Posts tagged with “confidentiality”

The Art of Steganography

Saturday, 27 June, 2009

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity [Wikipedia].

Few months ago, I was drafting an article about Cryptography. In my draft I wanted to expand the use of Cryptography not only to cover Confidentiality but likewise Integrity. I began to write along the lines about Public Key Infrastructure; the use of digital signature to encrypt as well as to sign messages. In my search for an email from a friend, I came across an unsent email from my Drafts folder. An old email dated more than four years ago titled Steganography. In my email were two images. One original and one was stego file. I recall, I had planned to send it to my classmate for our Steganography research. So about less than five years later, here I am talking about the same “art” – the art and science of steganography.

Earlier this year, I attended a Product Advisory Council meeting from McAfee. One of the future product integration they are adding to their suite of Security products is the Data Leakage Protection, from the acquisition of Reconnix.

The DLP, be it a Host- or Network-based addresses the detection of file that could potentially leaked out from a confidentiality standpoint within the company. One of the concerns I have brought up was the detection of steganography. As you will see, even sophisticated technology fall short in the ability to decrypt or guess the algorithm used in the steganography.

It is not the scope of this article to cover how steganography works or ways to accomplish it. Further, this article is not going to list down available steganographic tools to perform this. In searching the Internet, you could probably find many articles about this and the tools available as well as countermeasures.

Read the rest of this entry »