We can thank a Russian spy ring for a new found interest in steganography, or the techniques for hiding important messages in seemingly innocuous files (often images). The US caught the Russians passing notes in pictures this past summer--and, as an earlier Tech Talk post explains, their relatively outdated system made them easy targets. Mitsuo Okada, a graduate student at the Kyoto University in Japan, demonstrated a new steganography system at the 2011 Consumer Communications and Networking Conference earlier this month. Okada doesn't claim that his prototype software is any match for the CIA, but he does note that you can use it on your iPhone.
Okada is more interested in using his steganography to secure documents rather than hide them. He wants to give electronic files the equivalent of watermarks on a paper check, which allow users to determine authenticity by simply holding the document up to a light.
The problem with most steganography techniques, says Okada, is that you need an extraction program to ferret out the secret. Former IEEE Spectrum editor Sally Adee explains one simple algorithm in her 2008 article Spy vs. Spy:
To embed a message in an innocuous image of a cat, for example, a commonly used steganography algorithm called LSB takes advantage of the way computers digitally encode color. The algorithm hides the fugitive file inside the so-called noncritical bits of color pixels. Noncritical bits are just what they sound like—the least important information in a pixel. A gray pixel in the cat’s uniformly gray fur, for example, is coded as a number that looks something like 00 10 01 00. By changing the least significant bits—the last two—you introduce one-millionth of a color change, an absurdly subtle alteration that no human eye could detect.
Okada notes that the casual user can't verify that the extraction program is legit and, what's worse, that program's existence leaves it vulnerable for reverse engineering.
His alternative starts with an original black-and-white image and a separate message. The embedding algorithm modifies the brightness of the original image to encode the message. If a pixel is white, it increases the brightness, and, if a pixel is black, it decreases the brightness--all by an amount according to the brightness of the message.
To decode, all you need is a semi-transparent inverse of the original. Drag it on top of the encoded original, and you'll reveal the watermark.
In this case, it's a dog hidden in peppers!
Okada's team has created two test sites where you can try this for yourself (one for PCs and another for iPhones and iPads--it's currently not working for Macs). He has also cropped, compressed, and added noise to the picture to show the robustness of the system.
For top secret messages it seems would-be steganographers have less-traceable options (as described IEEE Spectrum's February of 2010 article Vice over IP: The VoIP Steganography Threat). I do wonder how secure Okada's system is--or how easy it is for counterfeiters also to add the brightness-based watermark. If he could provide some guarantees to the system's security it definitely has its ease of use going for it--along with its inclusion of puppies.