Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there "is" a hidden message. By contrast,
cryptographyobscures the meaning of a message, but it does not conceal the fact that there "is" a message. Today, the term steganography includes the concealment of digital information within computer files. For example, the sender might start with an ordinary-looking image file, then adjust the color of every 100th pixel to correspond to a letter in the alphabet—a change so subtle that someone who isn't actively looking for it is unlikely to notice it.
The word "steganography" is of Greek origin and means "covered, or hidden writing". Its ancient origins can be traced back to 440 BC.
Herodotusmentions two examples of steganography in " The Histories of Herodotus". [cite journal | url = http://www.cl.cam.ac.uk/~fapp2/publications/ieee99-infohiding.pdf | format = pdf | title = Information Hiding: A survey | journal = Proceedings of the IEEE (special issue) | last = Petitcolas | first = FAP | coauthors = Anderson RJ; Kuhn MG | volume = 87 | issue = 7 | pages = 1062-78 | accessdate = 2008-09-02] Demaratussent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax. Wax tablets were in common use then as re-usable writing surfaces, sometimes used for shorthand. Another ancient example is that of Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians. Later, Johannes Trithemiuspublished the book " Steganographia", a treatise on cryptography and steganography disguised as a grimoire.
Generally, a steganographic message will appear to be something else: a picture, an article, a shopping list, or some other message. This apparent message is the "covertext". For instance, a message may be hidden by using
invisible inkbetween the visible lines of innocuous documents.
The advantage of steganography over cryptography alone is that messages do not attract attention to themselves, to messengers, or to recipients. An unhidden coded message, no matter how unbreakable it is, will arouse suspicion and may in itself be incriminating, as in countries where
encryptionis illegal. [cite web | url = http://www.alternet.org/story/11986/ | title = Confounding Carnivore: How to Protect Your Online Privacy | publisher = AlterNet| archiveurl = http://web.archive.org/web/20070716093719/http://www.alternet.org/story/11986/ | archivedate = 2007-07-16 | accessdate = 2008-09-02 | last = Pahati | first = OJ | date = 2001-11-29 ] Often, steganography and cryptography are used together to ensure security of the covert message.
Steganography used in electronic communication include steganographic coding inside of a transport layer, such as a file, or a protocol, such as UDP. Usually, files meant for internet means are put into media types that are lossless, such as FLAC, WAV, PNG etc.
A steganographic message (the "
plaintext") is often first encrypted by some traditional means, producing a " ciphertext". Then, a "covertext" is modified in some way to contain the ciphertext, resulting in "stegotext". For example, the letter size, spacing, typeface, or other characteristics of a covertext can be manipulated to carry the hidden message; only the recipient (who must know the technique used) can recover the message and then decrypt it. Francis Bacondeveloped Bacon's cipheras such a technique.
Modern steganographic techniques
Modern steganography entered the world in 1985 with the advent of the Personal Computer applied to classical steganography problems. [ [http://www.mikebarney.net/stego.html The origin of Modern Steganography ] ] Development following that was slow, but has since taken off, based upon the number of 'stego' programs available.
* Concealing messages within the lowest bits of noisy images or sound files.
* Concealing data within encrypted data. The data to be concealed is first encrypted before being used to overwrite part of a much larger block of encrypted data.
Chaffing and winnowing
* Concealed messages in tampered executable files, exploiting redundancy in the i386 instruction set
* Embedded pictures in video material (optionally played at slower or faster speed).
* A new steganographic technique involves injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (
telnetor remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data.
Content-Aware Steganographyhides information in the semantics a human user assigns a datagram; these systems offer security against a non-human adversary/warden.
BPCS-Steganography- a very large embedding capacity steganography.
Blog-Steganography. Messages are fractionalyzed and the (encrypted) pieces are added as comments of orphaned web-logs (or pin boards on social network platforms). In this case the selection of blogs is the symmetric key that sender and recipient are using. The carrier of the hidden message is the whole blogosphere.
Historical steganographic techniques
Steganography has been widely used in historical times, especially before cryptographic systems were developed.Examples of historical usage include:
* Hidden messages in
wax tablets: in ancient Greece, people wrote messages on the wood, then covered it with waxso that it looked like an ordinary, unused tablet.
* Hidden messages on messenger's body: also in ancient Greece.
Herodotustells the story of a message tattooed on a slave's shaved head, hidden by the growth of his hair, and exposed by shaving his head again. The message allegedly carried a warning to Greece about Persian invasion plans. This method has obvious drawbacks:
#It is impossible to send a message as quickly as the slave can travel, because it takes months to grow hair.
#A slave can only be used once for this purpose. (This is why slaves were used: they were considered expendable.)
* Hidden messages on paper written in secret inks under other messages or on the blank parts of other messages.
* During and after
World War II, espionageagents used photographically produced microdots to send information back and forth. Since the dots were typically extremely small-the size of a period produced by a typewriteror even smaller-the stegotext was whatever the dot was hidden within. If a letter or an address, it was some alphabetic characters. If under a postage stamp, it was the presence of the stamp. The problem with the WWII microdots was that they needed to be embedded in the paper, and covered with an adhesive (such as collodion), which could be detected by holding a suspected paper up to a light and viewing it almost edge on. The embedded microdot would reflect light differently than the paper.
* More obscurely, during
World War II, a spy for the Japanese in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America. She was a dealer in dolls, and her letters discussed how many of this or that doll to ship. The stegotext in this case was the doll orders; the 'plaintext' being concealed was itself a codetextgiving information about ship movements, etc. Her case became somewhat famous and she became known as the Doll Woman.
* Possibly even more obscurely, during
World War II, another technology used was specially treated paperthat would reveal invisible ink. An article in the June 24, 1948 issue of "Paper Trade Journal" by the Technical Director of the United States Government Printing Office, Morris S. Kantrowitz, describes in general terms the development of this paper, three prototypes of which were named "Sensicoat," "Anilith," and "Coatalith" paper. The purpose was to manufacture postal cards and stationery to be given to German prisoners of war in the U.S. and Canada. If the POWs attempted to write a hidden message the special paper would make it visible. At least two U.S. patents were granted related to this technology, one to Mr. Kantrowitz, No. 2,515,232, "Water-Detecting paper and Water-Detecting Coating Composition Therefor," patented July 18, 1950, and an earlier one, "Moisture-Sensitive Paper and the Manufacture Thereof," No. 2,445,586, patented July 20, 1948.
* Counter-propaganda: During the
Pueblo Incident, US crew members of the USS Pueblo (AGER-2)research ship held as prisoners by North Koreacommunicated in sign language during staged photo ops to inform the United States that they had not defected, but had instead been captured by North Korea and were still loyal to the U.S. In other photos presented to the US, the crew members gave " the finger" to the unsuspecting North Koreans, in an attempt to discredit the pictures that showed them smiling and comfortable. [ [http://groups.msn.com/ctoseadogs/usspueblocrew1.msnw CTO Sea Dogs] ]
In general, terminology analogous to (and consistent with) more conventional radio and communications technology is used; however, a brief description of some terms which show up in software specifically, and are easily confused, is appropriate. These are most relevant to digital steganographic systems.
The "payload" is the data it is desirable to transport (and, therefore, to hide). The "carrier" is the signal, stream, or data file into which the payload is hidden; contrast "channel" (typically used to refer to the type of input, such as "a JPEG image"). The resulting signal, stream, or data file which has the payload encoded into it is sometimes referred to as the "package", "stego file", or "covert message". The percentage of bytes, samples, or other signal elements which are modified to encode the payload is referred to as the "encoding density" and is typically expressed as a floating-point number between 0 and 1.
In a set of files, those files considered likely to contain a payload are called "suspects". If the "suspect" was identified through some type of statistical analysis, it may be referred to as a "candidate".
The detection of steganographically encoded packages is called
steganalysis. The simplest method to detect modified files, however, is to compare them to the originals. To detect information being moved through the graphics on a website, for example, an analyst can maintain known-clean copies of these materials and compare them against the current contents of the site. The differences (assuming the carrier is the same) will compose the payload.
In general, using an extremely high compression rate makes steganography difficult, but not impossible; while compression errors provide a good place to hide data, high compression reduces the amount of data available to hide the payload in, raising the encoding density and facilitating easier detection (in the extreme case, even by casual observation).
Usage in modern printers
Steganography is used by some modern printers, including HP and Xerox brand color laser printers. Tiny yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time stamps.
Example from modern practice
The larger the cover message is (in data content terms—number of
bits) relative to the hidden message, the easier it is to hide the latter.
For this reason, digital pictures (which contain large amounts of data) are used to hide messages on the
Internetand on other communication media. It is not clear how commonly this is actually done. For example: a 24-bit bitmapwill have 8 bits representing each of the three color values (red, green, and blue) at each pixel. If we consider just the blue there will be 28 different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bitcan be used (more or less undetectably) for something else other than color information. If we do it with the green and the red as well we can get one letter of ASCIItext for every three pixels.
Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) due to the injection of the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are indistinguishable from the noise floor of the carrier.
From an information theoretical point of view, this means that the channel must have more capacity than the 'surface' signal requires, that is, there must be redundancy. For a digital image, this may be
noisefrom the imaging element; for digital audio, it may be noise from recording techniques or amplification equipment. In general, electronics that digitize an analog signal suffer from several noise sources such as thermal noise, flicker noise, and shot noise. This noise provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data. In addition, lossy compressionschemes (such as JPEG) always introduce some error into the decompressed data; it is possible to exploit this for steganographic use as well.
Steganography can be used for
digital watermarking, where a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified.
Alleged usage by terrorists
When one considers that messages could be encrypted steganographically in
e-mail spam, the notion of junk e-mail takes on a whole new light. Coupled with the " chaffing and winnowing" technique, a sender could get messages out and cover their tracks all at once.
Rumors about terrorists using steganography started first in the daily newspaper
USA Todayon February 5, 2001in two articles titled "Terrorist instructions hidden online" and "Terror groups hide behind Web encryption". In July of the same year, the information looked even more precise: "Militants wire Web with links to jihad".
A citation from the "USA Today" article: "Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com". These rumors were cited many times—without ever showing any actual proof—by other media worldwide, especially after the terrorist attack of 9/11.
For example, the Italian newspaper "
Corriere della Sera" reported that an Al Qaeda cell which had been captured at the Via Quaranta mosque in Milan had pornographic images on their computers, and that these images had been used to hide secret messages (although no other Italian paper ever covered the story).
The USA Today articles were written by veteran foreign correspondent
Jack Kelley, who in 2004 was fired after allegations emerged that he had fabricated stories and invented sources.
October 2001, the New York Timespublished an article claiming that al-Qaedahad used steganographic techniques to encode messages into images, and then transported these via e-mail and possibly via USENETto prepare and execute the September 11, 2001 Terrorist Attack.
The Federal Plan for Cyber Security and Information Assurance Research and Development [ [http://www.nitrd.gov/pubs/csia/csia_federal_plan.pdf CSIA12i-FINAL.qxd] ] , published in April 2006 makes the following statements:
* "…immediate concerns also include the use of cyberspace for covert communications, particularly by terrorists but also by foreign intelligence services; espionage against sensitive but poorly defended data in government and industry systems; subversion by insiders, including vendors and contractors; criminal activity, primarily involving fraud and theft of financial or identity information, by hackers and organized crime groups…" (p 9–10)
* "International interest in R&D for steganography technologies and their commercialization and application has exploded in recent years. These technologies pose a potential threat to national security. Because steganography secretly embeds additional, and nearly undetectable, information content in digital products, the potential for covert dissemination of malicious software, mobile code, or information is great." (p 41–42)
* "The threat posed by steganography has been documented in numerous intelligence reports." (p 42)
Moreover, a captured terrorist training manual, the "Technical Mujahid, a Training Manual for Jihadis" contains a section entitled "Covert Communications and Hiding Secrets Inside Images." A brief summary is provided by the Jamestown Foundation [ [http://www.jamestown.org/news_details.php?news_id=232 The Jamestown Foundation] ] .
To date, over 725 digital steganography applications have been identified by the Steganography Analysis and Research Center [ [http://www.sarc-wv.com/safdb.aspx SARC - Steganography Analysis and Research Center] ]
Steganographic file system
Camera/ShyStand-alone browser that automatically scans for and delivers decrypted content straight from the Web.
*cite book |author=Wayner, Peter |title=Disappearing cryptography: information hiding: steganography & watermarking |publisher=MK/Morgan Kaufmann Publishers |location=Amsterdam |year=2002 |pages= |isbn=1-55860-769-2 |oclc= |doi= |accessdate=
*cite book |author=Petitcolas, Fabian A.P.; Katzenbeisser, Stefan |title=Information Hiding Techniques for Steganography and Digital Watermarking |publisher=Artech House Publishers |location= |year=2000 |pages= |isbn=1-58053-035-4 |oclc= |doi= |accessdate=
*cite book |author=Johnson, Neil; Duric, Zoran; Jajodia, Sushil |title=Information hiding: steganography and watermarking: attacks and countermeasures |publisher=Kluwer Academic |location= |year=2001 |pages= |isbn=0-7923-7204-2 |publisher=Springer |location= |year=2001 |pages= |isbn=978-0-7923-7204-2|oclc= |doi= |accessdate=
* [http://petitcolas.net/fabien/steganography/image_downgrading/index.html Examples showing images hidden in other images]
* [http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htm FBI Article: An Overview of Steganography for the Computer Forensics Examiner]
* [http://www.elonka.com/steganography Cryptography and Steganography] (web version of PowerPoint slides), 2002.
Elonka Dunin's presentation of an overview of steganography, as well as a discussion of whether or not Al Qaedamight have been using steganography to plan the September 11th, 2001 attacks
* [http://www.jjtc.com/Steganography Steganography & Digital Watermarking] —papers and information related to steganography and steganalysis research by Neil F. Johnson from 1995 to the present.
* [http://www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf Detecting Steganographic Content on the Internet] , 2001. Paper by
Niels Provosand Peter Honeyman, Center for Information Technology Integration, University of Michigan
* [http://homes.cerias.purdue.edu/~mercan/ Rights Protection for Natural Language Text] , includes several articles on this topic
* [http://stegano.net/ Network Steganography Project] , includes articles on network steganography (Wireless LANs and VoIP) - provided by
Krzysztof Szczypiorskiand Wojciech Mazurczyk.
* [http://www.spy-hunter.com/stego.html Steganography, Steganalysis, and Cryptanalysis] BlackHat and DefCon presentations by Michael T. Raggo (aka SpyHunter)
* [http://www.datahide.com/BPCSe/ Invitation to BPCS-Steganography] introduces you to a very large capacity steganography.
* [http://www.datahide.com/BPCSe/Articles/Ref-6.SPIE98.pdf Principle and applications of BPCS-Steganography] —Original paper on BPCS-Steganography.
* [http://blog.maxant.co.uk/pebble/2007/07/19/1184876280000.html Steganography Rediscovered] —Blog from maxant.
* [http://www.firstmonday.org/issues/issue2_5/rowland/ Covert Channels in the TCP/IP Suite] —1996 paper by Craig Rowland detailing the hiding of data in TCP/IP packets.
* [http://www.sarc-wv.com/stegalyzeras.aspx StegAlyzerAS] An automated tool to detect the presence of steganography applications by matching artifacts of known files and registry keys on suspect computer media.
* [http://www.sarc-wv.com Steganography Analysis and Research Center (SARC)] A Backbone Security Center of Excellence providing tools for steganography detection and extraction as well as Certified Steganography Examiner Training.
* [http://www.jjtc.com/Steganalysis/ Steganalysis] papers on attacks against Steganography, Watermarking and Countermeasures to these attacks.
* [http://acmqueue.com/modules.php?name=Content&pa=showpage&pid=241 Cyber warfare: steganography vs. steganalysis] For every clever method and tool being developed to hide information in multimedia data, an equal number of clever methods and tools are being developed to detect and reveal its secrets.
* [http://www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf "Detecting Steganographic Content on the Internet"] , PDF file, 813 KB.
* Some sample pages of [http://petitcolas.net/fabien/steganography/steganographica/ Gaspar Schott's Schola steganographica]
* [http://isis.poly.edu/projects/steganography Research Group] An example of ongoing research on Steganography.
* [http://www.outguess.org/detection.php StegDetect] A tool to automatically find hidden messages in images embedded by seven steganography applications.
* [http://www.spy-hunter.com/stegspydownload.htm StegSpy] A tool that will detect hidden messages embedded by five steganography applications
* [http://www.guillermito2.net/stegano/ Analyzing steganography applications] : Practical examples on how some steganography software works, and how many of them are crackable.
* [http://stegsecret.sourceforge.net/indexEnglish.htm StegSecret] : StegSecret is a java-based multiplatform steganalysis tool. This tool allows the detection of hidden information by using the most known steganographic methods. It detects EOF, LSB, DCTs and other techniques. (steganography - stegoanalysis).
Online (Hiding text)
* [http://mozaiq.org/encrypt/ mozaiq] Has a large library of stock photos it provides if you can't supply a photo of your own. A good starting point for creating simple steganographic examples.
* [http://www.spammimic.com spammimic.com] will take a sentence that you provide and turn it into text that looks to all the world like spam.
* [http://utilitymill.com/utility/Steganography_Encode Hide text in a PNG or BMP image] and its corresponding [http://utilitymill.com/utility/Steganography_Decode decoder] .
Online (Hiding files)
* [http://www.phpclasses.org/browse/package/3312.html Stegger, PHP Steganography] —
PHPClasses Repository—An open source, feature rich, secure implementation of image steganography written in PHP.
* [http://stega.maxant.co.uk maxant Steganography] —A secure implementation of image steganography.
* [http://incoherency.co.uk/hideimage.php PHP Interface to hideimage] —A PHP interface to the downloadable hideimage.
* [http://metaatem.net/highlite/ Hiding images in background highlighting] using CSS3's
Downloadable (Hiding text)
* [http://www.integer.fr/cont/ibn/en/IBN.msi "Integer Binary Numbers"] Freeware Code and decode MsOffice, OpenOffice files in bmp file. You can secure your document with a password.
* [http://concealar.googlepages.com Concealar ...coz a picture speaks a thousand words!] The software "Concealar" hides text into images & pictures by a password using cryptographic and steganographic techniques. Encryption algorithm used for text is AES (Rijndael) and the password is hashed with SHA512. The software does not create any noise in the resultant image so pattern-finding & pixel-mapping techniques of steganalysis don't work on this software.
* [http://bapuli.reflectionsindia.org/article32006.htm Bapuli Online] —implementing steganography using Visual Basic.
* BitCrypt is one of the easiest to use encryption tools which at the same time provide ultra-strong encryption. It uses up to 8192 long bit key ciphers to encrypt the text, and then stores the encrypted text within bitmap images.
* [http://zgrossbart.blogspot.com/2006/12/steganography.html Hackito Ergo Sum Blog] Hide text in a PNG image and read it back. Includes open source code and a complete explanation of the process.
Downloadable (Hiding files)
* [http://www.gamall-ida.com/f/viewtopic.php?f=3&t=192 Hiding Glyph: Bytewise Image Steganography] : Hides any file (or folder) into any losslessly compressed image (BMP, PNG, etc…). (freeware)
* [http://www.integer.fr/cont/ibn/en/IBN.msi "Integer Binary Numbers"] Freeware Code and decode MsOffice, OpenOffice files in bmp file. You can secure your document with a password.
BestCryptCommercial Windows/Linux disk encryption software that supports hiding one encrypted volume inside another
* [http://www.symmetryperfect.com/shots/crypto Crypto-Stego Utility] for the
Zillions of Gamesprogram.
* [http://diit.sourceforge.net Digital Invisible Ink Toolkit] An open-source cross-platform image steganography suite that includes both steganography and steganalysis implementations.
FreeOTFEFree, open-source Windows/PocketPC/Linux disk encryption software that supports hiding one encrypted volume inside another, without leaving any evidence that the second encrypted volume exists. This probably resists any statistical analysis (as opposed to tools that conceal data within images or sound files, which is relatively easy to detect).
* [http://www.evilbitz.com/2006/10/22/an-mp3-steganographic-file-system-approach/ MP3 Steganographic File System] , a description of an approach to create a file system which is implemented over MP3 files.
* [http://openstego.sourceforge.net/ OpenStego] OpenStego is an opensource (GPL) program/library for embedding any type of file into images. Currently, it is written in Java, and supports 24 bpp images.
* [http://www.outguess.org/ OutGuess] A steganography application to find data in Jpeg images.
* [http://boonhead.nl/projects/PCopy/ PCopy] A steganography commandline tool with a userfriendly wizard which can produce lossless images like PNG and BMP. Special features are RLE, Huffman compression, strong XOR encryption and the Hive archiving format which enables the injection of entire directories.
* [http://www.freenet.org.nz/phonebook/ Phonebook FS] protects your disks with Deniable Encryption
* [http://francyzone.onlywebs.com/stego.php stego and winstego] Steganography by justified plain text.
* [http://linux.softpedia.com/get/Security/Stego-3034.shtml Stego-0.5] , a GNOME/GTK+ based GUI for LSB algorithm. License (GPL)
* [http://www.stegoarchive.com/ Stego Archive] Source for a large variety of steganography software.
* [http://steghide.sourceforge.net/index.php Steghide] Free .jpeg and .wav encryption for Linux and other operating systems.
* [http://stegui.sourceforge.net/index.html SteGUI] Free GUI for Steghide for Linux.
* [https://sourceforge.net/projects/thumbstego Thumbnail Steganography] is a new type of steganography designed to increase the complexity required when attempting to automate steganography detection. It requires the original image (jpg, gif, etc) as well as the thumbnail (png) to extract the file from the thumbnail. It is open source and written in java.
* [http://www.truecrypt.org/ TrueCrypt] Free, open-source Windows/Linux disk encryption software that supports hiding one encrypted volume inside another, without leaving any evidence that the second encrypted volume exists. This probably resists any statistical analysis (as opposed to tools that conceal data within images or sound files, which is relatively easy to detect).
* [http://www.wayner.org/books/ Peter Wayner's website] —sample implementations of steganographic techniques, by the author of "Disappearing Cryptography".
* [http://users.pandora.be/ahmadi/nettools.htm NetTools] Steganography by hiding data in pictures, archives, sounds, text files, html, and lists.
* [http://www.datahide.com/BPCSe/QtechHV-download-e.html Qtech Hide & View v.01] is the newest BPCS-Steganography program for Windows. This is an image steganography. (Free to use)
* [http://www.gaijin.at/dlsteg.php SteganoG] a simple program to hide a text file in a .bmp file.
* [http://incoherency.co.uk/software/hideimage.tar.gz Downloadable hideimage] —Image hider, also available in a [http://incoherency.co.uk/hideimage.php PHP Interface] . No licensing at all.
* [http://www.uni-koblenz.de/~strauss/vecna/ Vecna] Hide any file in any image (output is always PNG), written in Java, GPL
Wikimedia Foundation. 2010.