La steganography, often considered the poor cousin of cryptography, we can define it as "the art and science of hiding information so that its mere appearance does not arouse suspicion". While cryptography focuses on making messages unintelligible through encoding, steganography aims to mask the very existence of the message, for example by inserting it into a different context such as an image.
So, while in the past it was used to send secret letters or hidden tracks, today it can hide codes in JPEG images and videos, profoundly changing the dynamics of computer security and cybercrime.
Historical Origins of Steganography
Steganography has its roots in history, with surprising techniques used by the ancient Greeks. Among these, writing on wooden tablets covered in wax stands out, which hid the real message under a superficial layer. A famous example is the one reported by Herodotus in Book VII of the Histories.
Herodotus tells us that Demaratus, the exiled king of Sparta who had taken refuge at the court of Xerxes, having obtained crucial information about the Persian king's preparations to invade Greece, sought a way to warn the Spartans without arousing suspicion. It was necessary to find a method that would hide the information from the eyes of the enemies, for this purpose Demaratus used a wooden tablet on which he engraved the secret message. He then covered the engraved surface with a layer of wax, completely hiding the writing. This made the tablet look like an ordinary instrument for writing or carrying notes, eliminating any suspicion. The tablet was then transported to Greece without difficulty. The Spartans, removing the layer of wax, found the engraving and were informed of Xerxes' plans.
This was not the only method used in ancient times, Herodotus also tells of a message drawn on the scalp, once the hair grew back the messenger was sent to the recipient. Such systems have evolved over time including more sophisticated techniques such as the use of invisible inks, microfilm and, more recently, digital methods.
Steganography in today's world
In the digital age, steganography offers extraordinary opportunities to hide data within common files such as images, videos, audio, or even text. This technique takes advantage of the abundance of unused or barely perceivable data in files to embed secret information.
One of the most common techniques is the use of specially modified images. This is the technique known as Least Significant Bit (LSB) which consists of modifying the least significant bit in the pixels of an image. Alterations of this type are not perceptible to the naked eye but can be used to hide messages.
For example, a high-resolution image of 1920x1080 pixels, with a color depth of 24 bits, could contain approximately 290 kilobytes of data hidden using only the least significant bits, without the alteration being noticed.
This level of discretion makes steganography a valuable ally in protecting sensitive information, but it also makes it a controversial tool, sometimes used for illicit purposes. As technologies have evolved, increasingly sophisticated methods have been developed, including those that use transformation and compression algorithms to make information retrieval even more secure.
Even audio or video files can be manipulated by slightly changing the amplitude of the samples, or by embedding data in frequency segments inaudible to human hearing, or by combining the amplitude of visual and audio data to hide information within large files, such as unused video frames.
Although less common, text steganography uses variations in formatting, spacing between lines, or encoding in markup languages (e.g., HTML or Unicode) to hide the message.
Applications of Steganography
Steganography can be used in a variety of contexts, both legitimate and illicit.
Its use in communications security can be a guarantee in areas where even the presence of a message could be compromising. Journalists, activists or political dissidents in oppressive regimes use it to evade censorship.
Steganography can be used in the protection of intellectual property to embed watermark invisible digital that protects copyright or brands.
In education and research, it is a valuable tool for exploring advanced data protection methods and educating young people about the more complex aspects of cybersecurity.
Unfortunately, cyber criminals also exploit steganography to hide malware or commands within harmless files, avoiding detection by security tools.
Steganography Tools and Software
There are several tools that allow you to experiment or apply digital steganography. Some examples include:
Steghide: a software open source released in 2003 by Stefan Hetzl, included among the Kali Linux tools, used to hide data inside image or audio files. Steghide is a command line application that allows you to insert data into the main image file formats (such as BMP and Jpeg) and audio (WAV and AU), this data can be encrypted and protected by password making their detection even more complex.
OpenPuff: a tool for steganography multi-layered on files of various types. It is developed by an Italian programmer, Cosimo Olibon, and is considered one of the most advanced free tools currently available. Among the main features is the ability to distribute the data to be hidden across multiple files.
StegOnline: an easy-to-use online software to input and extract data without altering the statistical properties of images. Must try!
Analysis and detection
As you can imagine, there are techniques and tools to detect steganography especially to combat illicit uses. Detecting steganography is a complex task that requires sophisticated tools and advanced techniques.
The primary detection methods rely on statistical analysis of files to find anomalies in the data, such as variations in pixels or audio samples that are not visible to the naked eye. Forensic analysis tools can be used to identify the presence of hidden messages, however, the effectiveness of these techniques depends on the complexity of the steganography used and the level of evasion employed.
Conclusions
Steganography represents a fascinating balance between art, science, and technology. In today’s world, where cybersecurity is a daily challenge, its use can offer innovative solutions to protect data and communications, but it also requires attention to ethical aspects and possible negative implications. With growing awareness, we can harness its potential to promote a safer cyberspace.
To learn more:
- https://steghide.sourceforge.net/
- https://embeddedsw.net/OpenPuff_Steganography_Home.html
- https://medium.com/ctf-writeups/stegonline-a-new-steganography-tool-b4ed...