Content:
- Overview
- How it's work
- Using Xidie steganography
- Xidie algorithms, technique and
carrier files
- Carrier files
- Image carriers
- Tiff documents
- Sounds carrier (wave, mp3)
- Microsoft office carriers (Word, Excel, Access, Power Point)
- Other documents (PDF, text, HTML etc, dictionary and subtitles files)
- ADS (Alternate data streams)
- Attach method
- Cookies and scripts (PHP, ASP, ASPX)
- Other carriers (registry, event log etc)
- Set the password and security options
- Using Xidie from Explorer
interface
- More about steganography
Overview
Xidie not only create secure archives for safe storing or secure transferring over the
Internet, for but also allow you to hide these secure archives in places that look totally
innocent like images, sounds, Microsoft Office documents and many others. These types of
files are perfect for hiding documents and nobody will suspects that your important data
are stored into holiday pictures, wave sounds, Excel workbooks or other. This is the
purpose of steganography module: to encrypt your important documents using strong
encryption algorithms and then to hide them into innocent document. Steganography is by
definition the art of hiding messages into another support (like bitmap file, wave files
etc). Although not widely used, digital steganography involves the hiding of data inside a
sound or image file, but many other types of file could be used. Steganalysis is the
process of detecting steganography. Steganalysis usually try to find steganography content
in documents by looking at variances between bit patterns and unusually large file sizes.
The detection of steganographically encoded packages is called steganalysis. The simplest
method to detect modified files, however, is to compare them to the originals. To detect
information being moved through the graphics on a website, for example, an analyst can
maintain known-clean copies of these materials and compare them against the current
contents of the site. The differences (assuming the carrier is the same) will compose the
payload. During the Roman Empire secret information was tattooed on a messenger's shaved
head. When the hair grew back, the messenger was sent out with the secret message on his
scalp and a decoy message in hand. In the IT realm, steganography replaces unneeded bits
in image, sound files or others with secret data. When a message is encrypted, it has no
meanings but is easy to understand that it contains sensitive data. Instead of protecting
data the way encryption does, steganography hides the very existence of the data. And it's
almost undetectable! By combining steganography with encryption we will have one of the
most secure ways to send or store data.
Xidie is one of the most complete, innovative and complex application in steganography
branch. Complete steganographic application. Offer over 50 carrier types including many
new technologies like ADS, Microsoft Office carrier, Registry keys etc. Any other
steganography application doesn't have more then 4-5 carrier type and all of them have
implemented only classical carrier type (images, sounds, HTML and text files). Innovative.
Most of carrier types implemented in Xidie are unique: Tiff and Word, Excel workbooks,
Access databases Registry keys, Microsoft console documents, Event log files Cookies,
subtitles, dictionary and PDF documents Alternate data streams and attaching method with
multiple files carrier.
Unique noise technology on some carrier type Time date stamp: the stego-document have
same date-time stamp as original carrier document Stretch image technology. Multiple files
and folders into a single carrier file regardless files extension. Good compression and
standard encryption algorithms implemented into a simply to use interface.
Top
How it's work
First at all documents are compressed and then encrypted using some traditional
methods. Will result the encrypted document (a single file archived). Then, the carrier
file (also know as cover text or support) is modified in some way to contain the encrypted
document resulting the stego-document. Only the recipient (who must know the technique
used) can recover the encrypted message and then decrypt (must know the password) and
decompress it. After decompression all documents will be recovered.
Top
Using Xidie
Whatever interface you select there are three steps for hiding documents using Xidie:
- Select documents you want to hide. Xidie allow user to hide multiple files and folders
into a single carrier file. You could select one or more files and add them to selection
list. In the Windows dialog window, keep Ctrl taste pressed to select more than one files.
You could also add an entire folder including subfolders and all files.
2_thumb.jpg)
- Set the password and security options. If you use advanced interface you could also
select encryption and digest algorithm. If you use the wizard you couldn't set the
encryption algorithm (it is automate set to AES with 256 bit key). Enter the password or
import it from a key disk (for more info read secure archives topic).
- Hide files. Select the carrier type you want to use. You have over 50 steganographic
carriers available in 11 categories. A detailed list is available in Xidie algorithms,
technique and carrier files section. After selecting the carrier type select the carrier
file and save the output file. To finish the process press the button Hide file. Notice
that on some carrier type you do not need to set the output.
Top
Xidie algorithms, technique and
carrier files
Xidie use all classic algorithms and some new technique original developed.
Carrier files
Image carriers
Xidie support almost any image format. Carrier file could be choose from Bitmap, JPEG,
GIF, PNG or Tiff images. There are two modes from you could choose to hide information in
image carriers: stretched and un-stretched images. Almost all steganography utilities use
un-stretched mode that means the original image and the stego image are the same size.
This technique is vulnerable to comparison tests. Unlike un-stretched technique (which
keep the dimensions of stego file unchanged), stretched technique modify the size of
stego-file according with the dimensions of the message and these file will be immune to
comparison tests. Other advantages: 1. Substitution limits the amount of data that you can
hide to the number of insignificant bits in the file, but using these method you have
practically unlimited amount of data that you could hide in an image limited only by
quality degradation. 2. For small amounts of data you will have a small stego-file even
you use a large image as carrier file. For image carrier files Xidie use substitution
method using LSB technique. Supported image formats: Bitmap (.bmp), JPEG, GIF, PNG. Xidie
have incorporated a "find image utilities" that allow user to quickly find all
images from computer/specific folder in a specific format, to view images and to edit them
(rotate, zoom etc.). Also Xidie could use as carrier files image captured from screen
having incorporate this facilities. User could capture screen and us the captured image as
carrier files in a very simple way with just one mouse click! Other facilities: Image
captured from scanner Image captured from web-cam Image extracted from .avi movies.
Top
Tiff documents
One new carrier file type implemented in Xidie is Tiff files (Tagged Image File
Format). TIFF is a commonly used format for various imaging applications, including those
that scan and fax. For example Microsoft Office Document Imaging uses the TIFF format.
When you scan new documents, they are saved in TIFF format (with a .tif extension). The
main advantage of this format: one document could contain more than one page. Xidie offer
three methods to hide data in Tiff documents: 1. Direct in a tiff document 2. In a new
tiff document using a frame extracted from a tiff document (un-stretched image) 3. In a
new tiff document using a frame extracted from a tiff document (stretched image) Xidie
have incorporated a "find tiff utilities" that allow user to quickly find all
tiff documents from computer/specific folder, to view pages and to edit them (rotate, zoom
etc.) At this moment there is no steganography application that uses Tiff images as
carrier file!
Top
Sounds carrier
There are two sounds formats that you could use as a carrier file in Xidie: Wave sounds
MP3 sounds Also Xidie could use as a sound carrier file wave file directly recorded (a
built-in sound recorder very simple to use) Xidie have incorporated a "find sound
utilities" that allow user to quickly find all wave/mp3 files from computer/specific
folder, Xidie use substitution method for wave sounds and injection method for mp3 file
format.
Top
Microsoft Office carrier
Some of the most commonly used file-formats are Microsoft Office documents. Over 50% of
computers have installed a version of this popular program suite. Yet there is no
steganography application that uses Word, Excel, Power Point documents as a carrier file.
Until Xidie! With Xidie users could select any Office documents as an carrier files:
Microsoft documents Microsoft Excel workbooks Microsoft Access databases Microsoft Power
Point presentations Even that all these carriers have a limited amount of data that could
store, because those formats are so wide-spread, could be excellent carrier files.
Top
Other documents
In this category are several file formats commonly used for communication and/or
storing data. Not all of them are original but some of them are unique (subtitles files,
dictionary files and PDF documents). The steganography technique used differ (injection or
substitution). Supported formats are: Text files (.txt) Rich text formats documents (.rtf)
HTML documents (.htm, .html) PDF (.pdf) Dictionary: tab delimited text format(.txt)
Dictionary format (.lex) Subtitles files in .srt and .sub format
Top
Alternate data streams (ADS)
By using Alternate data streams Xidie could transform any file or folder from your
system into a carrier file regardless file extension or format. Two method available:
attach to a folder or attach to a file. Alternate data streams represents one of the most
secure methods, could hide a large amount of data, it is very quick and very secure.
