vanish.org
Anonymity
Privacy
Security



Steganography



Steganography simply takes one piece of information and hides it within another. Computer files contain unused or insignificant areas of data. Steganography takes advantage of these areas, replacing them with information. These files can then be exchanged without anyone knowing what is really inside of them.

The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves.

Media files are ideal for steganographic transmission because of their large size.

Images do not need to be emailed. They can be posted on the web for the receiver to download.

Over the past couple of years, steganography has been the source of a lot of discussion, particularly as it was suspected that terrorists connected with the September 11 attacks might have used it for covert communications. While no such connection has been proven, the concern points out the effectiveness of steganography as a means of obscuring data. Indeed, along with encryption, steganography is one of the fundamental ways by which data can be kept confidential. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the true implications it can have on information security. Secrets of steganography is also an article worth reading.

It is important to understand that the data you hide inside a file must be substantially smaller than the carrier. There is no perfect science to the proportions of data that can be hidden inside a carrier, but you can use 10% as a guide.

Steganography tools
OpenPuff is a professional steganography tool which allows image files, audio files, video files and document files to act as carrier engines.

QuickStego is a handy, easy to use tool specially designed to help you hide text in images so that only other users of QuickStego can retrieve and read the hidden secret messages.

Steganylsis
Steganylsis is the study of detecting Steganography. The goal of steganalysis is to identify suspected packages, determine whether or not they have a payload encoded into them, and, if possible, recover that payload.

Detecting a probable steganographic payload is often only part of the problem, as the payload may have been encrypted first. Encrypting the payload is not always done solely to make recovery of the payload more difficult – but it helps.

The main factors that are looked at are variances between bit patterns and unusually large file sizes. However it is often difficult to detect what is Stego and what is not. Some the challenges include:
The suspect information stream, such as a signal or a file, may or may not have hidden data encoded into them.
The hidden data, if any, may have been encrypted before inserted into the signal or file.
Some of the suspect signal or file may have noise or irrelevant data encoded into them (which can make analysis very time consuming).
Unless it is possible to fully recover, decrypt and inspect the hidden data, often one has only a suspect information stream and cannot be sure that it is being used for transporting secret information.
However as there has been more public awareness towards this 'science' there are some new commercial tools being released. These new tools have the ability to pick up the more popular Stego tools out there.

Steganylsis tools
All the "heavy duty" steganylsis tools are restricted. Below are some you are able to use.

Ben-4D Steganalysis Software allows quick and accurate identification of stego-carrier files from a collection of files. A generalisation of the basic principles of Benford's Law distribution is applied on the suspicious file in order to decide whether the file is a stego-carrier.

Virtual Steganographic Laboratory is a graphical block diagramming tool that allows complex using, testing and adjusting of methods both for image steganography and steganalysis.



Vanish.Org Copyright © 2006 All rights reserved