Computing Practices Exploring Steganography: …

1 Computing Practices Exploring steganography : Seeing the unseen steganography is an ancient art of hiding information. Digital technology gives us new ways to apply steganographic techniques, including one of the most intriguing . that of hiding information in digital images. S. Neil F. Johnson teganography is the art of hiding informa- (with the exception of JPEG images). All color varia- tion in ways that prevent the detection of hid- tions for the pixels are derived from three primary col- Sushil Jajodia den messages. steganography , derived from ors: red, green, and blue. Each primary color is George Mason University Greek, literally means covered writing. represented by 1 byte; 24-bit images use 3 bytes per It includes a vast array of secret communi- pixel to represent a color value. These 3 bytes can be cations methods that conceal the message's very represented as hexadecimal, decimal, and binary val- existence. These methods include invisible inks, ues. In many Web pages, the background color is rep- microdots, character arrangement, digital signatures, resented by a six-digit hexadecimal number actually covert channels, and spread spectrum communica- three pairs representing red, green, and blue.

2 A white tions. background would have the value FFFFFF: 100 per- steganography and cryptography are cousins in the cent red (FF), 100 percent green (FF), and 100 percent spycraft family. Cryptography scrambles a message so blue (FF). Its decimal value is 255, 255, 255, and its it cannot be understood. steganography hides the mes- binary value is 11111111, 11111111, 11111111, sage so it cannot be seen. A message in ciphertext, for which are the three bytes making up white. instance, might arouse suspicion on the part of the This definition of a white background is analogous recipient while an invisible message created with to the color definition of a single pixel in an image. steganographic methods will not. Pixel representation contributes to file size. For exam- In this article we discuss image files and how to hide ple, suppose we have a 24-bit image 1,024 pixels wide information in them, and we discuss results obtained by 768 pixels high a common resolution for high- from evaluating available steganographic software.

3 Resolution graphics. Such an image has more than two For a brief look at how steganography evolved, see the million pixels, each having such a definition, which steganography : Some History sidebar. would produce a file exceeding 2 Mbytes. Because such 24-bit images are still relatively uncommon on the IMAGE FILES Internet, their size would attract attention during To a computer, an image is an array of numbers that transmission. File compression would thus be benefi- represent light intensities at various points (pixels). cial, if not necessary, to transmit such a file. These pixels make up the image's raster data. A com- mon image size is 640 480 pixels and 256 colors (or File compression 8 bits per pixel). Such an image could contain about Two kinds of compression are lossless and 300 kilobits of data. Both methods save storage space but have different Digital images are typically stored in either 24-bit results, interfering with the hidden information, when or 8-bit files.

4 A 24-bit image provides the most space the information is uncompressed. Lossless compres- for hiding information; however, it can be quite large sion lets us reconstruct the original message exactly;. 26 Computer 0018-9162/98/$ 1998 IEEE.. therefore, it is preferred when the original informa- information to be hidden. A message may be plain tion must remain intact (as with steganographic text, ciphertext, other images, or anything that can be images). Lossless compression is typical of images embedded in a bit stream. When combined, the cover saved as GIF (Graphic Interchange Format) and 8-bit image and the embedded message make a stego- BMP (a Microsoft Windows and OS/2 bitmap file). A stego-key (a type of password) may also be Lossy compression, on the other hand, saves space used to hide, then later decode, the message. but may not maintain the original image's integrity. Most steganography software neither supports nor This method typifies images saved as JPEG (Joint recommends using JPEG images, but recommends Photographic Experts Group).

5 Due to the lossy com- instead the use of lossless 24-bit images such as BMP. pression algorithm, which we discuss later, the JPEG The next-best alternative to 24-bit images is 256-color formats provide close approximations to high-qual- or gray-scale images. The most common of these ity digital photographs but not an exact duplicate. found on the Internet are GIF files. Hence the term lossy compression. In 8-bit color images such as GIF files, each pixel is represented as a single byte, and each pixel merely Embedding data points to a color index table (a palette) with 256 pos- Embedding data, which is to be hidden, into an sible colors. The pixel's value, then, is between 0 and image requires two files. The first is the innocent-look- 255. The software simply paints the indicated color ing image that will hold the hidden information, called on the screen at the selected pixel position. Figure 1a, the cover image. The second file is the message the a red palette, illustrates subtle changes in color varia- steganography : Some History fore sound normal and innocent, the written pages, which permits the transmis- Throughout history, people have hidden suspect communications can be detected sion of large amounts of data, including information by a multitude of methods by mail filters while innocent messages drawings and and ,2 For example, ancient are allowed to flow For exam- With every discovery of a message hid- Greeks wrote text on wax-covered tablets.

