InformationWeek

December 8, 1997

Getting Ahead Of The Privacy Curve With Steganography

ould the InformationWeek Web site be a covert channel for alien communications? Here at the Internet Zone, we'd like to think so. Always on the bleeding edge of communications technology, our Web site could be using the latest steganographic techniques to encode hidden messages inside every .GIF image and every HTML file on the site. Take, for example, the InformationWeek Online logo below. On the top in Fig. 1, you see the original logo -- just a sta ndard .GIF file. On the bottom in Fig. 2, though, is the enhanced version, which is still a standard .GIF file but contains documents hidden inside. The only way you might suspect that Fig. 2 is a carrier of hidden document is that it is substantially larger than Fig. 1, though not so large that you might casually notice.

Figure 1: The usual InformationWeek Online .GIF:

Figure 2: The InformationWeek Online .GIF with hidden documents:

Steganography, the art of concealing messages inside of messages, is ancient, though it seems ready to experience a mainstream renaissance with the rise of digital communications. For business users, steganography has two important applications:

Enhancing the privacy of personal communication;

Protecting copyrights on digital materials such as images, software, video, and audio.

Privacy is an important aspect of elect ronic communications, and steganography offers the business user yet another avenue of protection against interception. It is especially useful to communication over the Internet, where it can be difficult to ensure that messages aren't intercepted and interpreted before they are delivered. Vendors of digital materials, whether it be software or music, can use steganographic techniques to protect their investment and track stolen merchandise. Digital materials, unlike some of their analog counterparts, are particularly easy to copy and distribute. Steganography may offer vendors their only avenue of identification.

While steganography will likely be widely used in the future for both of these applications, don't expect to find shrink-wrapped solutions on the shelves today. We're a bit ahead of the mainstream curve with this discussion, so practical applications coupled with broad-based standards may be a year or more in the future. Here at the Internet Zone, that just makes it all the more mysterious.

Personal Communications
A lot has been said about the amount of protection afforded by the various encryption methods used by Microsoft, Netscape, and others, to protect communications over the Internet. Steganographic techniques offer another way to protect communications by simply hiding the fact that there is even an encrypted message present. This isn't a new idea, by any means. Perhaps the most famous 20th century use of steganography was the microdot, used by the Nazis in World War II. The microdot was a photograph reduced to the size of a typewritten period. It could then be used as a period at the end of a sentence in an otherwise innocuous, typewritten message. The person receiving the message would then enlarge the microdot back to full size to view the photograph.

Modern steganographic software works in a similar fashion by compressing, encrypting, and hiding a file within another file. Hidden messages can be placed inside of the white space of text messages, the dark areas of a photographic image, or within unused portions of a digital file format. The result is that you can place a .GIF image on a Web site, or attach a .WAV sound file to an E-mail message, that contains an encrypted message hidden inside. Even if the message is intercepted, people won't know it contains a hidden message, since the .GIF image displays normally and the .WAV sound plays back properly. To reveal the hidden message, the recipient need only open the file using steganographic software and the password you used to encrypt the message.

Playing With Steganography
A fair amount of software is starting to appear that lets you do the Internet equivalent of the microdot. Table 1 summarizes some of the more popular software available that will let you hide documents within documents.

Table 1: Selected steganography software

Item	Platform	Description
Hideseek	Windows 95 and NT	Hides text files inside of BMP files
Steganos	Windows 95 and NT	Hides any file inside of BMP, DIB, VOC, WAV, TXT, and HTML files
S-Tools	Windows 95 and NT	Hides any file inside of GIF, BMP, and WAV files
JSteg	DOS	Hides a Targa format file inside of a JPEG file (you also need to download this helper file as well)
EZStego	Java (CGI form interface)	Hides any file inside of GIF files
SNOW	Java applet (requires Java 1.1 capable browser)	Hides text inside of text files
Stego	Macintosh	Hides files inside of PICT files

For a quick steganographic exercise, you can get at the files I hid inside of Fig. 2 by following the steps below:

Save the .GIF file in Fig. 2 to your disk (this is usually done by right-clicking and selecting "Save Image As")
Obtain and run the program S-Tools (listed in Table 1)
Drag and drop the .GIF file into S-Tools
Right-click on the .GIF file and select "Reveal"
Enter "iweek" as the Passphrase and also for Verify Passphrase
Wait 15 seconds :-)
Right-click on one of the documents to extract it and save to disk

S-tools lets you compress, as well as choose the encryption method for, your hidden files. Other steganographic software tools may limit you to one form of encryption and may, or may not, offer compression.

Protecting Copyrights
Anytime you want to widely distribute digital materials, but not obscure (e.g. encrypt) the content, steganographic techniques are potential candidates for protecting copyrights. Examples of such digital materials are digital images, software, audio CDs, and laser discs. It's easy to see that if someone stole the InformationWeek Online .GIF in Fig. 2 and tried to use it elsewhere, we could determine that it was stolen by revealing the hidden documents within. In practice, steganographic techniques for such a covert watermark would be much subtler. An encrypted mark could be inserted in unused space within the image, or even mathematically synthesized into bit patterns of the image itself. In both cases, the size and quality of the image would remain c onstant.

Similar techniques can be used for digital audio. With high-quality, 16-bit audio, the bits that encode sound outside the range of human hearing can be encoded with your covert data. A steganographic standard has been used for years to keep pirates from making perfect digital copies of audio CDs onto Digital Audio Tape (DAT). It's called SCMS (Serial Copy Management System) .

Unfortunately, the digital domain makes it possible to easily thwart many steganographic approaches. For example, simply taking the image in Fig. 2 and saving it in a different format, say, BMP format, would destroy the documents hidden within. Though there are many sophisticated techniques for hiding data, steganography for copyright purposes is an area where much research is happening, though there have been few broadly adopted standards. With more and more services moving to pure digital formats, though, we can expect to see more results soon. To keep abreast of steganography trends, check out sites such as the Steganography Info and Archive , which hosts a mailing list.

AuthorITies Archive

Send Us Your Feedback


Rich Levin: Run Time Rich fills you in on all of the latest products, issues, and trends in application development.		Stuart J. Johnston: Redmond Watch As our eyes and ears in Redmond, Stuart gives his perspective on the latest events at Microsoft.		Charles Pelton: Eye On I.T. Charles explores IT management issues and strategies that business and technology managers face.