Steganography: Difference between revisions
imported>Howard C. Berkowitz |
imported>Howard C. Berkowitz (A little more content, and some CZ formatting and links) |
||
Line 1: | Line 1: | ||
{{subpages}} | {{subpages}} | ||
{{TOC|right}} | |||
'''Steganography''' is an area of information security, that is related to [[cryptography]] where the primary goal is to hide a secret message within a carrier. The carrier can be a message or some other medium, including "overhead" components of an electronic signal. | |||
Steganography is an area of information security, that is related to | |||
== Brief History == | == Brief History == | ||
Steganography may be the oldest means of secret communication. One early, if not fast, means of concealing writing was to shave the head of a slave, tattoo the message, let the hair grow back, and send him to his destination, where his head would be shaved to reveal the message. | Steganography may be the oldest means of secret communication. One early, if not fast, means of concealing writing was to shave the head of a slave, tattoo the message, let the hair grow back, and send him to his destination, where his head would be shaved to reveal the message. | ||
Invisible inks probably soon followed the use of parchment or even earlier flexible materials. Milk and lemon juice, for example, are invisible when dry, but darken when heated. | Invisible inks probably soon followed the use of parchment or even earlier flexible materials. Milk and lemon juice, for example, are invisible when dry, but darken when heated. | ||
== Reasons for the use of steganography == | == Reasons for the use of steganography == | ||
Steganography is often used in an atmosphere of oppression, or when communications and activities must remain secret for fear of reprisal from a watching group or organisation (usually a government). Certain groups, and individuals holding beliefs that a ruling party considers a threat must keep the very fact of their communication secret, and in some circumstances must prevent the knowledge of the relationship between the communicating becoming known. | Steganography is often used in an atmosphere of oppression, or when communications and activities must remain secret for fear of reprisal from a watching group or organisation (usually a government). Certain groups, and individuals holding beliefs that a ruling party considers a threat must keep the very fact of their communication secret, and in some circumstances must prevent the knowledge of the relationship between the communicating becoming known. | ||
It has also been used extensively in [[clandestine human-source intelligence]], where the very existence of a spy, which would be revealed by radio communications, must be concealed. | |||
== Steganography vs. Cryptography == | == Steganography vs. Cryptography == | ||
Cryptography increases the privacy of communications between two or more parties, but it does not hide the fact that the parties have been communicating. And in certain environments(particularly in countries with authoritarian governments) the use of cryptography may attract unwanted attention, or the authorities may demand that the parties reveal the password or key to unlock their message. In a number of countries the use of cryptography is restricted or even illegal, and should the authorities choose to enforce the relevant laws the communicating parties would be forced to reveal their message or face a penalty (this may be a fine, jail time, or even torture). As a result cryptography can only provide increased privacy for the communicating parties(not protection). | Cryptography increases the privacy of communications between two or more parties, but it does not hide the fact that the parties have been communicating. And in certain environments(particularly in countries with authoritarian governments) the use of cryptography may attract unwanted attention, or the authorities may demand that the parties reveal the password or key to unlock their message. In a number of countries the use of cryptography is restricted or even illegal, and should the authorities choose to enforce the relevant laws the communicating parties would be forced to reveal their message or face a penalty (this may be a fine, jail time, or even torture). As a result cryptography can only provide increased privacy for the communicating parties(not protection). | ||
Line 38: | Line 34: | ||
Generally any of these mediums contain some random data that the message can be stored in without much suspicion. | Generally any of these mediums contain some random data that the message can be stored in without much suspicion. | ||
Spam can also be used as a steganograpic medium | Spam can also be used as a steganograpic medium. | ||
===Covert channels=== | |||
In a covert channel, information is concealed not in the primary signal elements such as the bits of messages, but in their context, such as the inter-bit delays, the length of silent periods between characters, etc. Some of the methods of [[radiofrequency MASINT]] apply here, not necessarily for true steganography, but to recognize the individual "fist" of a Morse Code operator. Other electronic steganography hides signal in parts of the bandwidth not usually used for communications, such as the retrace interval of a television signal. | |||
== Electronic methods of detection == | == Electronic methods of detection == | ||
Statistical analysis | *Statistical analysis | ||
== Stegographic applications == | == Stegographic applications == | ||
All applications are OpenSource and have not been tested(by the author) | All applications are OpenSource and have not been tested(by the author) | ||
[http://steghide.sourceforge.net/ StegHide] | *[http://steghide.sourceforge.net/ StegHide] | ||
[http://diit.sourceforge.net/ Digital Invisible Ink Toolkit] | *[http://diit.sourceforge.net/ Digital Invisible Ink Toolkit] | ||
[http://hidereveal.ncottin.net Hide Reveal] | *[http://hidereveal.ncottin.net Hide Reveal] | ||
[http://stegoshare.sourceforge.net/ Stegoshare] | *[http://stegoshare.sourceforge.net/ Stegoshare] | ||
[http://sourceforge.net/projects/vsl/ Virtual Steganographic Laboratory ] | *[http://sourceforge.net/projects/vsl/ Virtual Steganographic Laboratory ] | ||
== Famous examples of use in history == | == Famous examples of use in history == | ||
'''WWII''' | '''WWII''' | ||
Japanese use | *Japanese use | ||
Chinese restance use | *Chinese restance use | ||
Allies use | *Allies use | ||
'''Cold war''' | '''Cold war''' | ||
North Korea | *North Korea | ||
Soviet Union | *Soviet Union |
Revision as of 11:03, 5 May 2010
Steganography is an area of information security, that is related to cryptography where the primary goal is to hide a secret message within a carrier. The carrier can be a message or some other medium, including "overhead" components of an electronic signal.
