Steganography: Past Techniques and Present Algorithms

Jaderick P. Pabico Institute of Computer Science, College of Arts and Sciences University of the Philippines Los Baos, College 4031, Laguna

11th Philippine Computing Science Congress (PCSC 2011) Ateneo de Naga University, Naga City, 4-5 March 2011.

Outline

What is steganography/formalization? Past techniques Present Algorithms Research Prospects

?
There is a hidden image in the ADNU logo?

DEFINITION OF TERMS
Terms!

Terms!

Terms!

Steganography

Greek words steganos + graphein Concealed writing A form of communication such that no one, except the sender and the receiver of the message, suspects that a message exists. Both a science and an art of secured communication through obscurity

Steganalysis

Art and science of detecting messages hidden using steganography

Is there really a Hidden image in the ADNU logo?

Parameters

Sender, S Receiver, R Message, M Cover Message, Mc Media/Channels/Couriers, C={c1, c2, ...}

Formalization/Abstraction

Sender, S Receiver, R Message, M Cover Message, Mc Media/Channels/Couriers, C={c1, c2, ...}

c1

Mc

c2

Past Techniques
History!

We must learn from it.

Or be doomed to repeat its mistakes!

Historical account

1499 Termed coined by Johannes von Heydenberg Trithemius Steganographia

A book on cryptography and steganography disquised as a book on magic. Conceal messages in long invocations of the names of angels Ave Maria cipher

Historical account

Example

Every other letter in every other word

Mc = padiel aporsy mesarpon omeuas peludyn malpreaxo

M = prymus apex

Historical account

Example

Every other letter in every other word

Mc = padiel aporsy mesarpon omeuas peludyn malpreaxo

M = prymus apex
Do a perfect shuffle on the array of words ... concatenate all words into an array of letters ... and then do a perfect shuffle on it.

Get the lower half and ...

Historical account
padiel aporsy mesarpon omeuas peludyn malpreaxo

Do a perfect shuffle on the array of words

Get the lower half and ...

... concatenate all words into an array of letters

... and then do a perfect shuffle on it.

Historical account
padiel aporsy mesarpon omeuas peludyn malpreaxo padiel mesarpon peludyn aporsy omeuas malpreaxo

Do a perfect shuffle on the array of words

Get the lower half and ...

... concatenate all words into an array of letters

... and then do a perfect shuffle on it.

Historical account
padiel aporsy mesarpon omeuas peludyn malpreaxo padiel mesarpon peludyn aporsy omeuas malpreaxo aporsy omeuas malpreaxo

Do a perfect shuffle on the array of words

Get the lower half and ...

... concatenate all words into an array of letters

... and then do a perfect shuffle on it.

Historical account
padiel aporsy mesarpon omeuas peludyn malpreaxo padiel mesarpon peludyn aporsy omeuas malpreaxo aporsy omeuas malpreaxo aporsyomeuasmalpreaxo

Do a perfect shuffle on the array of words

Get the lower half and ...

... concatenate all words into an array of letters

... and then do a perfect shuffle on it.

Historical account
padiel aporsy mesarpon omeuas peludyn malpreaxo padiel mesarpon peludyn aporsy omeuas malpreaxo aporsy omeuas malpreaxo aporsyomeuasmalpreaxo aosoeamlraoprymusapex
Do a perfect shuffle on the array of words ... concatenate all words into an array of letters ... and then do a perfect shuffle on it.

Get the lower half and ...

Historical account

Another example:

Apparently neutral's protest is thoroughly discounted and Mc = Ignored. Isman hard hit. Blockade issue affects pretext for embargo on By-products, ejecting suets and vegetable oils.

M=

Historical account

Method: Take the second letter of each word

Apparently neutral's protest is thoroughly discounted and Mc = Ignored. Isman hard hit. Blockade issue affects pretext for embargo on By-products, ejecting suets and vegetable oils.

M=

Historical account

Method: Take the second letter of each word

Apparently neutral's protest is thoroughly discounted and Mc = Ignored. Isman hard hit. Blockade issue affects pretext for embargo on By-products, ejecting suets and vegetable oils.

M=

Pershing sails from NY June 1

Historical account

440 BC - first recorded uses The Histories by Herodotus of Halicarnassus

Greek tyrant Histiaeus shaved the head of the messenger, tattoo the message, and wait for the hair to grow.

Historical account

Example:

Mc

Example of an incomplete Mc.

Historical account

Simple Steps

Message M is tattoed on the scalp of the messenger C M is hidden by the growth of C's hair M is exposed by shaving the head of C Delayed transmission while waiting for hair to grow Low storage capacity (scalp is too small for long M)

Drawbacks

Historical account

Early 1900s, Lord Robert Baden Powell

Founder of Scouting Movement Was a spy for the British military against the Boer infantry His simple job was to mark the positions of Boer artillery He concealed the maps of artillery location (M) within drawings of butterflies (Mc) Certain markings on butterfly wings were actually the positions of the artillery installations

Previous Techniques

Wax tablet

Write M on wood c1 Cover c1 with wax c2 Write the cover message Mc on c2 The Mc must be innocent looking
M is exposed when c2 melts.

Requirement:

Drawback

Previous Techniques

French Resistance during WWII

M is written on back of C using invisible inks C does not know M M might be erased/contaminated when C's body becomes wet due to rain or perspiration

Female members of the French Resistance Movement during World War II

Advantage

Drawback

I perspire when nervous especially with these deadly babes.

