IT 4500

Data Hiding

Dr Joe Francom

Activity 1

Alternate Data Streams

Find the hidden information in this file.

Maybe this

or this

Activity 2

Steganalysis & steganography

  • Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity
  • Steganalysis is the art and science of detecting messages hidden using steganography;

Steganalysis & steganography

How does it work? Remember that each pixel can be represented with a combination of 3 bytes (rgb). We can take a few of those bytes out and put our text in there with only marginal deterioration in image quality.

Example: Download and install steghide

apt-get install steghide #not easy to do on kali

  • Grab an image (supports jpg, perhaps others)

  • May be interesting to record what the image size is before and after.

      steghide embed -cf picture.jpg -ef secret.txt
  steghide extract -sf picture.jpg
  steghide info received_file.wav

Steganalysis & steganography

So, what might this be used for?

Steganography is NOT the same as cryptography. Cryptography scrambles the message so that it cannot be viewed, stego hides the existence of data. Can hide in file header fields, between sections of metadata. Can use images, sound, movies...