Steganography

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing". The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter.

The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal.^[1] Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.

Ancient steganography

The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples of steganography in The Histories of Herodotus.^[2] Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand. Another ancient example is that of Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians.

Steganographic techniques

Physical steganography

Steganography has been widely used including recent historical times and the present day. Possible permutations are endless and known examples include:

Steganart example. Within this picture, the letter positions of a hidden message are represented by increasing numbers (1 to 20), and a letter value is given by its intersection position in the grid. For instance, the first letter of the hidden message is at the intersection of 1 and 4. So, after a few tries, the first letter of the message seems to be the 14th letter of the alphabet; the last one (number 20) is the 5th letter of the alphabet.

• Hidden messages within wax tablets: in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an innocent covering message was written.
• Hidden messages on messenger's body: also used in ancient Greece. Herodotus tells the story of a message tattooed on a slave's shaved head, hidden by the growth of his hair, and exposed by shaving his head again. The message allegedly carried a warning to Greece about Persian invasion plans. This method has obvious drawbacks such as delayed transmission while waiting for the slave's hair to grow, and its one-off use since additional messages requires additional slaves. In WWII, the French Resistance sent some messages written on the backs of couriers using invisible ink.
• Hidden messages on paper written in secret inks, under other messages or on the blank parts of other messages.
• Messages written in morse code on knitting yarn and then knitted into a piece of clothing worn by a courier.
• Messages written on the back of postage stamps.
• During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots were typically minute, about or less than the size of the period produced by a typewriter. WWII microdots needed to be embedded in the paper and covered with an adhesive (such as collodion). This was reflective and thus detectable by viewing against glancing light. Alternative techniques included inserting microdots into slits cut into the edge of post cards.
• During World War II, a spy for Japan in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America. She was a dealer in dolls, and her letters discussed how many of this or that doll to ship. The stegotext was the doll orders, while the concealed 'plaintext' was itself encoded and gave information about ship movements, etc. Her case became somewhat famous and she became known as the Doll Woman.
• Cold War counter-propaganda. In 1968, crew members of the USS Pueblo (AGER-2) intelligence ship held as prisoners by North Korea, communicated in sign language during staged photo opportunities, informing the United States they were not defectors but rather were being held captive by the North Koreans. In other photos presented to the US, crew members gave "the finger" to the unsuspecting North Koreans, in an attempt to discredit photos that showed them smiling and comfortable.^[3]

Digital steganography

This article is in need of attention from an expert on the subject. WikiProject History of Science or the History of Science Portal may be able to help recruit one. (May 2008)

Modern steganography entered the world in 1985 with the advent of the personal computer applied to classical steganography problems.^[4] Development following that was slow, but has since taken off, going by the number of 'stego' programs available: Over 725 digital steganography applications have been identified by the Steganography Analysis and Research Center.^[5] Digital steganography techniques include:

Image of a tree. Removing all but the 2 least significant bits of each color component produces an almost completely black image. Making that image 85 times brighter produces the image below.

Image of a cat extracted from above image.

• Concealing messages within the lowest bits of noisy images or sound files.
• Concealing data within encrypted data or within random data. The data to be concealed is first encrypted before being used to overwrite part of a much larger block of encrypted data or a block of random data (an unbreakable cipher like the one-time pad generate ciphertexts that look perfectly random if you don't have the private key).
• Chaffing and winnowing.
• Mimic functions convert one file to have the statistical profile of another. This can thwart statistical methods that help brute-force attacks identify the right solution in a ciphertext-only attack.
• Concealed messages in tampered executable files, exploiting redundancy in the i386 instruction set.
• Pictures embedded in video material (optionally played at slower or faster speed).
• Injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data.
• Content-Aware Steganography hides information in the semantics a human user assigns to a datagram. These systems offer security against a non-human adversary/warden.
• Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are added as comments of orphaned web-logs (or pin boards on social network platforms). In this case the selection of blogs is the symmetric key that sender and recipient are using; the carrier of the hidden message is the whole blogosphere.

Printed steganography

Digital steganography output may be in the form of printed documents. A message, the plaintext, may be first encrypted by traditional means, producing a ciphertext. Then, an innocuous covertext is modified in some way to as to contain the ciphertext, resulting in the stegotext. For example, the letter size, spacing, typeface, or other characteristics of a covertext can be manipulated to carry the hidden message. Only a recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon developed Bacon's cipher as such a technique.

Additional terminology

In general, terminology analogous to (and consistent with) more conventional radio and communications technology is used; however, a brief description of some terms which show up in software specifically, and are easily confused, is appropriate. These are most relevant to digital steganographic systems.

