Running head: STEGANOGRAPHY

Steganography
Name of Student
Course Title
Name of Professor
November 7, 2014

2
Abstract
Over the past decade, steganography has been garnering increasing attention particularly since
law enforcement authorities had suspected that it was used in secret communications among
terrorists that perpetrated the September 11 attack in New York. The term steganography refers to
the art and science of covert or hidden writing, and is different from cryptography which is the
art and science of writing in secret codes. The goal of cryptography is to make sure that third
parties cannot read data, while the aim of steganography is to hide data from a third party. The
purpose of this paper is to investigate steganography, its history, techniques, advantages and
disadvantages, uses in computer forensics, as well as the software tools that can detect it, among
others.

3
Steganography
Steganography has generated significant attention over the past decade particularly since
it was speculated that terrorists associated with the September 11 attacks in the United States
could have used it for conducting their covert communications (Westphal). While there has been
no evidence confirming this, the concern highlights the effectiveness of steganography in terms
of obscuring data. Notably, along with encryption, steganography is one of the most basic
methods through which data may be kept confidential (Westphal). This paper presents a
discussion on streganography, its origins, techniques, advantages and disadvantages, and uses in
computer forensics, among others.
Definition
Steganography is the art and science of covert or hidden writing (Kessler). It is different
from cryptography, which is the art and science of writing in secret codes, and which
encompasses factors that enable secure communication over insecure channels, such as, privacy,
confidentiality, key exchange, authentication and non-repudiation (Kessler, 2001). However,
cryptography does not always enable safe communication. In contrast, steganography enables the
concealing of information (Kumar 76). Whereas the goal of cryptography is to ensure that third
parties cannot read data, the goal of steganography is to hide data from a third party. Needless to
say, there is a significant difference between hiding and disguising messages. When a message is
concealed it is practically rendered invisible, as in the case of steganography. On the other hand,
when a message is disguised, it is visible but has to be enciphered and deciphered. In light of
these, steganography has a number of drawbacks. First, steganography requires considerable
overhead for the concealing of even little information. Second, as soon as the system is
uncovered, it becomes practically useless (Kumar 77). Steganography is considered as a digital
strategy that enables hiding a file in some form of multimedia, including, images, audio files or
video files.
Steganography in History
Although the term steganography has its roots in the 15th century, it has actually been in
practice for millennia (Westphal). For example, ancient Romans and Greeks used to write texts
on wax which was poured onto the top stone tablets so that unauthorized others cannot read it.
This was a steganographic technique that was used by the military during ancient times. When
the authorized receiver of the message wanted to read it, the wax would simply be scraped off to
reveal the message on top the tablet. During ancient times, it was not unusual to hide messages
by inscribing them on the stomachs of rabbits, or tattooed on the scalp of slaves (Kessler).
Another example of steganography is by writing in invisible ink, a practice that continues among
modern-day terrorists and spies. Nevertheless, it must be emphasized that even if steganography
hides a covert message, it cannot conceal the fact that two parties are communicating with one
another. Generally, steganography entails placing a concealed message through a transport
medium called the carrier (Kessler). Today, steganography has become digitized such that it can
hide messages inside other harmless messages.

4
Techniques
One of the most notable steganography techniques is digital watermarking through which
an author may embed a hidden message in a file (Kessler). In doing so, the author can claim
ownership of intellectual property or ensure integrity of the content. For example, if an author
posts her original artwork on a website and somebody subsequently attempts to steal that file and
claim it as his or her own, the real author can prove ownership through digital watermarking
(Kessler). This is because only the real author can recover the watermark. Other techniques
include embedding messages in images as well as audio and video files (Dunbar 7).
LSB Hiding
Least significant bit (LSB) hiding is a common steganography method used for audio and
image files (Gupta, Goyal and Bhushan 27). In this approach, the least significant bits of some
or all of the bytes inside an image is replaced with a bits of the secret message (Gupta et al. 27).
The term LSB is derived from the numeric significance of the bits in a byte. To note, the highorder or most significant bit is the one with the highest arithmetic value (i.e., 27=128) (Kessler).
On the other hand, the low-order or least significant bit is the one with the lowest arithmetic
value (i.e., 20=1) (Kessler). LSB substation is often used for overwriting legitimate RGB color
encodings or palette pointers in GIF and BMP files, coefficients in JPEG files, and pulse code
modulation levels in audio files (Kessler). Through overwriting of the LSB, there is minimal
change to the numeric value of the byte such that it is hardly detected by the human eye or ear.
Meanwhile, decoding may be done through steganalysis, which is the art of detecting and
breaking steganography (Kessler). A commonly used steganalysis technique is through the
examination of a graphical images color palette. If the image contains hidden data, numerous
colors within the palette will have duplicate binary encodings. Therefore, is the steganalysis
reveals that the color palette of a file has many duplicates, it is highly possible that the file
contains hidden information.
Implementation and Results
There are three fundamental protocols in stegaography, namely, pure steganography,
secret key steganography and public key steganography (Dunbar 4). Pure steganography refers to
a steganographic system that does not need any exchange of ciphers such as a stego-key (Dunbar
4). This is the least secure of the three protocols in terms of secretly communication because
sender and receiver depend on the mere presumption that no other party is aware of this secret
message. On the other hand, secret key steganography refers to the steganographic system
which needs exchange of a secret key (stego-key) before communication (Dunbar 4). This
protocol takes a cover message and embeds the secret message inside of it by using a secret key
(stego-key) (Dunbar 4). Reversal and reading of the secret message are limited only to those
who know the secret key. Meanwhile, public key steganography refers to a steganographic
system in which a public key and a private key are used for securing communication between the
parties who seek to communicate secretly. The sender uses the public key in the encoding
process but only the private key can decipher the secret message. This is considered as the most

