Practical Privacy Guide:Steganography

When the Greek tyrant Histiaeus was held as a virtual prisoner of king Darius in Susa in the 5th century BCE, he had to send a secret message to his son-in-law Aristagoras to the Anatolian city of Miletus. Histiaeus shaved the head of a slave and tattooed a message on his scalp. When the slave’s hair had grown long enough he was dispatched to Miletus. That’s how Herodotus describes one of the first cases of using steganography in the ancient world, the art of covered writing.

As the art developed it eventually became a science that has been helping people throughout the ages to disguise the very fact of information transmission. Ancient Romans used to write between lines using invisible ink based on various natural substances such as fruit juices, urine, and milk. Their experience was not forgotten: even nowadays children play spies and write secret messages that appear only when heated.

During the World War II the Germans developed the microdot. A secret message was photographically reduced to the size of a period, and affixed as the dot for the letter ‘i’ or other punctuation on a paper containing a written message. Microdots permitted the transmission of large amounts of printed data, including technical drawings, and the fact of the transmission was effectively hidden.

The wide usage of steganography during the war and the atmosphere of suspiciousness caused the institution of many restrictions that seem very funny today. In USA banned in advance were the international mailing of postal chess games, knitting instructions, newspaper clippings, children’s drawings. It was also illegal to send cables ordering that specific types of flowers be delivered on a specific date, and eventually all international flower orders were banned by the US and British governments. In the USSR all international mailings were screened in attempt to detect any hostile activities.

The rapid progress of computer technology made all these restrictions obsolete. Nowadays everyone can make use of the advantages steganography can offer as a tool for hidden data transmission as well as for copyright protection. You can find more information on steganography on this site. Here we’ll take a brief look at how steganography can help us protect our privacy.

Steganographic Software
Computer steganography is based on two principles. The first one is that the files that contain digitized images or sound can be altered to a certain extend without loosing their functionality unlike other types of data that have to be exact in order to function properly. The other principle deals with the human inability to distinguish minor changes in image color or sound quality, which is especially easy to make use of in objects that contain redundant information, be it 16-bit sound, 8-bit or even better 24-bit image. Speaking of images, changing the value of the least significant bit of the pixel color won’t result in any perceivable change of that color.

One of the best and most widely spread steganographic product for Windows95/98/NT is S-Tools (check this site for a huge list of steganograhic products and download links). This freeware program lets you hide files of any type in .gif and .bmp images as well as in .wav sounds. Moreover, S-Tools is actually a steganographic and cryptographic product in one, because the file to be hidden is encrypted using one of the symmetric key algorithms: DES (it’s time has gone), Triple DES, and IDEA – the latter ones are very secure as of today. Working with the program is fun! You just drag the carrier file into the program window, then you drag the file you want to hide, choose an algorithm and a password, and here we go!

One can tell the difference between the clean and the loaded file only by comparing them, so if you look at the resulting file only, it looks totally innocent. For better security it is recommended that one uses images with many halftones and preferably unknown to the public because minor changes in them will not be noticed. Using Henri Matisse’s The Dance is not a very good idea, because everyone (at least in our old good intellectual Europe) knows what it looks like, besides there are large spots of the same color. Try using your dog’s photo. Let’s have a look at what we can do with this program:


Image 1 Image 2
Sound 1 Sound 2

The left image in the first row (8.9K) contains no hidden data while the right one (11.2K) contains about 5K of password-protected text. In the second row the left sound file (4.6K) is also empty, while the right file contains 0.5K of text (the file size remained the same). Amazing, isn’t it? Almost no distinctions. The ratio of the image file size and the text file size to be hidden depends on the image. Sometimes the maximum allowed text file size is even higher than the image size. Anyway, even if someone suspects that you are hiding something it’s no help: without the password one cannot tell if an image has been processed by S-Tools.

Another good steganographic product is Steganos Security Suite (shareware). Unlike S-Tools it comprises a set of security tools including virtual encrypted drive, Internet Trace Destructor, clipboard encryption utility, shredder and several others. Steganos Security Suite employs AES and Blowfish encryption algorithms and is capable of hiding data in .bmp and .wav files after either finding them on your hard drive or creating them. As you surf the net your computer stores information about web sites that you visited, thus allowing other persons to trace your internet activities. The Internet Trace Destructor included into Steganos Suite can erase traces of your internet activities from your computer. Besides Steganos adds an option of sending files from your hard drive to the shredder which makes it impossible to recover them. Hey spies, get to the job!

A good file encryption utility with steganographic capabilities is Scramdisk. It is designed to create virtual encrypted drives and has an option to create a virtual drive out of .wav file and hide data inside it. The size of the encrypted partition varies between 25 and 50 percent of the original file size. The best thing about this program is that without knowing the pass-phrase it is not possible to prove that the file contains additional data.

Digital Watermarking
Speaking of commercial steganographic applications we should definitely mention digital watermarking which is a special technique of creating invisible digital marks in images and audio files that carry copyright information. These marks can be detected by special programs that can derive a lot of useful information from the watermark: when the file was created, who holds the copyright, how to contact the author etc. As you know tons of copyrighted material are reproduced , i.e. stolen on the Net every day so this technology might be useful if you are a designer.

There are many companies on the Net that sell watermarking products. One of the leaders is Digimarc that claims to have distributed over a million copies of its software. They offer a free download of PictureMarc which is a plug-in for Photoshop and CorelDraw, or stand-alone ReadMarc. Once you download and install it, you just open a file and read hidden watermarks embedded in it (if any). For those who want to go further Digimarc offers individual Creator ID (free for 1 year) that allows to embed watermarks in your own images before you put them on the Web. I believe many customers including designers, photographers and online galleries do it. Playboy magazine does it too. And then corporate users are offered to download MarcSpider that crawls the Web looking through all images and reports any unauthorized reproduction of them. Although in case of Playboy I can hardly believe anyone would put their photos on a site for commercial purposes because they can only attract schoolchildren…Anyway, it’s up to them.

So it looks like the golden age of integrity is coming: authors no longer suffer from thefts, thieves take cameras, brushes, mice in their hands and start creating beautiful artworks themselves… but no! In spite of the manufacturers’ claims watermarking didn’t prove to be robust enough. Watremarks can survive a lot of things: brightness and contrast adjustments, applying special filters and even printing and scanning, but they cannot survive the manipulations of special programs such as StirMark and UnZign that appeared on the Net soon after the new technology was introduced. Apparently these tools are not targeted against any specific steganographic algorithm, they are rather benchmarks that help customers choose the most robust watermarking software. And the conclusion they lead us to is: as of today all watermarks can be destroyed without significant loss in picture quality.

“Well, now what?” the reader might ask. I don’t know. Probably the algorithms will become more complicated or new image file formats will emerge. But any engineering entails reverse engineering, infinitely continuing the spiral of the technological progress. As it was written in my favorite book:

“What are your plans now?”
“My plans are whatever happens.”


Back to index

This Privacy Guide was originally written by Mr.Byte in 1997-1998.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: