Steganography is the science of hiding secret data within an ordinary, and non-secret file in order to avoid detection (Mohammed Abdul et al., 2021). It is a form of covert communication that offers a supplementary layer of security for a message in transit. Steganography can be used to conceal any digital content, including text, image, videos, or audio content. Although cryptography and steganography share the same objective of securing messages, they both use different approaches. While cryptography changes the message into ciphertext with encryption; steganography, does not change the message but conceals the message’s existence within another media (Järpe & Weckstén, 2021). Thus, the two could be integrated to gain robust protection of secret messages in communication (Mstafa et al., 2020).
Five different steganography techniques exist; text, image, video, audio, and network steganography. Text steganography uses format-based methods, random and statistical generation to hide information in a text file by changing the format, changing words within a text, generating random character sequences (Mohammed Abdul et al, 2021). Image steganography hides data within an image file using least significant bit (LSB) insertion (Nie et al., 2019), masking and filtering, redundant pattern encoding, encrypt and scatter coding, and cosine transformation. Image steganography is widely used because several bits exist in a digital image. With audio steganography, the secret message is embedded within a cover audio message, using techniques like least significant bit (LSB) encoding, parity encoding, phase coding, or spread spectrum, to alter the binary sequence of the audio file (Nehru & Dhar, 2012). Video steganography embeds data in uncompressed raw video or embedding data directly into compressed data streams to hide data in digital video formats (Mstafa et al., 2020). Finally, network steganography embeds secret messages within network control protocols like TCP, UDP, ICMP (Wang et al., 2020).
Uses of Steganography
Like many other technologies, steganography can be used for legitimate and non-legitimate purposes. Hackers use image steganography to evade network defense systems and conduct malicious activities that could compromise an organization’s network. Various threat actors from crooks to cyberespionage have used steganography to conceal information. For instance, the Dugu malware discovered in 2011 took advantage of image steganography by encrypting and embedding malware-infested payloads into a JPEG file (Fiscutean, 2021).
Steganography attacks are challenging to detect because the modifications made within image files are tiny, making it hard for anti-malware tools to detect. Thus, image steganography attacks appear as zero-day threats. The best way to protect against steganography threats is to take security measures like paying close attention to image files using image editing software that looks for indicators of steganography, such as variations in color. Also, companies should employ modern endpoint protection technologies using artificial intelligence to perform behavioral analysis and detect deviations rather than focusing on static checks and basic signatures, which are usually very hard to detect steganography attacks (Fiscutean, 2021). Moreso, organizations should have web filtering for safer browsing and should be current with the latest security patches. More importantly, organizations should train staff to be are aware that image files may harbor malicious code.
Fiscutean, A. (2021). Steganography explained and how to protect against it. CSO. https://www.csoonline.com/article/3632146/steganography-explained-and-how-to-protect-against-it.html
Järpe, E., & Weckstén, M. (2021). Melody 2—Resilient High-Capacity MIDI Steganography for Organ and Harpsichord Music. Applied Sciences, 11(1), 39. https://doi.org/http://dx.doi.org/10.3390/app11010039
Mohammed Abdul, M., Sulaiman, R., Shukur, Z., & Mohammad Kamrul, H. (2021). A Review on Text Steganography Techniques. Mathematics, 9(21), 2829. https://doi.org/http://dx.doi.org/10.3390/math9212829
Mstafa, R. J., Younis, Y. M., Hussein, H. I., & Atto, M. (2020). A New Video Steganography Scheme Based on Shi-Tomasi Corner Detector. IEEE Access, 8, 161825-161837. https://doi.org/10.1109/ACCESS.2020.3021356
Nehru, G., & Dhar, P. (2012). A Detailed look of Audio Steganography Techniques using LSB and Genetic Algorithm Approach. International Journal of Computer Science Issues (IJCSI), 9(1), 402-406.
Nie, S. A., Sulong, G., Rozniza, A., & Abel, A. (2019). The use of Least Significant Bit (LSB) and Knight Tour Algorithm for image steganography of cover image. International Journal of Electrical and Computer Engineering, 9(6), 5218-5226. https://doi.org/http://dx.doi.org/10.11591/ijece.v9i6.pp5218-5226
Wang, M., Gu, W., & Ma, C. (2020). A Multimode Network Steganography for Covert Wireless Communication Based on BitTorrent. Security and Communication Networks, 2020. https://doi.org/http://dx.doi.org/10.1155/2020/8848315