Could accidentally degrade or render an
image misleading.
The word steganography literally means covered writing as derived from Greek. It includes
a vast array of methods of secret communications that conceal the very existence of the
message. Among these methods are invisible inks, microdots, character arrangement (other
than the cryptographic methods of permutation and substitution), digital signatures,
covert channels and spread-spectrum communications.
Steganography is the art of
concealing the existence of information within seemingly innocuous carriers. Steganography
can be viewed as akin to cryptography. Both have been used throughout recorded history as
means to protect information. At times these two technologies seem to converge while the
objectives of the two differ. Cryptographic techniques "scramble" messages so if
intercepted, the messages cannot be understood. Steganography, in an essence,
"camouflages" a message to hide its existence and make it seem
"invisible" thus concealing the fact that a message is being sent altogether. An
encrypted message may draw suspicion while an
invisible message will not .
David Kahn places steganography and
cryptography in a table to differentiate against the types and counter methods used. Here security is defined as methods of
"protecting" information where intelligence
is defined as methods of "retrieving" information.
Steganography has its place in
security. It is not intended to replace cryptography but supplement it. Hiding a message
with steganography methods reduces the chance of a message being detected. However, if
that message is also encrypted, if discovered, it must also be cracked (yet another layer
of protection).
When the Greek tyrant Histiaeus was
held as a virtual prisoner of king Darius in Susa in the 5th century BCE, he had to send a
secret message to his son-in-law Aristagoras to the Anatolian city of Miletus. Histiaeus
shaved the head of a slave and tattooed a message on his scalp. When the slave’s hair
had grown long enough he was dispatched to Miletus. That’s how Herodotus describes
one of the first cases of using steganography in the ancient world, the art of covered
writing.
As the art developed it eventually became a science that has been helping people throughout the ages to disguise the very fact of information transmission. Ancient Romans used to write between lines using invisible ink based on various natural substances such as fruit juices, urine, and milk. Their experience was not forgotten: even nowadays children play spies and write secret messages that appear only when heated.
During the World War II the Germans developed the microdot. A secret message was photographically reduced to the size of a period, and affixed as the dot for the letter 'i' or other punctuation on a paper containing a written message. Microdots permitted the transmission of large amounts of printed data, including technical drawings, and the fact of the transmission was effectively hidden.
The wide usage of steganography during the war and the atmosphere of suspiciousness caused the institution of many restrictions that seem very funny today. In USA banned in advance were the international mailing of postal chess games, knitting instructions, newspaper clippings, children's drawings. It was also illegal to send cables ordering that specific types of flowers be delivered on a specific date, and eventually all international flower orders were banned by the US and British governments. In the USSR all international mailings were screened in attempt to detect any hostile activities.
Throughout history, a multitude of
methods and variations have been used to hide information.
The origin of steganography goes back
to the fact that an engineering firm suspected that an insider was transmitting
valuable intellectual property out of its network. When Seattle-based forensics consulting
firm Electronic Evidence Discovery Inc. (EED) investigated the case in June 2000, it
couldn't find the evidence on the local hard drive. After checking mail logs, however,
investigators found the smoking gun: two e-mails with harmless-looking image attachments
sent by an engineer. Turns out, the images were hiding two of the company's most precious
engineering specifications.
The technique used to hide the
specifications inside image files is a high-tech version of a process called
steganography, which has been around since the beginning of recorded history, says Sayan
Chakraborty, vice president of engineering at Sigaba Corp. in San Mateo, Calif.
During the Roman Empire, he explains,
secret information was tattooed on a messenger's shaved head. When the hair grew back, the
messenger was sent out with the secret message on his scalp and a decoy message in hand.
There are few legitimate uses for steganography, say forensics professionals. And despite reports circulating about terrorists using steganography to communicate secretly, experts doubt that's the case.
