INVITATION TO CYBERSECURITY 180 Figure 7.17 Two different colors by three bits that are clearly not the same to the human eye. Using this technique, the bits chosen for hiding the message matters. In Figure 7.17 the two blocks are clearly different colors: Left: RGB[100, 25, 200]: 011001000001100111001000 Right: RGB[228, 153, 72]: 111001001001100101001000 To a computer, these colors again differ by only three bits, but this time, the most significant bit of each byte has been changed. This creates a difference of 128 parts each of red, green, and blue contributions. Modifying an image in this way would give away the presence of a secret message. Therefore, this image stego technique is known as LSB RGB steganography. LSB stands for least significant bit—the bit representing the ones place (20) in each byte. LSB RGB techniques can be used to encode up to one secret message bit per image byte. It is not uncommon for images to be several megabytes in size, and this allows a significant number of secret message bits to be encoded, making this technique very efficient. It is even possible to encode a secret image within an image! Besides steganography for message passing, another major use is in creating covert channels. As discussed in Section 4.1.4.1, hackers may use a covert channel to exfiltrate data off a network. This makes exfiltration slower and more complex, but it lowers the risk of detection. Steganography is also used locally on computers to conceal the presence of sensitive data. For example, a hacker may store incriminating evidence on a hard drive using steganographic techniques instead of just relying on cryptography. Using cryptography can reveal that he has something to hide and risks that the encryption could be cracked or the key could be discovered or coerced from him. On the other hand, if investigators only find unencrypted data and do not detect the use of steganography, they may be more likely to believe the suspect’s pleas of innocence. In Poe’s short story, “The Purloined Letter,” the police suspect a villain is in possession of a blackmail letter and turn his apartment upside down looking for it, but it turns out it is hiding in plain sight right out on his desk—he was depending on steganography to protect him. There are an infinite number of other ways to use computers to encode secret messages in all types of files including images, audio, video, and as we saw in Section 4.1.4.1, in network traffic. Algorithms have been developed to detect when steganography is being
RkJQdWJsaXNoZXIy MTM4ODY=