Steganography

Unreal Steganography: Using A VR Application As A Steganography Carrier

by Stuart Wilson

This report focuses on the use of virtual reality as a potential steganography carrier file to avoid detection of forensic analysis applications commonly used within law enforcement. The goal is to show how a virtual reality game/environment can be made with little training, what file types can be stored within it and if the files can be extracted once the environment has been packaged and if forensic tools can analyse the files. This has been done by producing a virtual reality environment using Unreal Engine, as when comparing Unity and Unreal as mentioned within section 3.3, Unreal proved easier to use within the given time. Once the virtual reality environment was built, the steganography file needed to be created. This was done by using popular tools such as Our Secret, Deep Sound and Open Puff.

Once the steganography files had been created they were placed into the virtual reality environment and the entire application was packaged. From here, the packaged environment was placed into Encase 8 and Internet Evidence Finder for testing. After analysing the virtual reality application within the forensic analysis programs, no evidence was found and only two pieces of steganography data were recovered. By showing that virtual reality applications can be used to store data within them, it has allowed for ways to store potentially harmful data in otherwise non-conspicuous files.

1. Introduction

This report will cover several key aspects which digital forensic investigators face in todays’ society. One of the major issues is steganography, the art of hiding information within other information such as image files, PDFs, audio files and many more. It will also investigate how the growing use of virtual reality and different forms of steganography can be used by criminals or other organisations to hide sensitive information within these digital environments with little training using free open source tools or applications.

It will also show how these techniques affect digital forensic investigators including ways on how to detect if a file has been subjected to forms of steganography and if the files are recoverable with the same or different tools used to hide them.

Within section 2 and 3 of this thesis, it will cover the history of virtual reality such as when virtual reality was first developed and the current uses, the technology of virtual reality, augmented reality and mixed reality along with various types of secondary devices used by virtual reality. Section 4 of this thesis will contain the literature used and reviewed within this thesis which allowed for research to be conducted within steganography and virtual reality. This lead on to the methodologies, which will be covered within section 5, and will outline what methodology will be used, along with the different types of methodologies. From here, research was conducted into steganography, covered within section 6, and includes the various types of steganography throughout history to modern day developments.

This thesis also includes a section dedicated to the building of the experiment, covered within section 7. This section contains information on how to create a virtual reality environment, followed by the storing of steganography files within it. The lead onto the results section, covered in section 8, which outlines the results of experiment though using dedicated forensic analysis software. Section 9 of this thesis covers the discussion, which includes the results means, what went well while conducting the research and experiment and what would be changed. Section 10 contains the conclusion, which outlines the overall research of this thesis and the impact it can have within the field of forensic analysis. From this, came the reflection and evaluation, covered in section 11 and 12, which covers what went well and what didn’t, the strengths and weaknesses and potential improvements for the project. The final section covers the future works of the project, outlined in section 13. Which includes the use of different tools to both create and analyse the virtual reality environment.

1.1 Aims & Objectives

The aims and objectives of this thesis are to outline how the creation of a virtual reality environment can be used as a potential steganography file carrier to elude potential forensic investigators. The ease on how each it is to create steganography files and how to retrieve this evidence. This will be done through:

  • Testing the application in various forensic tools such as Encase 8, Internet Evidence Finder (IEF), Forensic Tool Kit (FTK) and Autopsy.
  • The use of and accessibility of tutorials on how to generate a virtual reality environment from video sharing sites such as YouTube.
  • The amount of different steganography tools which are currently available for free.
  • The attempted retrieval of the placed evidence within the environment.

2. History of virtual reality development

Virtual reality as we know it today started back in the early 1960s with the first head mounted display (HMD) developed by Morton Heilig, called the Telesphere Mask (see figure 1). However, he also developed the Sensorama Simulator (see figure 2), a stationary device with a seat which not only allowed the user to view a 3D film, but also had the ability to immerse the user with other senses such as sound, wind, smell, vibrating chair and touch (Brockwell, 2016). This however wasn’t commercially successful due to it only being able to handle small amounts of people at a time and not being portable. According to the The Franklin Institute (2018) the term Virtual Reality was “first used in the mid-1980s when Jaron Lanier, founder of VPL Research, began to develop the gear, including goggles and gloves, needed to experience what he called “virtual reality.”

From these developments, Ivan Sutherland then developed his own head mounted display called the Ultimate Display. However, due to its sheer size and weight, it later became known as The Sword of Damocles (Flores-Arredondo & Assad-Kottner, 2015) (see figure 3). The difference between this and other headsets of the time is that this was the first to use a computer to generate the images shown in the headset, whereas other devices used a camera to display a live feed or a recording. At the time, the images created by the computer and displayed on the HMD were only wireframe rooms and objects, as the technology at the time did not have enough graphical processing power to generate what we perceive today as CGI (computer generated images).

Figure 1 Telesphere Mask (Virtual Reality Society, 2015)

Figure 2 Sensorama Simulator (pc mag, n.d.)

