Download Complete Article in PDF Format - vsrd international ...

Available ONLINE www.visualsoftindia.com/journal.htmlVSRD-IJCSIT, Vol. 1 (4), 2011, 189-198R E S E A R C H A R T II C L EAn Exploratory Study on Steganography1 Reeta Mishra* and 2 Aniruddha BhattacharjyaABSTRACTSteganography is the means to pass hidden messages in seemingly harmless documents, pictures, and video andsound files. With the amount of information that would need to be processed, it is easy to see how certain datamay get overlooked, like Spam email messages, web browsing to arbitrary sites, and so on. This is exactlywhere covert communications may be taking place with the help of steganography. In this paper we havehighlighted its type and its bad effect. The details of several techniques on Steganography are described here.Keywords : Steganography, Steganography Techniques, Applications, Threats/Risk, Shorting Problems.1. INTRODUCTIONSteganography is the art of hiding information in ways that prevent the detection of hidden messages.Steganography [1-19] , derived from Greek, literally means “covered writing.”It includes a vast array of secretcommunications methods that conceal the message’s very existence. These methods include invisible inks,microdots, character arrangement, digital signatures, covert channels, and spread spectrum communications [7-16] .Steganography and cryptography are cousins in the spy craft family. Steganography hides the message so itcannot be seen. A message in cipher text, for instance, might arouse suspicion on the part of the recipient whilean “invisible” message created with steganographic methods will not.The advantage of steganography is that messages do not attract attention to themselves. Plainly visibleencrypted messages [16-24] —no matter how unbreakable—will arouse suspicion, and may in themselves beincriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents ofa message, steganography can be said to protect both messages and communicating parties. In this case the aimis to prevent the message being detected by any other party.2. STEGANOGRAPHY TECHNIQUEBefore describing the various steganography techniques a list of main requirements that steganography____________________________1 Research Scholar, 2 Head of Department, 12 Department of Computer Science & Information Technology, SwamiVivekanand Subharti University, Meerut, Uttar Pradesh, INDIA. *Correspondence : reetatrpth@gmail.com

Reeta Mishra et. al / VSRD International Journal of CS & IT Vol. 1 (4), 2011techniques must satisfy are described here:The integrity of the hidden information [20-30] after it has been embedded inside the stego object must becorrect. The secret message must not change in any way, such as additional information being added, lossof information or changes to the secret information after it has been hidden. If secret information is changedduring steganography, it would defeat the whole point of the process.The stego object must remain unchanged or almost unchanged to the naked eye. If the stego object changessignificantly and can be noticed, a third party may see that information is being hidden and therefore couldattempt to extract or to destroy it.In watermarking, changes in the stego object must have no effect on the watermark. Imagine if you had anillegal copy of an image that you would like to manipulate in various ways. These manipulations can besimple processes such as resizing, trimming or rotating the image. The watermark inside the image mustsurvive these manipulations, otherwise the attackers can very easily remove the watermark and the point ofsteganography will be broken.Finally, we always assume that the attacker knows that there is hidden information inside the stego object.3. TYPES OF STEGANOGRAPHYSteganography can be basically split into to groups [1-20] that is given below in figure 1:Types of Stganography :SteganographyFragileRobustFingerprintingWatermarks(i) Fragile:- Fragile steganography involves embedding information into a file which is destroyed if the file ismodified. This method is unsuitable for recording the copyright holder of the file since it can be so easilyremoved, but is useful in situations where it is important to prove that the file has not been tampered with, suchas using a file as evidence in a court of law, since any tampering would have removed the watermark. Fragilesteganography techniques tend to be easier to implement.(ii) Robust: - Robust marking aims to embed information into a file which cannot easily be destroyed. Althoughno mark is truly indestructible, a system can be considered robust if the amount of changes required to removethe mark would render the file useless. Therefore the mark should be hidden in a part of the file where itsPage 190 of 198

