What is Steganography?

Steganography is the science of hiding things in plain view. The name comes from Greek ("steganos" = hidden). This Leonardo Da Vinci portrait, for instance, contains one of his masterworks, though it is very difficult to tell by the naked eye. The hidden picture occupies the four least significant digits (out of eight total) of each pixel. To reveal it, we must take out the four most significant digits, and then increase the contrast until the hidden picture appears. If you try to do this in photoshop, chances are you won't succeed. You need something that calculates directly with pixel values, like Matlab.

If you have Matlab, put the picture in your work folder and enter this:

Leo = imread('stego.png', 'png'); %assuming you have not renamed the picture

figure, imshow(uint8(bitand(255, bitshift(Leo, 4)))) %this strips the 4 most significant digits and displays what's underneath. Surprised?

 

In case you don't have access to Matlab, I have put here a couple little programs that will help you. Go ahead and use them for your own pictures. They will probably need the libraries installed by this program.

Now, there are two different strategies to do steganography with digital stuff:

1. Hide the secret information within the container file, replacing bits that are too little important to be noticed, as in the picture above. The secret information is usually encrypted with a password in a previous step, so the information added to the container file, if extracted without the password, would appear as meaningless noise.

2. Mask the secret information behind the container file, without really changing it at all. This is a lot easier to detect, but retrieving the secret information remains just as difficult if it is encrypted with a password. On the other hand, the carrying capacity of the resulting file is much greater, and the method is not restricted to specific kinds of containers.

Let's see the two strategies in more detail, from a freelance spy point of view:

True Steganography

A number of file types have a lot of redundancy, which can be used to hide information inside them. These are the files that can be compressed or converted to another, more compact format. For instance, BMP image files (windows bitmaps) can be converted to JPG or PNG and save a lot of space without hardly any loss of quality; that means they have a "fluffy" structure where one can put things. Same story with WAV sounds, which can be reduced by a factor of ten into MP3 or WMA format, and still sound the same. Even the compressed formats (and a proof is the PNG picture of Leonardo) have some space where stuff can be concealed. The idea, then, is to find files that will appear inconspicuous to anyone snooping, and to inject the secret info in such a way that no bumps are left after the injection. Is that possible?

Well, yes and no. One can't just put the new info in without scrambling it somehow, otherwise the matlab command above (or something very similar to it) would reveal it immediately. So it must be password-encrypted. But then, encrypted info looks random, whereas the noise of the typical picture or sound, which is what is being replaced with the encrypted secret, is anything but. You have a great explanation with sample pictures (which I'm not going to repeat here) in this webpage by Guillermito.

In the rest of Guillermito's pages on steganography, you'll see that a great number of stego software products (some of them quite expensive), produce output where one can easily detect if there is anything hidden by just looking at the pattern of the noise. He even made a program for BMP pictures, which is located here. If you run it on a BMP file and the graph that comes out shows a green cloud in the middle, chances are there is a secret embedded in the noise, like this:

I made a test and ran it on different types of stego software, and the clear winner was Puff, by Cossimo Olivoni, who seems to be totally paranoid about detectability (which is good). Not only does it a great job at hiding information, but also supports a big number of container formats, including JPG and MP3, which are the ones that have the greatest chance of being inconspicuous, just because they are used so much (who carries pictures as BMP, or sounds as WAV anymore?). The program has very conservative defaults, which can be eased in the "options" tab (selecting "minimum" settings, or close to that) to increase the carrying capacity of the containers. It also encrypts the hidden data, but the author won't say how, so this is a possible weakness. To be safe, encrypt your secrets before hiding them with Puff.

File Masking

Let's say you don't have to defend against someone armed with powerful snooping software, but it's enough to conceal the information so it would appear innocuous to anyone browsing casually through your files. Then the best strategy may be to put your (hopefully encrypted) secrets behind a facade, so that the snooper will see that and not your secrets. A number of the so-called stego programs thrashed by Guillermito in his website fall on this category, and they deserve to be thrashed for not telling you. The reason they don't, I suspect, is because you don't need them at all.

Let's say I have some great secret contained in a file smartly named "secret.txt". Here's what I would do:

1. First I'd take "secrets.txt" and compress it with Winrar, encrypted with a password (like "1234" or something a bit harder to guess ;-). The result may be a file aptly named "secrets.rar"

2. Now I find a suitable masking file. Let's say it's a picture of a spy, named "spy.jpg". I put it in the same folder as "secrets.rar", open a command prompt (in Windows: start->run->cmd) and navigate to that folder, then type:

copy /b spy.jpg+secrets.rar "not a spy.jpg"

What this command does is take the first file, stitch the second file right after (keeping everything binary), and save it as the third file. The result is a file named "not a spy.jpg" which will appear to any program (except Winrar and very few others) to be a picture of a spy. Naturally, if you edit the file, the secret information will be lost, but this is true of pretty much any steganographic scheme.

You don't believe me? Well, here they are, let's see if you can discover my secret:

Spy.............not a spy

Spy.............................................................Not a Spy...........................?

There is a limit of around 500 KB to the size of the masking file, before Winrar gets confused and can't see the encoded info. If you need to use something larger, or don't feel safe with the AES-128 encryption built into Winrar (quite good, but not quite awesome), then use 7-zip, which has AES-256 encryption (wow!), can handle larger masks, and is totally free (the downside: it's slower, clunkier, and fails to retrieve secrets stored in zip format, while Winrar can)

For grade, the first picture also has a secret; can you uncover it? (Hint: puff requires at least a 16-character password, so I had to drum my fingers a bit to make a suitable one).

back to home page