Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity [Wikipedia].
Few months ago, I was drafting an article about Cryptography. In my draft I wanted to expand the use of Cryptography to not only to cover Confidentiality but likewise Integrity. I began to write in the lines about Public Key Infrastructure; the use of digital signature to encrypt as well as to sign messages. In my search for an email from a friend, I came across an unsent email from my Drafts folder. An old email more than four years ago titled Steganography. In my email were two images. One original and one was stego file. I recall I planned to send to my classmate for our Steganography research. So about less than five years later, here I am talking about the same “art”. Ah, the art and science of steganography.
Earlier this year, I attended a Product Advisory Council meeting from McAfee. One of the future product integration they are adding to their suite of Security products is the Data Leakage Protection, from the acquisition of Reconnix.
The DLP, be it a Host or Network addresses the detection of file that could be leaking out from a confidentiality standpoint within the company. One of the concerns I have brought up was the detection steganography. As you can see, even sophisticated technology could lack in the ability to decrypt or guess the algorithm used in the steganography.
It is not the scope of this article to cover how steganography is performed or ways to accomplish it. Likewise, this article is not going to list down available steganography tools to perform this. In searching the Internet, you could probably find many articles about this and the tools available as well as countermeasures.
Raichel Sharon
Rogue Spyware
Hogan
Angel...... On board.
Rex
Petrie P.
Ganesh