WEBVTT

0
00:02.410 --> 00:03.730
Welcome back!

1
00:03.730 --> 00:07.750
Now that you have enough knowledge about how steganography works.

2
00:07.870 --> 00:12.450
Let's get started with the practical part.

3
00:12.600 --> 00:18.750
I'll show you a tool called steghide which is the steganography program that is able to hide the

4
00:18.750 --> 00:28.730
data in various types of image and audio files  like jpg, bmp, wav and au file formats. Steghide

5
00:28.950 --> 00:37.140
uses a graph theoretic approach to steganography and can be installed on Linux, Windows or Mac

6
00:37.140 --> 00:42.600
OS. On Kali Linux or any other debian based distribution

7
00:42.620 --> 00:48.560
you can simply install steghide by executing apt install steghide.

8
00:55.970 --> 00:56.530
Okay!

9
00:56.570 --> 00:57.500
It was installed!

10
01:04.080 --> 01:07.040
We notice that it has a lot of options.

11
01:10.570 --> 01:17.170
In this example img.jpg will be the cover file and julius_ caesar.txt

12
01:17.190 --> 01:27.190
the embedded file. I want to embed or to hide this txt file in the jpg image. At first

13
01:27.190 --> 01:30.850
the secret data is compressed and encrypted.

14
01:31.000 --> 01:38.860
Then a sequence of positions of pixels in the cover file is created based on a pseudo random number

15
01:38.860 --> 01:42.550
generator initialized with the passphrase.

16
01:42.790 --> 01:48.770
The secret data will be embedded in the pixels at the those positions.

17
01:49.070 --> 01:56.620
If those positions do not need to be changed because they already contain the correct value by chance

18
01:57.030 --> 02:00.310
are sorted out. For audio files

19
02:00.310 --> 02:08.680
the algorithm is the same except that audio samples are used instead of pixels. By default encryption

20
02:08.680 --> 02:17.140
algorithm is advanced encryption standard which is an extremely strong encryption algorithm. If you want

21
02:17.170 --> 02:26.510
to dive deep or into how a  steghide  works read its man page;  this is its man page! You'll find here a lot

22
02:26.510 --> 02:36.560
of the information. For the following example I have as a cover file the same picture you've already

23
02:36.560 --> 02:45.610
seen in the previous lecture. I took it by myself using my phone. Inside this picture I'll embed the

24
02:45.610 --> 02:49.350
tragedy of Julius Caesar by William Shakespeare.

25
02:53.180 --> 03:01.980
I've downloaded it from the Gutenberg Project as a text file. This is the Shakespeare's play. I recommend

26
03:01.980 --> 03:08.820
you to have both files in the same directory, the directory where you'll execute steghide. I have

27
03:08.910 --> 03:18.880
them in the home directory of Kali user in another director recalled Spago. In the steganography process

28
03:19.120 --> 03:26.290
the cover file will be changed so I'll make a copy of it. I want to have the original as well.

29
03:28.020 --> 03:36.860
So cp, the file and the copy will be named img_original.

30
03:37.440 --> 03:45.930
Now both images are the same and we can always check these by calculating their hashes, like this.

31
03:50.070 --> 03:58.270
It's the same hash so the files have the same contents. Let's see what's the capacity of the carrier file,

32
03:58.290 --> 04:00.680
the cover fight.

33
04:00.680 --> 04:15.310
Steghide info img.jpg and we see its capacity, almost 140 kilobytes. Let's embed the

34
04:15.310 --> 04:29.370
secret file into the cover file: steghide embed -cf from cover file and the cover file -

35
04:29.460 --> 04:42.220
ef from embedded file and the embedded file and that's all; I am hitting enter. Now it's asking for a passphrase.

36
04:42.480 --> 04:51.210
Always use a strong password of at least 12 random characters or if you use a passphrase use at least

37
04:51.240 --> 04:53.460
six or seven random words.

38
04:59.150 --> 05:08.170
Okay, it's done! The secret file was embedded! Now let's open

39
05:08.210 --> 05:11.200
both images.

40
05:11.210 --> 05:13.070
This is the modified image,

41
05:13.070 --> 05:18.910
the one that contains the secret and this one is the original file.

42
05:23.060 --> 05:25.890
I'm switching between them.

43
05:26.010 --> 05:32.300
They look the same to the naked eye.

44
05:32.320 --> 05:35.710
How could someone detect that there is a secret message

45
05:35.740 --> 05:37.470
hidden in such a file?

46
05:38.540 --> 05:46.040
The easiest way is to compare the stego file, the file that contains the message to the original file

47
05:46.250 --> 05:55.650
using a hash algorithm. There are changed bits in the stago file so its hash will be different.

48
05:55.670 --> 05:57.390
Let's see their hashes!

49
06:01.150 --> 06:03.110
And it's different.

50
06:03.160 --> 06:10.960
We notice that the hashes of these two files are different so that means the files are different.

51
06:11.380 --> 06:18.220
But if it's so simple to detect the existence of a hidden message what's the purpose of steganography

52
06:18.220 --> 06:19.600
after all?

53
06:19.630 --> 06:27.250
In this example I have created a copy of the original image on purpose, to make my point and show you

54
06:27.250 --> 06:35.740
this. But in a real world steganography use case you should always use unique images.

55
06:35.740 --> 06:42.790
There should be no original image that someone can compare the stego file to. Any image that is taken

56
06:42.800 --> 06:47.210
using a digital camera is theoretically unique.

57
06:47.360 --> 06:50.150
You cannot take the same image again.

58
06:50.240 --> 06:53.570
There will be a small difference in light colors and so on.

59
06:54.540 --> 07:03.300
Or a print screen could be also unique! Being unique means that there is no other image to compare to.

60
07:03.480 --> 07:05.550
And we've solved the problem.

61
07:05.880 --> 07:10.500
The second way someone can detect that a file contains a secret

62
07:10.500 --> 07:19.350
image is by using Steganalysis. Steganalysis is the study of detecting hidden messages using

63
07:19.410 --> 07:21.120
steganography.

64
07:21.120 --> 07:25.920
This is analogous to Cryptanalyses applied to cryptography.

65
07:25.950 --> 07:31.500
The problem is generally handled with statistical analyses.

66
07:31.530 --> 07:40.920
In practice however it's extremely complicated to break steganography. Let's move on and try to extract

67
07:40.950 --> 07:45.260
the secret file in the current working directory

68
07:45.270 --> 07:48.840
there is also the original file I have embedded.

69
07:49.080 --> 07:53.960
I'm gonna rename it so it won't be overwritten in the extraction process.

70
07:59.450 --> 08:10.700
Perfect and I'm extracting the embedded file: steghide extract - sf from stago file and the

71
08:10.700 --> 08:18.590
name of the stago file img.jpg. It's asking for the same passphrase

72
08:23.230 --> 08:28.270
and the file was extracted. Let's see if it's the same file.

73
08:33.180 --> 08:38.030
Okay, it seems it's the tragical play of William Shakespeare.

74
08:40.870 --> 08:49.360
I want to be 100% sure that the file was extracted entirely so I'm checking the hash of both

75
08:49.360 --> 08:49.930
files.

76
08:55.230 --> 08:59.710
And it's the same hash and that means it's the same file.

77
09:00.600 --> 09:04.750
OK that's all about the staghide and steganography.

78
09:05.310 --> 09:05.840
Thank you!