Crash course: Digital steganography

You have secrets to keep? Use steganography to hide data in image or audio files.

By , ITworld |  Security, crash course, steganography

digital steganography

Image credit: Sandro Villinger

Hiding secret messages inside what seem to be harmless messages is nothing new. The word steganography itself originated in Greece and means “covered writing”. During important historic events of our past, steganography was often used to trade personal secrets, plan covert operations and send political espionage information.

Image credit: mrpeanut

For example, during World War II, the French Résistance used invisible ink on couriers’ backs to send messages between Résistance cells. In Greece, people wrote secret messages on plain wood tablets and covered it with wax. Since wax tablets were popular reusable writing surfaces, the Greeks would simply carve an inconspicuous message into the wax and pass the tablet along. The moment the tablet reached its destination, the wax was melted to reveal the hidden message. Fortunately for all of us, steganography has gotten a lot easier to achieve and a lot harder to reveal: Enter digital steganography.


How digital steganography works

Today’s digital steganography works by adding secret bits (or replacing bits) in files, such as photos or audio files, with secret data. The fact that it’s not widely used and is very hard to “crack” makes it even more appealing, and therefore a pretty good method of transmitting extremely sensitive personal or business information through e-mail, over the Web, or through social channels such as Twitter or Facebook. There are basically two popular approaches:

1. Adding bits to a file: Hidden message could appear in the “file header”, which usually contains information such as the file type or, in the case of JPG images, the resolution and color depth of the photo. Alternatively, since every file has a pre-defined “End of file here” mark, secret messages could simply be attached after the “official” end of the file.

The obvious upside is that the modified file wouldn’t be distinguishable from the original. However, the file in question could grow in size: For example, hiding a 1 Mbyte document inside a 5 Mbyte audio file increases its total size significantly. Outsiders with access to the original file could easily see that there’s hidden data inside – and that counters the concept of undetectability.

Using the “Least Significant Bit” (LSB): Instead of adding bits and increasing the chance of being caught, how about replacing bits of the original file? In order to not damage or alter the file itself, simply use data parts that are not important to the overall file. Here’s how it works: Every byte is made up of 8 bits. However, not all of these 8 bits are necessary to (for example) define if a pixel of an image is red or white. This is the perfect spot to hide secret data since a) it doesn’t add any size to the file and b) it doesn’t alter the file itself.

For example, a pixel of an RGB image is defined by three bytes for each color -- by replacing the LSB of each byte, you could hide 3 bits of information in one pixel!

There are even more possibilities with audio streams, since you’re able to replace the typical noise and hissing in songs (especially in older ones) with noise that sounds just a bit different, but is in fact made up of secret data.

As you can see, the possibilities are almost endless – and finding this information through stegoanalysis is extremely tough.


How to hide data inside an image

There are several tools that will hide files inside files. One I’m fond of is Invisible Secrets 2.1 (a freeware product formerly known as 1-2-Free Steganography), which is able to embed any kind of information inside either JPEG or BMP files. Its successor, version 4.1, has gone commercial and adds support for PNG, HTML and WAVE files. However, since we’re talking about images first, the free version will do just fine.

Having downloaded and launched Invisible Secrets 2.1, you’ll want to select a photo that you’re going to use to store the secret information in.

In this example, I’m selecting a picture of Hawaii’s Kualoa ranch as the “carrier” for my secret information

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question