The payload is the data to be covertly communicated. The carrier is the signal, stream, or data file into which the payload is hidden; which differs from the "channel" (typically used to refer to the type of input, such as "a JPEG image"). The resulting signal, stream, or data file which has the payload encoded into it is sometimes referred to as the package, stego file, or covert message. The percentage of bytes, samples, or other signal elements which are modified to encode the payload is referred to as the encoding density and is typically expressed as a number between 0 and 1.

In a set of files, those files considered likely to contain a payload are called suspects. If the suspect was identified through some type of statistical analysis, it might be referred to as a candidate.

Countermeasures

Detection of physical steganography requires careful physical examination, including the use of magnification, developer chemicals and ultraviolet light. It is a time-consuming process with obvious resource implications, even in countries where large numbers of people are employed to spy on their fellow nationals. However, it is feasible to screen mail of certain suspected individuals or institutions, such as prisons or prisoner-of-war (POW) camps. During World War II, a technology used to ease monitoring of POW mail was specially treated paper that would reveal invisible ink. An article in the June 24, 1948 issue of Paper Trade Journal by the Technical Director of the United States Government Printing Office, Morris S. Kantrowitz, describes in general terms the development of this paper, three prototypes of which were named Sensicoat, Anilith, and Coatalith paper. These were for the manufacture of postal cards and stationery to be given to German prisoners of war in the U.S. and Canada. If POWs tried to write a hidden message the special paper would render it visible. At least two U.S. patents were granted related to this technology, one to Mr. Kantrowitz, No. 2,515,232, "Water-Detecting paper and Water-Detecting Coating Composition Therefor", patented July 18, 1950, and an earlier one, "Moisture-Sensitive Paper and the Manufacture Thereof," No. 2,445,586, patented July 20, 1948. A similar strategy is to issue prisoners with writing paper ruled with a water-soluble ink that 'runs' when in contact with a water-based invisible ink.

In computing, detection of steganographically encoded packages is called steganalysis. The simplest method to detect modified files, however, is to compare them to known originals. For example, to detect information being moved through the graphics on a website, an analyst can maintain known-clean copies of these materials and compare them against the current contents of the site. The differences, assuming the carrier is the same, will compose the payload. In general, using extremely high compression rate makes steganography difficult, but not impossible. While compression errors provide a hiding place for data, high compression reduces the amount of data available to hide the payload in, raising the encoding density and facilitating easier detection (in the extreme case, even by casual observation).

Applications

Usage in modern printers

Steganography is used by some modern printers, including HP and Xerox brand color laser printers. Tiny yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time stamps.^[6]

Example from modern practice

The larger the cover message is (in data content terms—number of bits) relative to the hidden message, the easier it is to hide the latter. For this reason, digital pictures (which contain large amounts of data) are used to hide messages on the Internet and on other communication media. It is not clear how commonly this is actually done. For example: a 24-bit bitmap will have 8 bits representing each of the three color values (red, green, and blue) at each pixel. If we consider just the blue there will be 2⁸ different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used (more or less undetectably) for something else other than color information. If we do it with the green and the red as well we can get one letter of ASCII text for every three pixels.

Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) due to the injection of the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are indistinguishable from the noise floor of the carrier. Any medium can be a carrier, but media with a large amount of redundant or compressible information are better suited.

From an information theoretical point of view, this means that the channel must have more capacity than the 'surface' signal requires, that is, there must be redundancy. For a digital image, this may be noise from the imaging element; for digital audio, it may be noise from recording techniques or amplification equipment. In general, electronics that digitize an analog signal suffer from several noise sources such as thermal noise, flicker noise, and shot noise. This noise provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data. In addition, lossy compression schemes (such as JPEG) always introduce some error into the decompressed data; it is possible to exploit this for steganographic use as well.

Steganography can be used for digital watermarking, where a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified.

Alleged use by terrorists

When one considers that messages could be encrypted steganographically in e-mail messages, particularly e-mail spam, the notion of junk e-mail takes on a whole new light. Coupled with the "chaffing and winnowing" technique, a sender could get messages out and cover their tracks all at once.

An example showing how terrorists may use forum avatars to send hidden messages. This avatar contains the message "Boss said that we should blow up the bridge at midnight." encrypted with http://mozaiq.org/encrypt using "växjö" as password.

Rumors about terrorists using steganography started first in the daily newspaper USA Today on February 5, 2001 in two articles titled "Terrorist instructions hidden online" and "Terror groups hide behind Web encryption". In July the same year, an article was titled even more precisely: "Militants wire Web with links to jihad". A citation from the article: "Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com". Other media worldwide cited these rumors many times, especially after the terrorist attack of 9/11, without ever showing proof. The Italian newspaper Corriere della Sera reported that an Al Qaeda cell which had been captured at the Via Quaranta mosque in Milan had pornographic images on their computers, and that these images had been used to hide secret messages (although no other Italian paper ever covered the story). The USA Today articles were written by veteran foreign correspondent Jack Kelley, who in 2004 was fired after allegations emerged that he had fabricated stories and sources.

