Introduction

Can you imagine if you had the ability and power to conceal and hide information within plain sight? Well, is it even possible? Steganography is nothing but the process of hiding information, audio messages, video clips, or images into another piece of information, video clip, audio clip, or image. Who would not forget writing secret messages in invisible ink or hiding coded messages within a piece of data or information?

Well in the world of cybersecurity, steganography is the technique of hiding secret data within a non-secret, ordinary file or message to avoid being detected. It will be decoded only at the destination. The history of steganography dates back to 1500 when Johannes Trithemius used the term in his book Steganographia. It has been a time-honored practice and only gained technical prominence in the last decade.

In this article let us look at:

  1. What is Steganography
  2. How does it Work
  3. Types of Steganography
  4. Techniques in Steganography
  5. Examples of Steganography

1. What is Steganography?

What is Steganography?. If one needs to define steganography, it can be simply said as a practice of hiding secret messages within or over something that is no secret. It is just a process of embedding a secret piece of text within a text, picture, or audio. The message could be a message or script within a document file or a picture file. A form of covert communication, the main purpose of steganography is concealing and deceiving. The message can be concealed through any medium. It differs from cryptography which is a science that enables privacy. Steganography definition elaborates how it hides data and does not involve scrambling or using a key or code.

2. How does it Work?

What is steganography and how it works is the question most people would ask. The art and science of masking information by embedding messages within something that may seem harmless. It works by replacing some parts of useless or unused data in usual computer files ( for eg: text, HTML, audio, or graphics) with bits of invisible and different information.

3. Types

There are different ways to hide a message. When a file or image is created, some bytes in the file or image are not necessary and can be replaced with a message without destroying the original message. In this way the secret message is hidden. There are different types of steganography. The most common are:

A) Steganography in Images

Digital images are used widely and since they are available in various formats the algorithm used differs completely. Some common kinds are:

  • Least significant bit insertion.
  • Masking and filtering.
  • Redundant Pattern Encoding.
  • Encrypt and Scatter.
  • Algorithms and transformations.
  • Least significant bit insertion.

B) Steganography in Audio

Implanting a secret message in audio is most difficult as the human brain has a wide range of auditory capacity. A few methods used are:

  • LSB coding.
  • Parity coding.
  • Phase coding.
  • Spread spectrum.
  • Echo hiding.

C) Steganography in Video

In this, a video file will be embedded with supplementary data that will hide the secret message. Some widely known approaches are 

  • Least Significant Bit Insertion.
  • Real-time Video Steganography.

D) Steganography in Documents

This involves focusing on altering the characteristics of documents. Most people can read documents and therefore there are several ways in which this can be achieved. A few ways this is done are:

  • Hiding information in plain text by adding white space and tabs to the end of the lines of documents.
  • Using a widely available cover source like a book or newspaper and using a code comprising of a combination of numbers, letters, or line number. This way the information inside the cover source will not reveal the hidden message and the only way to decode is to gain the key.
  • The use of background color and font is another widely used technique for steganography. It is widely used in Microsoft Word documents.

4. Techniques

Steganography techniques used help in concealing the message to the best possible extent to ensure that it is revealed only at the destination. Some of the techniques used are:

A) Least Significant bit

The attacker identifies the least significant bits of information in the carrier file and substitutes it with the secret message, in most cases, malicious code. Once the target downloads the file, the malware is introduced in the computer that allows the hacker or attacker to access the device. Sandboxes are sued to detect these corrupt files but hackers have invented ways like sleep patching to bypass these. Sleep patched malware is not detected by sandbox as it is benign and takes time to be detected.

B) Palette Based Technique

This uses digital images as malware carriers where attackers first encrypt the message, hide it in a wide palette of the cover image. It can carry only limited amounts of data but still frustrates cybersecurity professionals as the data is encrypted and takes time to decrypt.

C) Secure Cover Selection

A very complex technique, cybercriminals have to compare blocks of the carrier image to specific blocks of specific malware. It involves finding the right match to carry the malware. The identical match is fitted carefully into the carrier image. With the resulting image being identical to the original it becomes even more difficult to detect by software applications and cybersecurity software.

5. Examples

Steganography is more an art than a science. It involves using careful techniques to hide the message and execute it. There is no limit to the ways steganography can be used with such a wide range of technology available today. A few examples are:

  1. Playing a video at a faster frame rate to unveil a hidden message.
  2. Inserting a message in the red, green, or blue channel of an RGB image.
  3. Playing an audio track backward to reveal a hidden message.
  4. Encrypting a message or image within a photo through the addition of noise or sound.
  5. Hiding information with the file header or metadata.

A simple example of steganography would be a message in plain text. For example, the following sentence:

“This example comprises higher technical evidence regarding modern situations”.  ( The first letter of each word reveals the phrase “TechTerms”.

Steganography uses are primarily restricted to hackers who use steganographic applications to embed a malicious code. A hacker alters the least significant bit of any file and encrypts it with malicious code. Once this code is downloaded by the user either by opening a file or image the malware is activated. This can in turn help the attacker to gain control over the network of the user or destroy any intended content. The difference between the original file or image or stenographed image or file is so subtle and it cannot be detected by the naked eye.

Conclusion

Hackers are using this technique called steganography ( originating from the Greek word “ steganographia”) to trick internet users and smuggling malicious content by bypassing firewalls, scanners, and security software. Unlike cryptography which obscures data so that it cannot be comprehended, steganography hides the fact that content exists by embedding it into something else. It is more of a concept and not a method of data delivery by clandestine methods making it easier to execute it in several ingenious ways.

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give you an edge in this competitive world.

SHARE
share

Are you ready to build your own career?