Practically any file or folder from your system is a potential carrier and to detect it is
very hard. A relatively unknown compatibility feature of NTFS, ADS is the ability to fork
file data into existing files without affecting their functionality, size, or display to
traditional file browsing utilities like dir or Windows Explorer. An alternate data stream
is a special kind of data that can be attached to a file but not in the file on an NTFS
system. The Master File Table of the partition will contain a list of all the data streams
that a file contains, and where their physical location on the disk is. Therefore,
alternate data streams are not present in the file, but attached to it trough the file
table. A typical file contains only a single data stream, called $DATA. This is the data
contained in the file itself, and is not an ALTERNATE data stream, since it is the data
stream itself. When you open a file, by any normal means, you are therefore accessing the
$DATA stream. ADS can store Hard Links, Encryption, Summary Information, etc. However,
these are the uses that the OS has for an ADS. The user, can create a infinity of ADS for
your own usage. Let's see why this is useful. (NTFS is the abbreviation of New Technology
File System - Windows NT's preferred file system). In NTFS, a file consists of different
data streams. One stream holds the security information (access rights and such things),
another one holds the "real data" you expect to be in a file. There may be
another stream with link information instead of the real data stream, if the file actually
is a link. And there may be alternate data streams, holding data the same way the standard
data stream does. Found in all version of NTFS, ADS capabilities where originally
conceived to allow for compatibility with the Macintosh Hierarchical File System, HFS;
where file information is sometimes forked into separate resources. Alternate Data Streams
have come to be used legitimately by a variety of programs, including native Windows
operating system to store file information such as attributes and temporary storage. Files
with an ADS attached are almost impossible to detect using native file browsing techniques
like command line or windows explorer. The advantage of ADS: They are totally hidden. You
can have a file with 1 byte in the official main data stream and some hundred MB in one or
more alternate data streams. What do you expect the dir command, file manager or explorer
to show as the size of this file? It is 1 byte! That means a user can hide quite a lot of
data in alternate data streams and nobody will know! Another advantage: You could attach
an active data stream to a folder. This means that you could use any folder from your
system as a carrier file! The only disadvantage of this steganography technique is that
you can't use it for secure communications: if you transfer a files with ADS attached from
a NTFS to a FAT drive the ADS will be destroyed. But this method is very useful for
storing a large amount of data in a very secure way. Xidie is the only one program that
use alternate data stream as support for hiding file. The steganography technique used is
a combination between injection and generation.
Top
Attach method
By using the attach method Xidie could transform any file from your system into a
carrier file regardless file extension or format. Two methods available: attach to a
single file or attach to multiple file. Attach method doesn't represent one of the most
secure methods but could hide a large amount of data and is very quick. Practically any
file or group of files from your system represent a potential carrier and to detect it is
very hard. The steganography technique used is injection. Using this technique, you store
the data you want to hide in sections of a file that are ignored by the processing
application. By doing this you avoid modifying those file bits that are relevant to an
end-user-leaving the cover file perfectly usable. For example, you can add additional
harmless bytes in an executable or binary file. Because those bytes don't affect the
process, the end-user may not even realize that the file contains additional hidden
information. However, using an insertion technique changes file size according to the
amount of data hidden and therefore, if the file looks unusually large, it may arouse
suspicion. Also this method it is not recommended for files like mp3 or text files (.txt,
rtf).
Top
Cookies
Another new steganography technique used in Xidie is cookies. Some Web sites store
information in a small text file on your computer. This file is called a cookie. A cookie
is a file created by an Internet site to store information on your computer, such as your
preferences when visiting that site. For example, if you inquire about a flight schedule
at an airline's Web site, the site might create a cookie that contains your itinerary. Or
it might only contain a record of the pages you looked at within the site you visited, to
help the site customize the view for you the next time you visit. Cookies can also store
personally identifiable information. Personally identifiable information is information
that can be used to identify or contact you, such as your name, e-mail address, home or
work address, or telephone number. However, a Web site only has access to the personally
identifiable information that you provide. For example, a Web site cannot determine your
e-mail name unless you provide it. Also, a Web site cannot gain access to other
information on your computer. Once a cookie is saved on your computer, only the Web site
that created the cookie can read it. There are some limitations in using cookies (size and
the number of cookies that a site could create). There are several ways in Xidie to hide
information using cookies: Auto-create and save cookies allow user to generate cookies
from a document. Another way: scripts that will create cookies on site visitors. Xidie
allow user to create new scripts (PHP, ASP or ASPX) or to inject code that create cookies
in existing scripts (PHP, ASP or ASPX). For any of these methods, the steganography
technique used by Xidie is Generation. Cookies could be used only for limited amount of
data and is very useful specially for transmitting data to multiple users! Video movies
Xidie allow user to create new movies by recording screen activity and to use these movies
to hide information. The method used is a combination between injection and generation and
could hide a large amount of data.
Top
Other carriers
This section contains three new unique methods to hide data into three unusual
carriers. Microsoft Management Console files (.msc) Microsoft Management Console (MMC)
hosts administrative tools that you can use to administer networks, computers, services,
and other system components. Your Windows system may already include tools that were saved
as console files (with an .msc extension). These tools are available in the Administrative
Tools folder in both Control Panel and the Programs menu. In addition, you can use MMC to
create custom administrative tools and distribute these tools to users. On both Windows XP
Professional and Windows 2000 Server, you can save these tools so that they are available
in the Administrative Tools folder on the Programs menu. You could use these files as
carriers. Steganography method used is injection.
Registry keys Windows stores its configuration information in a database called the
registry. (The registry editor that ships with Windows is regedit.exe.) The registry
contains profiles for each user of the computer and information about system hardware,
installed programs, and property settings. Windows continually references this information
during its operation. The registry is organized hierarchically as a tree and is made up of
keys and their sub-keys, hives, and value entries. Xidie integrate a registry editor that
enable you to inspect and add entries to registry and allow you to hide documents into new
key created on registry structure. Warning: Incorrectly editing the registry may severely
damage your system. At the very least, you should back up any valued data on the computer
before making changes to the registry. If you do damage your system, you may be able to
repair the registry or restore it to the same version you were using when you last
successfully started your computer. Otherwise, you must reinstall Windows.
Event log file With Event Viewer, users can monitor events recorded in the Application,
Security, and System logs. Using the event logs in Event Viewer, you can gather
information about hardware, software, and system problems. You can also monitor Windows XP
security events. A computer running any version of Windows XP records events in three
kinds of logs: Application log The application log contains events logged by applications
or programs. For example, a database program might record a file error in the application
log. Program developers decide which events to monitor. Security log The security log
records events such as valid and invalid logon attempts, as well as events related to
resource use such as creating, opening, or deleting files or other objects. An
administrator can specify what events are recorded in the security log. For example, if
you have enabled logon auditing, attempts to log on to the system are recorded in the
security log. System log The system log contains events logged by Windows XP system
components. For example, the failure of a driver or other system component to load during
startup is recorded in the system log. The event types logged by system components are
predetermined by Windows XP. In order to use Event log files as a carrier file you must
set the maximum log file size to a proper value. To change the event log size: Open Event
Viewer. In the console tree, click the log you want to change. On the Action menu, click
Properties. On the General tab, in Maximum log size, specify the new log size in
kilobytes. To put the new setting in effect, click Clear Log. If you want to retain the
information currently in the log, click yes when a message appears asking if you want to
save the original log before clearing it, and then click OK. (To open Event Viewer, click
Start, click Control Panel, click Performance and Maintenance, click Administrative Tools,
and then double-click Event Viewer. You must be logged on as an administrator or a member
of the Administrators group to change the size of an event log).
