Enterprise usages of generative AI are what is going to turn the threat model of many organizations upside down, Maria Markstedter argued during her speech at Black Hat USA
Daily Archives: August 11, 2023
Image steganography: Concealing secrets within pixels
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In the realm of information security and covert communication, image steganography serves as a powerful technique for hiding sensitive data within innocent-looking images. By embedding secret messages or files within the pixels of an image, steganography enables covert transmission without arousing suspicion. This article aims to delve into the world of image steganography, exploring its principles, techniques, and real-world applications.
Understanding image steganography
Image steganography is the practice of concealing information within the data of digital images without altering their visual appearance. The hidden data can include text, images, audio, or any other form of binary information.
Image steganography serves as a clandestine communication method, providing a means to transmit sensitive information without arousing the suspicion of adversaries or unauthorized individuals. It offers an additional layer of security and confidentiality in digital communication.
Steganography vs. Cryptography: While cryptography focuses on encrypting data to render it unreadable, steganography aims to hide the existence of the data itself, making it inconspicuous within an image. Steganography can be used in conjunction with encryption to further enhance the security of covert communication.
Techniques of image steganography
LSB substitution: The Least Significant Bit (LSB) substitution method involves replacing the least significant bits of pixel values with secret data. As the least significant bits have minimal impact on the visual appearance of the image, this technique allows for the hiding of information without noticeably altering the image.
Spatial domain techniques: Various spatial domain techniques involve modifying the pixel values directly to embed secret data. These techniques include modifying pixel intensities, color values, or rearranging pixels based on a predefined pattern.
Transform domain techniques: Transform domain techniques, such as Discrete Cosine Transform (DCT) or Discrete Fourier Transform (DFT), manipulate the frequency domain representation of an image to embed secret data. This allows for the concealment of information within the frequency components of an image.
Spread spectrum techniques: Inspired by radio frequency communication, spread spectrum techniques spread the secret data across multiple pixels by slightly modifying their values. This method makes the hidden data more robust against detection and extraction attempts.
Adaptive steganography: Adaptive techniques dynamically adjust the embedding process based on the image content and local characteristics, making the hidden data even more resistant to detection. This approach enhances security and makes it harder for adversaries to identify stego images.
Let’s see a working example of image steganography using a free tool called OpenStego, the same can be downloaded from here. You will be required to have Java Runtime Environment for OpenStego to work on your system.
Once, you’ve installed OpenStego, you will see its interface as shown below:
It has multiple options including Hide Data and Extract Data – more about these options can be found at official documentation of the tool.
We need to have two files, Message File (Which will be hidden data or data we want to hide) and Cover File (The file which we will use as a cover to hide the message file.)
I have downloaded two image files for the same.
Now, let’s hide the message file which is a quote inside the cover file which is “Hello” image.
After that, you will have to provide the directory and name for the output file. The same can be seen in the snapshot below:
You can also choose to encrypt the hidden data so that it is not accessible without a password. Click Hide data once you have followed all the steps.
After the process is completed, a success popup will appear on Openstego screen.
Now, we have 3 files and output file is the one which has the hidden image.
If we compare the properties of the output file and cover file, we will notice certain differences – like the size value will be different.
Now, let’s delete the cover file and message file and try to extract the data. If you open the output file you won’t notice any difference as it appears the same as any other image file. However, let’s try to extract data using OpenStego.
We have to select the path of the file we wish to extract data from and provide a destination folder for extraction. We also have to provide the password if any was chosen at the time of hiding the data.
Let’s select Extract data. Once, the extraction is done, a confirmation pop-up will appear on your screen.
Let us check the extracted file by going to the destination folder we assigned for the extraction of the message file.
As visible in the snapshot above, the message file is successfully extracted.
Real-world applications of steganography
Covert communication: Image steganography finds applications in covert communication where parties need to exchange sensitive information discreetly. This includes intelligence agencies, law enforcement, and whistleblowers who require secure channels for sharing classified or confidential data.
Digital watermarking: Steganography techniques can be employed for digital watermarking to embed copyright information, ownership details, or authentication codes within images. This allows for tracking and protecting intellectual property rights.
Information hiding in multimedia: Image steganography can be extended to other forms of multimedia, including audio and video, allowing for the concealment of information within these media formats. This can be used for copyright protection, digital rights management, or covert messaging.
Steganalysis and forensics: Image steganalysis focuses on detecting the presence of hidden information within images. Forensic investigators can employ steganalysis techniques to identify potential steganographic content, aiding in digital investigations.
Conclusion
Image steganography has emerged as a sophisticated method for covert communication and secure data transmission. By exploiting the subtle nuances of digital images, sensitive information can be hidden from prying eyes. As technology advances, the field of steganography continues to evolve, with new techniques and algorithms being developed to enhance the security and robustness of data hiding.
However, it is essential to balance the use of steganography with ethical considerations and adhere to legal frameworks to ensure its responsible and lawful application. As information security remains a critical concern in the digital age, image steganography serves as a valuable tool in safeguarding sensitive data and enabling secure communications.
UK Government Slammed For Encryption Mistruths
CISA: New Whirlpool Backdoor Used in Barracuda ESG Campaign
python-cryptography-41.0.3-1.fc39 rust-asn1-0.15.5-2.fc39 rust-asn1_derive-0.15.5-1.fc39
FEDORA-2023-31d5d51a2d
Packages in this update:
python-cryptography-41.0.3-1.fc39
rust-asn1-0.15.5-2.fc39
rust-asn1_derive-0.15.5-1.fc39
Update description:
Update python-cryptography to 41.0.3, https://cryptography.io/en/latest/changelog/
Security fix for CVE-2023-3832 “SSH certificate encoding/parsing incompatibility with OpenSSH”
Update rust-asn1 to 0.15.5 and obsolete const-generic feature
Update rust-asn1_derive to 0.15.5
Researchers Suggest Ways to Tackle Thermal Attacks
Device manufacturers and users have a role to play in mitigating the threat
Privacy-invading LetMeSpy stalkerware announces it is shutting down after hack
I doubt there will be many people shedding tears at the news that a stalkerware company has announced it is permanently ceasing operations at the end of this month – after it suffered a devastating data breach.
Read more in my article on the Hot for Security blog.
CVE-2022-34657
Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2022-29887
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2022-29871
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.