Figure 3 Sword of Damocles (Elaine, 2016)

In recent years HMD’s have grown in popularity and become vastly smaller and cheaper form what they once were, take for example the Oculus Rift (see figure 4). Here we have a prime example of a popular consumer product which has allowed consumers to not only experience virtual reality created by other people and organisations, but also to create their own virtual worlds and environments. It also includes a motion tracking stand which creates the sense of realism for the users when they turn or move their heads. At the time of writing this report, the Oculus Rift costs around £399, making this the cheapest dedicated VR headset compared to other headsets such as the HTC Vive (see figure 5) costing £499. However, HTC also offer a pro edition of the Vive which offers the wearer to fully experience surround sound and higher quality images but at a cost of £561.

Figure 4 Oculus Rift (Amazon, 2018)

Figure 5 HTC Vive (VIVE VR SYSTEM, 2018)

2.1 Difference between VR, AR & MR

2.1.1 Virtual reality

Virtual reality (VR) is a computer-generated environment displayed in such a manner that the user would be immersed in that environment as a player or character, depending on the type of virtual reality used. Virtual reality works by creating a full virtual world in which the user can explore without any natural reality involved. There are several devices which have virtual reality capability as mentioned above but these devices require a computer with a good graphics card output to be able to run. There are some devices which are cordless and do not require a computer to run but instead run on battery power and use mobile phones, such as the Samsung Gear (see figure 6) or the Google Cardboard (see figure 7).

Figure 6 Samsung Gear VR (Samsung, 2015)

Figure 7 Google Cardboard (Google, 2018)

2.1.2 Augmented reality

Augmented reality (AR) was first coined by Thomas Caudell and David Mizell back in the 1990’s to describe how the head mounted displays, which electricians used at the time, worked. In their paper, they described how the augmented reality system worked and stated that “a user looks at a workpiece and sees the exact 3D location of a drill hole is indicated by a bright green arrow, along with the drill size and depth of the hole specified in a text window floating next to the arrow. As the user changes his perspective on the workpiece, the graphical indicator appears to stay in the same physical location.” (Caudell & Mizell, 1992). Moving from this to todays augmented reality technology, it has, like with all advancements, become smaller, cheaper and more efficient, and as such, this type of technology can now be found in everyday mobile phones.

There has also been the development of AR dedicated devices such as the Microsoft HoloLens, although there currently is a debate over whether it is a mixed reality or an augmented reality device. Augmented reality can work in several ways according to the University of Exeter, one being with marker locations, in which the computergenerated object will lock onto specific points and then display the computergenerated image, and the other being marker less, in where the computer-generated image locks onto a specific location and displays. They state that “this method uses a combination of an electronic devices’ accelerometer, compass and location data (such as the Global Positioning System – GPS) to determine the position in the physical world, which way it is pointing and on which axis the device is operating.” (University of Exeter, 2010). At present, there are several applications which stands out for using these features, such examples would be the mobile application known as Pokémon Go, Snapchat and Facebook Messenger.

2.1.3 Mixed reality

Mixed reality (MR) is like augmented reality, in that it displays computer generated images onto real surfaces, however the difference between the two is that mixed reality aims to create virtual objects, such as animals, that would be generated within the environment, and if the user walked out of the area and came back then the animal would still be in that position or location. Whereas augmented reality creates computer 7 generated items within a local area but doesn’t bind them to that area for later use (Johnson, 2016).

When comparing virtual reality with augmented and mixed reality, the difference is obvious but at the same time each shares a similarity with the others. Virtual reality and augmented both use CGI for their surroundings and objects, yet one is obviously a complete virtual world (see figure 8) and the other only takes specific aspects from the virtual world and incorporates them into reality (see figure 9). They are also different in how they generate depth of field. Augmented reality works by producing a threedimensional image over a specific area whereas virtual reality creates an entire threedimensional environment and controls the view from the user’s perspective through the use of a headset and motion tracking.

Figure 8 Virtual Reality Display (Parrish, 2016)

Figure 9 Snapchat AR (Wilson, 2018)

2.2 Development of sensory immersion

Sensory immersion is when the user of a virtual world feels as if they have a sense of presence within that environment, which can be accomplished by using various aspects of reality, such as touch, smell, visuals, sound and taste. By using these aspects of immersion, it gives the virtual world/environment a sense of realism and as a result, has the potential to trick the user’s brain into believing the environment is real. This has many applications in today’s society, such as being able to treat people with various conditions such as social anxiety or post-traumatic stress disorder (PTSD).

There are various products which can give the sense of immersion, some come with consumer products such as the Oculus Rift, which comes with haptic feedback controllers to give the user a physical response and allows them to interact with the virtual environment. Most headsets on the market today offer three out of the five senses, being sound, visuals and touch, there are others dedicated devices such as the product offered by thinkgeek.com known as the “VR Sensory Immersion Generator” which allows the user to experience smell, touch, sounds and taste (ThinkGeek, 2018)

Download the full dissertation here

About The Author

Stuart Wilson is a security analyst working for Capgemini since 2019 who monitors and and researches potential threats to networks and computer systems. Before working for Capgemini, Stuart studied Computer Security with Forensics at Sheffield Hallam University for 3 years, where he acquired a first class honours degree, including the Cellebrite Certified Officer (CCO) certification. 

About Scar de Courcier

Scar de Courcier is Senior Editor at Forensic Focus.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,261 other followers

%d bloggers like this: