Steganography is one of the complex fields in computer security. Its complexity comes from the limited resources that explain it because it is rare to find a course about it. However, steganography was always with the human beings. We just do not pay attention to it.
Steganography is the art and science of embedding secret messages in cover message in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message. It is a combination of two Greek words which are steganos that means covered and graphia that means writing.
Historically speaking, it has been always with with human beings. For instance, messages between empires tend to be hide in messengers’ heads. In addition, human beings used invisible ink to write their messages in order to hide them. So, steganography is not related by definition to computer science. It has historic roots, and it played an important role in human communication and security.
If you read this definition, you might be confused about the difference between steganography and cryptography. Basically they have almost the same goal which is protecting a message or information from third parties. However, they have different mechanism to protect the information. Cryptography changes the information to unreadable piece of data which cannot be understood without an decryption key. So, it involves another concept which is keys for encryption and decryption. On the other hand, steganography does not change the format of the information. It just hide it from the third parties. It can be used anywhere and anytime just by telling to the other involved part in the communication process how to read or extract the information.
Technically, steganography conceals the existence of the message. It does not alter the structure of the secret messages , but hides it inside a cover-file so it cannot be seen to make the secret message unseen. Cryptography tends to hide the contents of a secret message from malicious people. So, the structure of a message is scrambled to make it meaningless and unintelligible unless the decryption key is provided. Thus, cryptography encrypts the message but it can be seen.
In this article, I will mention two applications of steganography in two different filetypes. The first one is audio steganography where we will take an audio file which contains a secret message behind it, and we will try to analyze it. It can be seen as meaningless track, but it has an invisible meaning. It can be used in many application mainly in military and governments’ digital security. The second one is image steganography where we will hide a text file inside a picture. And then, we will do the reverse operation to extract the message.
The process of analyzing a modified audio, image or any filetype is called steganography analysis or steganalysis. Technically, it can be linked to another concept which is reverse engineering. It is the process of extracting a hidden piece of data in a different form of filetype. I made the comparison between steganalysis and reverse engineering because they have a common point which is seeing things from the back-end. In other words, it can be defined as breaking the encapsulation layer that is hidden from the end user.
Let’s take a look at an audio file which is basically a .wav file. You can download it it from here: https://www.dropbox.com/s/n4o3hdp9mfkadqf/WAVFile.wav?dl=0 .
It was a challenge in a CTF. You can find another audio file in one of root-me.org steganography challenges that can be solved with the same technique. If you listen to it, you will just hear some noise which is meaningless for us. However, if you use audacity or another audio analyzer software, you will notice that it is not the case. In my experience, I used an old program called gram. You can download it from here if you want to do the experiment: https://www.dropbox.com/sh/x29xyo2vyjv1e8e/AACSTHW_x2pxHpZ4C9caZWska?dl=0 . The environment in which I am running the experiment is Ubuntu Xenial Xerus with installed wine1.6 to run windows programs in Linux-based environment. When you analyze the audio file, you will see the secret messages which is “HackThis!!” in our case.
So, you can see a hidden message in a meaningless audio file.
For the image part, a steganography challenge was detecting the used program in hiding a text inside an image. It was quite funny image.
The problem was to analyze two identical images. At this level, we will not talk about file signatures and file extensions. I believe I will talk about them in another article because they are involved in other fields. However, at this stage, I used winhex to analyze the Hexadecimal part of the image. You can use a text editor as well like gedit or notepad just to see the image from another perspective. I found a weird signature at the end of the modified image. This is the original image.
And this is the modified one. You can notice “CDN” at the end of the image.
I looked at this “weird” signature, and I found that it is the appropriate signature of a program called Hiderman which can hide a text file into an image. I used the same program to extract the message.
This was just an overview about steganography. I will try to talk about it in more depth in the upcoming articles. I believe it is an important field to know about since it is rarely covered in universities. It can change your way of seeing files as “cute” piece of data. On the other hand, they can contain secret messages or information.
Image Copyright: WonderHowTo http://img.wonderhowto.com/img/05/12/63537824039022/0/introduction-steganography-its-uses.1280×600.jpg