Steganography

1. Introduction
Definition:
Steganography is the technique of hiding secret data within an ordinary, non-
secret, file or message in order to avoid detection; the secret data is then extracted
at its destination. The use of steganography can be combined with encryption as an
extra step for hiding or protecting data. The word steganography is derived from
the Greek words steganos (meaning hidden or covered) and the Greek root graph
(meaning to write).
Steganography can be used to conceal almost any type of digital content, including
text, image, video or audio content; the data to be hidden can be hidden inside
almost any other type of digital content. The content to be concealed through
steganography -- called hidden text -- is often encrypted before being incorporated
into the innocuous-seeming cover text file or data stream. If not encrypted, the
hidden text is commonly processed in some way in order to increase the difficulty
of detecting the secret content.
Steganography is practiced by those wishing to convey a secret message or code.
While there are many legitimate uses for steganography, malware developers have
also been found to use steganography to obscure the transmission of malicious
code.
Forms of steganography have been used for centuries and include almost any
technique for hiding a secret message in an otherwise harmless container. For
example, using invisible ink to hide secret messages in otherwise inoffensive
messages; hiding documents recorded on microdot -- which can be as small as 1
millimeter in diameter -- on or inside legitimate-seeming correspondence; and even
by using multiplayer gaming environments to share information.
 2. Key Differences Between Steganography and
Cryptography
1. The meaning of the steganography is “covered or hidden writing” while
cryptography signifies “secret writing”.
2. Steganography is an attempt to achieve secure and undetectable
communication. On the other hand, cryptography intends to make the
message readable for only the target recipient but not by others through
obtaining a disguised form of the message.
3. In steganography, the main structure of the message is not changed whereas
cryptography imposes a change on the secret message before transferring it
over the network.
4. The cryptography is prevalently used unlike steganography, which is not so
familiar.
5. The degree of the security of the secret data is measured by the key length
which makes the algorithm strong and unbreakable. Conversely, there is no
such thing in steganography.
6. Steganography provides only confidentiality and authentication. On the
contrary, the principles of security provided by the cryptography are
confidentiality, integrity, authentication, and non-repudiation.
7. Spacial domain, transform domain embedding and model-based are some of
the algorithms used in steganography. In contrast, the cryptography uses
techniques named as trans-positional, substitution, stream and block ciphers.
8. The steganography can be employed on any medium such as text, audio,
video, and image while cryptography is implemented only on the text file.
9. The reverse engineering employed to decode the message in cryptography is
known as cryptanalysis. As against, the technique used to detect the presence
of the steganography is known as steganalysis.

Advantage of steganography over cryptography:

The advantage of steganography over cryptography alone is that the intended
secret message does not attract attention to itself as an object of scrutiny. Plainly
visible encrypted messages, no matter how unbreakable they are, arouse interest
and may in themselves be incriminating in countries in which encryption is illegal.

Whereas cryptography is the practice of protecting the contents of a message alone,

steganography is concerned both with concealing the fact that a secret message is
being sent and its contents.
Steganography includes the concealment of information within computer files. In
digital steganography, electronic communications may include steganographic
coding inside of a transport layer, such as a document file, image file, program or
protocol. Media files are ideal for steganographic transmission because of their
large size. For example, a sender might start with an innocuous image file and
adjust the color of every hundredth pixel to correspond to a letter in the alphabet.
The change is so subtle that someone who is not specifically looking for it is
unlikely to notice the change.

3. Pure Steganography
Pure Steganography is defined as a steganographic system which does not require
the exchange of a cipher such as a stego-key. This method of is not much secure
because the sender and receiver can rely only upon the assumption that no other
parties are aware of the secret message.

4. Secret Key Steganography

Secret Key Steganography is defined as a steganographic system that requires the
exchange of a secret key (stego-key) previous to communication. Secret key
Steganography takes a cover message and embeds the secret message inside of it
by using a secret key (stego-key). Only the parties who know the secret key can
reverse the process and read the secret message. Unlike Pure Steganography where
a perceived invisible communication channel is present, Secret Key Steganography
exchanges a stego-key, which makes it more vulnerable to interception. The
benefit to Secret Key Steganography is even if it is intercepted; only parties who
know the secret key can extract the secret message.
 5. Public Key Steganography
Public Key Steganography is defined as a steganographic system that uses a public
key and a private key to secure the communication between the parties wanting to
communicate secretly. Sender will use the public key during the encoding process
and only the private key, which has a direct mathematical relationship with the
public key, can decipher the secret message. Public Key Steganography provides a
stronger way of implementing a steganographic system because it can utilize a
much more robust and researched technology in Public Key Cryptography. It also
has multiple levels of security in that unwanted parties must first suspect the use of
Steganography and then they would have to find a way to crack the algorithm used
by the public key system before they could intercept the secret message.

