Steganography and Relation to Crypto

As opposed to the definition of cryptography, steganography means covered writing (or originally in the Greek language, stegano, “GTeyaoo,” which translates literally as “watertight” and, as in the definition of cryptography, the “-graphy” from ypixcjiia—grafia or writing). Its history is as deep as is crypto. As a linguistic anomaly, the “watertight” translation is reminiscent of a usage of steganography in modern times, the creation of “watermarks” to identify a paper manufacturer.

There have been many methods over time of steganographs (or steganograms) that conceal the existence of a message. Among these are invisible inks, microdots, character arrangement (other than the cryptographic methods of permutation and substitution), digital signatures, covert channels, and spread-spectrum communications. As opposed to cryptography, steganography is the art of concealing the existence of information within innocuous carriers.

A message in ciphertext may arouse suspicion, while an invisible message will not. As a shorthand for the differences, cryptographic techniques “scramble” messages so if intercepted, the messages cannot be understood; steganography “camouflages” messages to hide their existence.

This one fact, in and of itself, suggests that the interface between cryptography and steganography needs to be explored within the context of behavioral science, since the approaches to creating and/ or defending crypto or stego depend on human decisions based on their behavior.

A History of Steganography

One of the first documents describing steganography is from the Histories of Herodotus. In ancient Greece, text was written on wax-covered tablets. In one story, Demeratus wanted to notify Sparta that

Xerxes intended to invade Greece. To avoid capture, he scraped the wax off the tablets and wrote a message on the underlying wood. He then covered the tablets with wax again. The tablets appeared to be blank and unused so they passed inspection by sentries without question.

Another ingenious method was to shave the head of a messenger and tattoo a message or image on the messenger’s head. After allowing his hair to grow, the message would be undetected until the head was shaved again. In modern parlance, this would be a pretty low-resolution methodology—perhaps a month to communicate a few bytes.

More common in more recent times, steganography has been implemented through the use of invisible inks. Such inks were used with much success as recently as World War II. Common sources for invisible inks are milk, vinegar, fruit juices, and urine, all of which darken when heated. These liquids all contain carbon compounds. When heated, the compounds break down and carbon is released, resulting in the chemical reaction between carbon and oxygen, that is, oxidation. The result of oxidation is a discoloration that permits the secret ink to become visible.

Null ciphers (unencrypted messages) were also used. The real message is “camouflaged” in an innocent-sounding message. Due to the “sound” of many open coded messages, the suspect communications were detected by mail filters. However “innocent” messages were allowed to flow through. An example of a message containing such a null cipher follows.

Suppose an obscure story appears on page 27 of the Sports section of the Oakland Tribune (CA):

However the baseball Athletics play hall, relievers cannot meet enviable needs for passing Houston’s formidable array when winning under needy circumstances.

An alert reader might uncover the steganogram conveying Winston Churchill’s famous exhortation:

HoWever thE baSeballAtHletics pl Ay ball, re Li evers caNnot meEt enViahle neEds foR paSsing Houston’s foRmidable arRay whEn wiNning unDer neEdy ciRcumstances.

That is, taking the third letter of each word:

We shall never surrender!

The following message was actually sent from New York by a German spy in World War II:

Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on byproducts, ejecting suets and vegetable oils.

Taking the second letter in each word, the following message emerges:

Apparently nEutral’s pRotest iS tHoroughly discounted aNd iGnored. ISman hArd hit. Blockade iSsue aFfects pRetext fOr eMbargo oNbyproducts, eJectingsUets aNd vEgetable oils.

Or,

Pershing sails from NY June 1.

The Germans developed microdot technology, which FBI Director J. Edgar Hoover referred to as “the enemy’s masterpiece of espionage” (Hoover, 1946).

Transmission Issues

Despite the long and interesting history of these various methods for hiding information, in practice they are declining in their importance.

One reason, although probably not the primary one, is the consequence of the use of a physical material to transmit information. Using invisible ink, to take one example, assumes that we have some medium on which this ink is deposited. Classically, this may be a letter with an innocuous message written on paper, and the invisible ink on top. Then the letter must reach its target, perhaps by postal service or courier. But who in these times would transmit such information on paper when electronic transmission is virtually instantaneous and capable of vastly larger messages or bandwidth?