"Most people study steganography
either as an academic discipline or a curiosity, but I don't know if even terrorist groups
would actually use it," says Chakraborty. Last year, after reading a USA Today
article about steganography and terrorism, Neils Provos, a Ph.D. student in computer
science at the University of Michigan in Ann Arbor, decided do his dissertation on
steganography. Provos developed detection and cracking tools to analyze images for signs
of steganography, such as overly large files and uneven bit mapping. He tested the tools
and then used them to compare 2 million images on San Jose-based eBay Inc.'s Web site,
which has been cited as a possible place for posting and retrieving hidden messages.
Provos found no cases of steganography.
"Steganography becomes the focus
of attention, dies down, and then the public is all over it again," says Provos.
"But it will never be pervasive, because the amount of data you can actually hide in
the images is fairly small. And if someone wanted to steal intellectual property, it'd be
easier to copy the data on a disk and carry it out in your pocket."
Even if steganography is present,
forensics experts prefer to start by investigating less complex areas. But in some cases,
the only evidence might be hidden in image or sound files, so investigators need to be
aware of steganography and the tools used to detect and crack it, say experts.
"It's true that steganography is
very little used, but we need to be aware of it when doing almost any forensics
analysis," advises Kenneth Shear, vice president of technology and law at EED.
Could accidentally degrade or render an
image misleading.
� Embedding corrective audio or image
data in case corrosion occurs from a poor connection or transmission
Could
counteract and be counterproductive with the original image
Peer-to-peer
private communications
Doesn't hide the fact that an e-mail
was sent, negating the purpose of secret communications.
� Posting secret communications on the
Web to avoid transmission. Someone else with a steganography detection and cracking tool
could expose the message.
Copyright protection
A form of
this already exists, called digital watermarking, but requires use of separate hardware
tools because steganographic software can't use separate hardware tools. Steganographic
software also can't protect the watermark.
� Maintaining anonymity 
Easier to
open free Web-based e-mail or use cloaked e-mail
Hiding data on the network in case of a
breach
Better to understand and effectively
use standardized encryption
David
Kahn's The Codebreakers provides an excellent
accounting of this history . Bruce Norman recounts numerous tales of cryptography and
steganography during times of war in Secret Warfare:
The Battle of Codes and Ciphers.
One of the first documents describing
steganography is from the Histories of Herodotus. In ancient Greece, text was written on
wax-covered tablets. In one story Demeratus wanted to notify Sparta that Xerxes intended
to invade Greece. To avoid capture, he scraped the wax off of the tablets and wrote a
message on the underlying wood. He then covered the tablets with wax again. The tablets
appeared to be blank and unused so they passed inspection by sentries without question.
Another ingenious method was to shave
the head of a messenger and tattoo a message or image on the messengers head. After
allowing his hair to grow, the message would be undetected until the head was shaved
again.
Another common form of invisible
writing is through the use of Invisible inks. Such inks were used with much success as
recently as WWII. An innocent letter may contain a very different message written between
the . Common sources for invisible inks are lines . Early in WWII steganographic
technology consisted almost exclusively of invisible inks milk, vinegar, fruit juices and
urine. All of these darken when heated.
With the improvement of technology and
the ease as to the decoding of these invisible inks, more sophisticated inks were
developed which react to various chemicals. Some messages had to be "developed"
much as photographs are developed with a number of chemicals in processing labs.
Null ciphers (unencrypted messages)
were also used. The real message is "camouflaged" in an innocent sounding
message. Due to the "sound" of many open coded messages, the suspect
communications were detected by mail filters. However "innocent" messages were
allowed to flow through. An example of a message containing such a null cipher from
[JDJ01] is:
Fishing freshwater bends
and saltwater
coasts rewards anyone
feeling stressed.
Resourceful anglers
usually find masterful
leapers fun and admit swordfish rank
overwhelming anyday.
By taking the third letter in each
word, the following message emerges :
Send Lawyers, Guns, and Money.
The following message was actually sent
by a German Spy in WWII :
Apparently neutral's protest is thoroughly discounted
and ignored. Isman hard hit. Blockade issue affects
pretext for embargo on by products, ejecting suets and
vegetable oils.