6. Types of Steganography
1. Text Steganography: Hiding information in text is the most important method
of steganography. The method was to hide a secret message in every nth letter of
every word of a text message. After booming of Internet and different type of
digital file formats it has decreased in importance. Text steganography using
digital files is not used very often because the text files have a very small amount
of redundant data.
2. Image Steganography: Images are used as the popular cover objects for
steganography. A message is embedded in a digital image through an embedding
algorithm, using the secret key. The resulting stego image is send to the receiver.
On the other side, it is processed by the extraction algorithm using the same key.
During the transmission of stego image unauthenticated persons can only notice
the transmission of an image but can’t guess the existence of the hidden message.
3. Audio Steganography: Audio stenography is masking, which exploits the
properties of the human ear to hide information unnoticeably. An audible, sound
can be inaudible in the presence of another louder audible sound. This property
allows to select the channel in which to hide information.
4. Protocol Steganography: The term protocol steganography is to embedding
information within network protocols such as TCP/IP. We hide information in the
header of a TCP/IP packet in some fields that can be either optional or are never
used.

7. Algorithms used in Steganography

1- BLINDHIDE
This is the simplest way to hide information in an image. It blindly hides because it
just starts at the top left corner of the image and works its way across the image
(then down - in scan lines) pixel by pixel. As it goes along it changes the least
significant bits of the pixel colors to match the message. To decode the process the
least significant bits starting at the top left are read off. This is not very secure - it's
really easy to read off the least significant bits. It also isn't very smart - if the
message doesn't completely fill up the possible space than just the top part of the
image is degraded but the bottom is left unchanged - making it easy to tell what's
been changed.
2- HIDE SEEK
This algorithm randomly distributes the message across the image. It is named
after "Hide and Seek" - a Windows 95 steganography tool that uses a similar
technique. It uses a password to generate a random seed, then uses this seed to pick
the first position to hide in. It continues to randomly generate positions until it has
finished hiding the message. It's a little bit smarter about how it hides because you
have to try every combination of pixels in every order to try and "crack" the
algorithm - unless you have the password. It's still not the best method because it is
not looking at the pixels it is hiding in - it might be more useful to figure out areas
of the image where it is better to hide in.
3- FILTER FIRST
This algorithm filters the image using one of the inbuilt filters and then hides in the
highest filter values first. It is essentially a fancier version of Blind Hide as it
doesn't require a password to retrieve the message. Because we are changing the
pixels we need to be careful about filtering the picture because we don't want to
use information for filtering that might change. If we do, then it may be difficult (if
not impossible) to retrieve the message again. So, this algorithm filters the most
significant bits, and leaves the least significant bits to be changed. It is less
noticeable on an image because using the filter ensures we are hiding in the parts
of the image that are the least noticeable.
4- BATTLE STEG
The best of all. This algorithm performs "Battleship Steganography". It first filters
the image then uses the highest filter values as "ships". The algorithm then
randomly "shoots" at the image (like in Hide Seek) and when it finds a "ship" it
clusters it's shots around that hit in the hope of "sinking" the "ship". After a while it
moves away to look for other ships. The effect this has is that the message is
randomly hidden, but often hidden in the "best" parts to hide in thanks to the ships.
It moves away to look for other ships so that we don't degrade an area of an image
too greatly. It is secure because you need a password to retrieve the message. It is
fairly effective because it is hiding (if you set the values right) the majority of the
information in the best areas.

8. Steganalysis
Steganalysis is the study of detecting messages hidden using steganography; this is
analogous to cryptanalysis applied to cryptography.
The goal of steganalysis is to identify suspected packages, determine whether or
not they have a payload encoded into them, and, if possible, recover that payload.
Unlike cryptanalysis, in which intercepted data contains a message (though that
message is encrypted), steganalysis generally starts with a pile of suspect data files,
but little information about which of the files, if any, contain a payload. The
steganalyst is usually something of a forensic statistician, and must start by
reducing this set of data files (which is often quite large; in many cases, it may be
the entire set of files on a computer) to the subset most likely to have been altered.

9. Conclusion
Steganography is not intended to replace cryptography but supplement it. Hiding a
message with steganography methods reduces the chance of a message being
detected. However, if that message is also encrypted, if discovered, it must also be
cracked. There are an infinite number of steganography applications.
Steganography does not only pertain to digital images but also to other media (files
such as voice, other text and binaries; other media such as communication
channels, the list can go on and on).
steganography is not a good solution to secrecy. If a message is encrypted using
substitution (substituting one alphabet h another), permute the message (shuffle the
text) and apply a substitution again, then the encrypted ciphertext is more secure
than using only substitution or only permutation. NOW, if the ciphertext is
embedded in an image, video, voice, etc. it is even more secure. If an encrypted
message is intercepted, the interceptor knows the text is an encrypted message.
With steganography, the interceptor may not know the object contains a message.

10. References
- Jayaram P, Ranganatha H R, Anupama H S, " Information Hiding Using Audio
Steganography – A Survey" in The International Journal of Multimedia & Its
Applications (IJMA) Vol.3, No.3, August 2011
- Jammi Ashok, Y. Raju, S. Munishankaraiah, K. Srinivas "Steganography: An
Overview" in International Journal of Engineering Science and Technology Vol.
2(10), 2010
- Pratap Chandra Mandal Modern "Steganographic technique: A survey" in
International Journal of Computer Science & Engineering Technology (IJCSET)