Steganography is a method in which secret messages are hidden in cover media. Cover media refers to any unsuspicious file, such as a nature photo, family photo, audio, video clip, etc. And steganography means "covered writing".
Content concealed through steganography is sometimes encrypted before being hidden within another file format. If it isn't encrypted, then it may be processed in some way to make it harder to detect. ⏤
Steganography is sometimes compared to cryptography, because both are a form of covert communication. However, the two are NOT the same. Steganography does not involve scrambling data upon sending or using a key to decode it upon receipt. As a result, steganography is less popular than cryptography, because the structure of data is not altered by default. Forms of steganography are:
- Text
- Audio
- Video
- Images
- Network or Protocol
Cryptography is the process of hiding or coding information so that only the person the message was intended for can read it. Modern cryptography techniques include algorithms and ciphers that enable the encryption and decryption of information, such as 128-bit and 256-bit encryption keys. Modern ciphers, such as the Advanced Encryption Standard (AES), are considered virtually unbreakable. To learn more about encrypting and decrypting files, please visit my post entitled Encrypting/Decrypting Files and Strings on Github.
According to Fortnet,
Cryptography remains important to protecting data and users, ensuring confidentiality, and preventing cyber criminals from intercepting sensitive corporate information.
According to Geeks For Geeks,
As the name suggests, Image Steganography refers to the process of hiding data within an image file. The image selected for this purpose is called the cover image and the image obtained after steganography is called the stego image.
Steganography in of itself is "security by obscurity". This means that the secret message embedded in the image could end up being "uncovered". But combining Cryptography and Steganography is a robust way to disguise a message from adversaries while still protecting it in case of detection.
One way of implementing a cryptographic algorithm approach is concealing a large amount of data within a color bitmap (bmp) image. The image is filtered and segmented, with bits replacement applied to the appropriate pixels. These pixels are chosen at random.
Detection of the message within the cover image is done by the process of steganalysis. And what is steganalysis? According to Mayuri Bhamare in his Linkedin post entitled What is Steganalysis?,
Steganalysis is the study of detecting messages hidden using steganography; this is analogous to cryptanalysis applied to cryptography. Steganalysis refers to detection of the presence of hidden information in the stego-object.
I actually built an image steganography project implementing the above described bitmap approach using PIL (Python Imaging Library). When I decrpyted the encrypted hidden text message inside an image, I got totally incomprehensible data output in Terminal. I also could not view the complete output, because it was too large for viewing in a Terminal window instance. I created a CLI command that would redirect the data into a text file that I could open and examine after running the command. The following is the command that I cerated to do this:
python3 cryptography-steganography.py >> output_text.txtThis way, I could examine the complete output resulting from the executing of my cryptography-steganography.py file. Totally impossible to decipher. However, I found that using a jpg image is not good, because it is a lossy file format, which means that information is lost in processes.
Screenshot of executing python 3 cryptography-steganography.py >> output_text.txt before changing my jpg file to a png file:
To change the file format of an image on macOS via the CLI, I ran the following command:
sips -s format png geranimo-bKhETeDV1WM-unsplash.jpg --output geranimo-bKhETeDV1WM-unsplash.pngFor those of you that may not know what the sips command, it comes built in with macOS. sips stands for Scriptable image processing system, and it is:
used to query or modify raster image files (JPG/GIF/PNG) and ColorSync ICC profiles. Image processing options include flip, rotate, change image format/width/height. Its functionality can also be used through the "Image Events" AppleScript suite.
When I changed it to png format, and then ran the following command again:
python3 cryptography-steganography.py >> output_text.txtThe hidden text does appear the top of the txt file, followed by the bitmap information of the image.
To view this project, please visit the image-steganography-project repository on Github.
In order to use the steghide package which is a command line tool, I had to install and use it via Kali Linux. I am on macOS and therefore not a Linux computer, so installing steghide directly onto my macOS was not possible.
First, I created two folders for my project so that I could have everything well organized on my Kali Desktop. One I called file_embed, and the other I called file_extract. So:
mkdir file_embed file_extractWhich resulted in:
file_embed
file_extract
test.txtNext, I moved the test.txt file and the jpg image I had downloaded from pexels.com via Firefox-ESR in Kali Linux into the file_embed folder.
I looked for the image download via Terminal so that I could get the path to it:
find -name "pexels-brian-machado-10626267.jpg"Which returned:
./Downloads/pexels-brian-machado-10626267.jpgI moved the image from the Downloads folder to the Desktop folder:
mv ./Downloads/pexels-brian-machado-10626267.jpg ~/DesktopNext, I moved the image from the Desktop into the file_embed folder located on the Desktop. So:
mv pexels-brian-machado-10626267.jpg file_embedAnd then I moved the test.txt file into the file_embed folder as well:
mv test.txt file_embedThen I checked to make sure that I had successfully moved the two files into file_embed:
ls file_embedWhich returned the following:
pexels-brian-machado-10626267.jpg test.txtNow I was ready to conduct some steganography with steghide in Kali Linux!
To embed the test.txt file into the jpg image, I used the following command:
steghide embed -ef file_embed/test.txt -cf file_embed/pexels-brian-machado-10626267.jpgThe -ef option stands for embed file, and the -cf option stands for copy file. So the command states that the test.txt file was the file to be embedded by copying it into the jpg image.
