ISACA® InfoBytes


Hiding Messages in Images and Text:
Risk Associated with the Technology of Steganography

By Venugopal Iyengar, CISA, CISSP, DIRM, DTT, DCS, DCM

This article is a result of performing a systematic study and research into the working mechanism of technology used in steganography, an area of interest under computer forensics study. The article is an attempt to express how this technology works, how it can be misused and how the hidden risks associated with this technology can impact IS auditors and security professionals. In the future, automated IS security audit tools likely will be created that will help a CISA, CISM or CISSP detect these risks. The content in this document will be useful to all CISAs, CISMs and CISSPs and others in the field who would like to investigate computer crimes using modern technology.

Incidents in the US on 11 September 2001, as well as other recent terror attacks, have shaken many nations. Steganography has become an important issue because it is one technology through which a terrorist outfit can be in touch with its members around the globe.

Steganography is a graphical way of hiding information or a message within objects. While others are unaware of the content, the message is available to all concerned. As indicated numerous times in the media, many information transfers have been taking place over the Internet. These transfers allow the sender to distribute a message from anywhere in the world to anywhere else. Thus, when the message is sent, only the recipient knows that he/she has a message while others ignore it. This technology can be applied at various places causing major concern to IS auditors and security professionals.

Securing Information

Before understanding the science and art of steganography, it is appropriate to revisit various modus operandi used for any secure communication and information hiding. Security often refers to the assurance of confidentiality, integrity and availability. In this article, there is a greater focus on confidentiality, with less focus on integrity and no focus on availability-assuming availability is a risk and that it can be detected if suspected.

There are four ways of hiding information within a written communication:

  1. Secret writing—The text is written and broken into smaller pieces and sent to the destination via newspaper or human body, for example. The text is reassembled at the receiving end, comparable to solving a jigsaw puzzle.
  2. Cryptography—The message is broken into smaller units using a known or pre-determined algorithm or key. It may be a substitution, additive, transposition, transcription, etc. The science of cryptography is used for message encryption technology, digital signatures and private and public key cryptosystems used in digital certificates.
  3. Steganography—Techniques that conceal the existence of a hidden communication. The secret message to be transmitted is camouflaged in a carrier so that its detection becomes difficult. Information related to the sender and the receiver of the message also can be hidden this way.
  4. Digital watermarking—A message is embedded in digital media to prove ownership and either is perceptible or imperceptible. Today, people undertake great effort to dedicate time and intellectual capabilities toward creating artwork, pictures, images, videos, diagrams, designs, etc. They may have used a good portion of their time looking into references and research, and perhaps even more time bringing their work into some purposeful, meaningful shape. These fall under the individual’s intellectual property rights (IPRs). The increasing amount of original work presented on the Internet can be digitally copied by anybody who can then claim ownership.

Using Steganography

The techniques of using secret writing and cryptography can be detected easily as these techniques can be seen but not interpreted. Although confidentiality of the content of the message is achieved, confidentiality of the communication is not achieved and hence the message can be tracked and the sender identified. The science of steganography takes care of confidentiality in the content of the message as well as communication of the message. When one is suspicious, he/she can attempt to decode, destroy or change content. Thus, steganography is when the sender embeds a secret message into a public message, which is subsequently sent to the receiver, who knows how to interpret it. The probability of somebody else knowing that the embedding has taken place and being able to interpret the secret message is low.

The Process


There are four components needed to understand this process. There is a carrier, technically called “cover,” denoted by the letter c. The secret message that needs to be hidden is denoted by the letter m. The next is the output called stego-media, denoted by the letter s, into which the message m needs to be carried. Lastly, the stego-key is denoted by k. The output s is obtained by using c + m + k into the steganography algorithm or technique.

The most probable reason for sending a message by this method is that any third party who receives this message will not be in a position to know about the presence of a secret message. The stego-media should not invoke any suspicion, otherwise the purpose of information hiding is lost. The message can be hidden into text, disk space, network packets, images, audio and video. The message also can be text, image or audio. Thus, one can have text into text, text into image, voice into image, etc. Again, the technique of embedding a secret message can be substitution, transform domain, spread-spectrum, statistical and distortion-based.

Finding hidden messages can be difficult. Images can be manipulated by blurring, sharpening, rotating, resizing and stretching. Embedding messages in high-frequency band covers is less suspicious because they can be decoded easily if detected. Embedding messages in low-frequency bands is more suspicious because they cannot be decoded easily if detected. This may be due to significant degradation in the stego-media, although they are within the perceptible range of human beings.

The steganography technique of data hiding can be done using one of the following two broad technologies:

  1. Substitution technique
  2. Transform domain technique

The substitution technique uses LSB (least significant bits) or MSB (most significant bits). Inserting too much data into this cover or embedding them at improper locations may invoke suspicion.

In the transform domain technique, data embedding uses three types of hiding capabilities or features. They are:

  1. Discrete fourier transforms (DFT)
  2. Discrete cosine transforms (DCT)
  3. Discrete wavelet transforms (DWT)

DFT uses middle frequencies. One may use row encoding or ring encoding of messages and place them into carrier images. Row encoding can best be placed in an open scene, such as a skyline. Ring encoding can spread into a picture in the form of a ring spread across the four quadrants of the picture. Besides circles, one could trace out any other geometric form of data marks for hidden messages.

DCT seems to be a popular way for hiding data in images and video. Data are embedded into JPEG/MPEG compressions. The file size in DFT could raise suspicion of the presence of hidden information. With DCT, this suspicion is less. Selection of blocks for hiding messages can be done using random sequences.

DWT seems to be gaining ground into signal processing and multimedia applications.


Images, pictures, audio, video and text all have become targets of suspicion for Trojans. In a picture, the LSB can be used for carrying hidden messages. Only too much data in the LSB area will raise suspicion for inspection or investigation. When the message is hidden using DFT, and the picture contains a lot of low light scenery, i.e., decreased contrast, tracing the hidden message becomes difficult. However, increasing brightness or contrast can reveal the ring mark, indicating the presence of a hidden message. The most effective way to hide an audio recording is to use spread-spectrum data into a cover image with a sky scene, water scene, landscape, etc. Within such scenes, the data hide in an echo imperceptible to humans.

For example, in a picture an image can be hidden within an image. Within a picture, text can be used and hidden into a bit number that satisfies y = mx + c to hide along a straight line and a circle along x2 + y2 = c. The same can be separated out and contents seen or read. Instead of lines, these could be architectural plans or road maps, for example. In the case of text, one could identify the sequence of bit numbers that satisfies specific mathematical equations. Images have their own color bits. The last bit of a color bit will carry the content bit of the text. Upon decoding, the entire text can be removed. This text is of the type LSB. When the text content bit is put into the first bit of a color bit, it is of the type MSB. Thus, text or picture hiding is best done in low-contrast scenes because humans detect it less frequently.

For IS auditors and security professionals, steganography techniques are used for sending messages (including voice, video, text, drawings and images) within an image. This is a major threat to users of information systems, as confidential and sensitive information can be placed into pictures and then distributed. Detection of such messages is difficult and only the recipients can take advantage of and use the contents. The sending of such pictures can be posted through chat sessions, bulletin boards, bulk mails, etc. The risk of detection is very high in this case. Even after detection, decoding the message may be difficult. Thus, the impact of such threats caused by the resulting vulnerability is very high. Research in this area began in the 1990s, and has yet to mature fully. The work on detection tools soon will aid in tracing, tracking and fixing, the way professionals have antiviruses for viruses, firewalls for network security and embedded message readers for hidden messages that could be a risk to the organization, business or economy of a nation.

Venugopal Iyengar, CISA, CISSP, DIRM, DTT, DCS, DCM
is the director of the Institute of the Millennium and the chief executive at Secure Matrix (India) Private Limited.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: