Esteganografia

Definição: Técnica utilizada para camuflar a mensagem dentro de outra mensagem, sem que ninguém perceba(a não ser o receptor). É importante notar que esteganografia difere-se de criptografia uma vez que a existencia da informação é clara para todos os usuários, apenas o conteúdo que é obscuro, o que não acontece na esteganografia.

Com o advento dos meios digitais, esteganografia ampliou suas aplicações (ex: valor da cor de cada um dos 100 pixels dentro de uma imagem podem representar uma letra de um alfabeto).

Estegano, do grego “steganós”, significa “oculto” ou “misterioso”. Esteganografia é a escrita em cifra (código), com caracteres convencionais (letras e/ou números) ou especiais (símbolos), de textos ocultos. Hoje ela passou a incluir a ocultação de mensagens em arquivos eletrônicos de som, imagem ou texto.

Arquivos digitais, de maneira geral, possuem áreas não utilizadas, ocupáveis por informação adicional. A mensagem esteganografada só pode ser lida por quem saiba onde ela está e conheça o código para decifrá-la. Um texto pode ser oculto, por exemplo, numa figura.
Uma importante aplicação moderna da esteganografia digital é como “marca d’água”, mensagem oculta de direitos autorais, usada juntamente com uma “impressão digital” do produto, número de série ou conjunto de caracteres que autentica uma cópia legítima. A falta da “impressão digital” aponta violação de direito autoral e a ausência da “marca d’água” comprova o fato.
No dinâmico mundo digital, já existem programas (“softwares”) comerciais para que leigos possam esteganografar textos. O usuário disponibiliza uma imagem com um texto codificado num “site”. Em seguida avisa os destinatários para que visitem o “site”. Através do mesmo aplicativo, os destinatários decodificam o texto escondido na figura. O software não deixa marcas das operações realizadas, desabilitando temporariamente o histórico do navegador e apagando os dados do cache quando o programa é fechado.
A esteganografia digital desperta tamanho interesse que já é objeto de “workshops” internacionais sobre “ocultação de informação”. A comunidade interessada (empresas, governos e universidades) realizará seu quinto encontro anual em Noordwijkerhout, Holanda (de 7 a 9 de outubro de 2002). Nesse meio, é de interesse a ocultação da informação ou, ao reverso, como neutralizar essa possibilidade. Muito do desenvolvimento da esteganografia digital aconteceu em função da necessidade de proteção da propriedade intelectual.

Áreas de aplicação são:

• a comunicação anônima,
• comércio eletrônico,
• sigilo dos sistemas de computação,
• detecção de informação oculta,
• urnas eleitorais digitais,
• privacidade & ocultação de informação e
• cifragem & decifragem.

Como nota final, após essas considerações sobre a modernidade da ocultação de textos, é interessante apontar que uma das discussões mais acaloradas entre historiadores da esteganografia é acerca dos trabalhos de William Shakespeare (Século XVII), que segundo alguns deles defendem, teriam sido realmente escritos por Francis Bacon, levando em conta esteganogramas deixados pelo próprio Shakespeare... -Será?!
A simples referência ao segredo parece dar largas à imaginação de alguns, sugerindo a magia, o mistério e o inacreditável. Assim Dito, E Urdindo, Simploriamente, Quase Um Esteganograma, Eu Utilizo Velho Ordenamento, Usando Esse Método Baseado Onde Rigorosamente Apareceu: na justaposição seqüencial das primeiras letras das palavras de um período...

2) A palavra esteganografia (de origem grega) significa "encoberto, escrito ocultamente".

Its ancient origins can be traced back to 440 BC. Herodotus mentions two examples of steganography in The Histories of Herodotus [1]. Demeratus sent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax. Wax tablets were in common use then as re-usable writing surface, sometimes used for shorthand. Another ancient example is that of Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians. Later, Johannes Trithemius's book Steganographia is a treatise on cryptography and steganography disguised as a book on black magic.

3) Generally, a steganographic message will appear to be something else: a picture, an article, a shopping list, or some other message. This apparent message is the covertext. For instance, a message may be hidden by using invisible ink between the visible lines of innocuous documents

4) The advantage of steganography over cryptography alone is that messages do not attract attention to themselves, to messengers, or to recipients. An unhidden coded message, no matter how unbreakable it is, will arouse suspicion and may in itself be incriminating, as in countries where encryption is illegal.[2] Often times, steganography and cryptography are used together to ensure security of the covert message.

