Wednesday 13 July 2011

Cryptic - Steganography

Regular readers of this blog will have probably guessed that I've been reading Bruce Schneier's book, Secrets & Lies. It's a superb exposition on digital security (expect a review soon) and I only wish that I had read it when it was originally published! The book has introduced me to several security concepts and one in particular intrigued me so much that I decided to investigate in more detail.

According to Schneier, steganography "is the science of hiding messages in messages" and in the digital world, messages can be hidden "in graphics, pictures, movies, or sound" (Schneier 2004 p.245). Schneier describes hiding a secret text message in a picture of giraffes and I wondered how easy it is to replicate the process. The answer is that it is simplicity itself! I embedded a short text message in a picture file on my DELL Dimension 8400 (Ubuntu) and emailed it to my Inspiron 1501 (Mint) where I decrypted the plaintext with a single command (coupled with a pre-arranged passphrase) in a terminal window.

For ease, I put all of my files in a single directory: clearly, if you wanted to hide what you were doing, this is probably not a good idea but it serves well enough for testing purposes.

  1. First I installed a program called steghide on both computers (using the Ubuntu Software Centre and Mint's Software Manager). This is easy enough to find and install, just use the search function and type, steghide, select the program and click, install.
  2. Next I selected the photograph that I was going to use as the message mule and saved a copy in my test directory (/home/jogga/Documents/Blog/steganography) called steg_test.JPG
  3. I created a text file called steg_test.txt and saved it in the same directory as the photograph.
  4. I opened a terminal and changed directory to where the photograph and text file were stored. I did this only to reduce typing file addresses during the encryption/embedding process and it really isn't necessary.
  5. Then, at the terminal prompt, I typed:

    steghide embed -cf steg_test.JPG -ef steg_test.txt

    The terminal prompted me for a passphrase and then prompted me to confirm the passphrase.
  6. A handy status message confirmed that the process had been completed.
  7. Now I emailed my photograph as an attachment and opened it on my Mint laptop.
  8. I saved the file (again, in a purpose built directory) and used a terminal to change directory to the photograph's location.
  9. Decrypting the file was simple - from the command prompt, I typed:

    steghide extract -sf steg_test.JPG

    The terminal prompted for the passphrase and then decrypted the message as a text file in the same directory.

Now that's pretty cool!

Sources & References:

  • Schneier B, Secrets & Lies: Digital Security in a Networked World, 2004, Wiley Publishing Inc.
  • Steghide - Documentation
  • Steghide - Manual

No comments:

Post a Comment