6 Ple, the following null-cipher message den with an existing application, a new To pass a hidden message, a person would was actually sent by a German spy in steganographic application is being scrape wax off a tablet, write a message on WWII1: devised. Old methods are given new twists. the underlying wood and again cover the While drawings have often been used to tablet with wax to make it appear blank Apparently neutral's protest is thor- conceal or reveal information, computer and unused. Another ingenious method oughly discounted and ignored. Isman technology has, in fact, sparked a revolu- was to shave the head of a messenger and hard hit. Blockade issue affects pretext tion in such methods for hiding messages. tattoo a message or image on the messen- for embargo on by-products, ejecting Space limitations prevent further dis- ger's head. After the hair grew back, the suets and vegetable oils. cussion here. For more information on message would be undetected until the techniques for hiding information, see head was shaved again.

7 Decoding this message by extracting the Peter Wayner's Disappearing Crypt . Invisible inks offered a common form of second letter in each word reveals the fol- invisible writing. Early in World War II, lowing, hidden message: steganographic technology consisted almost exclusively of these With Pershing sails from NY June 1. invisible ink, a seemingly innocent letter References could contain a very different message Document layout may also reveal infor- 1. D. Kahn, The Codebreakers, Macmillan, written between the mation. Documents can be marked and New York, 1967. Documents themselves can hide infor- identified by modulating the position of 2. B. Norman, Secret Warfare, Acropolis mation: document text can conceal a hid- lines and Books, Washington, , 1973. den message through the use of null Message detection improved with the 3. Zim, Codes and Secret Writing, ciphers (unencrypted messages), which development of new technologies that William Morrow, New York, 1948.

8 Camouflage the real message in an inno- could pass more information and be even 4. J. Brassilet et al., Document Marking and cent-sounding missive. Open coded mes- less conspicuous. The Germans developed Identification using Both Line and Word sages, which are plain text passages, microdot technology, which FBI Director Shifting, Proc. Infocom95, IEEE CS. sound innocent because they purport J. Edgar Hoover referred to as the enemy's Press, Los Alamitos, Calif., 1995. to be about ordinary occurrences. masterpiece of espionage. 1 Microdots are 5. P. Wayner, Disappearing Cryptography, Because many open-coded messages don't photographs the size of a printed period AP Professional, Chestnut Hill, Mass., seem to be cause for suspicion, and there- having the clarity of standard-sized type- 1996. February 1998 27.. colors is a poor choice, as variances created from the embedded message will be noticeable in the solid areas. We will see that Figure 1b, the palette for the Renoir cover image, makes a very good cover for holding data.

9 Once you've selected a cover image, you must decide on a technique to hide the information you want to embed. CONCEALMENT IN DIGITAL IMAGES. Information can be hidden many different ways in images. To hide information, straight message inser- tion may encode every bit of information in the image or selectively embed the message in noisy areas that draw less attention those areas where there is a great deal of natural color variation. The message may also (a) (b) be scattered randomly throughout the image. Redundant pattern encoding wallpapers the cover Figure 1. Representa- image with the message. tive color palettes. (a) tions: visually differentiating between many of these A number of ways exist to hide information in dig- A 256-color red colors is difficult. Figure 1b shows subtle color changes ital images. Common approaches include palette and (b) a 256- as well as those that seem drastic. color Renoir palette. Many steganography experts recommend using least significant bit insertion, The Renoir palette is images featuring 256 shades of Gray-scale images masking and filtering, and so named because it are preferred because the shades change very gradually algorithms and transformations.

10 Comes from a 256- from byte to byte, and the less the value changes between color version of palette entries, the better they can hide information. Each of these techniques can be applied, with varying Pierre-Auguste Figure 2 shows a gray-scale palette of 256 shades. Some degrees of success, to different image files. Renoir's Le Moulin images are 4-bit, created with 16 shades of gray; obvi- de la Galette. ously these images offer many fewer variations. Least significant bit insertion While gray-scale images may render the best results Least significant bit (LSB) insertion4 is a common, for steganography , images with subtle color variations simple approach to embedding information in a are also highly effective, as Figure 1 showed. cover file. Unfortunately, it is vulnerable to even a When considering an image in which to hide infor- slight image manipulation. Converting an image mation, you must consider the image as well as the from a format like GIF or BMP, which reconstructs palette.