Indeed, it may well be that the mere fact of transmission by a mail courier may arise suspicion, assuming the electronic means are readily available. Examples might include the threat a few years ago of anthrax contained in an envelope mailed to addresses in Washington, DC, including US senators, and also the more recent example of bombs sent through the mail to former presidents Obama and Clinton.

Image Steganography

Consequently, with the current electronic age, the field of stegan-ography has shifted to techniques of converting the secret message into a bitstring and then injecting the bitstring bit by bit not into text, but into some other file format such as an image file (e.g., JPEG, TIFF, BMP. or GIF) or a sound or movie file (MPEG. WAV, or AVI).

There are usually two type of files used when embedding data into an image. The innocent-looking image that will hold the hidden information is a “container.” A “message” is the information to be hidden. A message may be plaintext, ciphertext, other images, or anything that can be embedded in the least significant bits (LSBs) of an image.

In this environment, for example, in an image file, the altering of a single bit in the image may be impossible to detect, certainly to the human eye, but also to an analysis of the file content byte by byte.

Image File Formats

The size of image files correlates positively with the number of pixels in the image and the color depth (bits per pixel). Images can be compressed in various ways, however. As indicated earlier, a compression algorithm stores either an exact representation or an approximation of the original image in a smaller number of bytes that can be expanded back to its uncompressed form with a corresponding decompression algorithm. Images with the same number of pixels and color depth can have very different compressed file sizes.

For example, a 640-by-480 pixel image with 24-bit color would occupy almost a megabyte of space:

640x480x24 = 7,372,800 bits = 921,600 bytes = 900kB

The most common image file formats are as follows:

JPEG (Joint Photographic Experts Group) is a lossy compression method. Nearly every digital camera can save images in the JPEG format, which supports 8-bit grayscale images and 24-bit RGB color images (8 bits each for red, green, and blue). JPEG lossy compression can result in a significant reduction of the file size. When not too great, the compression does not noticeably affect or detract from the image’s quality, but JPEG files suffer generational degradation when repeatedly edited and saved.

The same image, when saved in the four image formats indicated earlier, requires considerably different space in kilobytes:

JPEG

712 kB

TIFF

6597 kB

BMP

18,433 kB

GIF

2868 kB

It is estimated that the human eye can distinguish perhaps as many as 3 million colors. If we use a fairly common color scheme or palette for an image to hide the steganograph, namely JPEG, there are 16.77 million possible RGB color combinations. Thus, we have many choices for altering the byte value associated with a pixel in order to conceal many bits of information and yet leave the image indistinguishable to the human eye.

Of course, if you have both the original image and the altered image, you do not have to rely on the human eye. You can use a “hex editor” (Horz, 2018) to examine both the original image and the altered image byte by byte, and then it is a simple task to detect the differences.

It should also be noted: a JPEG file of a 4x6 image might be on the order of megabyte. A text to insert might be several kilobytes.

An Example

Example: We will use the easily available software tools HxD (Horz, 2018) and QuickStego (Cybernescence, 2017).

We can present an example using two software tools, which any reader can download by himself or herself. These are both freeware products. One is a hexadecimal or hex editor, which allows the user to examine any file—therefore an image file byte by byte. There are many such editors available. One that we have used for this example is called HxD. The other software necessary for this example is again freeware, to insert a text into an image (thus creating a steg-anogram) where there are also numerous examples. The one we have chosen is called QuickStego.

It is often the case to use 256-color (or grayscale) images. These are the most common images found on the Internet in the form of GIF files. Each pixel is represented as a byte (8 bits). Many authors of steganography software stress the use of grayscale images (those with 256 shades of gray or better). The importance is not whether the image is grayscale; the importance is the degree to which the colors change between bit values.

Grayscale images are very good because the shades gradually change from byte to byte.