5) Steganography used in electronic communication include steganographic coding inside of a transport layer, such as an MP3 file, or a protocol, such as UDP.

6) A steganographic message (the plaintext) is often first encrypted by some traditional means, producing a ciphertext. Then, a covertext is modified in some way to contain the ciphertext, resulting in stegotext. For example, the letter size, spacing, typeface, or other characteristics of a covertext can be manipulated to carry the hidden message; only the recipient (who must know the technique used) can recover the message and then decrypt it. Francis Bacon is known to have suggested such a technique to hide messages (see Bacon's cipher).

Steganographic techniques

a) Modern steganographic techniques

• Concealing messages within the lowest bits of noisy images or sound files.
  
• Concealing data within encrypted data. The data to be concealed is first encrypted before being used to overwrite part of a much larger block of encrypted data. This technique works most effectively where the decrypted version of data being overwritten has no special meaning or use: some cryptosystems, especially those designed for filesystems, add random looking padding bytes at the end of a ciphertext so that its size cannot be used to figure out the size of the original plaintext. Examples of software that use this technique include FreeOTFE and TrueCrypt.


• Chaffing and winnowing


• Invisible ink


• Null ciphers


• Concealed messages in tampered executable files, exploiting redundancy in the i386 instruction set [3].


• Embedded pictures in video material (optionally played at slower or faster speed).


• A new steganographic technique involves injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data. There is no extra processor or network activity, so the steganographic technique is "invisible" to the user. This kind of steganography could be included in the firmware of keyboards, thus making it invisible to the system. The firmware could then be included in all keyboards, allowing someone to distribute a keylogger program to thousands without their knowledge.[4]


• Content-Aware Steganography hides information in the semantics a human user assigns a datagram; these systems offer security against a non-human adversary/warden.[5]

b) Historical steganographic techniques

Steganography has been widely used in historical times, especially before cryptographic systems were developed. Examples of historical usage include:

• Hidden messages in wax tablets: in ancient Greece, people wrote messages on the wood, then covered it with wax so that it looked like an ordinary, unused tablet.


• Hidden messages on messenger's body: also in ancient Greece. Herodotus tells the story of a message tattooed on a slave's shaved head, hidden by the growth of his hair, and exposed by shaving his head again. The message allegedly carried a warning to Greece about Persian invasion plans. (This method has obvious drawbacks:
  
  - It is impossible to send a message as quickly as the slave can travel, because it takes months to grow hair.
  - A slave can only be used once for this purpose. (This is why slaves were used: they were considered expendable.)


• Hidden messages on paper written in secret inks under other messages or on the blank parts of other messages.


• Hidden messages on paper written in secret inks under other messages or on the blank parts of other messages. (During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Since the dots were typically extremely small -- the size of a period produced by a typewriter or even smaller -- the stegotext was whatever the dot was hidden within. If a letter or an address, it was some alphabetic characters. If under a postage stamp, it was the presence of the stamp. The problem with the WWII microdots was that they needed to be embedded in the paper, and covered with an adhesive (such as collodion), which could be detected by holding a suspected paper up to a light and viewing it almost edge on. The embedded microdot would reflect light differently than the paper.
  More obscurely, during World War II, a spy for the Japanese in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America. She was a dealer in dolls, and her letters discussed how many of this or that doll to ship. The stegotext in this case was the doll orders; the 'plaintext' being concealed was itself a codetext giving information about ship movements, etc. Her case became somewhat famous and she became known as the Doll Woman.
  Counter-propaganda: During the Pueblo Incident, US crew members of the USS Pueblo (AGER-2) research ship held as prisoners by North Korea communicated in sign language during staged photo ops to inform the United States that they had not defected, but had instead been captured by North Korea and were still loyal to the U.S. In other photos presented to the US, the crew members gave "the finger" to the unsuspecting North Koreans, in an attempt to discredit the pictures that showed them smiling and comfortable. [6]
• The one-time pad is a theoretically unbreakable cipher that produces ciphertexts indistinguishable from random texts: only those who have the private key can distinguish these ciphertexts from any other perfectly random texts. Thus, any perfectly random data can be used as a covertext for a theoretically unbreakable steganography. A modern example of OTP: in most cryptosystems, private symmetric session keys are supposed to be perfectly random (that is, generated by a good Random Number Generator), even very weak ones (for example, shorter than 128 bits). This means that users of weak crypto (in countries where strong crypto is forbidden) can safely hide OTP messages in their session keys.