Steganography, or "stego," as it's also known, is a way to hide messages like text or images into larger files. Security Focus recently published an excellent and very well-documented article on this subject. Here is the introduction.
Over the past couple of years, steganography has been the source of a lot of discussion, particularly as it was suspected that terrorists connected with the September 11 attacks might have used it for covert communications. While no such connection has been proven, the concern points out the effectiveness of steganography as a means of obscuring data. Indeed, along with encryption, steganography is one of the fundamental ways by which data can be kept confidential. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the true implications it can have on information security.
Kristy Westphal, the author, answers these questions. She also tried several steganography tools. You can see the results of her tests in her article, in two JPEG images, one without an embedded message and one with embedded text. The modified image shows less luminosity, but if you don't know the original one, it is very hard to guess that the second one contains a hidden message.
So is steganography a *good* or a *bad* technology? Like other security tools, as encryption, it depends on the purpose.
Unfortunately, steganography can also be used for illegitimate reasons. For instance, if someone was trying to steal data, they could conceal it in another file or files and send it out in an innocent looking email or file transfer. Furthermore, a person with a hobby of saving pornography, or worse, to their hard drive, may choose to hide the evidence through the use of steganography. And, as was pointed out in the concern for terroristic purposes, it can be used as a means of covert communication. Of course, this can be both a legitimate and an illegitimate application.
Here are Westphal's conclusions to this highly recommended article.
Steganography is a fascinating and effective method of hiding data that has been used throughout history. Methods that can be employed to uncover such devious tactics, but the first step are awareness that such methods even exist. There are many good reasons as well to use this type of data hiding, including watermarking or a more secure central storage method for such things as passwords, or key processes. Regardless, the technology is easy to use and difficult to detect. The more that you know about its features and functionality, the more ahead you will be in the game.
For more information about this technology, you can visit the exhaustive Steganography & Digital Watermarking web page from Neil F. Johnson of George Mason University.
Source: Kristy Westphal, for Security Focus, April 9, 2003
10:44:24 AM Permalink
|
|