Message Hiding Using Keyed Steganography

i would like to know what are the danger can be occur by performing steganography without a key? Please kindly explain to me.

Without a key, your adversary knows just as much as you do. This means that, if you can extract the message, so can he. As such, relying on steganography without a key is security through obscurity, which is bad. It may be sufficient for getting around simple, automated censorship, but that's it.

Secure steganography requires a key. If you want to hide the fact that a message, encrypted or not, even exists (which is kind of the point), you also need to know the distribution of natural noise and use a function that can transform your ciphertext into something indistinguishable from the noise. If that is done, then it's not possible to distinguish natural noise from noise hiding information. It is extremely important, however, that your model of the noise of the system is not less accurate than that of your adversary, which could result in your adversary determining that a hidden message is present.

If you can determine the noise floor and the distribution of the noise (and you know what noise is truly random), you can start modifying the noise in a way that makes it impossible to positively identify the presence of a message. This can apply to images, audio, or even radio signals. Anything with a noise floor that contains at least some randomness that cannot be predicted (even if the distribution is not uniform) is subject to message hiding via steganography.

The arms race between evasion and detection (steganography and steganalysis) is not cryptographic in nature. It is purely about the enhancing the quality of the model of the system's noise. If your model is perfect, then it is actually impossible to detect the hidden message without breaking the underlying cryptography. In the real world, models only get better, so you're typically stuck with the reasonable assumption that your adversary's model is always going to be a bit better. In that case, you have to live with the fact that the most he can do in typical circumstances is assign a probability that a given message contains a hidden message. You can only make sure the probability is low enough.

In steganography the key is usually used in two different ways:

1. To encrypt the message before hiding it.
2. To decide (in combination with other parameters) where to hide the information.

For example, in an image we would use the key to decide which pixels to hide the information on. If no key is used, the steganography algorithm would have to hide the information in pixels dependent on the embedding algorithm, which an attacker might know. Consequently, the attacker could easily detect that steganography is being used and extract the hidden message.

A good steganographic system must fulfill the specifications set by "Kerckhoff's Principle" in cryptography. "The security of a system must be based on the fact that the 'adversary' has full knowledge of the design details and implementation of a steganographic system." The only piece of information missing from the "enemy" that must be kept secret from him is a small and easily exchangeable random number, the secret key, without which he cannot know if covert communication is taking place on the communication channel. If someone wanted to examine a file with hidden information they could find it. In the worst case, he could understand that they exist even if he did not see them If the hidden information is encrypted then it will definitely reach this point and stop. However if they are not encrypted then he will be able to examine the entire "hidden" message. For this reason we should not consider steganography as a substitute for cryptography but as a complement to it.