Steganography is the science of hiding information within other information. This article describes the basics of steganography and explains a simple program that hides text within an image.
Steganography is the science of hiding information within other information. For example, a watermark "hides" an image on a piece of paper. If you look at most paper currency at a low angle or if you hold it up to a bright light, you can see a ghostly image in the paper. When you look at the currency straight on in normal light, you cannot see the image. Because this example is so easy to understand, steganography is often called "watermarking."
Another example is a correspondence where the last letter in each word spells out a secret message. Composing this sort of message can be fun. The more constraints you place on the correspondence, the more challenging it is to write something that satisfies the constraints and still contains the hidden message. For example, try writing a poem where the last letter of each word spells out the message. Or try writing a sonnet, which has particular rules for the poem's meter and rhyme.
Today steganography is often used to hide copyright information in an image, movie, or audio file. The information is carefully encrypted and hidden so you cannot easily find it. Later, if I think you have stolen my movie file, I can pull the hidden copyright information out of it to prove it is mine not yours.
For example, I recently heard about one developer who uses Easter Eggs in his software as additional copyright protection. An Easter Egg is a hidden feature in the program that displays a secret form or game when activated. You can find a huge number of Easter Eggs for commercial applications at Eeggs.com.
Anyway this particular developer hides copyright information in Easter Eggs. On one occasion, someone else stole his software and claimed to have written it. The true author produced the Easter Egg listing his name and the creator and the impostor was forced to admit the truth.
Click here for information on a simple example program that hides messages in an image file. For each bit in the message, this program picks a random pixel in the image and a random red, green, or blue component in that pixel. It then sets the least significant bit in that component to the bit value it is encoding.
For example, suppose the chosen pixel is green so its red, green, and blue components in binary are 0000, 1111, 0000. Now suppose the program wants to hide the bit value 1 in this pixel's red component. The new pixel value has components 0001, 1111, 0000.
For another example, suppose the program wants to store the bit value 0 in the same pixel's blue component. The least significant bit in that component is already 0 so there is no change to the color.
These changes are so small they are almost impossible to detect. In a photographic image, you will not be able to tell the difference just by looking.
This program handles a lot of little details. For example, before it stores its message it stores the length of the message. That allows the program to know how many characters are encoded when it tries to decode them.
The program uses a password to initialize the random number generator Rnd. When you decode the message, the program initializes the random number generator using the same seed so it produces the same series of pseudo-random numbers. If you replace Visual Basic's Rnd function with a cryptographically secure random pseudo-number generator, you will get a much more secure system. If you encrypt your message before you embed it in the image, it will be even harder to break.
The program also needs to ensure that each message bit maps to a different pixel color component. If two message bits mapped to the same component, the second would hide the value of the first.
The program also provides an option to show the bits it is encoding and decoding. If you check the Show Pixels box, the program makes the pixels it is encoding red. It still sets the least significant bits to encode the messages so you can recover the hidden text even with the red dots in the image.
Similarly if you check the Show Pixels box, the program makes the pixels it is decoding black. Again the program preserves the least significant bits so you can decode the image again even with the black dots visible.
Note that this technique is relatively fragile. It depends on the least significant bits in an image. Those are the bits most likely to modified by a lossy image compression algorithm such as JPEG. If you encode a message in one of these images, convert it into a JPEG image, and try to decode the JPEG version, you will probably get nothing but garbage.
The bits may also be modified if you view the image with a color resolution other than the one in which the image was made. For example, suppose you make an image with 24-bit color but then view it on another computer with only 8-bit color. The system will modify the colors so it can display the picture on the 8-bit color system. This will almost certainly mess up the hidden data.
Note that you can use DIBs to load the image file in a specific format such as 24-bit color. That should eliminate the problem.
These issues are problems with this kind of steganography. To hide the message, the program makes the smallest modifications to the image possible. The basic idea is to make the message look like a tiny bit of noise in the image. However, the smallest bits of noise are most likely to be modified if the image is altered in any way.
Steganography is one of the less known branches of cryptography. While most cryptography applications work on securing a message so only the sender and receiver can understand it, steganography hides a message so only the sender and receiver know it's there. While everyone may see the public data, they won't know the secret message is present. The secret message can truly be hidden in plain sight.
For more information on cryptography (but not steganography), see Bruce Schneier's excellent book Applied Cryptography.
If you have interesting applications or stories involving steganography or cryptography, let me know.