Steganography (from Greek στεγανός, “covered” and γράφω, “to write”) is the technique of hiding information within an object to avoid detection. Unlike cryptography, steganography does not protect data from being read or modified; it conceals the very fact of the data’s existence.
The object containing that sensitive information is called a stegocontainer. One example of a stegocontainer is an envelope with a secret message hidden under the postage stamp. In information security, steganography means digital or computer steganography in which secret data resides in memory service areas, hidden fields of documents, or multimedia files.
Use of steganography in IT
Legitimate uses of steganography include:
- Intellectual property protection against illegal copying, such as with hidden information in media files identifying their origin;
- Confidential data protection, such as with sensitive data concealed inside files that contain open information and embedded marks that systems such as DLP use to locate the documents and prevent their theft.
Some also use steganography to conceal malicious code or stolen data in seemingly harmless files.
Methods of steganography
Depending on the type of stegocontainer and certain aspects of its processing, embedding data can involve a variety of techniques. The most common are:
- Changing the LSB (Least Significant Bit). This method replaces one or two low-order (last) bits in multimedia files with the secret message bits. The bytes in question address pixel coding, audio track coding, and so forth; the result is a very slightly modified file;
- Embedding data into file service areas. This method makes use of areas that search engines normally ignore and document viewers do not display automatically. The embedded payload has no effect on the document content, but the service areas are of very limited size;
- Generating a stegocontainer around the secret data. In this case, the steganographic tool transforms data into a carrier object rather than adding it to an existing file.
Steganography can also refer to a melding of an image file with an archive, resulting in a file that image viewers recognize as a picture, and archivers as an archive. The usage is imprecise because such cases do not involve one file being hidden inside another.
Steganalysis: Combating steganography
To help uncover steganography, experts turn to steganalysis. Steganalysts use several techniques to discover file payload. They might detect a message hidden in an image by means of LSB by analyzing visual noise, for example. More generally, specialists also use popular steganography tools in their research, analyzing the results to learn their methods and thus better discern what to look for.
Given the many steganography techniques in use, and that not all tools are open to the public, steganalysis’ main shortcoming is its high probability of either missing a loaded container or returning a false positive. In addition, analyzing every media file either downloaded to a device or uploaded to the Internet may prove very time-consuming.