word document that would not attract attention if discovered.7. we can create a picture file that looks and behaves exactly like any other picture file but contains hidden encrypted files. For additional security we can password our camouflaged file. Such files can later be safely extracted. Most other files work well. This camouflaged file then looks and behaves like a normal file. This password will be required when extracting files from our camouflaged file. Clicking 'Finish' will create the camouflaged file and then exit. A password prompt appears in the Uncamouflage dialog. From the final screen we can type in a password if we wish. ©Srijan’10 Page 35 . If we do not wish to add a password we just click 'Finish'. From the final screen. and the default filename is the name of the file you selected for use as camouflage in the previous screen. To extract the files hidden within a camouflaged file. or whether or not it contains a password. If this file was created with a password. Click 'Finish' to extract the files and exit. Note that Camouflage was designed so that it doesn't reveal camouflaged files to the casual observer. The second screen displays the files hidden within the camouflaged file. The first is the file originally used as camouflage and the second one is the hidden message file. the default folder will be the folder where you right-clicked on the camouflaged file in Windows Explorer. click 'Next'. type it in. For this reason the password screen is always displayed whether the file is a camouflaged file or not. choose the folder where the files are to be extracted. Once you have entered the correct password (if applicable). The default folder is the folder where you selected the files in Windows Explorer. right-click it in Windows Explorer and choose 'Uncamouflage' from the pop-up menu.From the third screen choose the folder and filename of the camouflaged file that will be created. If you're not extracting the first file in the list (the file originally used as camouflage). Click ‘Next’. XOR-ing the ASCII value of the first character by the first key. The hidden message is serially appended from the very next byte in a cryptic form. The encryption is done by using the binary operator ‘XOR’. second character by the second key and so on gives the encrypted ASCII value. which follows the same cryptic algorithm as that of the message.Exploration : Camouflage hides a message file in another cover file by the very simple method of appending the message at the file. The next 4 bytes give the message length. After the GIF image terminator (’00 3B’) is obtained. From the end of the image file we move back 275 bytes to locate the position of the start of the password. 26 bytes garbage is ignored. These values are serially appended as the hidden message in above-mentioned position. For each byte there is a definite key. The password continues up to 2 consecutive ’20 20’ mark. The end of the message is indicated by ‘FF FF FF FF’ mark. The password can be of 255 characters in maximum. ©Srijan’10 Page 36 . Otherwise the message can even be extracted in a similar fashion. The forth key is "00100010". The second key is "10010101". ‘E0(H)’ and ‘95(H)’ gives ‘75(H)’ which is the ASCII value of ‘u’. ‘1E(H)’ and ‘7A(H)’ gives ‘64(H)’ which is the ASCII value of ‘d’. The third key is "01111010". Thus the password is: ‘hudco’. ©Srijan’10 Page 37 . The first key is "00000010". ‘63(H)’ and ‘0C(H)’ gives ‘6F(H)’ which is the ASCII value of ‘o’. ‘41(H)’ and ‘22(H)’ gives ‘63(H)’ which is the ASCII value of ‘c’. We can uncamouflage the image using the password. The fifth key is "00001100". The message as shown in the figure is: ‘India is my motherland’.Methods of extraction : In the password section we have ‘6A E0 1E 41 63’. ‘6A(H)’ and ‘02(H)’ on XOR-ing gives ‘68(H)’ which is the ASCII value of ‘h’. which proves the robustness of the software. the software can detect that the image is tampered with 100% accuracy if stego tools like S-Tools and Hide4PGP tamper the image. the software can detect that the image is tampered with 100% accuracy if stego tools like S-Tools. Hide-and-Seek. Pretty Good Envelope and Camouflage tamper the image. There is around 10-15% false