Top
Set
password and security options
Steganography is used in Xidie only in combination with strong cryptography. The
encrypt process for steganography module use the same algorithms as in Secure archives
module. Advanced interface allow user to set the encryption algorithm and the digest
algorithm used in symmetric encryption. There are four classic encryption algorithms
implemented in Xidie: Rijndael Triple DES DES RC2 Also Xidie implements four variants of a
new encryption algorithm developed by the author of Xidie, generic named DX with variable
block length (257, 1023, 8191 and 100000 bytes) from you could choose on advanced
interface. By default Xidie use AESl encryption algorithm in all the others interface. As
hash algorithm (also known as digest algorithm) Xidie use by default SHA512 but also
implement other four digest algorithms (SHA384, SHA256, SHA1 and MD5) from you could
choose on advanced interface. On advanced interface you will need to set the encryption
algorithm and digest algorithm only on creating archive process. On decrypt process, Xidie
know encryption and digest algorithm used on encryption process, so you don't need to
remember what encryption algorithm you used when you encrypt data. Also on advanced
interface Xidie implements a new and original public key encryption algorithm named MDX.
For more information about how MDX work see Secure archives section.
Top
How
to create stegano archives from Windows shell
Overview
For common files and folders Xidie adds another two items to contextual menu:
- Encrypt and hide file using Xidie
- Encrypt and hide folder using Xidie
Encrypt
and hide from Windows Explorer or Desktop
You could add a single file or a single folder to a new stegano archive. If you want to
add multiple files and folders to a new archive, you must move or copy all files and/or
folders into a new folder by using Windows Explorer interface. Or start Xidie and use
Xidie interface to add multiple files and folder to a single archive. Both commands call
Xidie to add selected file respectively folder to a new stegano archive. First Xidie will
ask you to supply a password and some security options in Set security options dialog.
After you supply this information, Xidie will compress and encrypt the content and will
ask you to select carrier file and output file. After you set this information, four
options are available: just hide, hide and burn to CD, hide and e-mail and hide and upload
to FTP. Also you could hide in more than one carrier type: select another carrier file and
output file and hide the files! Steps: select the file or the folder you are going to hide
from Windows Explorer or from Desktop press the right mouse button on the selected
file/folder and choose "Encrypt and hide using Xidie". Enter the password,
select carrier file and output file and press the Hide button.
Top
More about
steganography
The purpose of steganography is covert communication-to hide the existence of a message
from a third party. This differs from cryptography, the art of secret writing, which is
intended to make a message unreadable by a third party but does not hide the existence of
the secret communication. Although steganography is separate and distinct from
cryptography, there are many analogies between the two, and some authors categorize
steganography as a form of cryptography since hidden communication is a form of secret
writing. Generally, a steganographic message will appear to be something else: a picture,
a sound or some other message. This apparent message is the cover-text. The advantage of
steganography over cryptography alone is that messages do not attract attention to
themselves, to messengers, or to recipients. An unhidden coded message, no matter how
unbreakable it is, will arouse suspicion. Steganography provides some very useful and
commercially important functions in the digital world, most notably digital watermarking.
In this application, an author can embed a hidden message in a file so that ownership of
intellectual property can later be asserted and/or to ensure the integrity of the content.
An artist, for example, could post original artwork on a Website. If someone else steals
the file and claims the work as his or her own, the artist can later prove ownership
because only he/she can recover the watermark
Algorithms and
Techniques
When using steganography on a computer, you actually hide a message within another file
(named carrier file). That resulting file is called a stego file. The trick to computer
steganography is to choose a file capable of hiding a message. A picture, audio, or video
file is ideal for several reasons: o These types of files are already compressed by an
algorithm. For example, .jpeg, .mp3, .mp4, and .wav formats are all examples of
compression algorithms. o These files tend to be large, making it easier to find spots
capable of hiding some text. o These files make excellent distractors. That is, few people
expect a text message to be hidden within a picture or an audio clip. If the
steganographic utility does its job well, a user shouldn't notice a difference in the
quality of the image or sound, even though some of the bits have been changed in order to
make room for the hidden message.
