|
Business
Steganography: Snake in the grass
|
The word Steganography literally means covered writing as derived from Greek and includes a vast array of methods of secret communications that conceal the very existence of the message.
|
THE `PERCEPTION MANAGERS' and their `patriotic' paparazzi of the West seem to have shifted gears from singing paeans of technology to sowing suspicions about its possible misuse by the Al Queada, Taliban and their ilk! The word `Steganography' should henceforth be bandied about more for its sinister implications on the security of the civilised world.
In June this year, USA Today reported that the encrypted blueprints of the next terrorist attack on the U.S. and its allies may lie hidden behind the X-rated pictures on several pornographic web sites and the posted comments on sports chat rooms.
Snake in the grass!
A snake makes itself invisible in a bed of grass by natural subterfuge. For all visible signs one sees just a stretch of grass but not the snake hiding beneath. The word Steganography literally means covered writing as derived from Greek. It includes a vast array of methods of secret communications that conceal the very existence of the message. Invisible inks, microdots, character arrangement, digital signatures, covert channels and spread-spectrum communications and other artifacts of day-to-day use in communications have thus been converted into potent tools of Steganography.
Mr. Ahmed Jabril, a spokesman for the militant group Hezbollah reportedly said in London, ``Now it's possible to send a verse from the Koran, an appeal for charity and even a call for jihad and know it will not be seen by anyone hostile to our faith, like the Americans''. Steganography allows anyone with the knowhow to hide any message he wants behind simple images or blocks of text, without making them look abnormal in anyway. Any one can contribute an article to a Net publication with a few pictures, which may camouflage secret messages not intended for the lay readers of the article! Still it will remain an article published in a respectable magazine for all outward appearances and what is worse is that even the Net magazine will not have an iota of suspicion! Even voice files, MP3 files and virtually almost all sorts of computer media can be used for this purpose!
For all this renewed hype, Steganography is an ancient concept. The Greek historian Herodotus has written how one of his cunning countrymen sent a warning of an invasion by writing it on the wood underneath a wax tablet. To casual observers, the tablet appeared blank. Both Axis and Allied spies during World War II used such measures as invisible inks — using milk, fruit juice or urine which darken when heated, or tiny punctures above key characters in a document that form a message when combined.
Try it out
As with other simple and casual things, Internet and the web have added to the might of such simple procedures. Bits and bytes have provided a powerful medium for the exchange such masqueraded messages in an unlimited and anonymous environment. Software like White Noise Storm and S-Tools, can use the `least significant' bits of any digitised file to hold covert information, without changing it in any manner perceptible to the human sensory organs of sight or hearing as the case may be. Want to see a demo? Visit math.ohio-state.edu/fiedorow/PGP/stego.html and try first-hand hiding your own message behind a picture by following the step-by-step instructions! `Spammimic' allows you to hide your secret message behind guess what? — The ubiquitous spam e-mail message! Want to try it? Visit spammimic.com/index.shtml.
So far paranoid privacy advocates have touted Steganography, albeit openly for communication without the powers that be breathing down your shoulders.
It has been quite common to hide copyright messages behind digitised files so that it may be used in civil disputes. Software professionals found another tool in Steganography apart from `Easter Eggs' to record their contributions to a software product, when they were afraid that their employers might not give them title credits. For a brief and clear beginners' tutorial on Stganography visit jjtc.com/stegdoc/stegdoc.html.
Protection
With Steganography `Stego Analysis' is the natural offshoot. Stego Analysis provides means to detect and destroy steganographic messages. For an excellent overview of Stego Analysis, visit isse.gmu.edu/njohnson/ihws98/jjgmu.html, where Neil F. Johnson and Sushil Jajodia of George Mason University, FairFax, Virginia, discuss all commonly known Steganographic software products and how to crack them. The authors state that any image can be manipulated with the intent of destroying some hidden information whether an embedded message exists or not. However, they suggest that detection should precede destruction to target such hidden messages, which are not just innocuous copyright or ownership related info (known as `digital watermarks'). Detection may also save wasted effort.
Steganography and
cryptography
Steganography is different from cryptography. Cryptography uses encryption to change the contents of digitised files using some known algorithm into something totally different.
The same algorithm can be used to restore it to its original form. Steganography does not alter the message in any way. It simply hides it. To make detection almost impossible, encrypted messages can be hidden using Steganography.
Dead drops
`Dead drop' is a Cold War-era slang connoting a place where spies left information. Cops and security experts feel that the Internet provides virtually limitless supply of `dead drops'.
Officials and experts say the messages scrambled using free encryption programs set up by groups that advocate privacy on the Internet are hidden in an existing images on selected web sites. The e-mails and images can only be decrypted using a `private key' or code, selected by the recipient. Thus you very well could have a photograph and image with the time and information of an attack, say on an International airport, sitting on your computer, and you would never know it! Unlike the good old `dead drop' the Internet, is proving to be a much more secure way to conduct clandestine warfare.
Known tools
`Image domain' tools modify least significant digits of a digital file to hide packets of some other digitised file. The changes are done in such a way to emulate normal `noise' or distortions fundamental to the capture and dissemination of any digital bit stream.
The image formats typically used in such Steganography methods are lossless and the data can be directly manipulated and recovered. The transform domain tools include those that involve manipulation of algorithms and image transforms such as discrete cosine transformation and wavelet transformation (used in JPEG, GIF or MP3 data compressions). These methods hide messages in more significant areas of the cover and may manipulate image properties such as luminance.
Most Stego tools are hybrids which use set properties of classical image and transform domain models. Many of these are freeware and may be downloaded from the net without spending anything! `Stego DOS', `S-Tools', `Mandelstag', `EzStego', `Hide and Seek', `White Noise Storm', `Steganos', `Picture Marc', `JK-PGS', `Sys Cop', and `Sure Sign' are some of the names of Steganography tools which can be easily procured through the Net by anybody.
Considering that Steganography can make use of unlimited legal means to use any web site without attracting the attention of anybody, including the owners of the target web sites themselves, it remains to be seen how governments and security agents tackle terrorist abuse thereof.
R.MOHANAKRISHNAN
(The author may be contacted at
mohank@xlweb.com)
Send this article to Friends by
E-Mail
Business
|