detection rate(FDR) in case of Third-eye and Gifshuffle. For GIF images. Image-Hide. Stegano-Gif-Palette-Order. Incase of GIF images. a. d. with 100% accuracy. the software can detect that the image is tampered with less than 100% accuracy if stego tools like Third-eye and Gifshuffle tamper the image. c. Stella. b.8. Incase of 8-bit BMP images. For GIF images the software can extract non-encrypted message in case the image is tampered with PGE. Following are the features. If the image is tampered with Camouflage. ©Srijan’10 Page 38 . Conclusion T he main feature of this software is the robustness.full. the software can decrypt and extract the encrypted password and message with 100% accuracy. there is Sniffer software named Pick Packet that sniffs files including images of different protocol like SMTP. First it generates a configuration file then it starts filtering and finally post processing. So we need Sniffer software that sniffs images of different format online at the ISP end.pkt file that includes all information of sniffed files of different protocol. ©Srijan’10 Page 39 . client urgently requires this.9. Scope of future Application A s far as deployment of this software is concerned. The crime of steganography frequently occurs with the help of internet. HTTP and TELNET. This software is one of the part of the security software. Among them first three is of our interest. This Sniffer software works mainly in three steps. The output of the post processor generates a . The best use of this software is to verify those images that are passed through the internet. FTP. In public domain. Law enforcement agencies require this type of software. The Police Academy. Documents Similar To steganographytutorialSkip carouselcarousel previouscarousel nextIJAIEM-2015-10-17-21.pdfcrytoHybrid Message-Embedded Cipher using Logistic MapSteganography_ProjectReport1622750349_CryptoCrypto 1564_Aqila_Assignment3Nsa History Comsec 1stegnogrphyfinal-120207103413-phpapp02COMBINING STEGANOGRAPHY AND CRYPTOGRAPH TECHNIQUES FOR DATA SECURITY (CASE STUDY IN PT XYZ)Cryptography and Network Security Ppt100923Steganography Presentation1033Steganography and Data HidingShivangi MatricesMainframe SecurityCallimahos CourseA350CT T311 Study Guide_finalIRJET-A Comprehensive Survey on Data Hiding Technique7.Crytography.mobile.computingkotuby u1d1 camNoyb Privacy in Social Networking ApplicationsPacket-Hiding Methods for Preventing SelectivePublic Key CryptographyDatabase Security Unit IV602921Pricing via ProcessingAnne Canteaut Prof. auth., Henk.pdfmaths2More From Sanjeev Kumar SinhaSkip carouselcarousel previouscarousel nextMysql Commands30-awtstaganographych1dc-12-raggodc-12-raggoBest Books About CryptanalysisSilence Means Securityby Barbara NicodemusCodes and Ciphers (Collins Gem)by CollinsCryptanalysis: A Study of Ciphers and Their Solutionby Helen F. GainesNSA Secrets Declassified: Revolutionary Secrets: Cryptology in the American Revolution and Brigadier John Tiltman: A Giant Among Cryptanalysts - Benedict Arnold, Alan Turing, British Codebreakingby Progressive ManagementColossus: Bletchley Park's Greatest Secretby Paul GannonThe Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internetby David KahnBest Books About CyberwarfareCEH (Certified Ethical Hacker) : 100% iLLEGALby Susanto SusantoCyber Crime and Cyber Terrorism Investigator's Handbookby Elsevier Books ReferenceHacking: 25 Incredibly Useful Beginners Hacking Tips on How to Hackby Steve BrownHacking For Dummiesby Kevin BeaverIndustrial Automation and Control System Security Principlesby Ronald L. KrutzBasic Wifi Hackingby Mad76eFooter MenuBack To TopAboutAbout ScribdPressOur blogJoin our team!Contact UsJoin todayInvite FriendsGiftsLegalTermsPrivacyCopyrightSupportHelp / FAQAccessibilityPurchase helpAdChoicesPublishersSocial MediaCopyright © 2018 Scribd Inc. .Browse Books.Site Directory.Site Language: English中文EspañolالعربيةPortuguês日本語DeutschFrançaisTurkceРусский языкTiếng việtJęzyk polskiBahasa indonesiaSign up to vote on this titleUsefulNot usefulYou're Reading a Free PreviewDownloadClose DialogAre you sure?This action might not be possible to undo. Are you sure you want to continue?CANCELOK
Copyright © 2024 DOKUMEN.SITE Inc.