Let us take a journey back to our school days. Imagine yourself participating in a Chemistry exhibition and displaying a supposedly ?miraculous? experiment. You dip a stick in lemon juice and write something on a plain piece of paper.
The person witnessing the experiment is unable to read anything as the paper still seems to be blank. In the next part of the experiment, you hold the paper over a burning candle with caution. Lo and Behold!
Brownish letters begin to slowly appear on the paper and eventually the other person is able to read the message. While the act certainly does have chemical explanations to it, what is important to note is that the act involved hiding the message from prying eyes.
This idea of secrecy forms the essence to the answer of what is Steganography.
In this blog, we will look at what is Steganography in Cyber Security, consider its different forms like what is Image Steganography, its examples and applications; as well as try to provide answers to such technical questions like what is the difference between Steganography and Cryptography, what is watermarking in Steganography, and so on.
What is Steganography?
In this section, let us try to understand what is Steganography in Cyber Security.
In simplest terms, steganography can be understood as the technique of hiding and concealing data or message (the secret/hidden message) within an ordinary, encapsulating, non-secret message or file (the cover text).
It can be seen as a form of covert communication wherein only the sender and the intended recipient of the message is aware of its existence. The objective of steganography is essentially to hide secret messages within digital media files, including audio files, text or picture files.
The objective of Steganography is essentially to hide certain specific pieces of data and text from being visible to prying eyes.
Tracing the origin of the term, the word Steganography owes its genesis to two different words from Greek literature: steganos (implying covered or hidden) and graphy (implying to write or draw).
What is Steganography and How it Works?
In this section, we will look at how Steganography works.
- The user needs to find a relevant file (container or carrier) which will be used as the cover file for hiding the message
- Execute a specific Steganographic technique which results in embedding secret messages within the container file. For this, generally the hidden data is first encrypted and then with the use of a specific algorithm, it is inserted into the cover file format
- The process of embedding can be carried out through different techniques:
- Least Significant Bit (LSB) Steganography: The process involves embedding the secret message in the least significant bits of the cover file.
- Take for example normal image files. In the case of an image file, for colors blue, red and green, each pixel comprises of three bytes of data. The LSB technique helps in transforming the last bit of each of those bytes for concealing one bit of data.
- However, any change in merely the last bit of the pixel value does not result in any perceptible change in the image and thus even after the image has been modified using the LSB technique, one will not be able to tell the difference.
- Letter or Word Substitution technique: This process entails the technique of embedding through distributing the text of the secret message within a much larger non-secret text by way of following an order of word placement at specific intervals. This is a relatively easier technique; however, it can result in the generation of an illegible final text.
?
What is Image Steganography?
There are different types of Steganography. This implies that the nature of the cover file within which the secret message is embedded can be of different forms. Accordingly we have:
Text Steganography
With the help of this method, you can hide data or messages within text files. It involves techniques like Format Based Method, Linguistic Method and Random and Statistical Generation.
Audio Steganography
As the name suggests, this method hides data or messages within an audio signal which results in a transformation in the binary sequence of the audio file.
It involves techniques like Parity Encoding, Spread Spectrum, Least Significant Bit Encoding and Phase Coding.
Video Steganography
This method utilizes the basic idea of Image as well as Audio Steganography since it hides data or messages into digital video format.
It helps in concealing large volumes of data and might be conducted in two ways: Uncompressed raw video can be used to embed secret data, which is compressed later; compressed data stream is used to embed data directly.
Image Steganography
This is one of the most common ways of conducting Steganography and the question of what is Image Steganography is often quite a popular query within the tech circle.
This method hides data or messages within images as cover files. It involves techniques like Masking and Filtering, Encrypt and Scatter, Least Significant Bit Insertion, Coding and Cosine Transformation and Redundant Pattern Encoding.
In trying to understand what is Image Steganography, we should be aware of the different approaches in which this method can be executed.
