Basic Image and Text Steganography and Steganalysis

by Javantea
Oct 5, 2006

Text steganography 1 version 0.1.1 [sig]
Rubber Spoon 1 version 0.1 [sig]
libsteg version 0.4.4 [sig]

INTRODUCTION

Steganography is the science of hiding information in plain sight. It does not require cryptography, but in modern computation, it is obvious that cryptography is quite likely to be involved. There are a handful of methods of steganography that are well-known but most of them involve taking the least significant bits (lsb) of a large set of data and flipping it to a pattern. Keying the flipping of bits makes for a larger attack surface, but can still be brute forced if the key lacks enough entropy.

It is important that the input picture used for steganography not be available to an attacker because this will allow the attacker to see ~90% of which bits are flipped giving away the secret and plausible deniability. Image generation that is impossible to reverse is a topic that can be discussed in the future. An easy way that would give away intent would be to flip all non-steg least significant bits randomly. A better way would be to design the algorithm around the randomness already present in images.

Plausible deniability is an important to steganography because once an attacker brute forces the keys, they are given many different hidden texts. If one says wh333 and another says dinner, the attacker must choose which is more likely. With full English, the attacker will have many unlikely texts and one very likely text. With cryptography, the attacker will have many likely texts. At this point the attacker will need to brute force the encryption which will be easy or hard depending on the key/password. It is possible that steganography can give full plausible deniability. However, it is not guaranteed due to the variable strength depending on factors such as input image randomness.

Questions that need to be answered with any steganography system:

  • How hard is the steg key to brute force?
  • How hard is the crypto key to brute force?
  • How random is the data to be stegged?
  • How random are the lsb of the data to be stegged onto?
  • How much size does the steg add to the input data?
  • How much output size is required to store a plaintext?
  • How hard is the bit flipping to detect with histogram?
  • How hard is the bit flipping to detect with pattern recognition?

METHODS / TOOLS

Rubber Spoon is a gui frontend program for libsteg. Libsteg does steganography on uncompressed images. Rubber Spoon supports input of compressed images but currently only supports exporting of ppm (netpbm) images. Eventually, it will support png compression. In the settings dialog brought up by the settings button are values that will be eventually be used for an internet communication module for Rubber Spoon. Currently, it writes a file and does nothing useful, so avoid it.

Libsteg is a library and pair of programs to steg uncompressed images. It uses a keying system to spread the bits over a large area. An attacker would have to try desteg(data, SHA1(password)) for every password to get the data. Since passwords are fairly low entropy, this can be cracked fairly easily. Using GIMP or any other program that can diff images, a diff can be created to show which bits are flipped with libsteg. Hexdump or any hexeditor is a good way to view this outputted diff (if you save the diff as ppm or any other raw format).

The obvious limitations are: add cryptography, ensure strength, add plausible deniability, add picture generation, desteg images, and upload data to internet. To desteg images, use desteg04 command-line program.

Tstega1 is a text steganography demo that is meant to show how trivial text steganography is. It uses a position key system similar to libsteg. Unlike libsteg, it generates the text data to use on the fly. The goal for the first version of Tstega1 is to look very much like spam and to resist trivial attacks. Brute force will work fairly easily while histogram analysis is only slightly useful. The dictionary is quite obvious (first letter of the word) instead of completely randomized or keyed.

An example of Tstega1 can be found below in the data section.

Data

Rubber Spoon

Original Image:

Message:
this is a test of rubber spoon.
Password:
test
Stegged Image:

Diff:

Diff:

