Steganography – CompTIA Security+ SY0-501 – 6.1

Sometimes, the information you need is hidden in plain sight. In this video, you’ll learn how steganography can be used to store and hide information.

<< Previous Video: Cryptographic Keys Next: Stream and Block Ciphers >>

The process of obfuscation is when you take one particular topic and you make it much more complex to understand. This isn’t like encryption where the information is completely impossible to understand. It’s simply making it more difficult to read or more difficult to follow. A good example of obfuscation is sometimes done with source code. Instead of having the source code as something that might be easily readable, many developers will obfuscate the code to make it much more difficult to follow the logical flow.

One type of obfuscation that works with images is called steganography, where you’re hiding information within a picture. The term steganography derives from the Greek for “concealed writing.” And this is a method of security through obscurity, because if you knew where the message was inside of the image, it would be very easy to read.

When you do embed information, like this text, inside of an image, it is impossible to see. You would have to use specialized steganography software to embed this information inside of the image and use a similar form of that software to extract that information from the image. We refer to this container document, or file, or image as the covertext. And that’s where we’re going to be storing all of our data.

There are many different ways to obfuscate data using a different type of medium. For example, you could embed messages inside of network packets themselves, and then use specialized software, or packet-capturing software, to be able to retrieve the messages inside of the packets. Of course, we could use steganography to embed information inside of an image.

And you might also have steganography used on your laser printers. With printer steganography you’ll find that laser printers will put yellow dots on the page that identifies the exact printer and perhaps date, and time, and other forensic information. So if somebody received a piece of paper, they would be able to tie it back to a specific printer.

You can almost see the yellow dots on this image. If I reverse the image, you’ll see the dots are now blue. You should be able to look at an output from your laser printer. And if you look carefully, you’ll be able to see the dots on your output as well.