Methods and risks of textual steganography

Weir, George and Neal, Patrick (2016) Methods and risks of textual steganography. In: International Conference on Cybercrime and Computer Forensics 2016, 2016-06-12 - 2016-06-14, Simon Fraser University.

Full text not available in this repository.Request a copy

Abstract

Steganography describes a variety of techniques in which a ‘secret’ message is hidden ‘within’ some form of carrier. Software to achieve steganographic communication by concealing messages within image, video or audio file formats, is readily available. Numerous studies have addressed methods of steganographic concealment and the associated issue of detecting concealed steganographic data within such carrier formats. Our paper details the nature of textual steganography, reviews available techniques in relation to English and Arabic usage and considers the potential security threats that technologies in this area may pose. The implications are considered within current intelligence and analytical frameworks used in justice and public safety. Unlike multimedia steganography that takes advantage of file format characteristics, true textual steganography does not rely upon the manipulation of data format in order to codify a concealed message. Rather, it is a codification that directly maps secret message to carrier message. In successful textual steganography, the resultant carrier is rendered as plain text that is syntactically and semantically coherent, thereby allaying suspicion and effectively hiding the presence of the hidden message. Grammar, theme and internal coherence are major factors in carrier generation, as are the requirements for unlimited mapping (i.e., no required secret content should be impossible to code), full recovery capability (i.e., the decoding process must succeed for every possible carrier message) and efficient mapping (i.e., the ratio of secret data quantity to carrier data quantity should tend toward parity). As a mechanism for covert communication, textual steganography raises a number of security concerns beyond other forms of steganography. The plain text medium may be least likely of all formats to attract attention as a prospective carrier. The resultant carrier data can be communicated through any linguistic medium, need not be relayed as a text file over computer-based communication media, but could be read aloud over radio or television. Likewise, the same message could be delivered in print form by newspaper, magazine or leaflet.

CORE (COnnecting REpositories)