Steganography - Passing Through the Defenses

Wednesday, December 15, 2010

Bozidar Spirovski

E973b16363b3de77b360563237df7e32

Steganography is still considered to be a part of the obscure tools of secret agents and corporate spies.

However, steganography tools are widely available, and anyone can use them. Most of these tools

But the science of counter-steganography is also advancing. Recently we discovered a great article on defeating steganography in 24-bit images. And it is quite probable that such analysis will find their way in filter systems, like mail and web filters.

This prompted us to analyze how survivable is steganogrpahy?

This also gave us a great reason to publish another set of pictures (albeit cropped) of Lena Söderberg ;) Here is our original image

image

Proposed Counter-Steganography System

The filter system will need to be cost-effective, minimally intrusive and not prone to error. Since there may be many different steganography alghorithms, the filter system should not try to read such messages.

Doing so will require an entire farm of filter servers. Instead, the systems will resort to a much simpler mechanism:

  • Modify all passing images so that the original hidden data is compromised.
  • Use only minute changes to images, so that the original user expecting to see an image cannot discern any loss of quality in the image

The Test

In our test, we will be using the Lena Söderberg test image and we will perform tests using 3 common image enhancement filters. We will hide and open the message using the online tool at Mozaiq.Org

Our operating assumption is that a higher redundancy of the message has a higher chance of survival through a filter. Thus, our test message is the following:

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus in risus erat


Here is the image of Lena Söderberg with the message included within it

image

After hiding the message inside the image, we'll pass the image through different enhancement filters and then try to extract the message from the filtered image.

1. Sharpen Filter - The first filter to be tested is the Sharpen Filter. The filter is applied with Sharpness= 2. After the application of the filter here is the image and the following message is extracted:

image

LoremJ� @�: ���Ѽsit�km t� consecf�t* ad piscin� u| tJ|�h s l����G�l�l� �h�z~� 5r�f�v��f�� ��j\)��5KT1��ķQo�s~cΓy?�� ɉ�C�$�� O�4E!L�r_x�߆��Ƥ �� b;��� \G;*W�.=� �1 楄 �M) Z*>֟ " °�N�(��%�J]u� �dRp�s���Χ �
G�?� e-e� E�͹g�� s�s�e�a�D�moF�O[t�h �ˀ2��i� _? � Լ�);c�s� &hD��DF �ͬ�8Q��1T� Cr!�us� �F�j�l߫��M-�_�Y��i�$�DIHQ�u�g����?0Xt�1c�� �ecTS� id_p�̦iG����Q�.�agaa��d��\�� ri u��

2. NF Filter - The second filter to be tested is the NF Filter. The filter is applied with default Alpha=0.30, and Radius=0.35. After the application of the filter here is the image and the following message is extracted:

image
  
 Lo�eB�ٷs��7,� o_� � � ]t,(;��Rec�(ξrg d�p_sc nw g)�t� �kK�?1� o�nJ�8 �0;֦a �4�Cr� <��` RorLP �W�jd Fol�4ix " v����oo��� �� �i@^���r� l� ����=� l>SsC�nP �ą�v�)��EyC G�� p `8�2��Ʃ&��t��\�Yr�� Is�&t�tD>�%.�pͮǿ ��T �Z� Mha�e&l�s ƾ��`s���Mc
3. Unsharp Mask - The third filter to be tested is the Unsharp Mask. The filter is applied with Radius=1, Threshold=1 and Amount=0.1. After the application of the filter here is the image and the following message is extracted:

image
 
 Error: The image that you tried to decrypt does not appear to have a message in it. It is possible that you entered the incorrect password. Please try again.


Conclusion

Once an image passes through a filter, any hidden messages will be corrupted. Redundancy in the hidden message helps but only against some types of image manipulation and only at very low levels of the filter.

So, any digital picture retouch filter will damage the hidden message within a steganography image.

Naturally, this conclusion is nothing new - but through this test we can conclude that a small and very visually non-disruptive filter can cause a lot of damage to a steganography image.

But it will probably take a serious information theft incident through steganography in order for the vendors to start implementing steganography filters in their content filtering and gateway solutions.

Cross-posted from ShortInfosec

Possibly Related Articles:
12302
Webappsec->General
Email Tools Steganography Images data theft
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.