And the following was initially returned:
Enter passphrase:
Re-Enter passphrase:So I entered a passphrase of my choosing and hit return after inputting it the second time, and the following was returned in Terminal:
embedding "file_embed/test.txt" in "file_embed/pexels-brian-machadoembedding "file_embed/test.txt" in "file_embed/pexels-brian-machado-10626267.jpg"... doneThe result of executing this command wass the integration of the test.txt file into my jpg image I downloaded from pexels.com.
Next, I had to extract test.txt from the jpg image, but I wanted to extract the file into the file_extract folder. I changed directories (cd) into the empty file_extract folder from Desktop:
cd file_extractThen, from there, I ran the following command to extract the test.txt file from the jpg image:
steghide extract -sf ../file_embed/pexels-brian-machado-10626267.jpgThe -sf option followed by the (path to the) filename extracts in this case the test.txt file from the jpg image.
I had to add two dots before the slash in order to step out of the file_extract folder and into the Desktop in order to be able to access the file_embed folder there.
Next, I ran the ls file_extract command from Desktop and the following was returned:
test.txtSuccess! I kept my original test.txt file inside the file_embed folder, and then extracted it from inside the file_extract folder. And THEN, I could compare the two files to make sure that they actually are the same using the sha-256 standard.
Let's say I wanted to check and make sure that no changes had been made to my "confidential" test.txt file in the embed/extract process. Or let's say that I had embedded the test.txt file in my jpg image and that hypothetically I had sent it to someone else to extract the test.txt file`, and they wanted to make sure that the file had not experienced any modifications or corruption in transit.
I already had the SHA-256 standard installed in my Kali Linux OS on my macOS via the UTM virtual machine, so I was able do the following to check the integrity of both my test.txt files located in the file_embed and file_extract folders.
First, I created a sha-256 hash digest (hash value) for the test.txt file inside file_embed using the following command:
sha256sum file_embed/test.txtAnd the following was returned:
6f6739d1e1439a493c82c506e4175739ac47a32418a122cf141fda7fe740ca17 file_embed/test.txtI could also redirect the hash digest to a file, and then do the same for the test.txt file inside the file_extract folder. So first:
sha256sum file_embed/test.txt > checksumAbove, the single > greater than angle bracket which is a redirect operator in Command Line, redirects the output of a command. Here, it redirects the output of the sha256sum command to a file called checksum which it also creates, because one did not previously exist.
And when I run the cat checksum command:
cat checksumThe following was returned:
6f6739d1e1439a493c82c506e4175739ac47a32418a122cf141fda7fe740ca17 file_embed/test.txtNext, I did the same for the test.txt file inside the file_extract folder. So first:
sha256sum file_extract/test.txt >> checksumThis time, I used the double >> greater than angle bracket to append the output of the sha256sum command to the contents of the checksum file. If I had used the single angle bracket, the existing contents of the file would have been overwritten by the current output redirection.
Next, I ran the cat command on checksum again to view what has been added to the checksum file:
cat checksumAnd the following was returned:
6f6739d1e1439a493c82c506e4175739ac47a32418a122cf141fda7fe740ca17 file_embed/test.txt
6f6739d1e1439a493c82c506e4175739ac47a32418a122cf141fda7fe740ca17 file_extract/test.txtThe output of the second sha256sum command was redirected to the checksum file and appended to existing contents of the file.
Next, I wanted to make sure that both files were the same, so I ran the following command on checksum:
sha256sum --check checksumAnd the following was returned:
file_embed/test.txt: OK
file_extract/test.txt: OKBoth files passed the integrity test.
If I had subsequently made a change to one of the files, "FAILED" would have appeared instead of "OK".
So this is how we can conduct integrity checks on files in (Kali) Linux that have undergone some sort of process or transmission, or simply have been in storage for a long time, to make sure that they had not been corrupted or modified.
So why would one choose steganography over cryptography, or vice versa? Steganography conceals data within data, and
in a manner that it will make no meaning to anyone else except the intended recipient - from Combination of Steganography and Cryptography: A short Survey
Cryptography, on the other hand, changes data to ciphertext which can only be "deciphered" or understood with a decryption key. And it is popular because it scrambles the data. Steganography, on the other hand, by default, does not. And it does not require a key. A passphrase is commonly used, like with steghide.
The main difference between Cryptography and Steganography is that Cryptography protects the contents of data or messages, and Steganography hides the contents. Even though both can be used for good, it is easier and commonly used by cyber threat actors.
According to the article entitled Steganography explained and how to protect against it by Andrada Fiscutean on CSO Online,
Steganography has a critical advantage over cryptography: In cryptography, you know the secret message is there, only its content is concealed; in steganography, the existence of the secret message is often difficult to notice. Threat actors sometimes use the two techniques together, encrypting a message before sneaking it inside a file.
Cryptography can ensure the confidentiality, and integrity of data, but Steganography violates the integrity of the host file in which the data is hiddeen. It also violates Kerchkoff's (2nd) principle of Cryptography, which states,
It should not require secrecy, and it should not be a problem if it falls into enemy hands;
Some of his original principles are no longer relevant, but this second one is still extremely important.
Bottom line? Cryptography over Steganography. And watch out for combinations of Cryptography AND Steganography.
I will be following up this post with another which will focus on how one CAN detect stego-images. I recently was apprised of a tool that does just that. Stay tuned!