By Erik Bärwaldt
Cryptography is essential for anyone who cares about communicating privately over the Internet. In the classic cryptography scenario, the message is encrypted and transmitted, and the receiver decrypts and reads it on the other end. This approach has various drawbacks, including the overhead for the encryption, the danger of lost keys, and the fact that any evidence of encryption actually makes the message a potentially interesting target. In some situations, even standard encryption is too conspicuous. What if you don't just want to conceal the text of your message, but you actually want to conceal the fact that the message was even sent?
Steganography provides an elegant approach to the problem of concealing message content. The goal of steganography is to embed a message in a carrier medium so that it is invisible to third parties. The carrier medium could be an ordinary digital photo, an audio file, or even a text file. Not only is the message impossible for an eavesdropper to read using conventional techniques; the very existence of the message is hidden from the unauthorized viewer. (See the box titled "Steganography.")
Linux offers a number of tried-and-trusted steganography tools, all of which compare well with commercial solutions. This article describes how to conceal your messages with the steganography application known as Outguess [1].
| More on Steganography |
|
By Outguess creator Niels Provos Steganography is the art and science of hiding the presence of communication. A steganographic system embeds hidden content into unremarkable cover media that can then be sent without arousing the suspicion of an eavesdropper. Once, hidden tattoos and invisible ink were used to convey steganographic communication. Now, computer and network technologies provide easy-to-use communication channels for steganographic techniques. In general, the hiding process identifies redundant parts in a cover medium. Redundant parts are those that can be modified without destroying the integrity of the cover medium. The embedding process creates the stego medium by replacing redundant parts with data from the hidden message. Although classical steganographic systems depend on the secrecy of the encoding system, modern steganography tries to be undetectable unless a secret key is known. Yet, because of their invasive nature, steganographic systems can leave detectable traces within a medium's characteristics, which coud allow an eavesdropper to detect media that have been modified, revealing the occurrence of secret communications. Even if secret content is not revealed, its existence is exposed, which defeats the sole purpose of steganography. A steganographic system is considered secure if an eavesdropper intercepting the stego medium has no algorithm better than random guessing to determine whether hidden content is present. However, because modifications to the cover medium might change the its statistical properties, it is often possible to discover such distortions in the stego medium. This analysis process is called statistical steganalysis. To date, most commonly used steganographic systems are detectable. |
The Outguess steganography tool is a command-line program. Outguess does not offer much in the line of optional settings or parameters. For example, Outguess does not allow users to choose an encryption method from the large number of available methods - users have to rely on the RC4 cypher algorithm. This said, RC4 has proved resilient against various cryptoanalysis techniques and is thus a safe choice. Additionally, Outguess is mainly designed to embed messages employing an image as the carrier: it only supports PPM, PNM, and JPEG files.
Restricting the choice of formats has the advantage that the steganogram is safe against visual or statistical attacks caused by an incorrect choice of carrier file format. The most important unique selling feature that Outguess has going for it is its ability to hide two text files in a single carrier at the same time.
The program starts by investigating the carrier file to discover redundant information that could be modified without causing visible changes to the overall image. If you are embedding two text files in the same carrier, Outguess additionally checks before embedding the second text to see whether some bits are reserved; that is, whether the program has already decided to use them for embedding part of the first text, which would mean that they are not available for modification with a second text. After discovering sufficient redundant data, it is extracted. The embedding process relies on the LSB method: The least significant bit of each color value in a pixel is modified and then written back to the file. At the same time, error correction ensures that the modification is as slight as possible.
Outguess is included with many Linux distributions. On Ubuntu and other Debian derivatives, you can easily install the program using Synaptic. For other distros, you'll find additional binary packages at the Rpmseek repository [2]. If none of these packages work for you, the source code package is available [1] for any distribution that does not offer a prebuilt binary.
Outguess is ready to run after you install the binary. The first step is to find a suitable carrier for the text file you want to hide. You should choose an image without sharply contrasting colors. As a general rule, the more fuzzy the image is and the more homogeneous its overall appearance, the better it protects you against visual attacks. Fuzzy images have more potential in the form of redundant data; redundant bits are just what you need to to hide information and can be modified without even a experienced observer noticing the distance.
Additionally, it is definitely a bad idea to take an image off the Internet, especially from a popular site. A potential attacker who suspects you are using steganography will try to get hold of the original image. And if the attacker succeeds in doing so, it is fairly easy to see the manipulation based on the different file sizes, and to assume that the image contains some other information. Additionally, compressed JPEG photos make it too easy to identify a steganogram compared with the original, especially if the image is recompressed.
After finding a suitable carrier, you can embed your secret text with the command line outguess -k password -d textfile carrierfile steganogram. In this case, textfile is encrypted with a password of password and embedded in carrierfile; the results are stored in a file called steganogram (Figure 1).
The recipient can run the command outguess -k password -r steganogram textfile to reverse the process, choosing any name for textfile (Figure 2).
The process for embedding two files with Outguess is similar. The command line is outguess -k password1 -d text1 -E -K password2 -D text2 carrierfile steganogram (Figure 3).
Of course, the recipient does not need to extract both texts. To extract just the second message, the recipient would type outguess -k password2 -e -r steganogram textfile.
Outguess is fast, stable, and really easy to use after you negotiate the initial learning curve. Above all, the software is effective:
Assuming you select a suitable carrier file, and assuming the file is large enough, you can easily hide two text messages in one file without changing the appearance of the image that conceals the text. Outguess does not suffer from the problem that affects many steganography tools: visibly lighter pixels in the steganogram.
If the text message you want to embed is too large for the carrier, the software will stop the process and issue a warning. Outguess is also well protected against statistical attacks: It automatically spreads the embedded content over the carrier, thus spreading the changes evenly across the whole image.
Even if an attacker manages to retrieve the hidden text from the carrier image, the battle is not over: Outguess does not embed clear text in the carrier but encrypts before the event with the RC4 cypher algorithm, which is still considered safe today.
Other steganography tools are also available for the Linux environment. For instance, the tool known as Steghide [3] has achieved some popularity with Linux users.
| INFO |
|
[1] Outguess: http://www.outguess.org
[2] Outguess binaries packages: http://rpmseek.com/rpm-pl/outguess.html?hl=com&cs=Outguess:PN:0:0:0:0 [3] Steghide: http://steghide.sourceforge.net/ |