Steganography is still considered to be a part of the obscure tools of secret agents and corporate spies.

However, steganography tools are widely available, and anyone can use them. Most of these tools

But the science of counter-steganography is also advancing. Recently we discovered a great article on defeating steganography in 24-bit images. And it is quite probable that such analysis will find their way in filter systems, like mail and web filters.

This prompted us to analyze how survivable is steganogrpahy?

This also gave us a great reason to publish another set of pictures (albeit cropped) of Lena Söderberg ;) Here is our original image


Proposed Counter-Steganography System
The filter system will need to be cost-effective, minimally intrusive and not prone to error. Since there may be many different steganography alghorithms, the filter system should not try to read such messages. Doing so will require an entire farm of filter servers. Instead, the systems will resort to a much simpler mechanism:

1. Modify all passing images so that the original hidden data is compromised.
2. Use only minute changes to images, so that the original user expecting to see an image cannot discern any loss of quality in the image
   

The Test
In our test, we will be using the Lena Söderberg test image and we will perform tests using 3 common image enhancement filters. We will hide and open the message using the online tool at Mozaiq.Org

Our operating assumption is that a higher redundancy of the message has a higher chance of survival through a filter. Thus, our test message is the following:

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat

Here is the image of Lena Söderberg with the message included within it


After hiding the message inside the image, we'll pass the image through different enhancement filters and then try to extract the message from the filtered image.

1. Sharpen Filter - The first filter to be tested is the Sharpen Filter. The filter is applied with Sharpness=2. After the application of the filter here is the image and the following message is extracted:

LoremJ� @�: ���Ѽsit�km t� consecf�t* ad piscin� u| tJ|�h s l����G�l�l� �h�z~� 5r�f�v��f�� ��j\)��5KT1��ķQo�s~cΓy?�� ɉ�C�$�� O�4E!L�r_x�߆��Ƥ �� b;��� \G;*W�.=� �1 楄 �M) Z*>֟ " °�N�(��%�J]u� �dRp�s���Χ �
G�?� e-e� E�͹g�� s�s�e�a�D�moF�O[t�h �ˀ2��i� _? � Լ�);c�s� &hD��DF �ͬ�8Q��1T� Cr!�us� �F�j�l߫��M-�_�Y��i�$�DIHQ�u�g����?0Xt�1c�� �ecTS� id_p�̦iG����Q�.�agaa��d��\�� ri u��

2. NF Filter - The second filter to be tested is the NF Filter. The filter is applied with default Alpha=0.30, and Radius=0.35. After the application of the filter here is the image and the following message is extracted:

Lo�eB�ٷs��7,� o_� � � ]t,(;��Rec�(ξrg d�p_sc nw g)�t� �kK�?1� o�nJ�8 �0;֦a �4�Cr� <��` RorLP �W�jd Fol�4ix " v����oo��� �� �i@^���r� l� ����=� l>SsC�nP �ą�v�)��EyC G�� p `8�2��Ʃ&��t��\�Yr�� Is�&t�tD>�%.�pͮǿ ��T �Z� Mha�e&l�s ƾ��`s���Mc

3. Unsharp Mask - The third filter to be tested is the Unsharp Mask. The filter is applied with Radius=1, Threshold=1 and Amount=0.1. After the application of the filter here is the image and the following message is extracted:

Error: The image that you tried to decrypt does not appear to have a message in it. It is possible that you entered the incorrect password. Please try again.

Conclusion
Once an image passes through a filter, any hidden messages will be corrupted. Redundancy in the hidden message helps but only against some types of image manipulation and only at very low levels of the filter.
So, any digital picture retouch filter will damage the hidden message within a steganography image.
Naturally, this conclusion is nothing new - but through this test we can conclude that a small and very visually non-disruptive filter can cause a lot of damage to a steganography image. But it will probably take a serious information theft incident through steganography in order for the vendors to start implementing steganography filters in their content filtering and gateway solutions.


Talkback and comments are most welcome

Related posts
Hiding Information in Plain Sight - Steganography

A very common theme in action movies is walking away with the stolen goods in plain sight. Although popular in movies, the subject of hiding information is often overlooked in information security. Here is an analysis of how easy it is to hide valuable information in harmless files.

The art and science of writing hidden messages in such a way that no-one apart from the sender and intended recipient even realizes there is a hidden message is known as Steganography
Generally, a steganographic message will appear to be something else: a picture, an article, a shopping list, or some other message. This apparent message is the covertext.

There are many ways to use steganography in electronic communications: A hidden text can be transported in an image, a music file, another text file, executable file or even in the TCP/IP stream.

Here is an example

The following text file is hidden within the image.
Below is the original image used for hiding the file - a standard test image also known as Lenna (a cropped image from a Playboy magazine centerfold picture of Lena Söderberg)



Below is the image of Lenna with the hidden file inside it. The only user-detectable difference is the file size. But to most users, this difference means nothing and you'll need to find the untampered image to make a comparison.


The tool
The above hiding process is completed with StegoShare. The tool is simple, straightforward and very efficient. Ofcourse, it is limited to hiding data in lossless compression images and cannot hide data in other types of files (audio, documents).


Risk Analysis
Although steganography is not widely discussed on security forums, it can be used to efficiently bypass security measures, and here is why

• There is no straightforward detection method for finding hidden information in files unless you know exactly what you are looking for.
• There are multitude of open source tools for steganography that run in user space - no need for installation on the computer
• There are numerous channels by which a hidden file is able to transit (web, e-mail, usb, printout...)

Talkback and comments are most welcome