Using Cryptography and Steganography in Tandem or in Sequence

As we have seen, the cryptographic approach to secure messaging and the steganographic approach operate under two distinctly different and contradictory approaches. Cryptography is very open in telling any opponent even the technique or algorithm that is being used. In fact, in the RSA approach to public-key cryptology, any attacker can readily determine the size of the challenge in breaking the code because of the partial information involved in the public key. On the other hand, the steganographic approach attempts to appear completely normal, in the hopes that the attacker will be led to believe that there is no secret messaging involved and therefore will decide not to employ methods to try to determine if there is some secret to be revealed.

Even though these two approaches would seem to imply that the user must choose one or the other, there is a theory emerging that the two approaches of crypto and stego might be used in combination in various fashions.

Here is a very simple example. Suppose a person wishes to warn an ally of an impending attack. This person creates an image that clearly has the message "ATTACK AT DAWN.” Then this person will send this to an ally. However, the message that will be clearly seen by anyone intercepting a message will warn of such an impending attack. However, what the sender has actually done, using, for example, the software State of, is embed the message "ATTACK AT MIDNIGHT.”

The example is described in Figure 14.1.

Another more extensive example was presented in a recent master’s thesis (Kittab, 2016) where the author, calling his approach Matryoshka steganography, used five levels of embedding in the

Hiding a stego message "ATTACK AT MIDNIGHT" in a graphic image and viewing part of the clear and the stego in a hex editor

Figure 14.1 Hiding a stego message "ATTACK AT MIDNIGHT" in a graphic image and viewing part of the clear and the stego in a hex editor.

hopes of deterring the person intercepting the message from burrowing five levels deep in order to find the true message. This is a relatively new area of research and points out a more important aspect of how human behavior factors into all areas of cybersecurity.

The human factor involved in the use of cryptology arises when the defender, while telling the attacker everything but the key, relies upon the attacker’s state of mind: Since we assume that the attacker has as great a knowledge of cryptology as the defender, the attacker can make a very determined calculation as to the cost of launching an attack—that is, trying to break the encryption—or to let it go by as not being worth the cost involved in deploying resources trying to break it.

Then, together with a factor based on a calculated risk, the choice of security mechanism might be balanced between the crypto strategy, the stego strategy, or indeed a combination of both.

Comments

Steganography has its place in security. It is not intended to replace cryptography but supplement it. As we will see, the existence of both cryptography and steganography leads to the possibility of hybrid techniques, which we will examine more deeply in the next chapter. Hiding a message with steganography methods reduces the chance of a message being detected. If that message is also encrypted, if discovered, it must also be cracked (yet another layer of protection). There are very many steganography applications. Steganography goes well beyond simply embedding text in an image. It does not only pertain to digital images but also to other media (files such as voice, other text and binaries; other media such as communication channels, and so on).

Problems

1. Create a steganogram that embeds the following 20-letter message in a larger text by using the same letter position in each wwd, either the first, second, third, or fourth. For example, if you were creating a steganogram for the message “HELLO,” it might be “Have Everyone Leave Liquor Outside.” Once you choose the letter position, all the words in your steganogram must use the same position, as in the example. (Ignore the blanks in the message in the following.)

FOURSCORE AND SEVEN YEARS AGO

  • 2. Consider the principle of lossless versus lossy compression. Suppose you have an image wherein about 80% of the pixels represent the same color. How could you develop a coding system so that you would preserve all of the locations of the bytes of the same color, yet save a good deal of space in the rendering of the image?
  • 3. Comment on the options available for Angus and Barbara in trying to establish a secure mechanism to exchange steganographs.
  • 4. Create your own ATTACK AT DAWK ATTACK AT MIDNIGHT example using QuickStego. Using a hex editor such as HxD, find all byte differences.
  • 5. Manually embed a 30-byte message in a JPEG.
  • 6. Use HxD to find all byte differences from your example in problem 2, from the position of the first difference

References

Cybernescence. 2017. QuickStego. http://www.quickcrypto.com/free-steganography-software.html.

Hoover, J. E. 1946. The enemy’s masterpiece of espionage. Reader's Digest, 48, 1-6.

Horz, M. 2018. HxD—Freeware Hex Editor and Disk Editor, https:// mh-nexus.de/en/hxd/.

Kittab, W. M. 2016. Matryoshka Steganography. M.Sc. thesis, Howard University.

 
Source
< Prev   CONTENTS   Source   Next >