Reeta Mishra et. al / VSRD International Journal of CS & IT Vol. 1 (4), 2011removal would be easily perceived.There are two main types of robust marking. Fingerprinting involves hiding a unique identifier for the customerwho originally acquired the file and therefore is allowed to use it. The copyright owner can use the fingerprint toidentify which customer violated the license agreement by distributing a copy of the file. Unlike fingerprints,watermarks identify the copyright owner of the file, not the customer. Whereas fingerprints are used to identifypeople who violate the license agreement watermarks help with prosecuting those who have an illegal copy.4. SECRET COMMUNICATION TECHNIQUESSteganography provides a means of secret communication [21-30] which cannot be removed without significantlyaltering the data in which it is embedded. The embedded data will be confidential unless an attacker can find away to detect it. Figure 2 shows the comparisons of secret communication techniques.Figure 2 : Comparison of Secret Communication TechniquesText Techniques: - To embed information inside a document we can simply alter some of its characteristics.These can be either the text formatting or characteristics of the characters. You may think that if we alter thesecharacteristics it will become visible and obvious to third parties or attackers. The key to this problem is that wealter the document in a way that it is simply not visible to the human eye yet it is possible to decode it bycomputer.The codebook is a set of rules that tells the encoder which parts of the document it needs to change. It is alsoworth pointing out that the marked documents can be either identical or different. By different, we mean that thesame watermark is marked on the document but different characteristics of each of the documents are changed.There are many methods which are included to carry this text embedding techniques:-1. Line Shift Coding Protocol: - In line shift coding, we simply shift various lines inside the document up ordown by a small fraction (such as 1/300 th of an inch) according to the codebook. The shifted lines areundetectable by humans because it is only a small fraction but is detectable when the computer measures thedistances between each of the lines. Differential encoding techniques are normally used in this protocol,meaning if you shift a line the adjacent lines are not moved. These lines will become a control so that thePage 191 of 198

Reeta Mishra et. al / VSRD International Journal of CS & IT Vol. 1 (4), 2011computer can measure the distances between them.2. Word Shift Coding Protocol: - The word shift coding protocol is based on the same principle as the lineshift coding protocol. The main difference is instead of shifting lines up or down, we shift words left or right.This is also known as the justification of the document. The codebook will simply tell the encoder which of thewords is to be shifted and whether it is a left or a right shift. Again, the decoding technique is measuring thespaces between each word and a left shift could represent a 0 bit and a right bit representing a 1 bit.3. Features Coding Protocol: - In feature coding, there is a slight difference with the above protocols, and thisis that the document is passed through a parser where it examines the document and it automatically builds acodebook specific to that document. It will pick out all the features that it thinks it can use to hide informationand each of these will be marked into the document. This can use a number of different characteristics such asthe height of certain characters, the dots above i and j and the horizontal line length of letters such as f and t.Line shifting and word shifting techniques can also be used to increase the amount of data that can be hidden.4. XML: - This is important for verifying documents to see if they have been altered and also for copyrightreasons. You can embed a code for example, which can be traced back to the source. Many different files canexist when XML is used. There is the XML file itself but there can be transformation files (.xsl), validation files(.dtd) and style files (.css). All of these files can be used to hide data but the main XML file is usually the bestdue to its larger size. This technique concentrates on just the XML file, more elaborate techniques could use acombination of all four files to increase robustness.5. Text Content: - The grammar within the text can be used to store information. It is possible to changesentences to store information