- What is steganography?
- What is steganalysis?
- What is the LSB? / What is LSB steganography?
- What is LSB replacement?
- What is LSB matching?
- What is F5 steganography?
- What is StegHide?
- In what media can steganography be used?
- What are structural attacks?
What is steganography?
The term “steganography” comes from the Greek words “steganos” (hidden) and “graphos” (to write), and it literally translates as “hidden writing.” This discipline refers to the art and science of hiding a message or information within other information in such a way that it is not noticeable.
Unlike cryptography, where a message is encoded so that it cannot be read without the appropriate key, steganography aims to hide the message itself, so its existence cannot be detected.
A classic example of steganography is writing with invisible ink on a letter. While a casual observer would only see the visible message written with regular ink, someone in the know could reveal the hidden message, for instance, by heating the paper.
In the digital realm, steganography often involves embedding information within multimedia files, such as images, audios, or videos. For example, one could hide a text message within an image by slightly altering the image’s pixel values in a way that’s imperceptible to the naked eye. Only someone who knows there’s a hidden message and how to extract it would be able to access it.
It’s important to note that while cryptography focuses on protecting the integrity and confidentiality of a message, steganography focuses on keeping the existence of the message secret. On some occasions, both techniques can be combined to provide an additional layer of security.
What is steganalysis?
Steganalysis is the process of detecting and possibly extracting information hidden using steganographic techniques within a medium. While steganography focuses on hiding the existence of a message within another medium (like an image, audio, or video), steganalysis aims to identify and extract these hidden messages.
In other words, if steganography is the art of hiding, steganalysis is the art of uncovering the hidden. Experts in steganalysis use various techniques and tools to detect anomalies or unusual patterns in a file that might indicate the presence of a steganographic message.
The primary reason for conducting steganalysis is usually security. For instance, someone might be covertly transmitting confidential or malicious information using steganographic techniques. This also underscores the significance of steganalysis in combating “stegomalware,” which is malware concealed within seemingly benign files using steganographic methods. Through steganalysis, it is possible to detect and counter such threats, thereby preventing potential system compromises or data leaks.
In summary, steganalysis is essentially the countermeasure to steganography, allowing for the detection and potential extraction of hidden data in mediums that, at first glance, would seem normal or unaltered.
What is the LSB? / What is LSB steganography?
LSB refers to “Least Significant Bit.” It is the bit with the least weight in a binary representation of a number. Put simply, in a byte (which consists of 8 bits), the LSB is the bit farthest to the right.
The LSB technique is widely used in steganography, especially in image steganography. It involves altering the least significant bit of an image’s pixels to embed a secret message. Since the LSB has a minimal impact on the total numeric value of each pixel, changes made to the image are usually imperceptible to the human eye, making it an effective technique for hiding information.
For example, consider the following byte that represents a pixel value in a grayscale image: 10010101. If you wanted to hide the bit “0” using the LSB technique, the byte would remain the same since the LSB is already “1”. But if you wanted to hide the bit “1”, you could change the LSB from “1” to “0”, resulting in 10010100. Even though there has been a change, the difference in the pixel’s value is minimal and, therefore, hardly noticeable in the image.
What is LSB replacement?
LSB replacement (or “Least Significant Bit Replacement”) is a technique of LSB steganography that involves substituting the LSB with the bit of the message you wish to hide.
It’s important to note that although LSB Replacement is an effective and easy-to-implement technique, it’s not the safest. Modern steganalysis tools can detect the presence of steganography done using this method.
What is LSB matching?
However, there’s a key difference in the way the secret information is introduced. While “LSB Replacement” simply replaces the LSB of a pixel with a bit from the secret message, “LSB Matching” adopts a slightly more sophisticated approach: if the secret message bit matches the pixel’s LSB, the pixel remains unchanged. If they don’t match, the pixel value is randomly adjusted by either adding or subtracting one from its value.
This method has the advantage of introducing less systematic changes in the image, which can make detecting the steganography a bit more challenging compared to straightforward LSB replacement. By introducing random changes, “LSB Matching” can decrease the statistical anomalies introduced by “LSB replacement”, which can be detected by steganalysis tools.
What is F5 steganography?
F5 steganography is a steganographic technique designed to hide information in JPEG format images. This technique was developed by Andreas Westfeld in 2001.
Instead of working with pixels directly, F5 steganography focuses on the coefficients of an image’s Discrete Cosine Transform (DCT), which represent the image’s frequency information.
To enhance efficiency and reduce the number of required changes to the coefficients, F5 uses a technique called “matrix encoding.”
What is StegHide?
StegHide is a free steganography tool developed by Stefan Hetzl in 2003. Its main objective is to hide information, like text messages or files, within images or audio files without causing perceptible loss or noticeable alterations to the carrier file. StegHide works with JPEG format images and audio files.
StegHide utilizes Graph Theory to find pairs of values that can be swapped, embedding a message, yet maintaining the global statistics of the file. This allows it to evade some steganalysis attacks.
In what media can steganography be used?
Steganography can be applied in a variety of digital media or carriers. Below are some of the most common media in which steganography can be used:
Images: One of the most popular mediums for steganography. Techniques can range from simple methods based on the replacement of the least significant bit (LSB) to more complex methods involving frequency domain transformations, such as the Discrete Cosine Transform (DCT) in JPEG images.
Audio: Secret information can be hidden in audio files in ways that are inaudible to the human ear. This can be done, for example, by modifying the LSB of audio samples.
Video: Since a video file is essentially a series of images, image steganography techniques can be applied to each frame. Additionally, specific techniques for video can be used, such as modifying motion data between frames.
Text: Although less common due to the smaller amount of redundant data in text compared to other media, it’s possible to hide information in texts using additional spaces, tabs, or changes in the character sequence. It’s also possible to substitute words or groups of words with synonyms, thereby encoding a different message.
Network protocols: Steganography can be used to hide information in data packets transmitted over networks, by manipulating certain fields or deliberately introducing anomalies that contain hidden data, as well as altering transmission times.
File systems: Some file systems have areas that aren’t commonly used (like slack blocks or metadata) where information can be hidden.
Digital documents: In formats like PDF or Word, it’s possible to hide information in metadata, white spaces, or by using nearly invisible text colors.
What are structural attacks?
Although steganography tries to hide information imperceptibly, the data embedding process can introduce changes to the structural characteristics of the carrier object. These changes, although they might be invisible or inaudible to the human observer, can be detected through statistical analysis.
When using LSB (Least Significant Bit) replacement techniques, significant statistical anomalies appear, as the LSB replacement causes the total amount of even values (for example, pixels) to increase and the total number of odd values to decrease.
These anomalies are exploited by a whole family of attacks known as “structural attacks”, among which the SPA attack, RS attack, and WS attack stand out.