Steganography: Hide and Seek Games
Security is often associated with something hard to crack, extremely reliable, impenetrable. The above could relate to, for example, encryption, when talking about information security.
It can be hard to imagine that opposite approach – placing all data in open view – can be as reliable. This is what steganography does: it hides data, concealing it within another data block. Unless it is known where to look for the concealed message, and how to obtain it, the data is just as safe as if was thoroughly encrypted.
Note that data can be both encrypted and concealed, for higher degree of security. Can steganography by itself be of any real use?
The Simplest Forms of Steganography
When talking about digital steganography, we will be using these terms – a carrier (container data chunk, storing concealed message) and a payload (the message itself). Ancient, simple, although still usable approaches can be used to incorporate payload seamlessly.
Imagine: there’s a text published in open, with payload that can be found if proper letters (or words) are selected. As in every steganographic technique, the recipient should know where to look, and how to obtain the payload. The sequence of letters of the payload can be, in turn, either hidden elsewhere, or be contained in a widely accessible source. Imagine instructions like this: take book entitled “X”, open it at “Y” page, and use every word’s length as position of the next letter of the payload.
Steganography is the art of concealing, yet leaving all the keys in open – the only problem is to understand where those keys are and which doors they unlock.
The above “text steganography” doesn’t require a computer to be implemented. It only requires that both the sender and the recipient know the keys. Carrier data (text) can be a blog post, a forum comment – any text message innocent enough not to be suspected to contain a hidden message.
Images and other media files provide popular carrier file formats, as well.
An Unseen Image
Image file formats provide several places to insert payload. First, there can be unused fields in file format that can be safely used to hold any extra data. Second, the image itself can be somewhat degraded, to spread payload data over color value fields.
If you wish to test a good steganographic tool using images, take a look at OpenPuff. Apart from gaining more knowledge about security, hiding and detecting data, it also is fun to use.
Other multimedia formats can also be used to store payload. Note that any image transformation (such as scaling) will most probably destroy all the payload it could contain.
However, this type of digital steganography requires certain software; it can’t be done “manually”.
Hide and Seek Games
If the keys are unseen and the message doesn’t look suspicious, the sender and the recipient may feel more or less confident that their secret is safe. However, what happens if either (or both) components are known to possible adversaries?
It may seem that the payload will inevitably be detected. However, the software piece mentioned above allows incorporating two payloads: one of true value to the sender and the recipient, and the other – data of little actual importance that look, however, as something important – a decoy.
In that case, if forced to reveal a key (let’s say, a password), the sender and/or the recipient can reveal the key that allows to extract the decoy data. There’s no possibility to tell whether it was a decoy or not, whether there are several payloads hidden – thus plausible deniability becomes possible. Although not too much a defense, it can allow to avoid unpleasant consequences under certain circumstances.
Is It Good for You?
Is steganography really of any use to you? Since it allows hiding important data in images and other popular file formats – perhaps. As all tools of “security through obscurity”, it only requires that the keys are hidden well enough thus not to be spotted.
With that in mind, you can more or less safely distribute images containing the information you wish to hide, if you do not leave any hints on the key location and their meaning.
Digital and “real-world” steganography can be used together. Objects of the real world (such as road signs, graffiti, guidebooks available in shops nearby) can be used to decode digital messages.
Is it safe? As well as with every security technique, it’s as reliable as its weakest chain (most often this is a human being). Generally speaking, if you hide a key to your house under a carpet, you make it too obvious where to look for the key.
To Sum Up
If you get interested in steganography and its practical use for your own needs, I recommend to start by reading the article about steganography mentioned in the beginning and follow the links. You can continue your studies using other collections of steganography resources (with more thorough theoretical grounds).
May your data be safe!