and keep the original meaning. Text Hide [8] is a program, which incorporates thistechnique to hide secret messages.6. White Space Manipulation: - One way of hiding data in text is to use white space. If done correctly, whitespace can be manipulated so that bits can be stored. This is done by adding a certain amount of white space tothe end of lines. The amount of white space corresponds to a certain bit value. Due to the fact that in practicallyall text editors, extra white space at the end of lines is skipped over, it won’t be noticed by the casual viewer. Ina large piece of text, this can result in enough room to hide a few lines of text or some secret codes.Network Steganography :- All information hiding techniques that may be used to exchange steganograms intelecommunication networks can be classified under the general term of network steganography. Networksteganography utilizes communication protocols' control elements and their basic intrinsic functionality. As aresult, such methods are harder to detect and eliminate. Network steganography methods involve modificationof the properties of a single network protocol. It is feasible to utilize the relation between two or more differentnetwork protocols to enable secret communication. These applications fall under the term inter-protocolsteganography. Network steganography covers a broad spectrum of techniques, which include, among others:-(1) Steganophony - the concealment of messages in Voice-over-IP conversations.(2) WLAN Steganography – the utilization of methods that may be exercised to transmit steganograms inPage 192 of 198

Reeta Mishra et. al / VSRD International Journal of CS & IT Vol. 1 (4), 2011Wireless Local Area Networks. A practical example of WLAN Steganography is the HICCUPS systemBinary File Techniques: - If we are trying to hide some secret information inside a binary file, whether thesecret information is a copyright watermark or just simple secret text, we are faced with the problem that anychanges to that binary file will cause the execution of it to alter. Just adding one single instruction will cause theexecuting to be different and therefore the program may not function properly and may crash the system. Themain reason for this is people want to protect their copyright inside a binary program. Of course there are othermeans of protecting copyright in software, such as serial keys, but key generators for common programs arewidely available and therefore using serial keys alone may not be enough to protect the binary file’s copyright.Digital Steganography:-DIGITAL steganography is a technique for sending secret messages under the cover ofa carrier signal. Despite that steganographic techniques only alter the most insignificant components, theyinevitably leave detectable traces so that successful attacks are often possible. The message is the data that thesender wishes to remain confidential and can be text, images, audio, video, or any other data that can berepresented by a stream of bits. The cover or host is the medium in which the message is embedded and servesto hide the presence of the message. This is also referred to as the message wrapper. The message embeddingtechnique is strongly dependent on the structure of the cover.There are many methods which are included to carry these DIGITAL embedding techniques:-(1) Simple Watermarking - A very simple yet widely used technique for watermarking images is to add apattern on top of an existing image. Usually this pattern is an image itself - a logo or something similar, whichdistorts the underlying image.(2) LSB – Least Significant Bit Hiding (Image Hiding)- This method is probably the easiest way of hidinginformation in an image and yet it is surprisingly effective. It works by using the least significant bits of eachpixel in one image to hide the most significant bits of another.This method works well when both the host and secret images are given equal priority. When one hassignificantly more room than another, quality is sacrificed.(3) Direct Cosine Transformation - The DCT algorithm is one of the main components of the JPEGcompression technique. One technique hides data in the quantizer stage [14] . If you wish to encode the bit value 0in a specific 8 x 8 square of pixels, you can do this by making sure all the coefficients are even, for example bytweaking them. Bit value 1 can be stored by tweaking the coefficients so that they are odd. In this way a largeimage can store some data that is quite difficult to detect in comparison to the LSB method.(4) Wavelet Transformation - This technique works by taking many wavelets to encode a whole image. Theyallow images to be compressed so highly by storing the high frequency “detail” in the image separately from thelow frequency parts. The low frequency areas can then be compressed which is acceptable as they are mostviable for compression. Quantization can then take place to compress things further and the whole process canstart again if needed.Physical Steganography: - Within this picture, the letter positions of a hidden message are represented byPage 193 of 198