Taking the second letter in each word
the following message emerges:
Pershing sails from NY June 1.
As message detection improved, new technologies were developed which could pass more information and be even less conspicuous. The Germans developed microdot technology which FBI Director J. Edgar Hoover referred to as "the enemy's masterpiece of espionage." Microdots are photographs the size of a printed period having the clarity of standard-sized typewritten pages. The first microdots were discovered masquerading as a period on a typed envelope carried by a German agent in 1941. The message was not hidden, nor encrypted. It was just so small as to not draw attention to itself (for a while). Besides being so small, microdots permitted the transmission of large amounts of data including drawings and photographs . With many methods being discovered and intercepted, the Office of Censorship took extreme actions such as banning flower deliveries which contained delivery dates, crossword puzzles and even report cards as they can all contain secret messages. Censors even went as far as rewording letters and replacing stamps on envelopes.
With every discovery of a message
hidden using an existing application, a new steganographic application is being devised.
There are even new twists to old methods. Drawings have often been used to conceal or
reveal information. It is simple to encode a message by varying lines,
We explore new steganographic and cryptographic
algorithms and techniques throughout the world to
produce wide variety and security in the electronic web
called the Internet.
and apply some word shifting algorithm
(this is sentence S1).
We explore new steganographic and cryptographic
algorithms and techniques throughout the world to
produce wide variety and security in the electronic web
called the Internet.
By overlapping S0 and S1, the following
sentence is the result:
We explore new steganographic and
cryptographic
algorithms and techniques throughout the
world to
produce wide variety and security in the
electronic web
called the Internet.
This is achieved by expanding the space
before explore, the, wide,
and web by one point and condensing the space
after explore, world, wide
and web by one point in sentence S1.
Independently, the sentences containing the shifted words appear harmless, but combining
this with the original sentence produces a different message: explore the world wide web.
� Implementation Of Steganography as
Software:
Computer steganography is based on two principles. The first one is that the files that
contain digitized images or sound can be altered to a certain extend without loosing their
functionality unlike other types of data that have to be exact in order to function
properly. The other principle deals with the human inability to distinguish minor changes
in image color or sound quality, which is especially easy to make use of in objects that
contain redundant information, be it 16-bit sound, 8-bit or even better 24-bit image.
Speaking of images, changing the value of the least significant bit of the pixel color
won’t result in any perceivable change of that color.
One of the best and most widely spread steganographic product for Windows95/98/NT is S-Tools. This freeware program lets you hide files of any type in .gif and .bmp images as well as in .wav sounds. Moreover, S-Tools is actually a steganographic and cryptographic product in one, because the file to be hidden is encrypted using one of the symmetric key algorithms: DES (it’s time has gone), Triple DES, and IDEA - the latter ones are very secure as of today. Working with the program is fun! You just drag the carrier file into the program window, then you drag the file you want to hide, choose an algorithm and a password, and here we go!
One can tell the difference between the clean and the loaded file only by comparing them, so if you look at the resulting file only, it looks totally innocent. For better security it is recommended that one uses images with many halftones and preferably unknown to the public because minor changes in them will not be noticed. Using Henri Matisse's The Dance is not a very good idea, because everyone (at least in our old good intellectual Europe) knows what it looks like, besides there are large spots of the same color. Try using your dog's photo. Let's have a look at what we can do with this program:
q The
left image in the first row (8.9K) contains no hidden data while the right one (11.2K)
contains about 5K of password-protected text. In the second row the left sound file (4.6K)
is also empty, while the right file contains 0.5K of text (the file size remained the
same). Amazing, isn't it? Almost no distinctions. The ratio of the image file size and the
text file size to be hidden depends on the image. Anyway, even if someone suspects that
you are hiding something it’s no help: without the password one cannot tell if an
image has been processed by S-Tools.
