Hiding in plain sight

The little-known technique of steganography provides a stealthy way to conceal data in other text.

By Kevin D. Weeks

As I recall, it was my grandmother who first introduced my sister and me to using lemon juice as invisible ink. You might remember the technique from your childhood: You dip a paper matchstick in lemon juice and write with it. You can't see anything until you hold your writing paper over a candle, which magically turns the lemon juice brown, revealing the hidden writing. We had great fun with it until our mother caught us playing with matches, candles, and paper. So much for my first foray into steganography.

At the time, though, I didn't know I was engaged in steganography -- from the Greek, meaning "covered writing." In fact, I didn't know hiding messages had a name at all until I ran across an article by Richard Stallman that mentioned steganography. I'm not used to encountering unfamiliar terms, so I looked it up. Never ask a word lover to do research on the Web. Finding a new word means research will stop until the word's meaning is tracked down.

I discovered that steganography applies to hiding documents -- an e-mail message, for instance -- inside a graphic or audio file. Take the two images below as an example. They look alike, but the one on the bottom has been modified to contain an entire draft copy of this article.

Hiding in plain view

Digital steganography is based on the fact that artifacts like bitmaps and audio files contain redundant information. That's why lossy compression techniques such as JPEG and MP3 work. Such techniques eliminate part of the redundancy, allowing the image or wave file to be compressed. The idea behind steganography is that instead of eliminating the redundant information, you replace it with other data.

For example, suppose the first eight bytes of an image were:

10001001 11101001 11101001 10011011

10011011 10001001 00011111 00011101

A simple steganographic program could hide the letter S (01010011) by changing the least significant bit in each of the first eight bytes to reflect the binary letter. The result:

10001000 11101001 11101000 10011011

10011010 10001000 00011111 00011101

The graphic above demonstrates that when this technique is properly applied, its effects on the resulting image are almost impossible to detect. You could receive a message I'd embedded in a graphic, but no one else could make out more than an image.

Cryptic complement

Steganography isn't meant to replace cryptography, but to complement it; its purpose is to avoid raising suspicions. Returning to my invisible ink example, suppose I was having an affair with my maid (let's name her Angelique). I want to tell Angelique how beautiful she is, but don't want my wife to find out. I could write Angelique a love letter using invisible ink. Switching to visible ink, I could then write another note (perhaps asking her to pick up my laundry) over the secret message. Should my wife find it, she would see only a banal exchange about housekeeping matters. Angelique, expecting more, would hold my note over a candle to expose the hidden message.

If I were concerned that my wife might already be suspicious, I would take further security steps, such as using a less easily-discovered ink. Like a suspicious wife looking for secret messages, analysis techniques can penetrate a simple bit-swapping scheme. A plain text message such as the one earlier described has detectable patterns.

I used a freeware tool named S-Tools to hide this article in the second bitmap. (You can find a number of steganographic programs, including S-Tools, at www.blackhat.org/stego.htm.) By default, S-Tools first compresses the data you want to hide. Compression does little on its own to further hide the data -- it simply makes it easier to store larger documents. However, S-Tools then encrypts the data using a pass phrase that you stipulate.

Now detecting the hidden message is like looking for a needle in a haystack. A sufficiently sophisticated analysis might still detect the concealed text, though, so some steganographic tools go a step further. Such tools can analyze multiple files, looking for the one that will change the least when a given message is hidden in it. Think of it as hiding a needle in a gray haystack. Even if the message were found, it would still have to be decrypted.

More sophisticated steganographic techniques exist and are used in a number of commercial tools. Some of these tools rely on JPEG or MP3 -- lossy compression algorithms -- to make the hiding technique even more effective.

For more information on steganography, check out Steganography Info and Archive and a white paper titled Steganography by Neil F. Johnson. There's a commercial product named the Steganos II Security Suite that will encrypt and hide data on your computer. If you're interested in source code for steganography programs, contact Andy Brown, the author of S-Tools, and he'll sell you the source for his tool. Or you can download a Java program including source from Romana Machado, a most unusual software engineer.

Hmm, I wonder what transhumanism is all about...