.NET Security and Cryptography
Steganography is the art of concealing information in such a way that the fact that information is being concealed is itself a secret. Steganography is technically not considered to be a true branch of cryptography, but it can nevertheless be used very effectively for secret communications. The Steganography example is a simple program that shows a typical approach to implementing steganography using a graphical image. We will not go through the details of this example code here, since they do not have much relevance to true cryptography; however, if you are interested, you may choose to look through the source code provided. It makes no use of any specialized .NET Security Framework classes, and is quite easy to follow if you know C# reasonably well. The hardest part is to understand the bit-twiddling that goes on. Basically, each 8-bit byte of the original message is incorporated into a corresponding pixel in the bitmap image. Each pixel is represented by a triplet of bytes containing the red, green, and blue components of that particular pixel. Each byte in the original message is split into a set of 3-bit, 3-bit, and 2-bit fields. These are then used to replace the least significant 3 bits, 3 bits, and 2 bits of the corresponding pixel's red, green, and blue color components, respectively. The images before and after a short secret message has been inserted are shown in Figure 2-8. Can you see the difference? The difference, which is not apparent to the eye, is that the least significant bits of the first few pixels are modified to carry the message. Even if you tried this with a much longer message and with a large percentage of modified pixels, you would still probably not be able to visually detect that the image that carries the message data is different. Figure 2-8. A simple steganography example.
This technique works because the least significant bits tend to have little effect on the visual appearance of the image. If you try doing this using the most significant pixel bits, you will see a startling result that looks very psychedelic. In steganography, as in real life, psychedelic effects are best avoided! The least significant bits in most images tend to be fairly random, so any detectible statistical patterns in these bits could reveal the fact that steganography is being used. Thus, an attacker could do tests on your images to see if those bits are in fact random. To avoid this problem, you can randomize the message bits before inserting them into the image. For example, you could use compression, which not only improves randomness but also improves bandwidth. Alternatively, you could encrypt the message before inserting it, which not only improves randomness but also makes detection and recovery altogether much harder. When it comes to steganography, the only limitation is that of your imagination . You can carry hidden information in images, audio files, email attachments, Voice over IP, and so forth. In addition, secret-loaded files can be communicated anonymously and in large volumes via newsgroups, email, Web sites, and services such as Napster. |