Systems Security Certified Practitioner – SSCP – Question0809

Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?

A.
Steganography
B. ADS -Alternate Data Streams
C. Encryption
D. NTFS ADS

Correct Answer: A

Explanation:

It is the art and science of encoding hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message or could claim there is a message.
It is a form of security through obscurity.
The word steganography is of Greek origin and means “concealed writing.” It combines the Greek words steganos (στεγανός), meaning “covered or protected,” and graphei (γραφή) meaning “writing.”
The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography, disguised as a book on magic. Generally, the hidden messages will appear to be (or be part of) something else: images, articles, shopping lists, or some other cover text. For example, the hidden message may be in invisible ink between the visible lines of a private letter.
The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable, will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message. It is sometimes referred to as Hiding in Plain Sight. This image of trees blow contains in it another image of a cat using Steganography.
ADS Tree with Cat inside

This image below is hidden in the picture of the trees above:

Hidden Kitty As explained here the image is hidden by removing all but the two least significant bits of each color component and subsequent normalization.
ABOUT MSF and LSF
One of the common method to perform steganography is by hiding bits within the Least Significant Bits of a media (LSB) or what is sometimes referred to as Slack Space. By modifying only the least significant bit, it is not possible to tell if there is an hidden message or not looking at the picture or the media. If you would change the Most Significant Bits (MSB) then it would be possible to view or detect the changes just by looking at the picture. A person can perceive only up to 6 bits of depth, bit that are changed past the first sixth bit of the color code would be undetectable to a human eye.
If we make use of a high quality digital picture, we could hide six bits of data within each of the pixel of the image. You have a color code for each pixel composed of a Red, Green, and Blue value. The color code is 3 sets of 8 bits each for each of the color. You could change the last two bit to hide your data. See below a color code for one pixel in binary format. The bits below are not real they are just example for illustration purpose:
RED
0101 0101
MSB LSB
GREEN
1100 1011
MSB LSB
BLUE
1110 0011
MSB LSB
Let’s say that I would like to hide the letter A uppercase within the pixels of the picture. If we convert the letter “A” uppercase to a decimal value it would be number 65 within the ASCII table , in binary format the value 65 would translet to 01000001
You can break the 8 bits of character A uppercase in group of two bits as follow: 01 00 00 01
Using the pixel above we will hide those bits within the last two bits of each of the color as follow:
RED GREEN BLUE 0101 0101 1100 1000 1110 0000 MSB LSB MSB LSB MSB LSB
As you can see above, the last two bits of RED was already set to the proper value of 01, then we move to the GREEN value and we changed the last two bit from 11 to 00, and finally we changed the last two bits of blue to 00. One pixel allowed us to hide 6 bits of data. We would have to use another pixel to hide the remaining two bits.
The following answers are incorrect:
-ADS -Alternate Data Streams: This is almost correct but ADS is different from steganography in that ADS hides data in streams of communications or files while Steganography hides data in a single file.
-Encryption: This is almost correct but Steganography isn’t exactly encryption as much as using space in a file to store another file.
-NTFS ADS: This is also almost correct in that you’re hiding data where you have space to do so. NTFS, or New Technology File System common on Windows computers has a feature where you can hide files where they’re not viewable under normal conditions. Tools are required to uncover the ADS-hidden files.
The following reference(s) was used to create this question: The CCCure Security+ Holistic Tutorial at http://www.cccure.tv
and Steganography tool and
http://en.wikipedia.org/wiki/Steganography