Steganography

Steganography is the art and science of hiding messages. Steganography is often combined with cryptography so that even if the message is discovered it cannot be read.

The word steganography is derived from the Greek words “steganos” and “graphein”, which mean “covered” and “writing.” Steganography, therefore, is covered writing.

Historical stenganography involved techniques such as disappearing ink or microdots. Modern steganography involves hiding data in computer files.

It is fairly easy to hide a secret message in a graphic file without obviously altering the visible appearance of that file.

Steganography software

OutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources. The nature of the data source is irrelevant to the core of OutGuess. The program relies on data specific handlers that will extract redundant bits and write them back after modification. In this version the PNM and JPEG image formats are supported. In the next paragraphs, images will be used as concrete example of data objects, though OutGuess can use any kind of data, as long as a handler is provided.

F5 is a publicly available steganography software package which hides messages in BMP, GIF, and JPG graphics.

Camera/Shy is the only steganographic tool that automatically scans for and delivers decrypted content straight from the Web. It is a stand-alone, Internet Explorer-based browser that leaves no trace on the user’s system and has enhanced security.

JPHIDE and JPSEEK are programs which allow you to hide a file in a jpeg visual image. There are lots of versions of similar programs available on the Internet but JPHIDE and JPSEEK are rather special. The design objective was not simply to hide a file but rather to do this in such a way that it is impossible to prove that the host file contains a hidden file. Given a typical visual image, a low insertion rate (under 5%) and the absence of the original file, it is not possible to conclude with any worthwhile certainty that the host file contains inserted data. As the insertion percentage increases the statistical nature of the jpeg coefficients differs from “normal” to the extent that it raises suspicion. Above 15% the effects begin to become visible to the naked eye. Of course some images are much better than others when used a host file – plenty of fine detail is good. A cloudless blue sky over a snow covered ski paradise is bad. A waterfall in a forest is probably ideal.

MP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then hidden in the MP3 bit stream. Although MP3Stego has been written with steganographic applications in mind it might be used as a copyright marking system for MP3 files (weak but still much better than the MPEG copyright flag defined by the standard). Any opponent can uncompress the bit stream and recompress it; this will delete the hidden information (actually this is the only attack we know yet) but at the expense of severe quality loss.

Steghide is a steganography program that is able to hide data in JPG, BMP, WAV, and AU files. The color frequencies are not changed thus making the embedding resistant against first-order statistical tests.

Hydan steganographically conceals a message ito an executable. It exploits redundancy in the i386 instruction set by defining sets of functionally equivalent instructions. It then encodes information in machine code by using the appropriate instructions from each set. The executable filesize remains unchanged. The message is Blowfish encrypted with a user-supplied passphrase before being embedded.

Steganography detection software

Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images.

Further research on steganography

To learn more about steganography, read these papers on the subject:

• Hide and Seek: An Introduction to Steganography
• Detecting Steganographic Content on the Internet
• Defending Against Statistical Steganalysis
• Detecting Steganographic Messages in Digital Images
• Probabilistic Methods for Improving Information Hiding
• Attacks on Steganographic Systems: Breaking the Steganographic Utilities EzStego, Jsteg, Steganos, and S-Tools – and Some Lessons Learned

Digital Watermarking

Steganography is an important technology underlying digital watermarking.