Steganography is the art and science of hiding information by embedding messages within media like images.The main purpose of digital steganography is often to create a message that defies detection.
There are number of file formats in which data is redundant or some data is of little importance.Digital steganography exploits this fact and the hidden message does not cause noticeable changes to the file.It is used in graphics files, HTML, sound files, video, and text files, for example, but image files are favored and referred to as stego-images.
What is steganography ?
Most common goal of steganography is to hide a file/data inside another file/data.
Consider the below case :
An example showing how terrorists may use forum avatars to send hidden messages. This avatar contains the message "Boss said that we should blow up the bridge at midnight." encrypted with http://mozaiq.org/encrypt using "växjö" as password. You can try this as a real experiment.
In October 2001, the New York Times published an article claiming that al-Qaeda had used steganography to encode messages into images, and then transported these via e-mail and possibly via USENET to prepare and execute the September 11, 2001 terrorist attack.
The counterpart of digital steganography software is digital steganalysis technology and techniques. Digital steganalysis is the art of steganography detection and extraction. It is used by governments, intelligence agencies, law enforcement, and the military. Training for people who want to be certified in steganography detection and extraction is also available.
Anyone can hide information in a graphic if the quality of the graphic is good enough. To hide information, reduce the quality of the picture and then substitute information you want to hide bit by bit into the "left over" space. Consider the following scenario: You use 32bit graphics and the graphic containing 1000 pixels, you have 32K bits of information.
If you reduce the graphic to 8 bit quality, the other 24 bits (24K of data) can be used to store other information. This is enough space to store trojans or corporate secrets. All you need to do is embed the information into the graphic and send it via email. Someone at the other end can unencrypt the message.
The below tool clearly shows (right bottom corner red box) that this image can hold upto 107024 bytes of data for hiding.
Types Steganography :
* Physical steganography
* Digital steganography
* Network steganography
* Printed steganography
* Text steganography
* Steganography using Sudoku Puzzle
Using Hex Analysis to See Steganography :
Tools that detect Steganography : System Scanner , Tripwire , Stegdetect , Stegbreak.
Tools that provide Steganography :
OutGuess - tools that insert hidden information.
MP3Stego - utility that shares messages in MP3 files.
Modern printers like HP and Xerox brand's color laser printers use steganography. Tiny yellow dots which are barely visible and contain encoded printer serial numbers, as well as date and time stamps are added to the prints.This helps track down some details from a print/image.
Printer may also add information like , name of printer , local or network , IP from which the print was given etc.
Difference between Cryptography and Steganography :
More commonly, steganography is used to supplement encryption. An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen.
Cryptography is the art of protecting information by encrypting it into an unreadable format, called cipher text. Only those who possess a secret key can decrypt the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called codebreaking, although modern cryptography techniques are virtually unbreakable.
The real difference between steganography and cryptology is that the messages don’t attract attention by being visible – for example, using invisible ink to write a message between the lines of a shopping list.
* Hides Information along with password to reach that Information.
* Difficult to detect unless you have the md5 hash of the orginal image.Only receiver can detect
* Can be used in different media forms like digital image, audio & video file.
* It can be done faster with the large no. of software’s.
* Huge number of data = huge file size, so some one can suspect about it.
* While sending and receiving, information can be leaked.
* The confidentiality of information is maintained by the algorithms, and if the algorithms are known then its all over.
* Hackers, terrorist ,criminals exploit it for the bad of others/all.
Related Article : Steganography in depth