** Are the images really safe? **
Steganography, according to Wikipedia, is the practice of concealing a message within another message or a physical object. In computing/electronic contexts, a computer file, message, image, or video is hidden within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós, meaning “covered or concealed,” and -graphia meaning “writing.”
Steganography Types
The type of cover data is also the type of steganography. Today, steganography is examined as text, image, audio, video, and protocol steganography.
Text Steganography
Confidential data is hidden in text files. Different methods can be used to hide the data in the text file. These methods include;• Format Based Method: Confidential data is hidden inside cover data with techniques such as adding text spaces, deliberate typing errors, and sizes of writing types. This method is easily detectable by computer software. Hence, it is a less preferred method.
• Random and Statistical Method: Hidden data is stored inside character strings. Places where confidential information is hidden must be reported to the extractor.
• Linguistics Method: Hidden data is stored in the syntactic structure.
Image steganography
is the method of hiding data inside an image file as cover data. In image steganography, pixel densities are used to hide the data. The most commonly used image formats as cover data are; BMP, PNG, JPEG, TIFF, and GIF(Kamble et al., 2013). Image steganography uses the weaknesses of the human visual system (HVS).
Most commonly used methods in image steganography;
• Least Significant Bit (LSB)
• Spread spectrum
• F5
• Palette embedding
• Wavelet transform
Data masking
Audio SteganographyThis method hides data inside sound files. This method uses audio file formats such as WAV, AU, and MP3 as cover data. Audio steganography has different methods.
These methods include;
• Least Significant Bit (LSB)
• Parity coding
• Phase coding
• Spread spectrum
• Echo hiding.
Video Steganography
It is the technique of hiding any file or data inside a digital video format file. Video steganography uses H.264, Mp4, MPEG, and AVI video formats as cover data. So almost all of the steganography techniques that can be applied to image and audio files can be used for video files. Video steganography provides less perceptibility because the video is a flow of images and sounds at a high frame rate. Due to the large size of video files, the payload capacities of video steganography is quite large.
Network or Protocol Steganography
It aims to hide confidential data inside a cover object protocol such as TCP, UDP, ICM, and IP. There are hidden channels in the OSI layer networking model where steganography can be used.
Steganography Defense
Detecting and managing malicious use of steganography already happening on a network is very difficult.
According to Barwise, “If an adversary is to able to penetrate a network successfully and unsuspectingly install malware onto a system that uses digital steganography to hide its presence, then the network and all associated data contained therein should be considered entirely compromised (Theoretical Framework). This is a good description of how difficult it is to detect and respond to the use of hidden data techniques against your information resources. Antivirus and IPS are not likely to detect malicious content in images or audio. It is difficult to detect network-based steganography with monitoring solutions. Consequently, the best approach to steganography defense is the implementation of known ways to prevent the infiltration of malware and unwanted utility software.
Prevention:
For prevention, the first step is identifying ways steganographic tools and infected carriers can find their way onto your network. The next step is to block them. In addition to implementing antivirus, IPS, and firewalls according to current best practices:
• Remove local admin access from all day-to-day accounts
• Only allow installation of whitelisted applications
• Strictly enforce least privilege and need-to-know
• Segment the network and prevent access to database servers to anything but application servers and strictly manage traffic entering and leaving the segments by using explicit allows
• Ensure all applications that access database servers have strong input validation
• Prohibit or strictly manage script and macro execution
• Consider blocking or alerting on suspicious movement of certain file types, including stripping them from all email messages Image files Audio files Video files Larger than regular Office applications (normal for your organization)
• Only download and install applications or other media from the internet that includes a valid hash value you can check
• Block general use of USB storage
• Train users not to download images, songs, videos, and other media from the internet, especially from social networking sites.
How an organization approaches these controls depends on its unique operating environment and management’s willingness to deal with the potential employee frustration.
It is all about risk and management’s appetite for risk. Deep Secure developed a novel approach to prevention. Their content threat removal tools assume all content is compromised. Original content is not delivered to the recipient. Instead, obvious business/functional information is stripped and placed into a new document/file. This reconstructed document/file is delivered, and the original is dropped.
Monitoring and Detection
As always, assume malicious actors find ways to circumvent your prevention controls. Some ways to proceed are:
• Monitor network behavior for anomalous packet traffic such as that described in the section, Attack Command and Control
• Monitor user behavior for unusual access and large data transfers
• Scan all computers, especially user devices, for steganography tools
• Periodically use forensics tools to test all or a meaningful sample of potential carriers found on the network to determine if they might contain hidden information
CONCLUSION: Steganography is used for good and malicious purposes, from securing confidential and sensitive data to stealing or backdooring the network.
Connect with me:
LinkedIn: https://www.linkedin.com/in/prasan-singh-13ba15198/
Twitter: https://twitter.com/parsan26
Join The Community:
LinkedIn: https://www.linkedin.com/company/cyber-junk
Discord: https://discord.gg/ZmCmkw2enz
Support my HackClub:
https://bank.hackclub.com/donations/start/cyber-junk
Top comments (0)