Kristy Westphal

SecurityFocus

Over the past couple of years, steganography has been the source

of a lot of discussion, particularly as it was suspected that terrorists

connected with the September 11 attacks might have used it for covert

communications. While no such connection has been proven,

the concern points out the effectiveness of steganography as a means

of obscuring data. Indeed, along with encryption, steganography is

one of the fundamental ways by which data can be kept confidential.

This article will offer a brief introductory discussion of stegano

graphy: what it is, how it can be used, and the true implications it

can have on information security.

What Is Steganography?

While we are discussing it in terms of computer security,

steganography is really nothing new, as it has been around since

the times of ancient Rome. For example, in ancient Rome and Greece,

text was traditionally written on wax that was poured on top of stone

tablets. If the sender of the information wanted to obscure

the message — for purposes of military intelligence, for instance —

they would use steganography: the wax would be scraped off and the

message would be inscribed or written directly on the tablet, wax

would then be poured on top of the message, thereby obscuring not

just its meaning but its very existence.

According to Dictionary.com, steganography (also known as

“steg” or “stego”) is “the art of writing in cipher, or in characters,

which are not intelligible except to persons who have the key;

cryptography”. In computer terms, steganography has evolved into

the practice of hiding a message within a larger one in such a way

that others cannot discern the presence or contents of the hidden

message[3]. In contemporary terms, steganography has evolved into

a digital strategy of hiding a file in some form of multimedia, such as

an image, an audio file (like a.wav or mp3) or even a video file.

What Is Steganography Used for?

Like many security tools, steganography can be used for a variety

of reasons, some good, some not so good. Legitimate purposes can

include things like watermarking images for reasons such as copyright

protection. Digital watermarks (also known as fingerprinting,

significant especially in copyrighting material) are similar to

steganography in that they are overlaid in files, which appear to be

part of the original file and are thus not easily detectable by the

average person. Steganography can also be used as a way to make

a substitute for a one way hash value (where you take a variable length

input and create a static length output string to verify that no changes

have been made to the original variable length input). Further,

steganography can be used to tag notes to online images (like post it

notes attached to paper files). Finally, steganography can be used to

maintain the confidentiality of valuable information, to protect the data

from possible sabotage, theft, or unauthorized viewing.

Unfortunately, steganography can also be used for illegitimate

reasons. For instance, if someone was trying to steal data, they could

conceal it in another file or files and send it out in an innocent looking

email or file transfer. Furthermore, a person with a hobby of saving

pornography, or worse, to their hard drive, may choose to hide

the evidence through the use of steganography. And, as was pointed

out in the concern for terroristic purposes, it can be used as a means

of covert communication. Of course, this can be both a legitimate

and an illegitimate application.

Date: 2015-12-13; view: 798; Нарушение авторских прав