Really interesting “systematization of knowledge” paper:

“SoK: The Ghost Trilemma”

Abstract: Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been unable to stem the rising tide of such problems. We posit the Ghost Trilemma, that there are three key properties of identity—sentience, location, and uniqueness—that cannot be simultaneously verified in a fully-decentralized setting. Many fully-decentralized systems—whether for communication or social coordination—grapple with this trilemma in some way, perhaps unknowingly. In this Systematization of Knowledge (SoK) paper, we examine the design space, use cases, problems with prior approaches, and possible paths forward. We sketch a proof of this trilemma and outline options for practical, incrementally deployable schemes to achieve an acceptable tradeoff of trust in centralized trust anchors, decentralized operation, and an ability to withstand a range of attacks, while protecting user privacy.

I think this conceptualization makes sense, and explains a lot.

Read More

Enterprise usages of generative AI are what is going to turn the threat model of many organizations upside down, Maria Markstedter argued during her speech at Black Hat USA

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In the realm of information security and covert communication, image steganography serves as a powerful technique for hiding sensitive data within innocent-looking images. By embedding secret messages or files within the pixels of an image, steganography enables covert transmission without arousing suspicion. This article aims to delve into the world of image steganography, exploring its principles, techniques, and real-world applications.

Understanding image steganography

Image steganography is the practice of concealing information within the data of digital images without altering their visual appearance. The hidden data can include text, images, audio, or any other form of binary information.
Image steganography serves as a clandestine communication method, providing a means to transmit sensitive information without arousing the suspicion of adversaries or unauthorized individuals. It offers an additional layer of security and confidentiality in digital communication.
Steganography vs. Cryptography: While cryptography focuses on encrypting data to render it unreadable, steganography aims to hide the existence of the data itself, making it inconspicuous within an image. Steganography can be used in conjunction with encryption to further enhance the security of covert communication.

Techniques of image steganography

LSB substitution: The Least Significant Bit (LSB) substitution method involves replacing the least significant bits of pixel values with secret data. As the least significant bits have minimal impact on the visual appearance of the image, this technique allows for the hiding of information without noticeably altering the image.
Spatial domain techniques: Various spatial domain techniques involve modifying the pixel values directly to embed secret data. These techniques include modifying pixel intensities, color values, or rearranging pixels based on a predefined pattern.
Transform domain techniques: Transform domain techniques, such as Discrete Cosine Transform (DCT) or Discrete Fourier Transform (DFT), manipulate the frequency domain representation of an image to embed secret data. This allows for the concealment of information within the frequency components of an image.
Spread spectrum techniques: Inspired by radio frequency communication, spread spectrum techniques spread the secret data across multiple pixels by slightly modifying their values. This method makes the hidden data more robust against detection and extraction attempts.
Adaptive steganography: Adaptive techniques dynamically adjust the embedding process based on the image content and local characteristics, making the hidden data even more resistant to detection. This approach enhances security and makes it harder for adversaries to identify stego images.

Let’s see a working example of image steganography using a free tool called OpenStego, the same can be downloaded from here. You will be required to have Java Runtime Environment for OpenStego to work on your system.

Once, you’ve installed OpenStego, you will see its interface as shown below:

It has multiple options including Hide Data and Extract Data – more about these options can be found at official documentation of the tool.

We need to have two files, Message File (Which will be hidden data or data we want to hide) and Cover File (The file which we will use as a cover to hide the message file.)

I have downloaded two image files for the same.

Now, let’s hide the message file which is a quote inside the cover file which is “Hello” image.

After that, you will have to provide the directory and name for the output file. The same can be seen in the snapshot below:

You can also choose to encrypt the hidden data so that it is not accessible without a password. Click Hide data once you have followed all the steps.

After the process is completed, a success popup will appear on Openstego screen.

Now, we have 3 files and output file is the one which has the hidden image.

If we compare the properties of the output file and cover file, we will notice certain differences – like the size value will be different.

Now, let’s delete the cover file and message file and try to extract the data. If you open the output file you won’t notice any difference as it appears the same as any other image file. However, let’s try to extract data using OpenStego.

We have to select the path of the file we wish to extract data from and provide a destination folder for extraction. We also have to provide the password if any was chosen at the time of hiding the data.

Let’s select Extract data. Once, the extraction is done, a confirmation pop-up will appear on your screen.

Let us check the extracted file by going to the destination folder we assigned for the extraction of the message file.

As visible in the snapshot above, the message file is successfully extracted.

Real-world applications of steganography

Covert communication: Image steganography finds applications in covert communication where parties need to exchange sensitive information discreetly. This includes intelligence agencies, law enforcement, and whistleblowers who require secure channels for sharing classified or confidential data.
Digital watermarking: Steganography techniques can be employed for digital watermarking to embed copyright information, ownership details, or authentication codes within images. This allows for tracking and protecting intellectual property rights.
Information hiding in multimedia: Image steganography can be extended to other forms of multimedia, including audio and video, allowing for the concealment of information within these media formats. This can be used for copyright protection, digital rights management, or covert messaging.
Steganalysis and forensics: Image steganalysis focuses on detecting the presence of hidden information within images. Forensic investigators can employ steganalysis techniques to identify potential steganographic content, aiding in digital investigations.

Conclusion

Image steganography has emerged as a sophisticated method for covert communication and secure data transmission. By exploiting the subtle nuances of digital images, sensitive information can be hidden from prying eyes. As technology advances, the field of steganography continues to evolve, with new techniques and algorithms being developed to enhance the security and robustness of data hiding.

However, it is essential to balance the use of steganography with ethical considerations and adhere to legal frameworks to ensure its responsible and lawful application. As information security remains a critical concern in the digital age, image steganography serves as a valuable tool in safeguarding sensitive data and enabling secure communications.

Read More

Technology secretary branded “delusion”

Read More