Steganography

Steganography is a method of hiding data in another media type so the very existence of the data is concealed. Steganography is mainly accomplished by hiding messages in graphic images. The least significant bit of each byte of the image can be replaced with bits of the secret message. This practice does not affect the graphic enough to be detected.

Steganography does not use algorithms or keys to encrypt information. This is a process to hide data within another object so no one will detect its presence. A message can be hidden in a WAV file, in a graphic, or in unused spaces on a hard drive or sectors that are marked as unusable. Steganography can also be used to insert a digital watermark
on digital images so illegal copies of the images can be detected.

Source: http://www.logicalsecurity.com/resources/resources_articles.html
Review full Cryptography Chapter at http://www.LogicalSecurity.com
http://logicalsecurity-ls.blogspot.com/2009/03/steganography.html

HMAC

In the previous example, if Cheryl were to use an HMAC function instead of just a plain hashing algorithm, a symmetric key would be concatenated with her message. The result of this process would be put through a hashing algorithm, and the result would be a MAC value. This MAC value is then appended to her message and sent to Scott. If Bruce were to intercept this message and modify it, he would not have the necessary symmetric key to create the MAC value that Scott will attempt to generate.

Steps of a hashing process:
1. The sender puts the message through a hashing function.
2. A message digest value is generated.
3. The message digest is appended to the message.
4. The sender sends the message to the receiver.
5. The receiver puts the message through a hashing function.
6. The receiver generates her own message digest value.
7. The receiver compares the two message digest values. If they are the same, the message has not been altered.

Steps of an HMAC:
1. The sender concatenates a symmetric key with the message.
2. The result is put through a hashing algorithm.
3. A MAC value is generated.
4. The MAC value is appended to the message.
5. The sender sends the message to the receiver. (Just the message with the attached MAC value. The sender does not send the symmetric key with the message.)
6. The receiver concatenates a symmetric key with the message.
7. The receiver puts the results through a hashing algorithm and generates her own MAC value.
8. The receiver compares the two MAC values. If they are the same, the message has not been modified.

Now, when we say that the message is concatenated with a symmetric key, we don’t mean a symmetric key is used to encrypt the message. The message is not encrypted in an HMAC function, so there is no confidentiality being provided. Think about throwing a message in a bowl and then throwing a symmetric key in the same bowl. If you dump the contents of the bowl into a hashing algorithm, the result will be a MAC value.

This type of technology requires the sender and receiver to have the same symmetric key. The HMAC function does not involve getting the symmetric key to the destination securely. That would have to happen through one of the other technologies we have discussed already (Diffie-Hellman and key agreement, or RSA and key exchange).

Source: http://www.logicalsecurity.com/resources/resources_articles.html
Review full Cryptography Chapter at http://www.LogicalSecurity.com
http://logicalsecurity-ls.blogspot.com/2009/03/hmac.html