Finding Computer Files Hidden In Plain Sight
While criminals or terrorists are likely to arouse the suspicion of government agents by sending encrypted files over email, software programs now enable a practice known as steganography, where files are hidden within other files, such as photographic images.
Researchers at Iowa State University and Ames Laboratory have been exploring the emerging discipline of detecting those hidden files, or steganalysis. JPEG files and other electronic images are perfect for concealing such files because they can be found by the thousands in any given computer and can be emailed by anyone or found all across Web.
With the aid of steganographic, or stego, techniques, users can make slight alterations to the color values of an image to conceal the bits of data that comprise a secret file, or payload, that can represent anything from unlawful financial transactions to child pornography.
“We’re taking very simple stego techniques and trying to find statistical measures that we can use to distinguish an innocent image from one that has hidden data,” said Clifford Bergman, professor of mathematics at ISU. “One of the reasons we’re focusing on images is there’s lots of ‘room’ within a digital image to hide data. You can fiddle with them quite a bit and visually a person can’t see the difference.”
Ones and zeros can represent the payload file, which the stego program compares to the ones and zeros of the image file’s pixel values. The recipient can then retrieve the secret file by decrypting and reconstructing the payload’s data string.
The researchers are developing a system known as an artificial neural net (ANN) to help review and detect hidden files within images. They trained the ANN with a database of “clean” images and then altered them using stego techniques to greatly expand the database and provide a basis for comparison.
The ANN identified 92 percent of the stego images in preliminary tests, while only flagging 10 percent of clean images, and the researchers hope to refine it further.
Abstracted by the National Law Enforcement and Corrections Technology Center(NLECTC) from Ames Laboratory (05/24/06) .