Steganography is the art of concealing the existence of hidden data inside cover mediums without effecting their functionality. It's been around ever since there was a need to protect the private information.
As the way people exchanged information evolved, so did the ways of information hiding changed with time.
There's been a lot of research work done on hiding information inside cover mediums like images, audio files and videos. These are all static storage mediums and the amount of data which can be hidden remains limited depending on the cover medium.
The latest vector in the field of Steganography is Network Protocols. Instead of using the cover medium to propagate the hidden message, the communication protocols which govern the path of cover mediums on the network are used to send the hidden message.
This has 2 major advantages. One being, the capacity of information hiding depends on the duration for which the communication in the network lasts. Also, unlike cover mediums like images and audio files, where a forensic investigator can perform steg analysis on the data to detect the presence of any hidden message. In case of Network Steganography, there must be a complete network capture of the activity between the sender and receiver to be able to conclude any covert communication channel. This is very unlikely.
The most significant research done in this field till date is by Polish Network Security researchers from the Warsaw University of Technology.
An in-depth understanding of the Network Protocols is required to implement Network Steganography.
Recently, one of the implementations which caught my attention was StegSuggest. Here, hidden data is transmitted by modifying the Google Search Suggestions returned by GoogleSuggest Server. Words are inserted at the end of Google Search Suggestions. These words carry the bits of steganogram.
Google Suggest was a feature developed based on AJAX to help an end user in choosing the right search phrase based on what they input.
The attacker can modify the search suggestions returned by Google Suggest Server to the Google Suggest Client by adding frequently used words at the end of these search suggestions.
To prevent any disclosure of steganography words embedded in the google search, a codebook is utilized to insert words. This codebook comprises of the 5000 most frequently used American English words as they appear on www.wordfrequency.info
In order to avoid any suspicion, this codebook is further refined by filtering out pronouns, prepositions and homograms. Reason being, the steg suggest words are added to the end of google search suggestions.
The 2 key protocols which are involved in this setup are HTTP and TCP. The Window Scale and Timestamp options of the TCP header message are altered to establish the covert communication channel.
HTTP protocol is involved in GoogleSuggest. Everytime, an end user types in a letter in the Google Search Bar, an HTTP GET Request is sent to the Google Suggest Server. It returns an HTTP 200Ok Response with 10 most popular suggestions according to the Google Query.
A video demonstration of this method can be found here:
http://www.youtube.com/watch?v=TanWj2fh2co
Listening Now: Adele - Rolling In The Deep
|
This entry was posted on Friday, October 07, 2011 and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
1 comments:
Steganography is very useful.But rather than mango man terrorist are more interested in this because they use it in sending there important messages to there followers.
electronic signatures