, , , , , , , , , , , ,

Although stenography isn’t that commonly used, it’s can be a surprisingly effective way of hiding information. Unlike encryption, it enables people to communicate something without a third-party being aware of it, providing it’s done the right way. It’s for these reasons some experts recommend it as a covert channel for communication in repressive regimes. The disadvantage is many things could go wrong.

A lot of people have read about old paintings that contain hidden messages and symbolism the artist considered subversive, and wanted to communicate without the knowledge of the authorities of that day. Whether there’s any truth to that is still a matter of debate today, but it would have been an early example of stenography. It’s also a very good analogy to use when explaining modern steganographic methods, as the same logic can be applied to digital information.

Steganography is rather like the Italian Job – the best place to hide a Mini is in a car park full of Minis. The best way to hide a message in a painting is to make the message blend in with the artwork, and better still, place that painting in a gallery full of them. That way, nothing looks out of place, and nobody will suspect anything without some very close study, unless they already know what to look for.

Following on from that, a good place to hide a few kilobytes bytes of information is among millions more bytes, ideally within the bytes that make up a large file, such as a .wav or a high resolution image. Taking that a stage further, we could combine that with encryption – by encrypting a text message before hiding it in an image file, so the actual message can remain secret even if it’s discovered.

The example below shows a normal image (left) and an image file with a hidden text message embedded (right). Both appear identical. I’ve tried this with a range of images, and sometimes it produced slightly noticable changes, such as extra pixels, but nothing that would draw attention from a casual observer. For best results, the amount of data being hidden should be a fraction the size of the image file.

The image containing the hidden message can be downloaded here, and the text extracted with the freely-available S-Tools program.

Exchanging Information Through Covert Channels
The method of communicating steganographic content is also very important, as it must be done in a way that doesn’t draw attention. For example, if an erroneous image was sent during the course of an email exchange, any third party will suspect it contains something of interest. An increase in the number of images, or even the amount of data being exchanged across a network could also reveal something to a third party. It must be innocuous and blend in almost perfectly with routine exchanges. If this can be achieved, steganography can provide an effective covert channel to bypass monitoring and filtering.

A covert channel’s no good if the receiver is unaware of its existence, so the sender and reciever have to somehow overcome the old key distribution problem. The sender must find a way of telling the other beforehand the methods for communication and information recovery without a third-party knowing.

Null Ciphers
Null ciphers provide a way of concealing a message within a larger body of plain text without the need for a complicated cryptosystem, and they can also be effective depending on the size of the message compared to the amount of plaint text, and also how it’s implemented. Again, this can have advantages over cryptography.
Spam is an excellent carrier for null cipher messages, as in most cases it’s discarded without being read anyway, especially if it’s in a folder with many other such emails. It’s possible to place an entire sentence within a spam email, and it still wouldn’t be read by a third party.
Usually, the secret text is encoded as every nth character of a plain text, but there’s a high risk of discovery. To reduce the chances of that happening, another method should be used to determine the placement of the secret characters, ideally a method that gives the appearance of randomness, such as the Fibonacci and prime number sequences.

Drive Fragmentation
Another thing with the potential to work better than encryption is using disk fragmentation to hide data, which works particularly well when hiding small amounts of information on large capacity drives.
Normally data, when it’s written to a disk, is placed at the best or most efficient locations between existing data. With the steganographic program, the bits forming a secret message are encoded as cluster locations. For example, two clusters together are interpreted as ‘1’, and two clusters further apart are interpreted as ‘0’. As there would also be a lot of natural frgmentation on the same storage volume, it would be extremely difficult for anyone else to detect the pattern.

This type of steganography is a very recent development, having been announced in the New Scientist a couple of months ago, and the researchers intend to make the software for this freely available.
Despite all the worries regarding criminals and terrorists using this as another covert channel, that’s very unlikely. This method of communication is no more efficient than two people exchanging letters through the postal service.