Reeta Mishra et. al / VSRD International Journal of CS & IT Vol. 1 (4), 2011increasing numbers (1 to 20), and a letter value is given by its intersection position in the grid. For instance, thefirst letter of the hidden message is at the intersection of 1 and 4. So, after a few tries, the first letter of themessage seems to be the 14th letter of the alphabet; the last one (number 20) is the 5th letter of the alphabet. Itis show in figure 4.Printed Steganography :- Digital steganography output may be in the form of printed documents. A message,the plaintext, may be first encrypted by traditional means, producing a cipher text. Then, an innocuous cover textis modified in some way so as to contain the cipher text, resulting in the stegotext. The cipher text produced bymost digital steganography methods, however, is not printable.Steganography Using Sudoku Puzzle:- This is the art of concealing data in an image using Sudoku which isused like a key to hide the data within an image. Steganography using sudoku puzzles has as many keys as thereare possible solutions of a Sudoku puzzle, which is . This is equivalent to around 70 bits, making itmuch stronger than the DES method which uses a 56 bit key.Sound Techniques :-1-Spread Spectrum --Spread spectrum systems encode data as a binary sequence which sounds like noise butwhich can be recognized by a receiver with the correct key. Spread spectrum techniques can be used forwatermarking by matching the narrow bandwidth of the embedded data to the large bandwidth of the medium.2- MIDI -- MIDI files are good places to hide information due to the revival this format has had with the surgeof mobile phones, which play MIDI ring tones. There are also techniques which can embed data into MIDI fileseasily .MIDI files are made up of a number of different messages. Some of these messages control the notes youhear while others are silent and make up the file header or change the notes being played.3-MP3 --The MP3 format is probably the most widespread compression format currently used for music files.Due to this, it also happens to be very good for hiding information in. There are very few working examples ofhiding information in MP3 files but one freely available program is MP3Stego.Other Techniques :-1- Video --For video, a combination of sound and image techniques can be used. This is due to the fact thatvideo generally has separate inner files for the video (consisting of many images) and the sound. So techniquesPage 194 of 198

Reeta Mishra et. al / VSRD International Journal of CS & IT Vol. 1 (4), 2011can be applied in both areas to hide data. Due to the size of video files, the scope for adding lots of data is muchgreater and therefore the chances of hidden data being detected is quite low.2- DNA--A relatively new area for information hiding is within DNA. A single strand of DNA consists of achain of simple molecules called bases, which protrude from a sugar-phosphate backbone. The four varieties ofbases are known as adenine (A), thymine (T), guanine (G), and cytosine (C). A table was drawn up withdifferent three base combinations equaling different words in the alphabet along with a few other things.To create the secret message, DNA was synthesized the bases in the right order. Then it was sandwichedbetween another two strands of DNA which acted as markers to point the sender and recipient of the message tothe message. The final step taken was to add in some random DNA strands in order to further prevent thedetection of the secret message.5. TOOLS OF THE TRADEMP3Stego--MP3Stego is a steganographic tool used to hide data in MP3 files. Because of near CD quality andgreat compression ratios of about 11 to 1, MP3 files have gained worldwide use and offer a very good mediumfor information hiding. MP3Stego hides data during the compression process. It first compresses the data,encrypts it, and then injects it into the bit stream. This injection takes place at the inner_loop portion of theMPEG audio Layer III encoding process. The inner_loop quantizes the input data and increases the step sizeuntil the data can be coded with the available number of bits.Outguess--Outguess is a steganographic