- One way is to utilize the least significant bits of the image for embedding the bits of the message which is required to be encoded. These low order bits can safely be exploited for incorporating the message without bringing about any perceptible change in the color of the image.
- Another approach is the Discrete Cosine Transform (DCT) strategy. JPEG compression helps in mapping the image as a collective whole of high and low frequency areas. The high frequency areas are the ?noisy? parts of the image like the edges of the things, leaves, grass and so on; while the low frequency areas refer to such parts as the clear blue sky. Any change in the high frequency area is least likely to be noticed by humans. The DCT strategy works by way of embedding the message into those high frequency areas and later can be extracted from there.
- The third strategy is not strictly a steganographic approach; however, it can still be utilized. The fundamental idea behind this is that most of the image formats have fields which help in the storage of textual metadata, along with the image. For instance, JPEG, raw image and tiff formats support Exchangeable Image File Formats (Exif) data fields.
What are Some Ways that Steganography Can be Used within Applications?
As we seek to understand the Steganographic process, it is important to comprehend what is Steganography in Cyber Security.
While on the face of it, the objective of Steganography is rather a straightforward one; however, unfortunately it is also used to deliver malware and instigate Cyber attacks. Consequently, Steganography is quite an important concern within the field of Cyber Security.
Cyber criminals happen to hide malicious scripts within benign file types like Word or Excel documents. When the user clicks on the document, he/she unknowingly activates the hidden malicious code.
This malicious script results in downloading an installer app into the victim?s system without his/her knowledge. The app is so subtle that it often goes unnoticed by conventional anti-virus software.
Furthermore, this app results in the installation of updated versions of malware from the internet, which impairs the user?s computer system. This kind of malicious strategy is quite common in case of phishing attempts.
What is the Difference between Steganography and Cryptography?
The fundamental idea of digital Steganography as well as Cryptography is the same. Both the approaches help in preventing the visibility of sensitive messages and encrypted data to third parties.
However, the two approaches employ entirely different mechanisms for accomplishing their goal. In this section, let us consider the question of what is the difference between steganography and cryptography.
SteganographyCryptographyIt is a data hiding technique which conceals the very existence of the message by embedding it into something elseIt is a technique for hiding the contents of a message by way of obscuring it through encryptionThe third party is unaware of the existence of a stego fileThe third party can identify the existence of an encrypted fileThe process does not transform the overall structure of the dataThe process transforms the structure of the dataThe usage of a security key is optionalThe usage of a security key is necessarySteganography ensures secrecyCryptography ensures privacy
What is Watermarking in Steganography?
The two concepts of Steganography and Watermarking are quite closely related to one another. So much so, that the two terms are often used as substitutes for one another.
However, they are not exactly the same and hence it is important to understand what is watermarking in Steganography.
Watermarking can be understood as one form of Steganography. Watermarking is the practise of producing an indelible imprint on a particular piece of message, which hides copyright information.
It is a form of asserting authenticity and ownership in order to prevent non-permissible sharing of files as well as removal or replacement of messages by intruders. While in case of Steganography, the existence of the message is not know; in case of watermarking, the existence of the message, may or may not be known.
Conclusion
By the end of this blog, I am sure that you must have developed a fair idea of what is Steganography. On the face of it, Steganography does have an absolutely harmless objective; however, it has often been misused by cyber criminals and hackers for instigating different forms of cyber attacks.
Given so, it is only imperative to understand what is Steganography in Cyber Security. The strategy through which Steganography is detected is referred to as ?steganalysis?. Security analysts use various kinds of tools for detecting anomalies; however, the procedure is too cumbersome, given the volume of data present.
The field of Cyber Security in terms of career prospects is a booming one. The frequency and intensity of cyber attacks has been mounting on a regular basis. Security analysts are beginning to confront perpetual challenge in terms of developing new ways for abating these threats and attacks.
Consequently, the demand for Cyber Security experts has only been spiralling over the years. We, at Syntax Technologies, provide you with an exciting opportunity to develop cyber skills, relevant to the field. Read more about our Cyber Security course here: