Steganography
Steganography is an area of information security where the primary goal is to hide a secret message within a carrier. The carrier can be a message or some other medium, including "overhead" components of an electronic signal. Steganography provides an alternate means of hiding messages, theoretically quite distinct from cryptography; in practice, however the two are often used together.
As for cryptography and cryptanalysis, it is possible to distinguish between steganography (the art of hiding messages) and steganalysis (the art of finding them despite steganography). As with crypto, the short form stego is also used, referring to both or either.
Brief history
Steganography may be the oldest means of secret communication. One early, if not fast, means of concealing writing was to shave the head of a slave, tattoo the message, let the hair grow back, and send him to his destination, where his head would be shaved to reveal the message.
Invisible inks probably soon followed the use of parchment or even earlier flexible materials. Milk and lemon juice, for example, are invisible when dry, but darken when heated.
Reasons for the use of steganography
Steganography is often used in an atmosphere of oppression, or when communications and activities must remain secret for fear of reprisal from a watching group or organisation (usually a government). Certain groups, and individuals holding beliefs that a ruling party considers a threat must keep the very fact of their communication secret, and in some circumstances must prevent the knowledge of the relationship between the communicating parties becoming known.
It has also been used extensively in clandestine human-source intelligence, where the very existence of a spy, which would be revealed by radio communications, must be concealed.
Steganography vs. cryptography
Cryptography increases the privacy of communications between two or more parties, but it does not hide the fact that the parties have been communicating. More generally, it provides no defense against traffic analysis. In certain environments (particularly in countries with authoritarian governments) the use of cryptography may attract unwanted attention, or the authorities may demand that the parties reveal the password or key to unlock their message. In a number of countries the use of cryptography is restricted or even illegal, and should the authorities choose to enforce the relevant laws the communicating parties would be forced to reveal their message or face a penalty (this may be a fine, jail time, or even torture). As a result cryptography can only provide increased privacy for the communicating parties (not protection).
Steganography is well suited to use in such environments, and provides a greater level of privacy than cryptography alone can, by hiding the very fact that communication occurred at all.
Encryption is often used as one of the steps in steganographic hiding of information. Consider an image file with 10 megapixels, each 8 bits, in which you want to hide a message of a few megabits. The simplest way to do it is to just put the message in the least significant bits of each pixel. However, that has two disadvantages: it can be detected by an enemy who checks those bits and the message can be removed from the image by overwriting those bits.
If you encrypt the message before inserting it in the image then — since the output of any good cipher is apparently random — it generally becomes very difficult for any enemy who does not have the encryption key to detect the message, or to read it if he does detect it. Note, however, that if the low-order bits are initially non-random then replacing them with random material is easily detected; this might occur for example with a low-cost camera that puts real data only in the high six bits of a pixel. Generally symmetric key cryptography is used in such applications. For example, when a media company embeds a watermark in a video as part of a DRM system, it is often encrypted so only that company, or agents to whom it has provided the key, can recover it. However, public key cryptography can also be used [1].
Often some sort of transform is applied to the cover file before the steganographic data is added. Many different transforms can be used; among the commonest are the Fourier transform for sound data and discrete cosine transform for images or video. The sequence is then:
- apply the transform to the input data
- embed the encrypted message
- apply the inverse transform to produce the output data
Choice of transform is a rather complex question. Efficiency and output quality are of course important issues. One also wants a transform that makes the bits that will be changed by message embedding approximately random, so that messages will be hard to detect. There may also be interactions with other parts of a system; for example a media company might want their watermark to survive when common compression methods are applied to the data.
Physical steganography
Physical steganography is the use of a physical medium to carry the secret, hidden message.
Examples of physical steganography
- Invisible Ink
- Knots tied on yarn at varying spaces and then knitted into a garment
- Microdots
- Puzzles (the message is only clear when all the pieces have been assembled)
Physical methods of detection
Detection of physical steganography is time consuming and labor intensive, although general methods for detecting invisible ink began in the early 20th century. Since the act of writing, even with water, disturbs paper fibers, placing a suspected document in a container with sublimed iodine vapor would lead to the deposition of iodine crystals on the disturbed paper. Subsequent photographic methods, using visible or infrared light grazing the surface of the paper, were even faster. Against any serious counterintelligence threat, the microdot, with all the difficulty of preparing it, began to replace invisible inks.
Electronic steganography
With electronic steganography the secret message is hidden in a medium such as a picture, a video file or a sound file. Generally any of these media contain some random data that the message can be stored in without much suspicion.
Digital watermarking
Steganography is often used as part of a digital rights management system, "watermarking" some piece of copyrighted material such as a film or sound recording with the goal of helping to prevent "piracy" or to track down perpetrators. The steganography makes it difficult for anyone to detect, let alone remove, the mark.
A difficulty for the steganographer is that the format of the material may be changed — for example, a song off a CD converted to MP3 or a movie from a DVD to an MPEG file — before it is distributed. In many cases a side effect of such a conversion is to erase a watermark. It is possible to design watermarks to resist some conversions, but it makes the problem more difficult and the solutions more expensive.
Steganographic web material
There are many sites, mostly free, which allow anyone to share photos or videos with anyone else. Someone can embed a message in such a file and put it on the web; then his confederates can download the file and extract the message.
This makes it quite difficult for anyone — such as a police or national security agency — to track the communication. They might do traffic analysis to discover everyone that suspect A sends email to. Or they could ask for assistance from Internet companies, say asking his email provider for information, asking Twitter for a list of his followers, Facebook for his connections and so on. However, if he uploads a videos to YouTube or pictures to Flickr, there may not even be records of who downloaded what. If there are, they may not be useful to an analyst because it may be impossible to tell which ones contain secret messages.
There have been published claims that among the things American raiders found in Osama bin Laden's bedroom after they killed him was a substantial stash of pornography[2]. One of the many possible explanations is that the material was to be used as steganographic cover for disseminating terrorist plans.
Steganographic spam
Spam can also be used as a steganograpic medium. This might make it even harder for the authorities to track.
Covert channels
In a covert channel, information is concealed not in the primary signal elements such as the bits of messages, but in their context, such as the inter-bit delays, the length of silent periods between characters, etc. Some of the methods of radiofrequency MASINT apply here, not necessarily for true steganography, but to recognize the individual "fist" of a Morse Code operator. Other electronic steganography hides signal in parts of the bandwidth not usually used for communications, such as the retrace interval of a television signal.
Electronic methods of detection
- Statistical analysis
Stegographic applications
All applications are OpenSource and have not been tested(by the author)
Famous examples of use in history
WWII
- Japanese use
- Chinese restance use
- Allies use
Cold war
- North Korea
- Soviet Union
in 2010, the US arrested a number of people allegedly from a Russian spy ring; one of their techniques was concealing secret messages in web material [3].
In 2012, German police uncovered a lot of Al Qaeda documents stegangographically hidden in pornographic videos[4].