Information security is a process and can be defined as: (1) The well-informed assurance of a balance between information risks and applied controls. (2) The quality or state of being protected, that is, being free from danger. Every modern organization should implement multiple levels of security: physical security, personnel security, operational security, communications security, network security, and data and computer security. This requires tools such as policies, awareness, training, education, and technology. There is a growing and widespread use of steganography in information security across diverse areas such as privacy and anonymity, copyright control, image search engine optimization, smart identifiers where individual details are embedded in photographs, audio-video synchronization, TV and IP packet broadcasting, checksum embedding, and in medical imaging systems where it is necessary to separate the confidentiality of patient images from their labels (e.g., patient name, doctor, address, etc.). Steganography is also used as an alternative or complement to encryption, as human rights organizations need to use it because encryption is prohibited in many countries and environments. It has also long been used in illicit applications; for example, virus creators use it to spread Trojans and other malware. Therefore, it is now necessary to check for threats embedded in image, audio, or video files using steganalysis tools. Furthermore, there is an unusual increase in coordinated criminal and even terrorist attacks based on steganography. The context of the symbiosis between steganography and mobile phones can be observed at the following URL: http://news.bbc.co.
uk/go/pr/fr/-/1/hi/technology/6361891.stm a use where by capturing and sending the photo of an image, JAN barcode or QR code a remote server can return certain contents.
Steganography and Security.
Steganography provides the means to conceal the existence and presence of data, thus protecting it from unauthorized and unwanted monitoring. Besides steganography, there are other complementary methods for achieving the confidentiality of secret data: (1) Encryption. This is the process of transforming plaintext data using mathematical operations into an alternative form of the original data called ciphertext. Encrypted data can only be understood by authorized parties who possess the keys to decrypt the ciphertext or cryptogram back into the original plaintext. Encryption does not hide the existence of the data; it hides its content, that is, the meaning of the data. (2) Hiding directories in Windows. Windows allows users to hide files. Using this feature, it is easy to change the properties of a directory to hide it, so that an unauthorized user cannot see all types of files with their file explorer. (3) Hiding directories in Unix. For existing directories containing a large set of files, such as the /dev directory in a Unix implementation, the process involves making the directory start with three dots (...) instead of the usual one or two dots. (4) Covert/Subliminal Channels. Some tools can be used to transmit valuable data over seemingly normal network traffic. One such tool is Loki, which hides secret data within ICMP traffic (such as ping). Steganography allows secret information to be placed in a wide variety of carriers (seemingly innocuous media that can go unnoticed), such as images, audio files, video files, text files, disk space, hidden disk partitions, packets circulating in network traffic (usually in PDU headers), software, hardware circuitry, etc.
Types of Steganographic Techniques
There are many different techniques that steganography uses to conceal secret information. These can be classified as follows:
(1) Substitution Methods. This involves replacing bits of the carrier or unsuspecting cover with the bits of the message to be hidden. Possible techniques include bit-plane methods and color palette-based methods. Bit-plane methods use images as carriers, for example. This involves replacing the LSB (Least Significant Bit) of the image intensity with the bits of the message. One, two, three, or four LSBs are replaced with the bits of the secret message or image data to be hidden. The data is hidden as image noise. In this way, large amounts of data can be concealed. However, this method is very vulnerable to manipulation of the resulting image that hides the secret information within the carrier. Variations of bit-plane methods involve using a permutation of pixel locations where bits are hidden, either by employing pseudorandom number generators or PRNGs whose modulus is the image size (number of pixels). Color palette-based methods rely on changing the color or grayscale palette that represents the image colors. The least significant bit (LSB) insertion method is the most common and popular and involves using the LSB of the image pixel information. This minimizes overall distortion while the message is spaced across the image pixels. This technique works best when the image file is larger than the secret message and if the image is grayscale.
(2) Signal processing-based methods. For example, methods based on transformations such as Fourier, Wavelets, DCT, etc., and spread spectrum methods. These methods, also called algorithm and transformation-based methods, hide data using mathematical functions employed in compression algorithms. The idea behind this method is to hide the secret message within the data bits of the least significant coefficients.
(3) Encoding methods. For example, quantization, error correction codes, dithering, etc.
(4) Statistical methods. These are based on hypothesis testing.
(5) Carrier generation methods. For example, those based on fractals and chaos.
(6) Masking and filtering methods. Information is hidden within an image using DWM (Digital Watermarking), which includes information such as copyright, ownership, or licensing. The purpose differs from traditional steganography, as it involves adding an attribute to the cover or carrier image, thus extending the amount of information presented.
Final considerations
Our research group has been working for more than twenty years in the field of the use of steganography in the synthesis, analysis and evaluation of steganosystems to provide added value in the very extensive field of information security, which is key today in Information and Communication Technologies.
This article is part of the activities developed within the LEFIS-APTICE project (funded by Socrates. European Commission).
Literature
- Areitio, J. “Information Security: Networks, Computing and Information Systems”. Cengage Learning-Paraninfo. 2009.
- Areitio, J. “Analysis of Technologies for Information Concealment”. Conectrónica Magazine. No. 109. July-August 2007.
- Areitio, J. “Analysis of Forensic Security, Anti-Forensic Techniques, Incident Response and Digital Evidence Management”. Conectrónica Magazine. No. 125. March 2009.
- Steganography tools: F5 ( http://wwwrn.inf.tu-dresden.de/~westfeld/f5.html ), S-Tools v4 ( http:/members.tripod.com/steganography/stego/s-tools4.html ), MP3Stego ( http://www.cl.cam.ac.uk/~fapp2/steganography/mp3stego/ ), EzStego ( http://online.securityfocus.com/tools/586/scoreit/ ), Hide and Seek v4.1 ( ftp://ftp.csua.berkeley.edu/pub/cypherpunks/steganography/ ), Hide4PGP ( http://www.heinz-repp.onlinehome.de/Hide4PGP.htm ), Jpeg-Jsteg ( ftp://ftp.funet.fi/pub/crypt/steganography/ ), Hide and Seek for Win95 ( ftp://ftp.hacktic.nl/pub/crypto/incoming/ ), Mandelsteg ( ftp://idea.sec.dsi.unimi.it/pub/security/crypt/code/ ), Steganos ( http://www.steganos.com/en/ ), OutGuess ( http://www.outguess.org/download.php ), White Onyx Store ( ftp://ftp.esua.berkeley.edu/pub/cypherpunks/steganography ).
Author:
Prof. Dr. Javier Areitio Bertolín – E.Mail:
Professor at the Faculty of Engineering, ESIDE.
Director of the Networks and Systems Research Group, University of Deusto.
