WEBVTT

0
00:01.050 --> 00:02.730
Hello guys and welcome!

1
00:03.060 --> 00:06.050
We start a series of lectures on a steganography.

2
00:06.660 --> 00:12.850
Maybe you wonder what Steganography is;  is it in fact stenography

3
00:12.890 --> 00:14.600
and I made a mistake?

4
00:14.600 --> 00:17.970
No, actually there is no mistake here!

5
00:18.170 --> 00:26.780
While stenography is the skill or work of recording spoken works by writing them down in shorthand and

6
00:26.780 --> 00:34.970
later transcribing them using a machine such as a typewriter Steganography is something completely different.

7
00:35.690 --> 00:45.320
It's the art of hiding secret information in plain text or in clear sight. Steganography tools can

8
00:45.380 --> 00:54.710
easily embed secret files into images, movies, audio files or other file formats. Let's

9
00:54.710 --> 00:59.510
take a look at this picture that I've taken using my mobile phone.

10
00:59.540 --> 01:01.850
Do you notice something strange?

11
01:02.060 --> 01:03.540
I suppose not!

12
01:03.590 --> 01:06.750
You are just seeing a lake and some trees, 

13
01:07.010 --> 01:08.840
a common park in the city.

14
01:09.200 --> 01:17.390
But inside this nice image I've hidden the tragedy of Julius Caesar by William Shakespeare.

15
01:17.390 --> 01:20.840
Except for me and the people I choose to tell this,

16
01:20.930 --> 01:29.810
like you, no one could ever imagine that I can post the image somewhere on the Internet and later access

17
01:29.810 --> 01:34.670
the historical play of William Shakespeare easily and in privacy.

18
01:35.820 --> 01:42.670
The word steganography comes from the Greek word “steganos” which means “hidden”


19
01:42.860 --> 01:48.340
and “graph” or “graphia” which means writing. Let me tell you a nice story!

20
01:48.540 --> 01:52.330
One of the first recorded use of steganography

21
01:52.380 --> 02:00.780
is when Herodotus mentions how a Greek ruler sent a message to his vessel by shaving the head of his

22
02:00.780 --> 02:08.680
most trusted servant marking the message onto his scalp then sending him on his way

23
02:08.770 --> 02:17.800
once his hair had regrown! Nowadays though we make use of the modern techniques and we insert secret

24
02:17.800 --> 02:26.820
files into other files. Maybe you wonder why someone would use steganography when there are so many strong

25
02:26.970 --> 02:33.170
encryption algorithms available, so strong that virtually no one can ever track them.

26
02:34.430 --> 02:36.590
The answer is very simple!

27
02:36.680 --> 02:45.040
Even though the encryption is so secure it doesn't actually hide the existence of the message. Anyone

28
02:45.040 --> 02:48.280
can see that an encrypted message has been sent

29
02:48.280 --> 02:56.170
and even though no one can read it merely communicating a secret can trigger alarms and make others

30
02:56.170 --> 02:57.610
suspicious.

31
02:57.660 --> 03:04.630
Once a third party determines that you are communicating in secret they can force you or the person

32
03:04.690 --> 03:11.650
you are communicating with to tell them what you are hiding or they can simply intercept the communication

33
03:11.920 --> 03:14.860
and destroy the encrypted message.

34
03:14.860 --> 03:17.590
This is where steganography comes in.

35
03:17.590 --> 03:25.510
Unlike cryptography the purpose of Steganography is to hype even the mere existence of the message that

36
03:25.510 --> 03:30.990
is being sent. Let's see step by step how it really works!

37
03:31.010 --> 03:33.680
First the secret file is encrypted.

38
03:33.680 --> 03:40.370
This is not mandatory but this highly recommended and mainy steganography tool do that automatically

39
03:40.370 --> 03:41.190
for you.

40
03:41.240 --> 03:45.340
The file that is hidden is called “embedded file”.


41
03:45.410 --> 03:54.110
Then the information (encrypted or in clear text) is embedded into a cover file according to an algorithm

42
03:55.240 --> 03:56.700
in most cases.

43
03:56.710 --> 04:00.430
This is an image an audio or video file.

44
04:00.430 --> 04:08.560
The steganography algorithm decides how to hide data and how to randomize the placement of the data

45
04:08.830 --> 04:17.590
in such a way that the cover file remains visually the same; if someone is looking simultaneously at

46
04:17.600 --> 04:24.940
the original cover file and at the file that contains the embedded message he would see no difference

47
04:25.000 --> 04:26.010
at all.

48
04:26.050 --> 04:34.370
The cover file that contains the script the message or the embedded file is called “stego file”. After

49
04:34.370 --> 04:40.510
the secret file was embedded the “stego file” is sent normally to the destination.