In October 2001, the New York Times published an article claiming that al-Qaeda had used steganography to encode messages into images, and then transported these via e-mail and possibly via USENET to prepare and execute the September 11, 2001 Terrorist Attack. The Federal Plan for Cyber Security and Information Assurance Research and Development,^[7] published in April 2006 makes the following statements:

• "…immediate concerns also include the use of cyberspace for covert communications, particularly by terrorists but also by foreign intelligence services; espionage against sensitive but poorly defended data in government and industry systems; subversion by insiders, including vendors and contractors; criminal activity, primarily involving fraud and theft of financial or identity information, by hackers and organized crime groups…" (p 9–10)

• "International interest in R&D for steganography technologies and their commercialization and application has exploded in recent years. These technologies pose a potential threat to national security. Because steganography secretly embeds additional, and nearly undetectable, information content in digital products, the potential for covert dissemination of malicious software, mobile code, or information is great." (p 41–42)

• "The threat posed by steganography has been documented in numerous intelligence reports." (p 42)

Moreover, an online "terrorist training manual", the "Technical Mujahid, a Training Manual for Jihadis" contained a section entitled "Covert Communications and Hiding Secrets Inside Images."^{[8][citation needed]}

Despite this, there are no known instances of terrorists using computer steganography. Al Qaeda's use of steganography is somewhat simpler: In 2008 a British Muslim, Rangzieb Ahmed, was alleged to have a contact book with Al-Qaeda telephone numbers, written in invisible ink. He was convicted of terrorism.^[9]

See also

Citations

References

Further reading

• An Overview of Steganography for the Computer Forensics Examiner. 2004 FBI Introductory Review Article. By Gary C. Kessler.
• Cryptography and Steganography. 2002 presentation of an overview of steganography, by Elonka Dunin, with discussion of whether Al Qaeda might have used steganography to plan the September 11, 2001 attacks.
• Analyzing steganography applications. Practical examples on how some steganography software works, and how many of them are crackable.
• Kawaguchi, E; Eason RO (2001). "Principle and applications of BPCS-Steganography (Original paper on BPCS-Steganography)" (PDF). http://www.datahide.com/BPCSe/Articles/Ref-6.SPIE98.pdf. Retrieved 2008-09-02. 
• Steganography at the Open Directory Project
• Examples showing images hidden in other images
• Information Hiding: Steganography & Digital Watermarking. Papers and information about steganography and steganalysis research from 1995 to the present. Includes Steganography Software Wiki list. Dr. Neil F. Johnson.
• Detecting Steganographic Content on the Internet. 2001 paper by Niels Provos and Peter Honeyman, Center for Information Technology Integration, University of Michigan.
• Polytechnic Institute of NYU - Informations Systems and Internet Security Lab Research Group. Example of ongoing research on Steganography with links to scientific papers in PDF format.
• Postliteracy.org Transmedia art project that uses steganography as recursive communication.
• Rights Protection for Natural Language Text. Links to several articles on Steganography.
• Network Steganography Project. Articles on network steganography (Wireless LANs and VoIP). By Krzysztof Szczypiorski and Wojciech Mazurczyk.
• Steganography, Steganalysis, and Cryptanalysis. BlackHat and DefCon presentations by Michael T. Raggo, alias SpyHunter.
• Invitation to BPCS-Steganography. Introduction to a very large capacity steganography.
• Covert Channels in the TCP/IP Suite—1996 paper by Craig Rowland detailing the hiding of data in TCP/IP packets.
• Steganography in Java, an online chapter (with code) explaining how to implement LSB steganography in Java, with the use of encryption, message duplication, and fragmentation.

External links

This article's external links may not follow Wikipedia's policies or guidelines. Please improve this article by removing excessive and inappropriate external links or by converting links into references. (November 2009)

Text hiding tools

Online:

• Hide text in a PNG or BMP image and its corresponding decoder.
• Image Cipher takes some text and embeds it in a user-provided image by performing subtle color transformations on certain pixels
• ASCII Art Steganography takes some text and hides it in an ASCII art generated by a user-provided image

Downloadable:

• Bapuli Online implementing steganography using Visual Basic.
• BitCrypt is one of the easiest to use encryption tools which at the same time provide ultra-strong encryption. It uses up to 8192 long bit key ciphers to encrypt the text, and then stores the encrypted text within bitmap images.
• Free Tool To Encrypt and hide your text message into an image.

