Whereas cryptography alters a message so that it cannot be read if it is discovered, the security of steganography lies in obscuring the message so that it cannot be found.

Used during the Cold War, steganography was employed as counter-propaganda. In 1968, crew members of the USS Pueblo intelligence ship held as prisoners by North Korea communicated in sign language during staged photo opportunities, informing the United States they were not defectors, but rather were being held captive by the North Koreans. In other photos presented to the U.S., crew members gave "the finger" to the unsuspecting North Koreans, in an attempt to discredit photos that showed them smiling and comfortable.

The North Koreans were told in passing by the American captives that the middle finger was the “Hawaiian Good Luck sign.”

The steganography analog in this example is the use of sign language to convey messages to the U.S. recipients of the propaganda photographs.

  • What made the hidden messages possible?
  • What purpose did the messages serve for the North Koreans?
  • What purpose did the messages serve for the Americans?
  • If the North Koreans knew the message was there, but couldn’t read it (such as with encryption), how would the scenario change?

Digital Steganography

Modern steganographic techniques rely on the viewers’ lack of knowledge about digital representation of information rather than ignorance of sign language or other symbols. Because images, audio, text, and video are all encoded with bits, steganographers can utilize this commonality to send one form of information hidden within another.

Example: Consider a raster image that encodes each pixel by its RGB color value. If using 24 bits, such as here,

there are 224 (16,777,216) colors usable for encoding. Imagine a message encoded as text by using the least significant bit to spell out words in ASCII as follows:

  1. Take 3 pixels encoded with the same color. Here we are using the one defined above:
  2. Alter each of the color’s least significant bit to encode the hidden message. Here, we will alter the values of the first seven blocks of bits to encode the letter X in ASCII (binary value: 1011000).
  3. The image can now be used to send the hidden message. As long as the recipient knows it is there and how to retrieve it, the message is apparent.

Will any unintended recipients be able to tell that a message is hidden within the image? Given that the color space is 24 bits, and that there are 16,777,216 colors to choose from, altering the color by a value of 1 will not produce a discernible change in the image:

Send Your Friends a Stegotext!

The following site will embed steganographically hidden text in an image:

  1. Using Google Image Search and find a 320 x 200 pixel image.
  2. Save this image to your computer.
  3. Encode the text of a riddle and exchange it with a friend. Example riddles are here.
  4. In order to retrieve the message, use the decode function. Encode your best answers (as in Step 1) and exchange.

Discussion Questions

  • How well did it work? Were there any issues?
  • Can you tell the image has hidden information just by looking at it?
  • Assume you are using a 320 x 200 pixel image. The image has 24 bits of color encoding per pixel. Approximately how many bits does the image require?
  • Assume the message you wrote contained 25 characters (including spaces). If each ASCII character requires seven bits to represent it, how many bits does the text message require?
  • Repeat Step 3 using your own image and text measurements. What’s the bit ratio of hidden message to the containing image? What effect might this have on detecting steganographic messages?

Journal Reflection

Read the following article, Bin Laden: Steganography Master?, and a response, Terrorists and Steganography, from a world-renowned security expert, Bruce Schneier. Note that the articles were written seven months before the September 11th attacks on the World Trade Center. Reflect on the articles and respond to the following questions in your journals:

  1. Although no examples of steganography usage by Al Qaeda have ever been discovered, this cannot discount their existence. Why? Do you think they may have used these techniques to communicate?
  2. Do you imagine events may have been different if the U.S. security agencies concentrated their efforts on steganography efforts? Do you imagine it likely that implementing the method detailed by Schneier would turn up any hidden messages?