STEGANOGRAPHY AND CYBER CRIME

By Julius Njiraini.

Steganography is one of the methods of secret communication that hides the existence of a hidden message. It an art and science of invisible communication that usually hides the existence of the communicated message. The hidden message may be text, image, audio, video, etc. The files can be a cover image after inserting the message into the cover image using stego-key which is also known as stego-image. Steganography is now more important due to the exponential growth and secret communication of potential computer users on the internet. There are various steganography techniques, its applications, how it is different from cryptography. Steganography software allows both illicit and legitimate users to hide messages so that they will not be detected in transit. Now a day, a lot of applications are Internet-based and in some cases and it is desire of the user to make communication secret. There are two techniques are available to achieve this goal. One is cryptography, where the sender uses an encryption key to encrypt the message, this encrypted message is transmitted through the insecure public channel, and decryption algorithm is used to decrypt the message. The reconstruction of the original message is possible only if the receiver has the decryption key. The second method is steganography, where the secret message is inserted in another medium.

Steganography is the art of hiding information through original files in such a manner that the existence of the message is unknown. The term steganography comes from Greek word Steganos, which means, “Covered Writing”. The original files can be referred to as cover text, cover image, or cover audio. After inserting the secret message it is referred to as stego-medium. A stego-key is used for hiding process to restrict detection and/or recovery of the embedded data. While cryptography protects the content of messages, steganography hides the message so that intermediate persons cannot see the message.

The four main categories of file formats that can be used for steganography are:

Text

Hiding information in a text is the most important method of steganography. The method hides a secret message in every nth letter of every word of a text message. After booming of the Internet and different type of digital file formats it has decreased in importance. Text stenography using digital files is not used very often because the text files have a very small amount of redundant data.

Images

Images are used as the popular cover objects for steganography. A message is embedded in a digital image through an embedding algorithm, using the secret key. The resulting stego image is sent to the receiver.On the other side, it is processed by the extraction algorithm using the same key. During the transmission of stego image, unauthenticated persons can only notice the transmission of an image but can’t guess the existence of the hidden message.

Audio

Audio stenography is masking, which exploits the properties of the human ear to hide information unnoticeably. An audible, sound can be inaudible in the presence of another louder audible sound.This property allows the selection of the channel in which to hide information

Protocol

The term protocol steganography is embedding information within network protocols such as TCP/IP. We hide information in the header of a TCP/IP packet in some fields that can be either optional or are never used.

MODERN APPLICATION

By offering sophisticated services and centralizing a huge volume of personal data, modern smartphones changed the way we socialize, entertain and work. A complex hardware/software framework leads to a number of vulnerabilities, attacks, and hazards that aids in profiling individuals or gather sensitive information. This popularity is mainly driven by a multi-functional flavor combining many features, such as a high-resolution camera, different air interfaces (e.g., Bluetooth, 3G and IEEE 802.11), and Global Positioning System (GPS) into a unique tool. To handle the hardware, the typical Operating System (OS) has architecture very close to the one used on desktops. A key reason of this huge success is the advancement of cellular connectivity, allowing users to interact with high-volume or delay-sensitive services while moving, e.g., through the Universal Mobile Telecommunications System (UMTS), or the Long Term Evolution (LTE). Proper support of fragmented traffic jointly with the availability of energy-efficient Graphics Processing Units (GPUs) make them also an excellent platform for online gaming.

Techniques of steganography can also be distinguished by the level of encryption. The least secure level, which does not require the exchange of a cipher such as a stego key, is pure steganography. The effectiveness of keeping the stego message secure relies only on the ability of the message to remain undetected. Using a secret stego key prior to communication makes the message more secure, but can also raise suspicions because an exchange of the secret stego key must precede the transmission of the carrier with the stego message. Consequently, there is a tradeoff between probability of detection on one hand, and the security of the embedded message if detected. The most secure technique uses a private and a public key to secure the message embedded in the carrier. The stego message is embedded with the use of a public key, and the message extracted with a private key. As in public key encryption, there is no need to exchange keys and therefore the risk of detection is not increased. It must also be emphasized that the keys in secret key steganography and public key steganography only serve to augment the execution of the steganography application, and do not constitute the use of encryption.