50
04:41.090 --> 04:49.430
If the “stego file” file is anemic the user can post this and other images on a website form or simply send

51
04:49.430 --> 04:51.770
them in clear text per email.

52
04:52.580 --> 05:00.370
If someone such as an attacker captures the traffic he won't be suspicious because it's just an image.

53
05:00.380 --> 05:04.910
Eventually the user sends more images is a distraction.

54
05:06.200 --> 05:12.440
The steganography algorithm should be strong enough so that no one could tell the difference between

55
05:12.470 --> 05:17.290
the initial image and the one that contains the secret message.

56
05:17.750 --> 05:24.200
And even if somehow the attacker is strong enough to extract the embedded message this will be encrypted

57
05:24.200 --> 05:24.660
anyway.

58
05:26.570 --> 05:29.200
Take a look at these two images.

59
05:29.270 --> 05:36.350
The origin alone and the one that contains the historical play of William Shakespeare.

60
05:36.350 --> 05:43.270
I'm sure you won't see any visual difference, no matter how close you look and how much you zoom in.

61
05:52.420 --> 05:53.640
They look the same.

62
05:55.490 --> 05:57.110
At the destination

63
05:57.110 --> 06:04.460
the one that knows that there is a hidden message there applies the same steganography algorithm and

64
06:04.520 --> 06:07.370
extracts the message. Most of the time

65
06:07.460 --> 06:14.520
he needs a secret key that was previously shared with him to extract and then decrypt the message.

66
06:14.600 --> 06:16.310
I'll show you in a short while

67
06:16.400 --> 06:17.730
a practical example.

68
06:18.840 --> 06:25.230
Now that we've seen what Steganography is and how it can be used maybe you wonder how someone could

69
06:25.230 --> 06:32.410
modify an image or an audio file without anyone else to find out that there is a secret hidden.

70
06:32.550 --> 06:39.600
If you use an audio file as the cover file you should know that there are a lot of frequencies too high

71
06:39.870 --> 06:48.180
or too low that the human ear cannot detect anyway. So modifying those frequencies doesn't change

72
06:48.210 --> 06:50.490
the way it normally sounds.

73
06:50.700 --> 06:57.660
Or if you take an image you should know that there are a lot of pixels that cannot to be seen by the

74
06:57.660 --> 07:04.980
human eye and if those pixels are modified the picture will still look the same. At the end

75
07:05.010 --> 07:06.480
of this lecture

76
07:06.540 --> 07:10.280
let's see what are use cases of steganography.

77
07:11.180 --> 07:19.160
It's useful in situations where sending encrypted messages might raise suspicion such as in countries

78
07:19.160 --> 07:22.490
where free speech is suppressed.

79
07:22.560 --> 07:30.360
It's also frequently used as a digital watermark when the owner or the copyright holder embeds a secret

80
07:30.360 --> 07:36.790
message into a media to find when images or audio files are stolen.

81
07:36.810 --> 07:45.060
You can also use steganography to embed a private key like the one used by ssh or by crypto currencies

82
07:45.360 --> 07:52.050
or any other secret files like the one that contains passwords or other sensitive information in an

83
07:52.050 --> 07:58.930
image and then post that image somewhere on the Internet where it's always available.

84
07:58.970 --> 08:04.330
It's like a backup but a very very secure one. No matter where you are

85
08:04.380 --> 08:12.320
you will be able to access the secret information. Or imagine that you want to take with you a secret

86
08:12.320 --> 08:21.080
document. You don't want to use a USB stick that can be easily discovered or sent the document by e-mail.

87
08:21.140 --> 08:27.010
You can simply embedded in an image and do whatever you like with that image.

88
08:27.050 --> 08:34.280
Note that if you post a photo on a website like Facebook or Instagram there is the risk that the image

89
08:34.340 --> 08:42.320
will be automatically scaled and that means changed! The embedded message will be lost.

90
08:42.350 --> 08:45.620
The stego file  has to remain unchanged.

91
08:46.580 --> 08:54.870
At the end of this video let me demonstrate to you that the tragedy of Julius Caesar was indeed hidden

92
08:55.100 --> 08:56.990
in that image.

93
08:56.990 --> 08:59.930
This is the image img.jpg

94
09:06.350 --> 09:07.340
It's the imagine

95
09:07.460 --> 09:18.680
you have already seen! I use a steganography tool called steghide like this: steghide extract 

96
09:18.800 --> 09:22.340
-sf from stego file and the image

97
09:25.050 --> 09:28.080
and I'm entering the secret passphrase

98
09:33.470 --> 09:40.700
And the secret has been extracted! It wrote extracted data to julius_caesar_ws.txt

99
09:43.660 --> 09:49.380
This is the file! It's of the entire historical play of William Shakespeare!

100
09:52.620 --> 09:59.660
In the next lectures will dive deeper into steganography and I'll also show your many live examples.