tool used to insert hidden information into the redundant bits of datasources. The basis of the program is the extraction of redundant bits for use in embedding and writes them backafter modification. The thing that makes Outguess unique is the ability to preserve frequency counts statistics,which is a main property used in detection of steganographic content. OutGuess automatically determines themaximum message size that can be hidden in an image and still be able to maintain frequency count statistics toavoid detection.JPHS (JPHide and JPSeek)—JPHIDE and JPSEEK are freeware programs that allow you to hide data within aJPEG file. The Author of the programs designed them in such a way so as to make it nearly impossible to provethat the image contains hidden data. By keeping an insertion rate of 5% or less, the author believes that itsimpossible to conclude that there is any hidden data without having the original image to compare against. Thebasic rule of steganography is that as the insertion percentage increases the statistical nature of the jpegcoefficients differ from normal. Typically an insertion rate of greater than 15% starts to affect the image enoughto become visible to the naked eye. The author suggests using host images that have a lot of fine detail, as theyare better at hiding the effects of the data hiding.SpamMimmic-- SpamMimmic is a process to encode and decode email messages to be disguised as spam.Considering the amount of Spam that is sent around the internet, and also considering that most people eitherfilter it at the mail server or just delete it, its really an ingenious idea. This really makes security throughobscurity a reality. Let’s say some terrorist group wants to coordinate some type of action to its followers in theUnited States. Using an anonymous email application, or a hacked server for that matter, the message could bePage 195 of 198

Reeta Mishra et. al / VSRD International Journal of CS & IT Vol. 1 (4), 2011sent to a huge mailing list just as any other Spam is done. The people who are expecting the mail could take theSpam encoded message, and simply decode it.Risk/Treats—Digital steganography applications can be used to steal sensitive information by sending theinformation outside the local computing environment, through boundary protection mechanisms, to anyone onthe outside. Hundreds of steganography applications are available as freeware or shareware on the Internet.There are some commercially licensed steganography applications that can be purchased for use by individuals.Clearly, not everyone who purchases a license to a steganography application will have malicious intent.However, others do so with the intent to steal sensitive information or conceal evidence of criminal activity.steganography applications widely available, they are user friendly as well, many with GUIs with the familiar"drag and drop" functionality to drag a file containing a secret message or other information and drop it onto thecarrier file which serves as the container, or carrier, for the hidden information.Considering how easy it is to find, download, and use, digital steganography applications, it would be easy fortrusted insiders with malicious intent to use them to steal critical information or to conceal evidence of sometype of criminal activity.6. CONCLUSION/ FUTURE SCOPETo find incontrovertible evidence that steganography is, in fact, being used to steal sensitive information andconceal evidence of criminal activity, computer forensic examiners need to include steganalysis as a routineaspect of their computer forensic procedures, use the best available tools to detect the presence and use ofsteganography, and provide feedback through user groups and professional associations and publications. Acomprehensive enterprise security program should include countermeasures to the threat posed by insider use ofsteganography. The first step is to acknowledge the threat exists by developing and implementing policy toprohibit users from having steganography applications on their workstations. Finally, both passive and activedetection tools and techniques should be employed to enforce the "no stego" policy.The future scope of it that we had tried to highlight the various type of techniques used in steganography field,from this more effective and powerful tool and techniques can be immerge to control this practice furthermisused .Althroug many tool and techniques are already present the need is to enhanced it for future use.7. REFERENCES[1] C. Cachin, “An Information-Theoretic Model for Steganography”, Proceedings of 2 nd Workshop onInformation Hiding, MIT Laboratory for Computer Science, May 1998[2] R. Popa, An Analysis of Steganographic Techniques, The "Politehnica" University of Timisoara, Faculty ofAutomatics and Computers, Department of Computer Science and Software Engineering,http://ad.informatik.uni-freiburg.de/mitarbeiter/will/dlib_bookmarks/digital-watermarking/popa/popa.pdf,1998[3] Herodotus, The Hisories, chap. 5 - The fifth book entitled Terpsichore, 7 - The seventh book entitledPolymnia, J. M. Dent & Sons, Ltd, 1992[4] Second Lieutenant J. Caldwell, Steganography, United States Air Force,Page 196 of 198

