If cryptography is the art of secrecy, then steganography may be considered as the art of hiding data secretly.To take a metaphor, steganography would be to make a file in your computer invisible where cryptography would be to lock this file – but there is nothing to stop you from combining the two techniques, just as you can lock it and then make it invisible.
Steganography has roots in Greek civilization with the word steganos, which means protected, or covered, and graphei which means writing, and translated as « covered writing. » Steganography’s purpose is to hide a message within an innocuous carrier called cover objects; this is to make the message imperceptible to anyone other than the legitimate recipient. The cover object may be basically anything, from a physical text document to a painting, or even a piece of wood, as long as it can be used to deliver a hidden message to the intended recipient without raising suspicion of untrusted parties.
The emergence of steganography, the art of concealing information, is very old, and almost contemporary with that of cryptography. The first example dates back to the 5th century BC and is told in the biography of Herodotus [Fridrich, 2009]. The Greeks shaved a slave’s hair, Once the hair was pushed back, the slave could cross enemy territory without arousing suspicion. Once there, all it took was another shave of the head to get the message back.
Since then, many examples of setganography have been reported over the past 2000 years.
Another example is Invisible inks [Kipper, 2003]. It has been the most widely used steganography method over the centuries. In the middle of the texts written in ink, a message is written using lemon juice, milk or certain chemicals, making the message disappear after the paper dries. It is invisible to the eye, but a simple flame, or a bath in a chemical reagent, reveals the message .
The Second World War saw many forms of steganography [Guillot, 2013]. The methods were sometimes quite rudimentary, like this message sent by a German spy:
» Apparently neutral’s protest is thoroughly discounted and ignored. Ismam hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils. »
It seems quite innocuous. Now, by taking the second letter of each word, we get: ’pershing sails from ny June i’ (the Pershing leaves New York on June 1). This explains why Americans, who feared very much the use of steganography, censored many communications, including requests to broadcast records on the radio.
In a world where digital media overtake physical media, ancient steganography is no more, as it has been replaced by modern steganography. We give some possible applications (malicious and legitimate ones) of modern steganography with the following examples.
Malicious uses
The Internet is an inexhaustible source of digital data, the countless electronic files that circulate on the web and the many digital media that are exchanged via point-to point communications make it difficult to detect hidden messages in these media.
This may be what makes steganography, despite its multiple applications, always associated with malicious uses. The media report that terrorist organizations with mafia groups and hackers are the main users of steganography. They use this technology mainly to communicate harmless and dangerous content. We mention here a few examples:
• Steganography for terrorist purposes: In February 2001, Wired News mentioned in its article « Secret Messages Come in.Wavs » that steganography technique is widely used over the internet, where they reported the existence of hidden data within images of the eBay and Amazon sites. Terrorists reportedly used steganography to communicate, and Al-Qaida even used it in its preparations for the September 11 attack. In 2002, University of Michigan researcher had automated a search for images with hidden content on the Internet. Through their published article, they reveal that out of the 2 million images uploaded to the USENET forums and the eBay auction site, 1% of all images conceal hidden content (about 20,000 images) [Provos and Honeyman, 2002].
• Espionage: People who possess illegal data, such as those related to espionage, want to hide them. Steganography offers them the ideal tool to hide these data in another « innocent » file, a sound, an image, and then save them on their own hard drive in a safe way.
• Computer hacking: The magazine of computer security MISC evokes in its September issue (MISC n9, sept-oct 2003, p.11), malicious use of steganography by hackers: « a hacker can for example code a multi-threaded program and distributed it in memory ». The multi-threaded program can be fragmented and sent to the victim hidden in dispatched files using batch steganography processes in images. The « reassembly » of the multi-thread program being done locally, just by calling the appropriate place. A hacker may also attempt to hide a Trojan horse or other malicious code in the autorun of a removable media.
Legitimate uses
In some non-democratic countries where freedom of expression is totally prohibited, steganography appears as a means of communicating more freely. In these countries, the use of steganography is illegal, but its use, in this case, is legitimate. This art is at measured risk as it applies to information. Despite the fact that these techniques strive at all cost to hide the presence of a secret message, yet they may be detected and compromised by an eavesdropper during the transmission. This eavesdropper will analyze all messages that go through the communication channel with the objective of preventing, modifying or destroying the secret message. The field of research that explores techniques that counter steganography is known as steganalysis.
1 Introduction |