Previous Techniques

Innovation 1

M is translated to Morse code (or any other code that uses binary translation) The Morse pattern Mc is knitted as a clothing c1 c1 is worn by the courier c2

Example of a Morse code quilt

Previous Techniques

Innovation 2

Mc is written on paper c1 using a regular ink M is written on c1 using invisible ink either on

Margins Spaces in between lines of Mc Area covered by the postage stamps

Drawback: needs a special lighting to read M

Example: UV light

Previous Techniques

Innovation 3: using semagrams

Mc =500 kilos of ice needed in Caramoan Port M =5 french models are in Caramoan Port
What is the key here?

Drawback:

Key K must be known to both S and R

Previous Techniques

Innovation 3: using semagrams

Mc =500 kilos of ice needed in Caramoan Port

THIS IS THE KEY

M =5 french models are in Caramoan Port

Drawback:

What is the key here?

Key K must be known to both S and R

Previous Techniques

Using Microdots

Less than the size of a period produced by a typewritter, or the tittle of a lowercase i or j. Image M is taken by a microdot camera. The microdot images act as periods in a sentence, or in the small letter i or j of Mc.
Watch out for the dots. Lots and lots of little dots.

Example of a microdot camera

Current Algorithms
What is up?

What is new?!

What have we been using?!

Current Digital Techniques

LSB rewriting in image or sound files Example:

Mc = image of a tree

M = image of a cat
Source: wikipedia

Current Digital Techniques

How to extract?

Remove all except the last two LSB of each RGB value of each pixel (this produces a very dark image) Make the resulting image 85 times brighter

Mc = Image of a tree

M = Image of a cat
Source: wikipedia

Current Digital Techniques

This means, to conceal M into Mc, we just reverse the process

Reduce the brightness of M 85 times For each RGB component of each pixel of Mc, replace the last 2 LSB with the corresponding in M.

Mc = Image of a tree

M = Image of a cat
Source: wikipedia

Current Digital Techniques

Basic idea:

What is the difference among these rectangles?

Current Digital Techniques

Basic idea:

R: 255 G: 0 B: 0

R: 254 G: 0 B: 0

R: 253 G: 0 B: 0

R: 252 G: 0 B: 0

Current Digital Techniques

Basic idea:

R: 255 G: 0 B: 0

R: 254 G: 0 B: 0

R: 253 G: 0 B: 0

R: 252 G: 0 B: 0

11111111

11111110

11111101

11111100

Current Digital Techniques

Basic idea:

R: 255 G: 0 B: 0

R: 254 G: 0 B: 0

R: 253 G: 0 B: 0

R: 252 G: 0 B: 0

11111111

11111110

11111101

11111100

Least Significant Bits

Current Digital Techniques

Basic idea:

R: 255 R: 254 R: 253 To a naked human G: 0 G: 0 But to a computer,0 G: eye, these rectangles these shapes are B: the same color B: 0 colored differently. 0 B: 0 have

R: 252 We can exploit this G: 0 observation and use it to B: 0 conceal information.

11111111

11111110

11111101

11111100

Least Significant Bits

Current Digital Techniques

Basic idea:

To a naked human G: 0 eye, these rectangles B: 0 have the same color

The same technique can also be used R: 255 R: 254audio R: 253 R: 252 in files
G: 0 But to a computer,0 G: these shapes are B: 0 colored differently. B: 0

We can exploit this G: 0 observation and use it to B: 0 conceal information.

11111111

11111110

11111101

11111100

Least Significant Bits

Current Digital Techniques

In an audio file, M can be concealed in the following:

Noise (static noise or background noise) Echo Accompanying instruments for music files

Current Digital Techniques

Exploiting the File System Structure

Trivial: a hidden disk partition where M is stored In Linux, sfpatch is a kernel patch which is the OS's modular support for steganography

Uses both steganography and encryption to hide information on disks

Sfpatch in linux

Current Digital Techniques

Exploiting the File System Structure

In FAT16 file system, the file allocation table allots 32KB of disk space to each file. If the file size is a few KB, the rest of the space is used to hide information.
FAT16 FS

Allocated and used Allocated and not used

Current Digital Techniques

Exploiting the File System Structure

In FAT16, deleted files are not really erased from the system Only the file allocation table entry is deleted, the whole file is still stored on the file system
the first letter of the filename is replaced by a nonprinting character Creative users use deleted files in FAT16 as Mc

Actually, the entry in FAT is not really deleted...

Current Digital Techniques

Other Techniques

Mimic: convert a file to have the statistical profile of another Tampered executable/object files (as in virus infection of the old) Blog-steganography: usually, steganography keys are burried in the comments or in orphaned blogs. Steganophony: steganography in VoIP systems Using sudoku puzzle (recall: Mercury Rising)

Prospects
What can we do?!

Can we do something?

Does this presentation have a secret message?

Prospects

Automated steganalysis

Difficult to do as current techniques require human intervention Can AI techniques be used? Application of parallel processes to apply to a given set (say all images in a website) all known steganalysis techniques.

Acknowledgements

Institute of Computer Science

ICS-GF#2326103 CAS-TF#8217300

College of Arts and Sciences

Questions?

Email to <jppabico@uplb.edu.ph> for:

Questions requiring detailed answers Proposals for research collaboration

Soft computing and machine learning HPC/scheduling and dynamic load balancing Wireless adhoc networks Computer security and forensics Information visualization

http://www.ics.uplb.edu.ph/jppabico