Steganography
by CyberSecurity Malaysia on Wednesday, December 8, 2010 at 3:36pm
A: Steganography images cannot be seen with the human eyes, only a piece of software was able to detect it. The difference between the images is not noticeable to the human eye what so ever. Two files look almost identical apart from the fact that one is larger than the other, it is most probable your suspect file has hidden information inside of it.
Q: How to embed data/message in image?
A: The most common technique that has been used is LSB (Least Significant Bit). When files are created there are usually some bytes in the file that aren't really needed, or at least aren't that important. These areas of the file can be replaced with the information that is to be hidden, with out significantly altering the file or damaging it. This allows a person to hide information in the file and make sure that no human could detect the change in the file. The LSB method works best in Picture files that have a high resolution and use many different colors, and with Audio files that have many different sounds and that are of a high bit rate. The LSB method usually does not increase the file size, but depending on the size of the information that is to be hidden inside the file, the file can become noticeably distorted.
This site shows how exactly message bits embedded to the picture using the LSB. http://www.guillermito2.net/stegano/camouflage/index.html
Q: What is raw image steganalysis?
A: There are 3 techniques in Raw Image Steganalysis (http://airccse.org/journal/nsa/1010s4.pdf) :-
A1: The Raw image steganalysis technique is primarily used for BMP images that are characterized by a lossless LSB plane. LSB embedding on such images causes the flipping of the two grayscale values. The embedding of the hidden message is more likely to result in averaging the frequency of occurrence of the pixels with the two gray-scale values. For example, if a raw image has 20 pixels with one gray-scale value and 40 pixels with the other gray-scale value, then after LSB embedding, the count of the pixels with each of the two gray-scale values is expected to be around 30. It is based on the assumption that the message length should be comparable to the pixel count in the cover image (for longer messages) or the location of the hidden message should be known (for smaller messages).
A2: Another steganalysis algorithm for grayscale images. This algorithm assumes an image to be made up of horizontally adjacent pixels and classifies the set of all such pixel pairs (a, b) into four subsets depending on whether a and b are odd or even and whether a < b, a > b or a = b. The pixel values get modified when message embedding is done in the LSB plane, thereby leading to membership modifications across these four subsets. A statistical analysis on the changes in the membership of the pixels in the stego image leads to the detection of the length of the hidden message.
A3: This is a steganalysis technique that studies color bitmap images for LSB embedding and it provides high detection rates for shorter hidden messages. This technique makes use of the property that the number of unique colors for a high quality bitmap image is half the number of pixels in the image. The new color palette that is obtained after LSB embedding is characterized by a higher number of close color pairs (i.e., pixel pairs that have a maximum difference of one count in either of the color planes). We say that two colors (R1, G1, B1) and (R2, G2, B2) are close if |R1-R2| <= 1 and |G1-G2| <= 1 and |B1-B2| <= 1. Let P be the ratio of the close color pairs to the total number of unique colors in the cover image, P’ be the ratio of close color pairs to the total number of unique colors in a stego image obtained by embedding a new message of particular length in a cover image and P’’ be the ratio of the close color pairs to the total number of unique colors when the cover image is further embedded in the stego image. If the hidden message is of considerable length, it has been observed that P’ > P and P’’ ~ P. For shorter messages, the values of P and P’ will be closer and detection may not be possible. Also, the above technique will not work if the cover image stored in lossless format has a higher number of unique colors (more than half the number of pixels).
Q: Could you suggest some Steganography tools?
A: Here are some tools that you might want to try.
- http://www.snapfiles.com/php/download.php?id=101911
- http://www.mirrors.wiretapped.net/security/steganography/blindside/
- http://www.darkside.com.au/gifshuffle/
- http://www.wbailer.com/wbstego
Taken from CSM Facebook
0 comments:
Post a Comment