Steganography

by | Jun 8, 2022 | Uncategorized | 0 comments

CIA Model

The CIA acronym stands for Confidentiality, Integrity, and Availability, and they all work together to form the three pillars of an organization’s security infrastructure. When any data is spilled, an account is hacked, or a system or a website is attacked or intentionally taken down, one of the three pillars has undoubtedly been breached.

Confidentiality: This ensures that data is not made available or given to unauthorized persons, organizations, or processes, i.e., only an authorized user has access to the data or the system.

Integrity: This principle assures that data is consistent, accurate, authentic, and trustworthy throughout its life cycle. Sensitive data should not be altered while in transit. File security precautions such as file permission access controls should also ensure that unauthorized people cannot modify them.

Availability: According to this notion, data and information systems should really be available whenever they are needed. Availability ensures that authorized persons have consistent and dependable access to sensitive data.

Introduction

Steganography is a technique that allows for the concealment of a secret message within another message. The term steganography appears exotic but stems from a relatively essential source. The root “steganos” means “hidden” or “covered” in Greek, and the term “graph” means “to write” in Greek. When combining these words, you obtain something resembling “hidden writing” or “secret writing.”

To be more specific, steganography is the concealment of a file, message, image, or video within another file, such as a message, video, or audio. As a result, it protects data hidden in computer files.

The sender employed tactics such as invisible ink, tiny pin punctures on certain characters, minute variances between handwritten characters, pencil traces on handwritten characters, and so on in the past.

There are occasions when we transfer files to other individuals, whether regular or encrypted. Because the likelihood of information compromise is at its peak, steganography is a superior and safer option in such cases.

If we hide the confidential data behind the image, it will appear as a standard image, and the other person will have no idea what is on the other side of the picture. As a result, this assists the organization in protecting itself from information disclosure.

Types of steganography

There are different types of steganography, but the major ones are Audio, Video, Image, and Text Steganography.

Audio: Audio steganography aims to conceal the hidden message inside the audio. It is a method for securing the transfer of secret information or concealing its presence. It may also provide confidentiality for confidential communication if it is encrypted.

Let’s start by installing “deep sound” software to convert all of our audio recordings to another format. Then launch the application and select an mp3 file behind which you wish to hide the original file by clicking on open carrier files. Now, choose an audio file from which we will hide the data.

Let’s click on the secret add file and enter whatever file we want to hide here.

After that, we encode it with a password.

Video: Video Steganography is the experiment of writing hidden messages inside videos so that no one other than the sender and the person receiving them is aware of their presence. Video steganography embeds the hidden message primarily via repeating sections of video recordings.

For video steganography, we will need to install “OurSecret” software, which will allow us to hide a doc file behind a video file.

Let’s use the same tool to extract the hidden file from the video.

Image: Image steganography is the practice of concealing information, such as text, images, or audio recordings, within another image or video file.

We have a technology to disguise content behind images, similar to video steganography, called BeautifyConverter (an image steganography tool).

Text: White Space Steganography, often known as text steganography, is one of the undetectable steganography techniques. Here, we’ll bury the reader behind the text, making it impossible to analyze. We will hide text behind text here.

Over encode, enter the text to be hidden and press the encode button.

We get the encoded text, which can be decoded back again.

Types of Attacks

Steganography is used to encrypt messages. There are numerous attacks that can be used to detect steganographic data. The ability of a steganographic algorithm to successfully withstand attacks determines its strength. Hidden data attacks and analysis can take numerous forms.

  1. Cipher-Text only attacks: In this type of attack, the attacker does not have a clue about the plain text. The attacker has some or all of the cipher text. If you notice, the difference here is that if the attacker does not have access to even the cipher text, what is the need to encrypt the plain text to obtain cipher text in the first place? The attacker analyses the cipher text at leisure to try and figure out the original plain text. based on the frequency of letters (that are common in English). The attacker attempts to guess the plain text. The more cipher text is available to the attacker, the greater the chances of a successful attack.
  2. Chosen Plain Text- The attacker selects a plain-text block and tries to look for the encryption of the same in the cipher text. The attacker is allowed to choose the message to encrypt. Based on this, the attacker intentionally picks up the pattern of cipher text, which obtains more information about the key.
  3. Known Plain Text In this case, the attacker knows about some pairs of plain text pairs and the corresponding cipher text for those pairs. Using this information, the attackers try to find other pairs and obtain more plain text. Usually, this happens when plain-text information has become outdated and publicly known over time. The alternative is that it would have been leaked out inadvertently.
  4. Chosen Cipher-Text – In this attack, the attacker knows the cipher text to be decrypted, the encryption algorithm used to produce the cipher text, and the corresponding plain-text block. The attacker’s job is to discover the key used for encryption.
  5. Chosen-Text This attack is essentially a combination of a chosen plain-text attack and a chosen cipher-text attack.

Today’s World

Cybercriminals now use PowerShell and BASH scripts to automate attacks. Pen testers are the same. Attackers have embedded actual codes within macro-enabled Excel and Word documents. The embedded secret code is activated when a victim opens the Excel or Word document.

The attacker uses a steganographic application to exploit standard Windows applications and features like Excel and PowerShell. The victim has to read the document, and an unpleasant chain of events begins.

Attackers have utilized the following approach to deliver ransomware like Snatch. Hackers have deployed sophisticated malware capable of keylogging, enrolling computers in DDoS malware attacks, or installing trojans, including the most recent varieties, and the list goes on.