24-07-2012, 03:54 PM
Security through Obscurity: Steganography
Security through Obscurity.doc (Size: 41 KB / Downloads: 35)
Abstract
As the information age progresses and data becomes more and more valuable, methods need to be discovered to protect and secure sensitive data. An original type of security has appeared, different from most types of cryptography in several ways. Steganography is a method of securing data by obscuring the context in which it is transferred. This paper will discuss the applications of steganography including hiding data within: text, mpeg layer three and images. The bulk of the document will talk about how it is used and a basic algorithm I developed for implementing steganography within bitmap images.
Paper
Cryptography is simply the science of protecting data so that nobody reads it that isn't authorized to do so . It allows an individual to encode data so the recipient will be the only person able to decipher the data. Steganography is in many ways an obscure type of cryptography. It allows a person to hide data within other data with the intent of not drawing suspicion to the context in which the message was transferred . Steganography can be used to take a document and hide that document’s data within an image. This method of cryptography has a variety of applications that all result in the combination of two different documents into one innocuous document. This resulting data hides the sensitive information inside the other data in such a way that it shouldn’t be noticeable.
Steganography is more popularly known as “Digital Watermarking”. Unlike its parent cryptography, digital watermarking doesn’t depend on a symmetric or asymmetric encryption scheme. For instance, in an asymmetric encryption scheme the algorithm relies on a public/private key pair to encrypt and decrypt a message and in a symmetric algorithm the message is encrypted and decrypted with the same key. Steganography uses neither of these methods and relies on data hiding to accomplish its task. The aim of it is to obscure the data so much that no one would ever think to extract data from the target. It gained the name digital watermarking because this method can be used to store copyrights and trademarks within data to protect the owner of the document. Such organizations as the RIAA and MPAA are researching this method of information hiding to imbed special tags to make it easier to catch and prosecute music and movie pirates
The Algorithm
The following algorithm is implemented in pseudo code with comments. he actual implementation was written in C++. This code works for bitmap images (or any image that has lossless compression). Compression ruins the watermarking for obvious reasons; it destroys the small changes that the algorithm makes to each pixel. The actual loading and writing of image data is library and platform specific and is beyond the scope of the paper. This code is only for the encoding portion of the data, to decode, these steps must be taken in reverse order.
What this algorithm implements
This code reads two files from disk: the document that needs to be hidden and the image that will serve as the hiding place. The document that was read from disk is then converted into the 8 bit binary equivalents each character’s ASCII value. For example: the letter A is found in the document; that is 97 ASCII which is 01100001 binary. Once all of the characters in the document are converted to binary, the image’s color values are read into a matrix that corresponds to each pixel in the image. The algorithm modifies the least significant bit of each pixel containing red, green and blue values. Each pixel in the image matrix is modified until all of the document data is hidden.
Conclusions
Steganography is an effective way to obscure data and hide sensitive information. It allows an individual to hide data inside other data with hopes that the transfer medium will be so obscure that no one would ever think to examine the contents of the file. Using the basic pseudo-code algorithm described above, it is possible to implement a steganography program to do all of the things described in this document: hide sensitive data, watermark images, and verify data integrity.
Although steganography is presented as a way to hide and watermark data is should be noted that the technology is not perfect. This method just secured data by obscuring the context in which it was transferred. If a prospective attacker wants to obtain the hidden, sensitive information this is just another barrier to discourage discovery. Like anything relating to security, if the attacker wants the data badly enough it will be obtained. For the time being, steganography seems to be a technology on the frontier of cryptographic methods that is just in its early stages. It serves as a new way to hide sensitive data but the overall “guessing game” that one plays with securing data makes steganography less appealing than other cryptographic methods. With continued research and an improvement in algorithms design, steganography can be taken as a serious way to hide data.