Investigators Guide to Steganography

Now that we have covered some of the basic techniques of steganography and how they have been used in the past, we will move forward into the digital age. As I promised in the beginning I am going to keep this as straightforward and nontechnical as possible, but some of these concepts are very technically rooted and will require getting into the weeds, so to speak. I will do my best, but if I get too technical, I apologize in advance.

Steganography Techniques

When it is all said and done, there are only three ways to hide a digital message in a digital cover: injection, substitution, and generation of new files.

Injection

Data injection embeds the secret message directly in the host medium. The problem with this kind of embedding is that it usually makes the host file larger, and therefore the alteration is easier to detect.

Substitution

Normal data is replaced or substituted with the secret data. This usually results in very little size change for the host file. However, depending on the type of host file and the amount of hidden data, the substitution method can degrade the quality of the original host file.

Figure 4.1

Generation of New FILES (Figure 4.1)

A cover is generated for the sole purpose of concealing a secret message. As illustrated in "The Prisoners' Problem," Bob creates a picture of something innocent that can be passed to Alice; the innocent picture is the cover that provides the mechanism for conveying the message, which in that example was the particular color of a cow.

Another, more modern form of generation of new files is the Spam Mimic program. Spam Mimic embeds a text message within a rather daunting piece of spam, which can be e-mailed to an intended recipient. While this generated spam does not make a whole lot of sense, it makes enough to be believable, and that is enough.

Resulting Spam Containing the Secret Message

Dear Friend, Your email address has been submitted to us indicating your interest in our newsletter. We will comply with all removal requests. This mail is being sent in compliance with Senate bill 1623 ; Title 3 ; Section 302. This is NOT unsolicited bulk mail ! Why work for somebody else when you can become rich inside 51 MONTHS. Have you ever noticed how long the line-ups are at bank machines and nobody is getting any younger ! Well, now is your chance to capitalize on this ! WE will help YOU increase customer response by 180% and deliver goods right to the customer's doorstep ! You are guaranteed to succeed because we take all the risk ! But don't believe us. Prof Anderson who resides in Idaho tried us and says "Now I'm rich, Rich, RICH." We assure you that we operate within all applicable laws ! We BESEECH you - act now ! Sign up a friend and your friend will be rich too ! Thank-you for your serious consideration of our offer ! Dear Professional ; This letter was specially selected to be sent to you ! This is a one time mailing there is no need to request removal if you won't want any more ! This mail is being sent in compliance with Senate bill 1625 ; Title 1 ; Section 304. This is a legitimate business proposal. Why work for somebody else when you can become rich in 49 weeks ! Have you ever noticed nobody is getting any younger and nobody is getting any younger. Well, now is your chance to capitalize on this ! We will help you SELL MORE & use credit cards on your website. You are guaranteed to succeed because we take all the risk. But don't believe us ! Ms Ames of Arizona tried us and says "Now I'm rich many more things are possible." We assure you that we operate within all applicable laws ! We beseech you - act now ! Sign up a friend and you'll get a discount of 20% ! Cheers.

Категории