Brief History
Steganography may be the oldest means of secret communication. One early, if not fast, means of concealing writing was to shave the head of a slave, tattoo the message, let the hair grow back, and send him to his destination, where his head would be shaved to reveal the message.
Invisible inks probably soon followed the use of parchment or even earlier flexible materials. Milk and lemon juice, for example, are invisible when dry, but darken when heated.
Reasons for the use of steganography
Steganography is often used in an atmosphere of oppression, or when communications and activities must remain secret for fear of reprisal from a watching group or organisation (usually a government). Certain groups, and individuals holding beliefs that a ruling party considers a threat must keep the very fact of their communication secret, and in some circumstances must prevent the knowledge of the relationship between the communicating becoming known.
It has also been used extensively in clandestine human-source intelligence, where the very existence of a spy, which would be revealed by radio communications, must be concealed.
Steganography vs. Cryptography
Cryptography increases the privacy of communications between two or more parties, but it does not hide the fact that the parties have been communicating. And in certain environments(particularly in countries with authoritarian governments) the use of cryptography may attract unwanted attention, or the authorities may demand that the parties reveal the password or key to unlock their message. In a number of countries the use of cryptography is restricted or even illegal, and should the authorities choose to enforce the relevant laws the communicating parties would be forced to reveal their message or face a penalty (this may be a fine, jail time, or even torture). As a result cryptography can only provide increased privacy for the communicating parties(not protection).
Steganography is well suited to use in such environments where the use of cryptography is restricted or illegal, and provides a greater level of privacy than cryptography alone can, by hiding the very fact that communication occurred at all.
Physical steganography
Physical steganography is the use of a physical medium to carry the secret, hidden message.
Examples of physical steganography
Invisible Ink Knots tied on yarn at varying spaces and then knitted into a garment Microdots Puzzles (the message is only clear when all the pieces have been assembled)
Physical methods of detection
Detection of physical steganography is time consuming and labor intensive, although general methods for detecting invisible ink began in the early 20th century. Since the act of writing, even with water, disturbs paper fibers, placing a suspected document in a container with sublimed iodine vapor would lead to the deposition of iodine crystals on the disturbed paper. Subsequent photographic methods, using visible or infrared light grazing the surface of the paper, were even faster. Against any serious counterintelligence threat, the microdot, with all the difficulty of preparing it, began to replace invisible inks.
Electronic steganography
With electronic steganography the secret message is hidden in a medium such as: A picture A Video file A sound file Generally any of these mediums contain some random data that the message can be stored in without much suspicion.
Spam can also be used as a steganograpic medium.
Covert channels
In a covert channel, information is concealed not in the primary signal elements such as the bits of messages, but in their context, such as the inter-bit delays, the length of silent periods between characters, etc. Some of the methods of radiofrequency MASINT apply here, not necessarily for true steganography, but to recognize the individual "fist" of a Morse Code operator. Other electronic steganography hides signal in parts of the bandwidth not usually used for communications, such as the retrace interval of a television signal.
Electronic methods of detection
- Statistical analysis
Stegographic applications
All applications are OpenSource and have not been tested(by the author)
Famous examples of use in history
WWII
- Japanese use
- Chinese restance use
- Allies use
Cold war
- North Korea
- Soviet Union