5
robust protocol and can provide different levels of security. Consequently, unwanted parties must
first be suspicious of the use of steganography and they have to crack the algorithm associated
with the public key system before they can intercept the secret message.
Other Steganography Methods
Most steganography used today is high-tech but this does not mean to say that
steganography cannot use low-tech methods. To recall, the goal of steganography is simply to
hide the presence of a message and this does not really require high tech all of the time. For
example, a common form of steganography is called the null cipher (Kessler). Through this
method, a hidden message is formed by extracting the first (or other fixed) letter of every word in
the cover message (Kessler). Another method of steganography is through the use of a template,
which is a sheet of paper containing holes or a set of preselected locations on the page to hide a
message (Kessler). In such cases, the sender and receiver should use identical templates or rules
(Kessler). Notably, steganography is not just applicable to written forms of communication.
Radio and television messages from World War II to today may be used to conceal messages.
Pros and Cons
The advantages and disadvantages of steganography actually depends on the technique
that is being used. For example, the advantage of encoding secret messages in text is that this is
the most difficult encoding method to intercept because every type of formatted text has a
large amount of features that can be used for encoding the secret message (Kessler). On the
other hand, concealing messages in images has been becoming more popular and because of
continuing growth in strong graphics power in computers. Another advantage is that messages
concealed in images are sometimes not detectable at all by the human eyes (Dunbar 5).
Meanwhile, the main disadvantage of encoding secret messages in audio is that it is difficult to
accomplish due to the keenness of the human auditory system (Dunbar 5). Nevertheless, an
advantage of this technique is that it has many applications.
Computer Forensics
There are many ways through which messages may be hidden in digital media (Kessler).
In this regard, computer forensics examiners are familiar with data that remains in file slack or
unallocated space as the remnants of previous files, and programs may be written to access
slack and unallocated space directly (Kessler). Small amounts of data may also be concealed in
the unused portion of file headers. However, in the area of computer forensics, it is the
application of steganalysis that is more important. Sometimes, detection of concealed data is not
sufficient for steganalysts. Instead, the steganalyst may also seek to extract the concealed
message, disable it so that the recipient cannot extract it, or change the hidden message to send
misinformation to the recipient (Dunbar 5; Kessler). Steganography detection and extraction
usually sufficient if the goal is to collect evidence in relation to a past crime. However,
destroying or altering the hidden information are also legitimate law enforcement objectives on
criminal or terrorist investigations.

6
Software
Using steganography software on a suspect computer is crucial to forensic analysis
considering that many steganography detection programs are most efficient and effective when
there are clues regarding the type of steganography being used in the first place. Usually, when
steganography software exists in a computer, it is also an indication that there are steganography
files with hidden messages on that suspect computer (Kessler). Among the software being used
for steganography are WetStone Technologies' Gargoyle software that can be used to detect the
presence of steganography software; AccessData's Forensic Toolkit and Guidance Software's
EnCase can use the HashKeeper; Maresware and National Software Reference Library hash can
also be used to search for a large variety of software.
Conclusion
As seen here, steganography is highly useful provided that one knows the various
techniques that enable it, the strengths and advantages of such techniques, as well as the
forensics skills required for steganalysis. It is expected that in this digitized age, more
sophisticated developments will be taking place in the realm of steganography.
References
Dunbar, Bret. Stenographic Techniques and Their Use in an Open-Systems Environment.
2002. Accessed 6 November 2014 from http://www.sans.org/readingroom/whitepapers/covert/detailed-steganographic-techniques-open-systems-environment677
Gupta, Shailender, Ankur Goyal and Bharat Bhushan. Information Hiding Using Least
Significant Bit Steganography and Cryptography. I.J.Modern Education and Computer
Science 6(2012): 27-34.
Kessler, Gary C. An Overview of Steganography for the Computer Forensics Examiner. 2014.
Accessed 6 November 2014 from http://www.garykessler.net/library/fsc_stego.html
Kumar, Manoj. Cryptography and Network Security. Meerut: Krishna Prakashan Media Ltd.,
2008. Print. 6 November 2014.
Westphal, Kristy. Steganography Revealed. 2003. Accessed 6 November 2014 from
http://www.symantec.com/connect/articles/steganography-revealed