Steganography is a process of hiding information in a form of text, image, audio,video inside an ordinary, information that is not secret to avoid detection.In this process the existence of hidden messages is not detectable in plain sight.Steganography keeps the existence of the message a secret.Steganography is not a form of cryptography, because cryptography simply encrypts the intended message, whereas steganography conceals the existence of the message. The word steganography derived from Greek word steganographia, which combines the words steganós , meaning "covered or concealed", and -graphia meaning "writing".
Steganography is not a new term. It has been around since about 1500 and was first used by Johannes Trithemius in his book Steganographia. In ancient times, steganography was mostly done physically.Today, digital steganography is one of the important components in the toolboxes of spies and malicious hackers, as well as human rights activists and political dissidents.
Techniques used in Steganography
Least Significant Bit
One of the most popular techniques is 'least significant bit (LSB) steganography. In this type of steganography, the information hider embeds the secret information in the least significant bits of a media file.For instance, in an image file each pixel is comprised of three bytes of data corresponding to the colors red, green, and blue (some image formats allocate an additional fourth byte to transparency, or ‘alpha’).LSB steganography changes the last bit of each of those bytes to hide one bit of data. So, to hide one megabyte of data using this method, you’ll need an eight-megabyte image file. Since modifying the last bit of the pixel value doesn’t result in a visually perceptible change to the picture, a person viewing the original and the steganographically modified images won’t be able to tell the difference.The same scheme can be applied to other digital media (audio and video), where data is hidden in parts of the file that result in the least change to the audible or visual output.
Another less popular steganography technique is the use of word or letter substitution. Here, the sender of the secret message hides the text by distributing it inside a much larger text, placing the words at specific intervals.While this substitution method is easy to use, it may also make the text look strange and out of place, since the secret words might not fit particularly well into their target sentences.
Palette Based Technique
This technique also uses digital images as malware carriers. Here, the attackers first encrypt the message and then hide it in a stretched palette of the cover image. Even though this technique can carry a limited amount of data, it frustrates threat hunters since the malware is encrypted and takes a lot of time to decrypt.
Secure Cover Selection
This is a very complex technique where the cyber criminals compare the blocks of the carrier image to the blocks of their specific malware. If an image with the same blocks as the malware is found, it is chosen as the candidate to carry the malware. The identical malware blocks are then carefully fitted into the carrier image. The resulting image is identical to the original and the worst part is that this image is not flagged as a threat by detection software and applications.
There are other types of steganography, such as hiding an entire partition on a hard drive,or embedding data in the header section of files and network packets. The effectiveness of these methods depends on how much data they can hide and how easy they are to detect.
Malicious hackers use steganography for a variety of tasks such as hiding malicious payloads and script files. Malware developers often use LSB steganography to hide the code for their malware in images of celebrities and famous songs and execute them with another program after the file is downloaded on the victim’s computer. “The term ‘Trojan Horse’ is used to describe a dangerous file hidden within a harmless file. Macro attacks are a form of steganography as well,” Trustwave’s Winkler says“Steganography will be used by creative hackers whenever there is a need to bypass protections.” Cybercriminals, however, are not the only actors who use steganography on a daily basis. Spies use the technique to communicate with their command center without arousing suspicion among their hosts. Tech-savvy human rights activists and dissidents also use steganography when they want to send sensitive information.