Hiding Data: Steganography on Linux

My last blog post was about hiding info on slackspace by using a special tool called Bmap. Today I am going to discuss Steganography in more general. Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message. It is different than encryption since encryption may not care existence of cipher text from outside world. However steganography deals with hiding information even if it is encrypted.

See following example:

Alex wants to send a message to Bob. She wants only Bob reads the message. She can use encryption (symmetric or asymmetric). The risk here is possible attack for deciphering her message. She can also try hiding the message in a different format (say in a jpeg file) and send over the Bob. Since the message will be in a picture probably attacker Tom will not recover the message from the file.

Of course in case he desperately wants to read the message, he can use some forensics tools to read the message. For this reason combining encryption with a stenography will be best choice for Alex.

Today I am going to discuss a Linux tool steghide that does both encryption and stenography. On debian based system you can install steghide by following command:

apt-get install steghide

By default steghide compress the embedded data, and encrypted with rijndael-128 algorithm.

I have two files under my Private folder:

root@bt:~/Private# ls -l
total 24
-rw-r--r-- 1 root root    20 Jan 30 18:24 myMessageToBob.txt
-rw-r--r-- 1 root root 17875 Jan 30 18:23 soccer.jpg

My goal is embedding text file into jpeg file.

Let’s check if we have enough space on jpeg file to do that:

steghide info soccer.jpg
"soccer.jpg":
format: jpeg
capacity: 1.0 KB
Try to get information about embedded data ? (y/n)

So we can embed 1.0KB data and we only have 20B data (see ls -l output)

root@bt:~/Private# steghide embed -cf soccer.jpg -ef myMessageToBob.txt
Enter passphrase:
Re-Enter passphrase:
embedding "myMessageToBob.txt" in "soccer.jpg"... done

-cf stands for cover file whereas -ef stands for embedded file.

Let’s now check the size of the jpeg file.

ls -l
total 24
-rw-r--r-- 1 root root    20 Jan 30 18:24 myMessageToBob.txt
-rw-r--r-- 1 root root 18396 Jan 30 18:27 soccer.jpg

Himm, it got bigger and that was expected but the original data was just 20B and we know that steghide will compress data before embedding.

As you guess the reason of 521B (18396-17875) is encryption and crc check sum of the embedded data that will also added into the jpeg file.

Try to open the jpeg file. You will not see any difference from the original jpeg file.

Now, we want to extract the data out of the jpeg file.

root@bt:~/Private# steghide extract -sf soccer.jpg
Enter passphrase:
the file "myMessageToBob.txt" does already exist. overwrite ? (y/n) y
wrote extracted data to "myMessageToBob.txt".


root@bt:~/Private# ls -l
total 24
-rw-r--r-- 1 root root    20 Jan 30 18:58 myMessageToBob.txt
-rw-r--r-- 1 root root 18396 Jan 30 18:27 soccer.jpg

After we extracted the text file from jpeg file the file in the jpeg is still there (check the size after embedding and after extracting, they are same)

The only disadvantage I can think of is not being able to wipe the data from the cover file (the file you embed data into).

3 thoughts on “Hiding Data: Steganography on Linux

  1. Pingback: Tweets that mention Information Security Blog » Hiding Data: Steganography on Linux -- Topsy.com

  2. admin Post author

    No, they are not. In stenography you do not care about encryption. You are trying to hide information however encryption is not required. For example you can hide a file into another file without using encryption and somebody then can extract the file with forensics tool. The best way for hiding information would be encryption+stenography. This means you will use stenographic techniques to hide your data and that data would be encrypted. In this way even somebody extract your data, what they have will be just an encrypted information. To sum up stenography and encryption are different but it would be best to combine them for confidential data.

    Ismail

Leave a Reply

Your email address will not be published. Required fields are marked *