Steganography

The word steganography, derived from Greek, means ‘covered writing’. It’s the art (or science, if you like) of ‘hiding’ messages within other messages. Confused? Well, take a look at the leader of the article, Why didn’t it shoot her Mr. Neal? Even more confused? we’ll make it easier for you. Just take the second letter of each word in the sentence and you’ll appreciate the warmth of the ‘HI THERE’. Clever, wasn’t it?

That’s steganography in a nutshell. The message was right there in front of you but, camouflaged. That’s the advantage of this technique—your text might be read by millions, but it may actually act as a distraction, just to take attention away from the ‘real’ message, which would be comprehended only by those who know what (and where) to look for.

Another technique often used for sending ‘secret’ information is cryptography. Call it a cousin of steganography, as it too

involves disguising the real message as another message. But the basic difference is that the disguised message is ‘cryptic’, ie, to the casual observer it makes little or no sense. For example, if I were to give you the same message as ‘HI THERE’ using a cryptography technique, then it would have involved replacing each letter by one, which comes three places after it and it would have read like-KL WKHUH. But such a message would definitely catch readers attention. Compare this with the message at the top of this article. Which one is more likely to be suspected of carrying some ‘secret’ information? Obviously, the latter. 

At Spammimic, first enter the message you want to hide

Steganography isn’t a new phenomenon, or a by-product of the Internet age. In fact, it’s been there for centuries now! (See box.) However, the major attention that it has received in recent times has been thanks, in no small way, to the alleged use of this technique by the September 11 attackers. According to the CIA, these hijackers used to communicate with their aides using messages hidden inside images, which appeared normal or innocuous to anyone else viewing them. This can be accomplished using special software that can be used to insert information inside images without altering their original character and then using similar software at the other end to extract the hidden message. 

Let’s take a brief look at how this can be accomplished.

A digital image is stored as a matrix of dots (pixels). Each pixel is represented by three components—RGB (Red, Green and Blue). The resultant color of each pixel is the net effect of these three components. The amount of Red, Green or Blue in each pixel is represented by an integer value, the range of which depends on the number of bits available to store each component. For example, in a 24-bit image file, 8 bits would be available for each of the components and hence they can take values for 0 to 255 (28 —1). Zero indicates absence of that color while 255 represents the maximum level possible.

Each of these 8 bits has a contribution towards the resulting value of that color component. The right-most bit (called least significant) has a maximum possible contribution of 1 (20), the 2nd from right of 2 (21) and so on up to the left most (called most significant), which can contribute a maximum of 128 (27). To sum it up, right half (4 bits) has a maximum contribution of 15, while the left half provides 240. Due to the nature of the RGB spectrum, variation of up to 16 in the value of individual color components has little visible impact on the overall image. Therein, lies the opportunity for steganography to step in.

The message is disguised as spam and can now be sent

Due to the reasons discussed above, the right most 4 bits of each color component can be dropped and replaced by another set of bits representing either text or even the four most significant bits of another image, without introducing any major visible differences in the original image. Each ASCII character takes 1 byte (8 bits) and hence each pixel can store 1.5 hidden characters (4 bits X 3 color components). Thus, a 1024X768 pixels image can store over a million hidden characters! 

Hiding an image, however, requires a little more effort. Storing the four most significant bits of the secret image directly would introduce ‘patterns’ in the cover image because, unlike text, adjacent pixel values are not random, but similar. Hence, it makes sense to encode those bits using a random number generator (or a similar mechanism) to introduce a sense of random-ness and make the irregularities tougher to detect. With this, even if the transmission is caught and a secret message suspected, there is no way to find it out, unless the random number generator mechanism is cracked. Even then, the involved parties can get away indicating that the so-called ‘hidden message’ is nothing but random noise, something which is called ‘plausible deniability’.

Receiver goes back to the site and uses the decode option to see the original message

Steganography certainly is not only about espionage and terrorist communications. Watermarks and holograms for protection of material are probably the most widespread examples of this practice. Scientists have even used DNA sequences to hide and transmit messages! 

Various online tools and software are available to get you started on steganography. www.spammimic.com disguises your message as, spam. You can enter any text and this tool will encode it as spam and send it to an e-mail address of your choice. The user, who should be expecting a message hidden as spam, can go to the website and decode it

back. You can find a lot of steganography goodies on the March  2004 CD.

Kunal Dua