{[| Basic Steganography |]} by: h4z4rd mail: memearser@yahoo.com [1] Intro [2] Art of hiding [2_1] Text [2_2] Multimedia [4] Outro [1] Intro Steganography is a word derived from the greek words steganos, which means "covered", and graphia, which means "writing". It is the art of hidden comunication. The existence of message is secret, and thus unknown to anyone except the recipient. Old example of utilizing steganography dates to the time of Herodous, who tells a slave sent by his master Histiaeus to the Ionian city of Miletus with a secret message tattooed on his scalp. After tattooing the slave was told to grew hair back in order to conceal the message. Then he journeyed to Miletus, and upon arriving shaved his head to reveal the message to the city's regent Aristagoras. The message encouraged Aristagoras to start a revolt against the Persian king. We will not study tattooing, but steganographic use in the digital world. There are numerous places to hide messages, but we will study mainly hiding in text and graphics. [2] Art of hiding [2_1] Text So why would someone try to hide something rather than encrypt it? Obvious reason would be to mislead potencial snooper to think that there is nothing hidden. Today most likely your data is watched by numerous of people, from bored geeks, police, crackers, (parents?) and they all want to know what are you doing. Also there are many inteligent programs that snoop your data and look for potencial threats (eg. terorists). What do you think they will do if they find some encrypted stuff you are mailing to frends? Log your data and send it to analysis (ok, maybe not all encrypted stuff but some will). It's like sticking flag on your mail and waiting for someone to notice it. So here steganography comes handy. Why not hide your perverted details in plain text, and trick them to think it is just another spam or nonthreatening message? One of the simplyest metods is to choose a position of letter you will read. For example we choose second letter so we will read only every second letter in a word. Now just take a dictionary and start building your message (if you are a mazohist ;). This is a hard job to do, to find matching word for every letter and build a sentence that makes sense. But it doesn't have to make sense, it just has to have a valid structure, and if someone reads it he will think you are mentaly sick and leave you alone (or put you in a hospital) but it will definitly trick programs seeking for plans on new terrorist attacks. This kind of seganography is not very easy to detect if you have some imagination and mix sequences (like first letter then second letter and then again first, second...). There was a steganographic problem on www.caesum.com where you got this: --- Unix finger is not aching. Steal or offer sticks many plane walls. To usher along your burns in brown soft or buttered ash. Steal or offer sticks many plane walls. In todays crass buys it may stop spurning. In mime whales may do flogging for in mime whales may do pond shopping. Not in suffering shires can mad or potty achievements present to hamlets. Feet miss past plans. Big trees do plant little or little achers cream. At ochre grey branded ferns matter. At frond coffers it latens ocher grey. In hamlets feet miss past plans. Magic trees do rub plus butter it. Now ocher gray matters then. Never step forward to say plough grub. It bids fools. It may fool you. At new stings allow all to sin. Step step badly to get store to ashen sheep. Please bid it. Matters usher feed. Now stop for madness. ok. Pass spell for spell. Run madly sticking nappies still little may. --- When I first saw this I had no idea what to look for or what to try. I thought that it has something to do with meaning of sentences or anything in world. And after quite some time I found 3 simple methods that were usually used in text steganography: letter position within each word; letter position within entire text; and word position within the entire text. These are simple methods that can be very hard to notice if you use your imagination and modify them. So what is the answer to this quest I leave to you to investigate and to find. I also found some pretty cool programs that can build gramaticly valid senteces for a given text (method is more complex than simple letter hiding, that program if I remember corectly was someones diploma thesis or something similar, but a fully functional). There are as many metods to hide sth. as there are people on Earth. This were some simple methods that combined with your imagination could become really unnoticable and hard to extract. Disadvantage for hiding messages in text this way is that it's difficult and time consuming to build text that can make sence and be gramaticly correct, for some length of your message. But these are only the most simple methods for hiding something into text. [2_2] Multimedia Now this is a pretty popular way to hide your data, and I bet most of you have heard aboth it, and possibly used it. Here we use multimedia to hide our data, like pictures, music, movies. Here the principle is pretty much the same, but depends on type of media, or encoding of media. So we have different types of picture, music, and film encodings (ie. bmp, jpeg, mp3, waw, avi, mpeg....), and there is "problem" and "advantage" for this. The problem is for every type of encoding you will have to find specialized program, and for closed source encodings (i think real media is example for this) there will be a problem to make a program that can properly change structure of data so it is still usable and able to play, and advantage is that it is more difficult to analyse and find data if you use some "wild" type. One of the most popular methods for hiding something in pictures is the lsb (least significant bit) method. That method is based on way that programs interpret pixels (we only consider 8 or 24 bit pixels), so 8bit pixel represents one of 256 colors and if we change the least significant bit we will change pixel by just one collor or none if our bit is same as the previous. This technique is applicable only on formats that don't compress picture (like bmp, gif...) because compression is based on rejecting least significant information (it's not simple as that but it's the whole idea behind it). So what we do is change out message to binary format and bit by bit insert into our picture. This is the most simple method of hiding and not very secure if someone starts looking at bits, but if you previously encrypt it and add some spacing between insertations thats another story. Similar process applys to other formats where you change nonsignificant or less significant bits and hide a message (eg. in mp3 you hide message while compressing file not on compressed file). You can also study some format and find places that are unused or could be used for hiding messages. There are also tricks like changing parametars of picture header so when the picture is opened you can't see what is on it, but you see everything black or messed up (take some picture open it in hexeditor and play). There are some pretty complicated ways and methods for hiding data in all sorts of types that are hard or almost undetectable, but because of their complexity they will not be discussed (but if you are interested in search, you will get alot of information on the wanted file type). One of the thing you should keep in mind is that if you use steganography and programs/algorithms is that your steganographed data could be altered in transport (accidently of purpously) and your message could be lost. Because of that there is a term robustness used in steganography for identifying ability of the steg. data to undergo some alterations (like image editing etc.). It simply means that your message will be embeaded many times so if one of messages is destroyed you have others, but it improves chances of detection. But sometimes you will want your message to become inrecoverable even after minor changes to tighten security. The twin brother of steganography is watermarking. Watermarking is a term mostly used for commercial steganograph adaptations and is used to claim ownership, copyrights, it's used in tv for counting marketing programs (some TV stations have watermarked commercial programs so that it's clients can count number of times their comercial was aired, they aren't going to watch tv program 24h a day to see if TV station has cheated them but they have special machines searching for watermarks in program), protecting music from copying and other (here are used non robust watermarks so if you copy music eg. encode in mp3 you will lose a watermark and that could be used as proof of illegal activity), or you could have a robust watermark attached to you pdf file of picture so you can claim ownership if someone steals it and claims ownership and many many more. Term frequently used when dealing with watermarking and steganography is falepositive and falsenegative. It is a term used in detecting watermarks, it is a statistical probability that some data will have false positive detections (it means that there will be no watermark or message but our watermark detector will report that there is) or false negative (eg. that ther is no watermark but in fact there is but it could be damaged or undetected). It is a factor that should be considered when claiming watermarks and steganographs. [4] Outro I have only scratched the surface of all posibilitys to use steganography and its applicability. Here are described just basics because all complex systems would be impractical and hard to understand not because it requires some basic knowledge abouth steganography but because it is highly specialized to certain data type and based on mathematical calculations and formulas that exceed basics and go to theoretical and practical speculations. References: http://www.google.com/search?hl=en&ie=UTF-8&q=steganography&btnG=Google+Search Digital Watermarking; Cox, Miller, Bloom