Another good steganographic product is Steganos Security Suite (shareware). Unlike S-Tools it comprises a set of security tools including virtual encrypted drive, Internet Trace Destructor, clipboard encryption utility, shredder and several others. Steganos Security Suite employs AES and Blowfish encryption algorithms and is capable of hiding data in .bmp and .wav files after either finding them on your hard drive or creating them. As you surf the net your computer stores information about web sites that you visited, thus allowing other persons to trace your internet activities. The Internet Trace Destructor included into Steganos Suite can erase traces of your internet activities from your computer. Besides Steganos adds an option of sending files from your hard drive to the shredder which makes it impossible to recover them. Hey spies, get to the job!
A good file encryption utility with steganographic capabilities is Scramdisk. It is designed to create virtual encrypted drives and has an option to create a virtual drive out of .wav file and hide data inside it. The size of the encrypted partition varies between 25 and 50 percent of the original file size. The best thing about this program is that without knowing the pass-phrase it is not possible to prove that the file contains additional data.
� Digital Watermarking
Speaking of commercial steganographic
applications we should definitely mention digital watermarking which is a special
technique of creating invisible digital marks in images and audio files that carry
copyright information. These marks can be detected by special programs that can derive a
lot of useful information from the watermark: when the file was created, who holds the
copyright, how to contact the author etc. As you know tons of copyrighted material are
reproduced , i.e. stolen on the Net every day so this technology might be useful if you
are a designer.
There are many companies on the Net
that sell watermarking products. One of the leaders is Digimarc that claims to have distributed over a
million copies of its software. They offer a free download of PictureMarc which is a
plug-in for Photoshop and CorelDraw, or stand-alone ReadMarc. Once you download and
install it, you just open a file and read hidden watermarks embedded in it (if any). For
those who want to go further Digimarc offers individual Creator ID (free for 1 year) that
allows to embed watermarks in your own images before you put them on the Web. I believe
many customers including designers, photographers and online galleries do it. Playboy magazine does it
too. And then corporate users are offered to download MarcSpider that crawls the Web
looking through all images and reports any unauthorized reproduction of them.
Although in case of Playboy I can hardly believe anyone would put their photos on a site for commercial purposes because they can only attract schoolchildren...Anyway, it’s up to them.
So it looks like the golden age of integrity is coming: authors no longer suffer from thefts, thieves take cameras, brushes, mice in their hands and start creating beautiful artworks themselves... but no! In spite of the manufacturers’ claims watermarking didn’t prove to be robust enough. Watermarks can survive a lot of things: brightness and contrast adjustments, applying special filters and even printing and scanning, but they cannot survive the manipulations of special programs such as StirMark and UnZign that appeared on the Net soon after the new technology was introduced. Apparently these tools are not targeted against any specific steganographic algorithm, they are rather benchmarks that help customers choose the most robust watermarking software. And the conclusion they lead us to is: as of today all watermarks can be destroyed
"Well, now what?" the reader might ask. We don’t know. Probably the algorithms will become more complicated or new image file formats will emerge. But any engineering entails reverse engineering, infinitely continuing the spiral of the technological progress.
� Robust
watermarking is
embedded in the file in such a way that even if the file is later transformed; the
watermark cannot be removed.
� In case of Fragile
watermarking if the data is
altered or copied inexactly the watermark is corrupted.
Digital watermarking is the process of embedding copyright information such as author/owner/usage restrictions into the original file, be it a Beatles song or an original photograph. In the paper and ink world, traditional watermarks are visible impressions left on the paper. In the digital world, watermarks are intended to be imperceptible to the end user of the file - the watermark can't leave a big blotch on the Mona Lisa or add a few extra bars to your favorite song. A digital watermark also must be recoverable by someone checking the copyright - yet it also must be unalterable to intentional fraud and unintentional file manipulations such as data compression. It's a pretty tall order to do all of this, as well making the data easy to use for the appropriate users. This is not the same thing as using digital signatures to determine the authenticity of a document - a single change will cause mismatched checksums and invalidate the file. Watermarks need to stay with the file, even if it is a song that is being rerecorded or an image that is being cropped.
