Steganography

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze steganography. The discussion also addresses the methods to detect information and possible threats that utilize this method of steganography.

Steganography

It is a method that uses the cryptographic technique to embed secret messages within another message.  The algorithm of steganographic method work by making alterations to the least significant bits of the many bits which make up image files. The changes are minor which does not impact the viewed image.  This method allows communicating parties to hide messages in plain sight. For instance, they might embed a secret message within an illustration on an innocent web page (Abernathy & McMillan, 2016; Stewart, Chapple, & Gibson, 2015). 

The steganographic method is often used to embed secret messages within images or WAV files because these files are often so large that the secret message would be easily missed by even the most observant inspector. This method is used for illegal or questionable activities such as espionage and child pornography. It can also be used for legitimate reasons such adding watermarks to documents to protect intellectual property.  The hidden information is known only to the creator of the file.  If another user later creates an unauthorized copy of the content, the watermark can be used to detect the copy and trace the offending copy back to the source.  The steganographic method is a simple technology to use with free tools openly available on the Internet, such as iSteg tool which requires you specify a text file containing your secret message and an image file that you wish to use to hide the message (Stewart et al., 2015).

Methods for Steganography Detection

Although the message is hidden within an image or WAV files, it can be detected with a comparison between the original file which was used and the file that is suspected with the hidden message.  The hashing algorithm such as MD5, a hash can be created for both files. If the hashes are the same, the file doe does not have a hidden message. However, if the hashes are different, it indicates that the second file has been modified.  The Forensic Analysis technique can retrieve the message.  With respect to the egress monitoring, the organization can periodically capture hashes of internal files which rarely change. For instance, graphics files such as JPEG and GIF files stay the same and do not get changes.  If security experts suspect a malicious insider is embedding additional data within these files and emailing them outside the organization, they can compare the original hashes with the hashes of the files the malicious insider sent out.  If the hashes are different, it indicates the files are different and may contain hidden messages (Stewart et al., 2015).   

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Stewart, J., Chapple, M., & Gibson, D. (2015). ISC Official Study Guide.  CISSP Security Professional Official Study Guide (7th ed.): Wiley.