Digital Steganography Basics

Monday , 5, August 2019

Let’s talk about modern steganography. I don’t want to cover the long history of it, since that requires dedicating a full post to the techniques used over the centuries to conceal information. Old techniques are typically meant to hide text messages, since audio and video recording was not possible, and recorded images were not digital.

Steganography is about hiding secrets in plain sight. It is not encryption, which is a scrambling of information so that it’s unreadable. The term is derived from the greek words steganos (covered) and graphos (writing), which has become misleading in the computer age. Modern steganography is all about hiding text or files inside digital files.

The old techniques are still effective, but many new techniques have been developed in the digital age. I simply want provide the view from 10,000 feet here, and go into greater detail in future posts. That’s because this is a subject I find fascinating, and there’s quite a bit to say about it even without dwelling on the long history of information hiding.

Obviously in the past there was more emphasis on hiding text in text, since there were no digital file formats. Today you might want to conceal text, photographs, audio, video or other information and you have many choices about where to hide it. Also missing from efforts in previous centuries to hide information was encryption; they had only simple cipher schemes and manual computation.

Companies use steganography differently – watermarking images for copyright protection, or trying to gain insights into patterns of file sharing. Spies use this technique as well for covert communication. Also let’s not forget about it’s potential to give individuals a method for storing sensitive information online, or communicating online by hiding messages in files. Recently there have been multiple instances of APT groups using steganography to hide malicious payloads so they get past endpoint protection systems.

If you want to store information in a public place but have it not be seen by anyone, steganography is often a good choice. The primary objective is to
avoid making it obvious that there is something hidden inside the file in question. Note again that the information is not obfuscated so that it’s hard to read, encryption should be used for that purpose.

An important thing to consider is the advantages of using photographs, audio or video files that you have created. These files typically contain a fair amount of digital noise, making detection more difficult. These files are typically stored in “lossy” file formats, which means there is some wiggle room for embedding extra data. Avoid high compression, as this will also reduce the amount of noise.

Comparing a file with a secret hidden inside to the original file is an easy way to detect these, so using a photograph or recording you’ve taken allows you to delete the only copy of the original file. The worst strategy is to use online stock photography, as the fact that you’ve modified the file can be noticed easily.

Where to store carrier files is a decision that should be made by considering your habits online. If you post a lot of photos to a photo-sharing site, it should be easy to slip one photo into the mix which contains the hidden data. If you backup your audio files online you might want to consider using one of them to hold the data. Security through obscurity is your friend here. If you post files every day to a site or service, a single file containing extra data is less likely to be noticed.

This is an easy way to supplement backing up your data offsite, to avoid human or natural disasters. However, if your goal is to secretly communicate with others on an ongoing basis, you need to keep using new files. For example, you would not want to keep sending messages hidden in an image on a website you run. It’s relatively easy to tell that the image is changing, and the main point here is to avoid giving clues about what is going on.

Data being hidden should always be encrypted to avoid detection as well. Steganography is all about hiding, not scrambling data or making it impossible for others to read. Some steganography tools allow you to easily encrypt the data being hidden, otherwise be sure you’re using tools to encrypt the information before hiding it.

You should also consider the size of the data file you’re hiding in relation to the size of the file you’re hiding it in. Someone recently embedded the entire written works of Shakespeare in a 64×64 pixel image contained in a tweet. This was a terrific demonstration, but the large footprint of the modified file made it obvious that something was going on. If you’re in a situation where you are hiding large data, either embed it in a much larger file like a video, or break it up into smaller pieces.

So much for the introduction to the concept, next we’ll dive into the details. Coming up we’ll be looking at various file formats and techniques for hiding data in each, along with some basics of steganalysis – so stay tuned!