0000000 3650 230a 4320 4552 5441 524f 203a 6854
0000010 2065 4947 504d 7327 5020 4d4e 4620 6c69
0000020 6574 2072 6556 7372 6f69 206e 2e31 0a30
0000030 3035 2030 3333 0a31 3532 0a35 0100 0000
0000040 0000 0000 0000 0000 0000 0000 0000 0000
*
0000060 0100 0000 0000 0100 0000 0000 0001 0000
0000070 0001 0000 0000 0000 0000 0000 0000 0000
0000080 0001 0000 0100 0000 0000 0000 0000 0100
0000090 0000 0100 0000 0000 0000 0000 0000 0100
00000a0 0000 0000 0000 0100 0000 0000 0100 0000
00000b0 0100 0000 0000 0100 0000 0000 0000 0001
00000c0 0000 0100 0000 0100 0000 0000 0000 0000
00000d0 0000 0000 0000 0100 0000 0000 0000 0000
00000e0 0000 0000 0000 0000 0000 0000 0000 0000
00000f0 0001 0000 0001 0000 0000 0000 0000 0000
0000100 0000 0000 0000 0000 0100 0000 0100 0000
0000110 0000 0000 0000 0100 0000 0000 0100 0000
0000120 0001 0000 0000 0001 0000 0000 0000 0000
0000130 0000 0000 0000 0000 0000 0100 0000 0000
0000140 0000 0000 0000 0001 0000 0001 0000 0000
0000150 0100 0000 0000 0001 0000 0001 0000 0000
0000160 0000 0000 0100 0000 0100 0000 0000 0000
0000170 0000 0000 0000 0100 0100 0000 0000 0000
0000180 0100 0000 0000 0100 0000 0100 0000 0000
0000190 0000 0000 0000 0000 0001 0000 0000 0000
00001a0 0100 0000 0100 0000 0000 0000 0000 0000
00001b0 0101 0100 0000 0100 0000 0000 0000 0000
00001c0 0000 0000 0000 0000 0000 0101 0000 0000
00001d0 0000 0000 0000 0000 0000 0000 0100 0000
00001e0 0000 0000 0000 0100 0000 0000 0000 0100
00001f0 0100 0000 0000 0000 0000 0001 0000 0000
0000200 0000 0000 0000 0000 0000 0000 0000 0000
0000210 0000 0000 0100 0000 0000 0000 0000 0000
0000220 0001 0000 0001 0000 0000 0100 0000 0000
0000230 0001 0000 0001 0000 0000 0000 0000 0000
0000240 0000 0100 0000 0000 0000 0001 0000 0001
0000250 0000 0000 0000 0000 0000 0000 0000 0000
0000260 0100 0000 0000 0000 0000 0100 0000 0000
0000270 0000 0000 0000 0000 0000 0000 0000 0000
*
0000290 0000 0000 0000 0000 0000 0000 0001 0000
00002a0 0000 0000 0100 0000 0001 0000 0100 0100
00002b0 0000 0000 0000 0100 0000 0100 0100 0000
00002c0 0100 0000 0000 0000 0000 0000 0000 0000
00002d0 0000 0000 0000 0000 0000 0001 0000 0000
00002e0 0000 0000 0000 0000 0000 0000 0000 0100
00002f0 0000 0000 0100 0000 0000 0000 0000 0000
0000300 0000 0000 0100 0000 0000 0001 0000 0001
0000310 0000 0100 0000 0000 0000 0000 0000 0000
0000320 0100 0000 0000 0000 0000 0000 0100 0000
0000330 0000 0000 0100 0001 0000 0000 0000 0000
0000340 0000 0000 0100 0000 0000 0000 0000 0000
0000350 0000 0000 0000 0000 0100 0000 0000 0000
0000360 0000 0000 0100 0100 0000 0000 0000 0001
0000370 0000 0000 0000 0000 0000 0000 0000 0100
0000380 0000 0000 0000 0000 0000 0000 0000 0000
0000390 0000 0000 0000 0000 0000 0100 0000 0000
00003a0 0000 0100 0000 0000 0000 0100 0000 0000
00003b0 0000 0000 0001 0000 0000 0000 0000 0000
00003c0 0000 0000 0000 0000 0100 0000 0000 0000
00003d0 0000 0000 0000 0000 0001 0000 0000 0000
00003e0 0000 0000 0001 0000 0000 0000 0100 0000
00003f0 0000 0000 0000 0100 0000 0100 0000 0000
0000400 0000 0000 0000 0100 0000 0000 0000 0000
0000410 0001 0000 0100 0100 0100 0000 0000 0000
0000420 0000 0000 0000 0000 0000 0100 0000 0000
0000430 0000 0000 0000 0001 0000 0000 0000 0101
0000440 0000 0000 0000 0000 0001 0000 0000 0000
0000450 0000 0000 0000 0000 0001 0000 0001 0000
0000460 0100 0000 0000 0000 0000 0100 0000 0000
0000470 0000 0000 0000 0000 0000 0000 0000 0000
*
00793b0

Tstega1

jvoss@ASLinLt07:~/recent/pfm/projects/tstega1$ python tstega1.py
Dictionary Length: 38620
a 3086
b 2648
c 3899
d 2513
e 1701
f 1646
g 1091
h 1135
i 1859
j 250
k 205
l 1067
m 1799
n 651
o 847
p 3041
q 223
r 2514
s 4532
t 1670
u 761
v 524
w 856
x 1
y 70
z 30
Secret: blah
Key(hex):
Ciphertext: counteracted defiance wardrobe guidebook anchor vaudeville desperation jar outlived binds weaving invited bend basses meson nonorthogonality powerlessness habitual buy questioners headphone yarns onlooker xylophone zealousness wearer zoom dunk youthfully restoration zest opportunities kindled veer folklore toggle persistent encapsulates vines extracurricular inferior quagmire highlighted expenses baseballs wiping lutes ablaze quarries approved jackknife barbed zeroed unleashes judged appreciably quakes octahedron neater zooms nonconsecutively pooled uncontrollable oratories zoo multiples captivate jealous nearer vial oblique lens oscillate insert excel yellowest devisings zinc find eradication knee waken xylophone notifying busboys joke remodeled parading kisser xylophone armers underlying zeros liberty dustiest household breakfaster afflicting crater greyhound doughnuts zoned highly gross justifiably mailings veering vagina instigate jousted liberalizes jotting beefer haughty xylophone woody swatted jeopardized publish boolean butter feat sunbeams xylophone signification caw bide mitigate unrolled fable xylophone infra eardrum checkerboard malicious zooms vanity empowered knockout mammals edifice jesting jails houses aborting genre raters ladies verbalizing tip heat blinking xylophone intransitive necktie detector fruitfulness moron yellowish commendations nineties halvers nick surmise veterans
Decrypted: blahn



ANALYSIS

Many challenges face steganography and it is still in a pioneering stage. The theory is solid and implementations are currently being made. The purpose of this project is to reinvent the wheel with my own copyright so that I can freely modify the code to make a better steganography implementation. Other people can also use this code to advance the field of steganography or to use to hide information.

If you have found a weakness in any of my code, please notify me so that I can patch it. I am actually fairly confident that there are weaknesses in this code since it is poorly done. If you would like to work with me on improving this code, please e-mail me. I am always interested in any type of application for my code, whether it falls under for-profit, GPL or other licenses.

USAGE
Rubber Spoon:

tar xzf rubberspoon1-0.1.tgz
cd rubberspoon1-0.1
configure
make
src/rubberspoon

libsteg:
tar xzf libsteg-0.4.4.tgz
cd libsteg-0.4.4
make
steg04 file.pnm data.txt stegout.pnm
desteg04 stegout.pnm data-out.txt

Tstega1:
tar xzf tstega1-0.1.tgz
cd tstega1-0.1
python tstega1.py

If you are interested in developing Steganography Apps, feel free to e-mail me.

Permalink

Comments: 0

Leave a reply »

 
  • Leave a Reply
    Your gravatar
    Your Name