The Mail Bag: June 2006 Archives

Question from a Reader: "Can people hide messages in pictures? Is this for real?"

Yes this is for real! It is not limited to just pictures, although this is one the common uses, but messages can be embedded in any number of digital media types. It can even be embedded into sound files.

This practice is called steganography, or stego for short. Steganography is the science of writing hidden messages in such a way that no one, except the intended recipient knows of the message.

Usually a steganographic message will appear to be something else: a picture, an article, a shopping list, or some other message - this is referred to as the covertext or in the case of digital file- the carrier.

Steganography is different than cryptography. With cryptography, encryption is the process of obscuring information to make it unreadable without special knowledge. In this case the message is not concealed just scrambled or obscured.

The obvious advantage of steganography over cryptography is that messages do not attract any attention. A coded message that is unhidden, no matter how strong the encryption, will arouse suspicion and may in itself be problematic. For example, in some countries encryption is illegal.

A common form of steganography is the use of jpeg files (a computer image) to hide the message. Research is already underway to create systems that can detect secret files or messages hidingwithin digital images.

Electronic images, such as jpeg files, provide the perfect ?cover? because they?re very common ? a single computer can contain thousands of jpeg images and they can be posted on Web sites or e-mailed anywhere. Steganographic, or stego, techniques allow users to embed a secret file, or payload, by shifting the color values just slightly to account for the ?bits? of data being hidden. The payload files can be almost anything from illegal financial transactions and the proverbial off-shore account information to sleeper cell communications or child pornography.

?We?re taking very simple stego techniques and trying to find statistical measures that we can use to distinguish an innocent image from one that has hidden data,? said Clifford Bergman, ISU math professor and researcher on the project. ?One of the reasons we?re focusing on images is there?s lots of ?room? within a digital image to hide data. You can fiddle with them quite a bit and visually a person can?t see the difference.?

?At the simplest level, consider a black and white photo ? each pixel has a grayscale value between zero (black) and 255 (white),? said Jennifer Davidson, ISU math professor and the other investigator on the project. ?So the data file for that photo is one long string of those grayscale numbers that represent each pixel.?

You can read more on the Ames Laboratory research here.

Curious users can also try stego software, but use at your own risk. You should be sure it is legal to use in your country. In some countries this type of software is illegal and carries stiff penalities for use.

Dound's Steganography Freeware. This software allows users to encode and decode messages of their choice with a keyword. The message is coded into a picture, which can be sent via e-mail, uploaded, and so on, and then decoded by the recipient with the keyword that it was encoded with. It's easy to use and you can't tell the difference between the original and the encoded pictures. It comes with a test picture, too.

Steganography Trialware. This application enables you to use digital data hiding techniques to hide as well as encrypt files within other files such as picture or sound files. This allows you to encrypt sensitive information, while at the same time hiding it in a file that will not look suspicious, so nobody even knows that there is encrypted information.

Steganos Security Suite: Trialware. $69 to Buy. Offers a complete encryption software package, which provides protection for users of PCs and laptops. The software features 256-bit AES encryption of an unlimited amount of data; e-mail encryption; the ability to use USB sticks as rewriteable mobile safes; the potential to track down a lost or stolen laptop; track shredding, a password manager; password quality control; a file shredding; and steganographic capabilities.

About this Archive

This page is a archive of entries in the The Mail Bag category from June 2006.

The Mail Bag: April 2006 is the previous archive.

Find recent content on the main index or look in the archives to find all content.