DIGITAL FORENSICS ISSUES

Digital Forensics Digital forensics focuses on the preservation and analysis of digital evidence. Which is  “the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.” As steganography becomes more widely available and the amount of data on local machines and Internet increases, the issue of detection of the use of steganography by digital forensics personnel becomes increasingly important. In theory, this should be evaluated in any type of case involving computer use. In practice, most cases will involve audiovisual files, such as in child pornography. However, cases of industrial espionage and fraud could be encountered.  Approaches in Forensic Steganalysis employ many techniques Detection of software may be discovered on computer equipment under investigation. The Steganography Application Fingerprint Database (SAFDB) currently contains identifying information on 625 applications associated with steganography, watermarking, and other data-hiding applications. Similarly, the National Institute of Standards and Technology (NIST) maintains a list of digital signatures in the National Software Reference Library, some of which are for steganography software. Even when software has been removed, traces can sometimes be found in places like the Windows registry or in system backup files. When steganography software installation has been identified, malicious intent should be assumed until proven otherwise. Detecting pairs of carrier files and stego files can be used for steganography where digital forensics experts can detect files with similar visual properties but different file sizes, hash values, and statistical properties. If files have been deleted, they may be retrieved from the Recycle Bin or similar Trash container, or even reconstructed with special Journal of Digital Forensics, Security and Law, Vol. 3(2) 27 forensics tools for file recovery. A keyboard can be an additional method of detection by using a list of keywords to search for file names and content in program files and data files. The list should be specific with regard to steganography. For instance, the search term “steg*” can be used to identify steganography. The effectiveness and efficiency of detection, while preventing false positives and false negatives, depends on the quality of the keyword dictionary.  Lately Specialized Steganalysis Software detection tools targeted specific applications – frequently the same applications used for steganography. The more recent software claims to detect stego files created with a wide variety of programs. One of these is Stegdetect 0.6, which uses linear discriminant analysis to locate probable images with hidden content by comparing them with a set of normal images.  A second common tool is Stego Suite which combines increasingly intense levels of detection with content cracking tools. The third example is the recent release of StegAnalyzerAS which uses the values stored in the SAFDB to identify potential stego files. A comprehensive list of steganography tools is maintained at http://www.jjtc.com/Steganography/tools.html.

Physical crime scene investigation can reveal useful information. Passwords used for steganography tools can be written on notes stuck under keyboards, and environmental objects can generate clues about potential passwords. Though steganography tools may be used for legitimate business applications such as protecting strategic corporate information during transmission, they have emerged as a significant issue to forensic investigators and others who are concerned with malicious and illegal uses. As steganography tools become more widely available and easier to use, protection against malicious use demands attention, and the balance between protection from illicit use and interference with legitimate use emerges as a new challenge.

LEGAL ISSUES AND CHALLENGES

Laws involving technology are difficult to enact and even more difficult to enforce in the Internet age. Many Internet communications creates the issue of jurisdiction. What may be illegal in one jurisdiction may be legal in another. In 1952, the United States enacted Section 1343 of the Federal Criminal Code. It included a wire fraud provision, which was later extended to encompass the Internet. Using any part of the telecommunications system in a criminal act is now a federal offense. Court orders must be obtained from a judge to monitor phone conversations, but the order applies to a specific phone number only. Criminals can easily bypass this by using disposable cell phones. Other new technologies, such as the voice over Internet protocol (VoIP), pose new challenges. Internet Telephony breaks phone conversations into data packets, sends them over the Internet, and reassembles them at the destination. To monitor this traffic, a few central locations would have to be set up where voice streams could be diverted and then be copied before resending them to the intended destination.

Privacy vs. Security

A delicate balance exists between loss of personal privacy and the greater good of society. Groups like the American Civil Liberties Union (ACLU) have opposed law enforcement monitoring of communications. The ACLU’s position on privacy and technology is that there is risk of becoming a surveillance society. ƒ The tremendous explosion in surveillance-enabling technologies. George Orwell’s vision of ‘Big Brother’ has now become technologically possible.

CONCLUSIONS AND RECOMMENDATIONS

Steganography has a long history of both legitimate and illicit uses. With rapid development and improvements of information technology, the potential for use and abuse will continue to increase. Some legitimate uses exist, but the focus has been predominantly on detection of abuse and illicit use. Legal restrictions are difficult to enforce, therefore Information Technology (IT) staff charged with organizational security should act proactively by seeking management support to limit or banish use of steganography that has no distinct organizational benefit. The specifics of the limitations should be incorporated as an integral part of the organizational policies and procedures and should be actively enforced. If a ban on all steganographic software is not possible or desirable, specific exceptions of applications, individuals, and/or job categories allowed to use the software should be explicitly specified. To foster active prevention, managers must establish organizational policies which discourage or ban the use of steganography. Furthermore, these policies must be instantiated with specific procedures and guidelines that are communicated to all employees and other stakeholders during initial and ongoing routine Security Awareness, Training, and Education (SATA) programs. Compliance with these policies and procedures must be actively enforced as part of the organizational IT governance mechanisms. Networked computers can be actively scanned for steganographic software, similar to scanning for computer malware infections and scanning for proper software versions and patches. Network traffic can be scanned as it enters and leaves the organizational network boundaries, similar to scanning for email security threats. Finally, Technical Support staff can be instructed in identification of banned software, as well as the proper organizational procedures when it is found. In cases of steganography uses in crimes or organizational espionage, where law enforcement investigators or organizational IT staff members (respectively) may lack the specific expertise, managers should consider bringing in the expertise of digital forensics professionals. Recommendations for specific steganalysis tools are likely to become rapidly stale as technology progresses, but a good starting point for selecting the proper tools could be to start with the major commercial steganalysis vendors in combination with the information in the Steganography Application Fingerprint Database and the National Software Reference Library. Together, these sources would provide optimal capability to detect and possibly decipher steganographic content. In any case, law enforcement and IT staff should consider that steganography may have advanced too far to be handled by non-security specialists, and that the specialized services of digital forensics professionals may be needed. Finally, individual users should consider that the steganography technology has advanced well beyond the use by amateur enthusiasts.

JULIUS NJIRAINI

COMPUTER SECURITY AND FORENSICS CONSULTANTS

0724293490

Njiraini2001@gmail.com