There are three different techniques you can use to hide
information in a cover file:
Injection (or insertion). Using this technique, you store the data you
want to hide in sections of a file that are ignored by the processing application. By
doing this you avoid modifying those file bits that are relevant to an end-user-leaving
the cover file perfectly usable. For example, you can add additional harmless bytes in an
executable or binary file. Because those bytes don't affect the process, the end-user may
not even realize that the file contains additional hidden information. However, using an
insertion technique changes file size according to the amount of data hidden and
therefore, if the file looks unusually large, it may arouse suspicion.
Substitution. Using this approach, you replace the least significant
bits of information that determine the meaningful content of the original file with new
data in a way that causes the least amount of distortion. The main advantage of that
technique is that the cover file size does not change after the execution of the
algorithm. On the other hand, the approach has at least two drawbacks. First, the
resulting stego file may be adversely affected by quality degradation-and that may arouse
suspicion. Second, substitution limits the amount of data that you can hide to the number
of insignificant bits in the file. Among the substitution techniques, a very popular
methodology is the LSB (Least Significant Bit) algorithm, which replaces the least
significant bit in some bytes of the cover file to hide a sequence of bytes containing the
hidden data. That's usually an effective technique in cases where the LSB substitution
doesn't cause significant quality degradation, such as in 24-bit bitmaps. For example, to
hide the letter "a" (ASCII code 97, that is 01100001) inside eight bytes of a
cover, you can set the LSB of each byte like this: 10010010 01010011 10011011 11010010
10001010 00000010 01110010 00101011 The application decoding the cover reads the eight
Least Significant Bits of those bytes to re-create the hidden byte-that is 0110001-the
letter "a." As you may realize, using this technique let you hide a byte every
eight bytes of the cover. Note that there's a fifty percent chance that the bit you're
replacing is the same as its replacement, in other words, half the time, the bit doesn't
change, which helps to minimize quality degradation.
Generation. Unlike injection and substitution, this technique doesn't
require an existing cover file-this technique generates a cover file for the sole purpose
of hiding the message. The main flaw of the insertion and substitution techniques is that
people can compare the stego file with any pre-existing copy of the cover file (which is
supposed to be the same file) and discover differences between the two. You won't have
that problem when using a generation approach, because the result is an original file, and
is therefore immune to comparison tests.
Other programs
There are more than 100 steganography programs currently available, ranging from free
downloads to commercial products. Image and audio files remain the easiest and most common
carrier media on the Internet because of the the ability to create an infinite number of
new carrier files, and the easy access to steganography software that will operate on
these carriers. Other commonly carrier files are HTML files and text files. Small amounts
of data can be hidden in the unused portion of file headers and some programs use this
technique. Information can also be hidden on a hard drive in a secret partition. A hidden
partition will not be seen under normal circumstances, although disk configuration and
other tools might allow complete access to the hidden partition. The most common
steganography method in audio and image files use least significant bit substitution or
overwriting.
Steganalysis techniques:
1. Known-message attack: The hidden message is known.
2. Known-carrier attack: The carrier and steganography media are both available for
analysis.
3. Steganography-only attack: The steganography medium is the only item available for
analysis.
4. Chosen-steganography attack: The steganography medium and algorithm are both known.
5. Chosen-message attack: A known message and steganography algorithm are used to
create steganography media for future analysis and comparison.
6. Known-steganography attack: The carrier and steganography medium, as well as the
steganography algorithm, are known.
Top
 |
Xidie Security Suite
Today we are in the information age and securing information
becomes more and more important for most of us. By combining cryptography with
steganography, by using strong compression algorithms, well recognized and new encryption
algorithms, classic and new steganographic techniques, Xidie security suite is one of the
top software steganography and encryption tools.
|
Xidie Security Suite
Copyright (C) 2004-2007 Laic Aurelian All rights
reserved. |
