I hear and I forget. I see and I remember. I do and I understand. — Chinese Proverb


Hiding Secrets

1  Background

A German poet called Johann Wolfgang Von Goethe once said, “Whoever wishes to keep a secret must hide the fact that he possesses one”. This somehow captures the essence of this article in its fullest. Please carry on reading and you will see what I mean.

It is undeniable that the ability to maintain secrecy has been a consequence of human intelligence throughout the ages. And it will continue to be used for applications and reasons that are manifold.

This science of hiding secrets is called Steganography (stego) and today we are dealing with electronic steganography where we use images, audio and video files [10]. A variety of methods have been used in the past; such as using invisible ink or masking the secret text inside some inconspicuous text [8]. The ancient Greeks used to send secret messages by tattooing the secret message on the shaved head of the messenger. And once the hair grew back, then would send the messenger to the destination and he would have to get a shave again to reveal the secret message. Besides covert communication, stego is also used to protect intellectual property by watermarking the media using digital fingerprints [11].

Steganography has also been showcased in the movies. One example is Tony Scott’s Enemy of the State, which mainly revolves around video surveillance and spying by the US government.

In most instances, one would resort to Cryptography to ensure secrecy of confidential information, whether for communication or storage. And there are a number of useful and very reliable tools/techniques available even to the general public. However ulterior motives have encouraged people to seek alternative approaches and stego has been gaining attention recently.

According to [6], the U.S. government has raised concerns under the suspicion that terrorist organisation using websites and newsgroups to send stego-secret messages. There has also been a reported case of corporate espionage where an employee leaked confidential documents to rival company by hiding it in music and picture files [7]. And more recently, the FBI arrested 10 Russian spies [1] in the US, who used a commercially available stego tool to hide secret messages in images available on websites [3]. This is enough evidence that steganography is being for practical purposes, and is far more superior than cryptography in concealing the secret. Because cryptography/encryption simply makes the secret unreadable, but stego hides the secret and has to be first detected in the first place to retrieve the message [10], thus enforcing what Goethe said. So far, this has been all talk, so lets demystify stego and have a look at what goes on under the hood.

2  Technical Perspective of Image-Stego

There are several techniques used in image-stego; such as using the Least Significant Bits (LSB) of the image, manipulation of image and compressions algorithms, and modifications of image properties such as its luminance [4].

Since LSB is one of most commonly used technique, this will be looked at in more in-depth. Since computers only understand binary data (i.e. 1s and 0s), bitwise operators are used to manipulate the LSB [6]. e.g. in the binary value 10010101, the LSB would be the right most bit. Hence this would be changed resulting in 10010100. This simply results as ordinary noise in the images, which is visually impossible to detect by the naked eye.

The following image by [2] illustrates LSB very nicely. All images have been taken from the his website. Starting from the left, the first image on (a) is the original image, the second image show the LSB enhanced, the third image (c) shows the original image after applying steganography to hide 5KB of random data, and lastly the fourth image (d) shows the LSB of steg-image. The enhanced LSB simply shows the last bit out of the eight bits (each colour pixel has eight bits per colour channel RGB) used to represent the image data, and the first seven bits are eliminated.

Figure 1: (a) Original Image (b) LSB enhanced (c)Original Image with hidden message (d) LSB with hidden message

Figure 1: (a) Original Image (b) LSB enhanced (c)Original Image with hidden message (d) LSB with hidden message

As it can be seen, there isn’t any visual differences between (a) and (c). However, once we compare (b) and (d), i.e. the LSB, it is easy to detect that something foreign has been embedded in the original image. This example shows a very simple stego-technique to hide the secret. However, there are more sophisticated stego-tools that can be very difficult or impossible to detect.

3  Stego-tools

There are several setgo-tools available. Some commercial and several for free. The following table lists some tools available.

Tool Image Format Platform Source
Steghide JPEG, BMP Windows, Linux http://steghide.sourceforge.net
Outguess JPEG, PNM Windows, Linux http://www.outguess.org
Digital Invisible Ink PNG, BMP Windows, Linux, Mac http://diit.sourceforge.net

While this is not an exhaustive list, there are several more on the Internet which can be easily revealed by a simple Google search.

4  Detection and Challenges

Security is now paramount in any facet of life and we are living in an age where people are more sensitive and effected by security. Thus there are several security implications due to the growing trend of using stego for covert communication.

Detecting stego, also called Steganalysis, is quite a challenge and while there has been more interest among the research community recently, not much advancements have been made. It has been even a greater challenge for forensic investigators while analysing electronic evidence. This because most of the existing techniques or forensic tools predominantly rely on known stego-signatures (fingerprint left by the stego-tool) or knowledge of the stego-system (i.e. knowing which tools were used or possessing the original cover images, etc.) [9,5]. Thus if the user used a new stego-too/technique which the existing tools does not recognize, then it would not be able to make a successful detection. Much like an anti-virus program not being able to detect a virus without the specific virus definition.

5  Conclusion

Steganography is definitely a very practical and reliable way of ensuring privacy and security of confidential information. And to raise the bar even further, one could encrypt the information before being hidden away in the media of choice.

Several reported cases and also supposed cases are proof that it is already being used and driven by various motives.


CBSNews.Fbi: 10 russian spies arrested in u.s., 2010.

Guillermito.Steganography: A few tools to discover hidden data, 2004.

Kelly Jackson Higgins.Busted alleged russian spies used steganography to concealcommunications, 2010.

N.F. Johnson and S. Jajodia.Steganalysis: The investigation of hidden information.pages 113-116. IEEE, 1998.

G.C. Kessler.An overview of steganography for the computer forensics examiner.Forensic science communications, 6(3):1-27, 2004.

R. Krenn.Steganography and steganalysis.Retrieved September, 8:2007, 2004.

S.P. Phadnis.Data leak: Cyber sherlocks outwit hackers, 2007.

J. Pieprzyk, T. Hardjono, and J. Seberry.Fundamentals of computer security.Springer Verlag, 2003.

N. Provos and P. Honeyman.Detecting steganographic content on the internet.Ann Arbor, 1001:48103-4943, 2001.

B. Schneier.Secrets and lies: digital security in a networked world.Wiley, 2000.

J. Silman.Steganography and steganalysis: an overview, 2001.

File translated from LATEX by TTH, version 4.03.