Reeta Mishra et. al / VSRD International Journal of CS & IT Vol. 1 (4), 2011http://www.stsc.hill.af.mil/crosstalk/2003/06/caldwell.pdf, June 2003[5] F. A. P. Petitcolas, R. J. Anderson and M. G. Kuhn, “Information Hiding - A Survey”, Proceedings of theIEEE, vol. 87, no. 7, pp. 1062-1078, July 1999[6] BBC News, Piracy blamed for CD sales slump, BBC,http://news.bbc.co.uk/1/hi/entertainment/new_media/1841768.stm, February 2002[7] M. Kwan, The Snow Home Page, http://www.darkside.com.au/snow/index.html, March 2001[8] Compris Intelligence, TextHide, Compris Intelligence , http://www.compris.com/TextHide/en/[9] P. Wayner, SpamMimic, http://www.spammimic.com, 2003[10] R. Hipschman, The Secret Language, Exploratorium,http://www.exploratorium.edu/ronh/secret/secret.html, 1995[11] S. Inoue, K. Makino, I. Murase, O. Takizawa, T. Matsumoto and H. Nakagawa, A Proposal on InformationHiding Methods using XML, http://takizawa.gr.jp/lab/nlp_xml.pdf[12] M. D. Swanson, B. Zhu and A. H. Tewfik, “Robust Data Hiding for Images”, IEEE Digital SignalProcessing Workshop, pp. 37-40, Department of Electrical Engineering, University of Minnesota,http://www.assuredigit.com/tech_doc/more/Swanson_dsp96_robust_datahiding.pdf, September 1996[13] L. Leurs, JPEG Compression, http://www.prepressure.com/techno/compressionjpeg.htm, 2001[14] A. K. Chao and C. Chao, Robust Digital Watermarking & Data Hiding, Image Systems EngineeringProgram, Stanford University, http://ise.stanford.edu/class/ee368a_proj00/project7/index.html, May 2000[15] J. Gailly, comp.compression Frequently Asked Questions (part 2/3), Internet FAQ Archives,http://www.faqs.org/faqs/compression-faq/part2/, September 1999[16] National Academy of Sciences, How do Wavelets work?, National Academy of Sciences,http://www.beyonddiscovery.org/content/view.page.asp?I=1956, 2003[17] C. Shoemaker, Hidden Bits: A Survey of Techniques for Digital Watermarking,http://www.vu.union.edu/~shoemakc/watermarking/watermarking.html#watermark-object, Virtual Union,2002[18] J. Corinna, Steganography, Binary Universe, http://www.binaryuniverse.de/articles/5/english/steganodotnet5.html,2003[19] J. Glatt, MIDI is the language of gods, http://www.borg.com/~jglatt/[20] F. A. P. Petitcolas, mp3stego, http://www.petitcolas.net/fabien/steganography/mp3stego/, September 2003[21] Fraunhofer-Gesellschaft, Audio & Multimedia MPEG Audio Layer-3, Fraunhofer-Gesellschaft,http://www.iis.fraunhofer.de/amm/techinf/layer3/index.html[22] S. Hacker, MP3: The Definitive Guide, chapt. 2 - How MP3 Works: Inside the Codec,http://www.oreilly.com/catalog/mp3/chapter/ch02.html, O’Reilly, March 2000[23] I. Peterson, Hiding in DNA, Science News Online, http://63.240.200.111/articles/20000408/mathtrek.asp,April 2000[24] D. Artz, “Digital Steganography: Hiding Data within Data”, Los Alamos National Laboratory,http://www.cc.gatech.edu/classes/AY2003/cs6262_fall/digital_steganography.pdf, May 2001[25] J. Callinan and D. Kemick, “Detecting Steganographic Content in Images Found on the Internet”,Department of Business Management, University of Pittsburgh at Bradford,http://www.chromesplash.com/jcallinan.com/publications/steg.pdfPage 197 of 198

Reeta Mishra et. al / VSRD International Journal of CS & IT Vol. 1 (4), 2011[26] Wayner, Peter (2002). Disappearing cryptography: information hiding: steganography & watermarking.Amsterdam: MK/Morgan Kaufmann Publishers. ISBN 1-55860-769-2. http://www.wayner.org/node/6.[27] Wayner, Peter (2009). Disappearing cryptography 3rd Edition: information hiding: steganography &watermarking. Amsterdam: MK/Morgan Kaufmann Publishers. ISBN 978-0123744791.http://www.wayner.org/node/13.[28] Petitcolas, Fabian A.P.; Katzenbeisser, Stefan (2000). Information Hiding Techniques for Steganographyand Digital Watermarking. Artech House Publishers. ISBN 1-58053-035-4.[29] Johnson, Neil; Duric, Zoran; Jajodia, Sushil (2001). Information hiding: steganography and watermarking:attacks and countermeasures. Springer. ISBN 978-0-7923-7204-2.[30] Gregory Kipper, Investigator's Guide to Steganography, New York: Auerbach Publications, 2003.Page 198 of 198