Digital watermarks are created by converting copyright information into apparently random digital "noise" using an algorithm that is imperceptible to all but special watermark-reading software. So while a JPEG file that is read by a Web browser may display a pretty picture, that same file will display the copyright when read by the watermark software.
The demand for this type of technology can be expected to grow enormously as businesses seek to assert some control over their property on the "everything is free" Internet. Digimarc is an interesting company in this field and a useful study to gain insight into some of the applications of digital watermarking. Based in Portland, Oregon, Digimarc rocketed out of the gates during its initial public offering in early December. Digimarc specializes in watermarking technology and services for imaging applications.
The products basically break down as follows:
� Watermark Embedders - This software actually adds the watermark to the image. Digimarc provides a batch embedder for those who need to add watermarks to a large number of images without manually opening each file. Digimarc also provides a software development kit to allow for the creation of customized applications for embedding. An example of a user of this type of technology could be an online publisher with a proprietary publishing system. The SDK could allow them to automate the process of adding watermarks into their existing system. The plug-ins and extensions for shrink-wrapped software are perhaps the most useful embedding capability that Digimarc provides. With the plug-ins, watermarks can be added directly from within popular graphics applications, including those from Adobe and Corel.
� Watermark Readers - Think of this like the Adobe Acrobat Reader. The watermark readers are free downloadable programs for reading the watermark.
� Watermark Tracking - This is a service, not a product. Digimarc uses its spider technology to search the Web for your watermarked images and report the findings back to you, so that you may take action against any inappropriate usage of your data.
Ultimately, any security technology is hackable. However, if the technology is combined with proper legal enforcement, industry standards and respects of the privacy of individuals seeking to legitimately use intellectual property, digital watermarking will encourage content creators to trust the Internet more, which will create a richer experience for those of us who use it.
Steganopgraphy is not conventional
Cryptography:
Steganography is the process of
securing the data so that only the sender and the receiver know its very existence. While
Cryptography is the process by which only the sender and the receiver can understand it
though it is well visible to the public eye. Thus it is a rather risky process since if a
hacker wants to get the real message from the hidden one, he can at least try means, make
assumptions. Thus the most secure way is to first encrypt the data and then applying
steganography.
Steganography has its place in
security. It is not intended to replace cryptography but supplement it. Hiding a message
with steganography methods reduces the chance of a message being detected. However, if
that message is also encrypted, if discovered, it must also be cracked (yet another layer
of protection).
There are an infinite number of
steganography applications. This paper explores a tiny fraction of the art of
steganography. It goes well beyond simply embedding text in an image. Steganography does
not only pertain to digital images but also to other media (files such as voice, other
text and binaries; other media such as communication channels, the list can go on and on).
Consider the following example:
A person has a cassette tape of Pink
Floyd's "The Wall." The plans of a Top Secret project (e.g., device, aircraft,
covert operation) are embedded, using some steganographic method, on that tape. Since the
alterations of the "expected contents" cannot be detected, (especially by human
ears and probably not easily so by digital means) these plans can cross borders and trade
hands undetected. How do you detect which recording has the message?
This is a trivial (and incomplete)
example, but it goes far beyond simple image encoding in an image with homogeneous
regions. Part of secrecy is selecting the proper mechanisms. Consider encoding using a
Mandelbrot image.
In and of itself, steganography is
not a good solution to secrecy, but neither is simple substitution and short block
permutation for encryption. But if these methods are combined, you have much stronger
encryption routines (methods).
For example (again over simplified):
If a message is encrypted using substitution (substituting one alphabet with another),
permute the message (shuffle the text) and apply a substitution again, then the encrypted
ciphertext is more secure than using only substitution or only permutation. NOW, if the
ciphertext is embedded in an [image, video, voice, etc.] it is even more secure. If an
encrypted message is intercepted, the interceptor knows the text is an encrypted message.
With steganography, the interceptor may not know the object contains a message.