File hiding tools

Online:

• Stegger, PHP Steganography. An open source, feature rich, secure implementation of image steganography written in PHP.
• PHP Interface to hideimage. A PHP interface to the downloadable hideimage.
• Hiding images in background highlighting using CSS3's ::selection pseudo-element.
• "Hiding in the Order of Lists". Hiding a message in the order of a list.
• "Hiding in the Order of Letters". Hiding a message by scrambling the order of letters.

Downloadable:

• BestCrypt Commercial Windows/Linux disk encryption software that supports hiding one encrypted volume inside another.
• Examples Sample implementations of steganographic techniques, from Peter Wayner, the author of Disappearing Cryptography.
• FreeOTFE Free, open-source Windows/PocketPC/Linux disk encryption software that supports hiding one encrypted volume inside another, without leaving evidence that the second encrypted volume exists. This probably resists any statistical analysis (as opposed to tools that conceal data within images or sound files, which is relatively easy to detect).
• Freeware plugin for Total Commander DarkCryptTC and its GUI shell DarkCrypt GUI Supports file encryption, compression and hiding in images, text files and wave audio data.
• Hideimage Image hider, also available in a PHP Interface. No licensing at all.
• Hiding Glyph: Bytewise Image Steganography Freeware, which hides any file (or folder) into any losslessly compressed image (BMP, PNG, etc.).
• Hydan Hides messages in binary executable files on the i386 instruction set. Accepts ELF & PE/COFF Un*x and Windows binaries.
• ImageSpyer A GUI tool which hides any file into any image, also known as StegoTC[1] plugin for Total Commander. LSB method, custom bitset, data encryption. Freeware.
• NetTools Steganography by hiding data in pictures, archives, sounds, text files, html, and lists.
• OpenStego OpenStego is an opensource (GPL) program/library for embedding any type of file into images. Currently, it is written in Java, and supports 24 bpp images.
• OutGuess Universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources.
• P2Stego A Windows based steganography tool utilizing encryption of message text as well.
• PCopy A steganography commandline tool with a userfriendly wizard which can produce lossless images like PNG and BMP. Special features are RLE, Huffman compression, strong XOR encryption and the Hive archiving format which enables the injection of entire directories.
• Phonebook FS Protects your disks with Deniable Encryption
• Qtech Hide & View v.01 The newest BPCS-Steganography program for Windows. Image steganography. Free to use.
• SteganoG Simple program to hide a text file in a .bmp file.
• Steghide Free .jpeg and .wav encryption for Linux and other operating systems.
• Stego-0.5 A GNOME/GTK+ based GUI for LSB algorithm. License (GPL)
• Stego and Winstego Steganography by justified plain text.
• Stego Archive Source for a large variety of steganography software.
• StegoShare Steganography software which may be used for anonymous file sharing.
• StegoStik Deniable file system. Enterprise and Privacy versions. Privacy supports multiple deniable 'zones' for files on hard drives or removable media. Enterprise offers single zone with administrator control of settings.
• SteGUI Free GUI for Steghide for Linux.
• Thumbnail Steganography is a new type of steganography designed to increase the complexity required when attempting to automate steganography detection. It requires the original image (jpg, gif, etc) as well as the thumbnail (png) to extract the file from the thumbnail. It is open source and written in java.
• Trojan A new steganography software developed for the purpose of hiding data inside images. The source of the data can be various: text messages or binary files.
• TrueCrypt Windows/Linux disk encryption software that supports hiding one encrypted volume inside another, without leaving any evidence that the second encrypted volume exists. This probably resists any statistical analysis (as opposed to tools that conceal data within images or sound files, which is relatively easy to detect).
• Vecna Hide any file in any image. Output is always PNG. Written in Java. GPL
• Virtual Steganographic Laboratory (VSL) Free, platform-independent graphical block diagramming tool that allows complex using, testing and adjusting of methods both for image steganography and steganalysis. Provides modular, plug-in architecture along with simple GUI.

Steganalysis tools

• StegAlyzerSS. An automated tool to detect the use of steganography applications by matching signatures of known steganographic techniques within files residing on suspect computer media.
• Steganography Analysis and Research Center (SARC). A Backbone Security Center of Excellence providing tools for steganography detection and extraction as well as Certified Steganography Examiner Training.
• StegDetect. A tool to automatically find hidden messages in images embedded by seven steganography applications.
• StegSpy. A tool that will detect hidden messages embedded by five steganography applications.
• StegSecret. A java-based multiplatform steganalysis tool. Allows detection of hidden information by using the most known steganographic methods. Detects EOF, LSB, DCTs and other techniques.