ABSTRACT
Since Headstega is based on the Nostega paradigm, Headstega addresses the requirements of the five Nostega modules. However, when explaining Headstega in the next section, the contents of the modules are combined in order to avoid as much repetition as possible. In brief detail, the following shows how Headstega obeys these five modules of Nostega paradigm. Headstega predetermines a particular field (domain) that can be used as a profile of all legitimate users and that matches the content domain of emails in order to achieve the steganographic goal. e second module of the Nostega paradigm identifies steganographic parameters (steganographic carriers) that are capable of concealing data without creating noise. Headstega exploits email header fields such recipients’ email addresses, names, and subject fields to camouflage data. ese fields are employed as steganographic carriers. For example, Headstega can conceal a message in the primary and secondary message recipients’ addresses, that is the “To” and “Cc” fields of an email, respectively. In the third module of Nostega, the message is encoded in a way that does not raise suspicions or constrain the generation of the steganographic cover. Headstega may employ either authenticated email headers that are publicly available, e.g., email lists, or untraceable email headers such as made-up email headers, without raising suspicion. Fourth, Headstega generates the steganographic cover so that it appears legitimate and innocent. In Headstega, a head cover (text cover) will be generated in the form of email headers. Finally, the fifth module is concerned with the communications protocol that includes the covert channel. is determines how a sender and recipient will communicate covertly. Obviously, in Headstega a steganographic cover (head cover) is sent as regular email. Again, Headstega follows the five modules of Nostega, as detailed in this section. However, Headstega is presented in this book in the form of two modules in order to avoid repetition.
