Steganography

Steganography is the art and science of embedding secret messages in a cover message in
such a way that no one, apart from the sender and intended recipient, suspects the existence
of the message.

The diagram below depicts a basic steganographic model.

As the image depicts, both cover file(X) and secret message(M) are fed into steganographic
encoder as input. Steganographic Encoder function, f(X,M,K) embeds the secret message into
a cover file. Resulting Stego Object looks very similar to your cover file, with no visible
changes. This completes encoding. To retrieve the secret message, Stego Object is fed into
Steganographic Decoder.

Steganography Tutorial: Historical Background

Steganography is the practice of concealing a secret message behind a normal message. It stems
from two Greek words, which are steganos, means covered and graphia, means writing.
Steganography is an ancient practice, being practiced in various forms for thousands of years
to keep communications private. For Example:

• The first use of steganography can be traced back to 440 BC when ancient Greece,
people wrote messages on wood and covered it with wax, that acted as a covering
medium
• Romans used various forms of Invisible Inks, to decipher those hidden messages light
or heat were used
• During World War II the Germans introduced microdots, which were complete
documents, pictures, and plans reduced in size to the size of a dot and were attached to
normal paperwork
• Null Ciphers were also used to hide unencrypted secret messages in an innocent
looking normal message
Now, we have a lot of modern steganographic techniques and tools to make sure that knows
our data remains secret. Now you might be wondering if steganography is same as
cryptography. No, they are two different concepts and this steganography tutorial presents you
the main differences between them.

How is Steganography different from Cryptography?

At their core, both of them have almost the same goal, which is protecting a message or
information from the third parties. However, they use a totally different mechanism to protect
the information.

Cryptography changes the information to ciphertext which cannot be understood without a

decryption key. So, if someone were to intercept this encrypted message, they could easily see
that some form of encryption had been applied. On the other hand, steganography does not
change the format of the information but it conceals the existence of the message.

STEGANOGRAPHY CRYPTOGRAPHY

It is a technique to hide the existence of It’s a technique to convert data into an

Definition
communication incomprehensible form

Purpose Keep communication secure Provide data protection

Data
Never Always
Visibility

Data
Doesn’t alter the overall structure of data Alters the overall structure of data
Structure

Key Optional, but offers more security if used Necessary requirement

If you possess the decryption key, then

Once the presence of a secret message is
Failure you can figure out original message
discovered, anyone can use the secret data
from the ciphertext

So, in other words, steganography is more discreet than cryptography when we want to send
confidential information. The downside being, the hidden message is easier to extract if the
presence of secret is discovered. For the remainder of this steganography tutorial, we will learn
about different steganography techniques and tools.
Steganography Techniques

Depending on the nature of the cover object(actual object in which secret data is embedded),
steganography can be divided into five types:

1. Text Steganography
2. Image Steganography
3. Video Steganography
4. Audio Steganography
5. Network Steganography

Let’s explore each of them in detail.

Text Steganography

Text Steganography is hiding information inside the text files. It involves things like changing
the format of existing text, changing words within a text, generating random character
sequences or using context-free grammars to generate readable texts. Various techniques used
to hide the data in the text are:

• Format Based Method

• Random and Statistical Generation
• Linguistic Method

Image Steganography

Hiding the data by taking the cover object as the image is known as image steganography. In
digital steganography, images are widely used cover source because there are a huge number
of bits present in the digital representation of an image. There are a lot of ways to hide
information inside an image. Common approaches include:

Audio Steganography

In audio steganography, the secret message is embedded into an audio signal which alters the
binary sequence of the corresponding audio file. Hiding secret messages in digital sound is a
much more difficult process when compared to others, such as Image Steganography. Different
methods of audio steganography include:

• Least Significant Bit Encoding

• Parity Encoding
• Phase Coding
• Spread Spectrum

This method hides the data in WAV, AU, and even MP3 sound files.

Video Steganography

In Video Steganography you can hide kind of data into digital video format. The advantage of
this type is a large amount of data can be hidden inside and the fact that it is a moving stream
of images and sounds. You can think of this as the combination of Image Steganography and
Audio Steganography. Two main classes of Video Steganography include:

• Embedding data in uncompressed raw video and compressing it later

• Embedding data directly into the compressed data stream

Network Steganography (Protocol Steganography)

It is the technique of embedding information within network control protocols used in data
transmission such TCP, UDP, ICMP etc. You can use steganography in some covert channels that you
can find in the OSI model. For Example, you can hide information in the header of a TCP/IP packet in
some fields that are either optional.

In today’s digitalized world, various software tools are available for Steganography. In the
remainder of this Steganography Tutorial, we will explore some of the popular steganographic
tools and their capabilities.

Best Tools to Perform Steganography

There are many software available that offer steganography. Some offer normal steganography,
but a few offer encryption before hiding the data. These are the steganography tools which are
available for free:

• Stegosuite is a free steganography tool which is written in Java. With Stegosuite you can
easily hide confidential information in image files.
• Steghide is an open source Steganography software that lets you hide a secret file in image
or audio file.
• Xiao Steganography is a free software that can be used to hide data in BMP images or in
WAV files.
• SSuite Picsel is another free portable application to hide text inside an image file but it takes
a different approach when compared to other tools.
• OpenPuff is a professional steganographic tool where you can store files in image, audio,
video or flash files

Well, these are few tools to perform steganography. There are many other different tools with
different capabilities. However, you will get the desired results from these tools.

So, we have reached the end of Steganographic Tutorial. Steganography was developed for
secure communication. However, criminals and terrorist organizations are using this for their
own purpose. So, understanding how to hide data steganography, and prevent that data from
being misused, can be very helpful for both attack and defense.

Steganography in Kali Linux

Steganography is the practice of concealing a file, message, image, or video within another
file, message, image, or video. Generally, the hidden messages appear to be (or be part of)
something else: images, articles, shopping lists, or some other cover text. This post would
cover Steganography in Kali Linux – Hiding data in image. You can pretty much use the
same method to hide data in Audio or Video files.

In digital steganography, electronic communications may include steganographic coding

inside of a transport layer, such as a document file, image file, program or protocol. Media
files are ideal for steganographic transmission because of their large size. For example, a
sender might start with an innocuous image file and adjust the color of every 100th pixel to
correspond to a letter in the alphabet, a change so subtle that someone not specifically
looking for it is unlikely to notice it.

The advantage of steganography over cryptography alone is that the intended secret message
does not attract attention to itself as an object of scrutiny. Plainly visible encrypted
messages—no matter how unbreakable—arouse interest, and may in themselves be
incriminating in countries where encryption is illegal. Thus, whereas cryptography is the
practice of protecting the contents of a message alone, steganography is concerned with
concealing the fact that a secret message is being sent, as well as concealing the contents of
the message.

There’s two primary tools available in Kali Linux for Steganographic use.

a. Steghide

Steghide is a steganography program that is able to hide data in various kinds of image- and
audio-files. The color- respectivly sample-frequencies are not changed thus making the
embedding resistant against first-order statistical tests.

Features:

• compression of embedded data

• encryption of embedded data
• embedding of a checksum to verify the integrity of the extraced data
• support for JPEG, BMP, WAV and AU files

b. StegoSuite

Stegosuite is a free steganography tool written in Java. With Stegosuite you can hide
information in image files.
Features

• BMP, GIF and JPG supported

• AES encryption of embedded data
• Automatic avoidance of homogenous areas (only embed data in noisy areas)
• Embed text messages and multiple files of any type
• Easy to use

Hiding data in image using steghide

Install Steghide

Installation is simple in Kali Linux as steghide is already available in Kali Linux repository.
Run the following command and you’re done.

root@kali:~# apt-get install steghide

Hide text file in Image

I created a folder steghide in root home folder and placed picture.jpg and secret.txt
file in there. picture.jpg is the file where I am going to hide secret.txt file. I am going to
show the commands here.

To hide text file in Image in Kali Linux using steghide, use the following command:

root@kali:~/steghide# steghide embed -cf picture.jpg -ef secret.txt

Enter passphrase:
Re-Enter passphrase:
embedding "secret.txt" in "picture.jpg"... done
root@kali:~/steghide#
This command will embed the file secret.txt in the cover file picture.jpg.

Now you can email, share or do anything with this new picture.jpg file without having to
worry about exposing your data.

Extracting text file from Image

After you have embedded your secret data as shown above you can send the file
picture.jpg to the person who should receive the secret message. The receiver has to use
steghide in the following way:

root@kali:~/steghide# steghide extract -sf picture.jpg

Enter passphrase:
the file "secret.txt" does already exist. overwrite ? (y/n) y
wrote extracted data to "secret.txt".

If the supplied passphrase is correct, the contents of the original file secret.txt will be
extracted from the stego file picture.jpg and saved in the current directory.

Just to be on safe side, I am checking the content of the secret.txt I extracted. Seems ok.

root@kali:~/steghide# head -3 secret.txt

Linux. It’s been around since the mid ‘90s, and has since reached a user-
base that spans industries and continents. For those in the know, you
understand that Linux is actually everywhere. It’s in your phones, in your
cars, in your refrigerators, your Roku devices. It runs most of the
Internet, the supercomputers making scientific breakthroughs, and the
world\'s stock exchanges. But before Linux became the platform to run
desktops, servers, and embedded systems across the globe, it was (and still
is) one of the most reliable, secure, and worry-free operating systems
available.
root@kali:~/steghide#

Viewing Info of embedded data

If you have received a file that contains embedded data and you want to get some information
about it before extracting it, use the info command:

root@kali:~/steghide# steghide info picture.jpg

"picture.jpg":
format: jpeg
capacity: 3.1 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:
embedded file "secret.txt":
size: 6.5 KB
encrypted: rijndael-128, cbc
compressed: yes
root@kali:~/steghide#

After printing some general information about the stego file (format, capacity) you will be
asked if steghide should try to get information about the embedded data. If you answer with
yes you have to supply a passphrase.

Steghide will then try to extract the embedded data with that passphrase and – if it succeeds –
print some information about it.

If you want more detailed information please read the man(ual) page.

Hiding data in image using Stegosuite

Stegosuite is pretty much a GUI for similar steghide-type functionality.

Install stegosuite

Installation is simple in Kali Linux as stegosuite is already available in Kali Linux repository.
Run the following command and you’re done.

root@kali:~# apt-get install stegosuite

Embed text file in Image using Stegosuite

You need to run it from Application menu (or you can just search it). Go to File > Open and
open the image you want to use. Right-click on the file section and select add files and select
your secret.txt file. Type in a passphrase and click on embed. Few seconds and it will create a
new file picture_embed.jpg.
Extracting text file from Image using Stegosuite

If you want to extract text file or data from the image, simply Open the image, type in the
passphrase and click on Extract.

Steganalysis and detection

In computing, steganographically encoded package detection is called steganalysis. The

simplest method to detect modified files, however, is to compare them to known originals.
For example, to detect information being moved through the graphics on a website, an analyst
can maintain known clean-copies of these materials and compare them against the current
contents of the site. The differences, assuming the carrier is the same, comprise the payload.
In general, using extremely high compression rates makes steganography difficult, but not
impossible. Compression errors provide a hiding place for data, but high compression reduces
the amount of data available to hold the payload, raising the encoding density, which
facilitates easier detection (in extreme cases, even by casual observation).

References:

https://www.edureka.co/blog/steganography-tutorial
https://www.securitynewspaper.com/2019/02/04/best-forensic-tools-to-hide-secrets-
passwords-and-recover-files/
https://www.yeahhub.com/use-steghide-stegosuite-steganography-tools-kali-linux/
https://www.blackmoreops.com/2017/01/11/steganography-in-kali-linux-hiding-data-in-
image/