Skip Navigation

Steganography

Steganography, which is often shorted to stego in security and forensics circles, is the act of concealing a message within some otherwise unremarkable object or file, effectively hiding the concealed message in plain sight. The idea is to hide the very existence of a secret message while also protecting its contents.

Note that the word “steganography” is a term with highly specialized use and is not present in most spell-checker dictionaries. Autocorrection tools will sometimes substitute “stenography,” which refers to the process of writing quickly in shorthand. These are two different words with distinctly different meanings: steganography is a means of hiding data or communication, while stenography is a method for improving accurate transcription of communication.

Page Contents

Video Lecture


Watch at Internet Archive

Physical Steganography

Physical steganography is the act of hiding a message within some otherwise uninteresting and ordinary physical thing. For example, a hidden message could be inscribed in tiny letters within a piece of art. Another example that you might have encountered in childhood is the invisible ink pen. This type of pen writes in an ink that becomes transparent when it dries but can be re-activated by some process. With such a pen, a secret message can be written on top of another, otherwise uninteresting, document.

Unless someone observing the passage of the uninteresting document takes extra steps to look for the invisible ink, it is possible to use this method to communicate without interception by a third party. This technique works because the message is hidden in plain sight, but a person interested in the secret communication would be likely to dismiss the uninteresting document as routine or unimportant.

Digital Steganography

Digital steganography works in a similar way to invisible ink. The secret data, or payload, is hidden inside an outer file called the carrier (also known as the cover or vessel). This outer file is usually uninteresting, so that it doesn’t attract interest from a third party trying to find the secret communication. Subtle changes to the carrier file are made in order to embed the payload. The payload is also usually encrypted to reduce the effectiveness of statistical methods for detecting the presence of steganography, since encrypted data appears random when encryption is performed correctly.

Excellent carriers for steganographic messages include digital videos, photographs, and (less commonly) audio files. Since nearly everyone has a digital camera these days, and most of the cameras are also capable of making videos, there are an effectively infinite number of available carriers. Steganography systems can make changes to these carriers that are not perceptible to the human eye.

Figure 1 shows two photographs side by the side. Are these photographs the same?

Two different photographs that look identical

Figure 1: Two apparently identical photographs. Are these photographs the same? Note that some apparent differences between the two photos might occur due to variations in your screen and may change if you move your head or the screen. These variations are normal characteristics of LCD screens.

The photographs in Figure 1 are visually the same. I took the original photo while waiting for a connecting flight out of Hartsfield–Jackson Atlanta International Airport on a rainy day, using a less than great camera on a cheap phone. For the purposes of this example, I shrunk the image to make the file size and image dimensions smaller. However, I then proceeded to use the Steghide1 tool to embed the message “Hello, World!” into the right copy of the photograph. The changes in the photograph are too small to see, but the message would be recoverable with the correct tools – or at least, it would be if I could remember the password I used when encoding the example.2 Although I used Steghide, there are several other open-source programs that can perform steganography, such as OpenStego3, along with an assortment or commercial and freeware applications.

Digital steganography is also possible when converting a digital file to a fixed, physical format. For example, many laser printers embed tiny dots into each printed page, encoding the make and serial number of the printer, sometimes with a time stamp. The payload uniquely identifies the printer, while the carrier consists of whatever image or document is printed to the paper. Officially, this steganographic technique is used to detect counterfeiters using commodity printers. However, there is concern that the government could identify the source of any printed document by decoding the hidden dots.4

Steganalysis

Steganalysis is another word missing from the spellchecker lists. This term refers to finding and decoding steganographically hidden messages by analyzing potential carriers to look for the presence of a hidden payload. If two copies of the carrier are present, but they have different physical fingerprints (hashes), then it will be possible to determine that one of the files has been modified in some way. Additional attacks on the files can be made in an attempt to recover the payload.

However, if only one copy of the carrier file is present, detection of steganography becomes much harder. It is possible to use statistical methods to detect anomalies in photographs or videos, potentially indicating the presence of a steganographically encoded payload. Open source tools, such as StegSecret,5 are available to automate this analysis. Commercial tools, such as WetStone’s StegoHunt MP,6 can perform similar statistical analysis and automate brute-force decryption attempts on the payload using dictionary attacks.7

Notes and References

  1. Steghide

  2. The message would be recoverable from the original right image in JPEG format if I could remember the password I used when I created the example. An astute reader might notice that there is actually only one image in the figure. In order to make the image load correctly and quickly within this page, I copied both the original and steganographically modified images into a single image, which I converted to PNG format. This modification likely destroyed the steganographically hidden contents in the second image, since PNG implements a different lossy compression method than JPEG. 

  3. OpenStego

  4. Electronic Frontier Foundation. “Secret Code in Color Printers Lets Government Track You.” 

  5. StegSecret

  6. WetStone Technologies. “StegoHunt MP.” 

  7. Note that I do not usually recommend commercial tools, as I prefer open source software and try to keep my content as vendor-neutral as possible. However, several alumni and alumnae of the Coastal Carolina University Department of Computing Sciences work, or have worked, at WetStone Technologies. A few of them have worked on various revisions of StegoHunt. 

Hiding Evidence

Hiding Evidence
Tor
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.