The December 2022 issue of IEEE Spectrum is here!

Close bar

A New Steganography System Aims to Secure Digital Documents

"User-friendly" steganography could allow users to more easily reveal secret messages in pictures

2 min read
A New Steganography System Aims to Secure Digital Documents

We can thank a Russian spy ring for a new found interest in steganography, or the techniques for hiding important messages in seemingly innocuous files (often images). The US caught the Russians passing notes in pictures this past summer--and, as an earlier Tech Talk post explains, their relatively outdated system made them easy targets. Mitsuo Okada, a graduate student at the Kyoto University in Japan, demonstrated a new steganography system at the 2011 Consumer Communications and Networking Conference earlier this month. Okada doesn't claim that his prototype software is any match for the CIA, but he does note that you can use it on your iPhone.

Okada is more interested in using his steganography to secure documents rather than hide them. He wants to give electronic files the equivalent of watermarks on a paper check, which allow users to determine authenticity by simply holding the document up to a light.

The problem with most steganography techniques, says Okada, is that you need an extraction program to ferret out the secret. Former IEEE Spectrum editor Sally Adee explains one simple algorithm in her 2008 article Spy vs. Spy:

To embed a message in an innocuous image of a cat, for example, a commonly used steganography algorithm called LSB takes advantage of the way computers digitally encode color. The algorithm hides the fugitive file inside the so-called noncritical bits of color pixels. Noncritical bits are just what they sound like—the least important information in a pixel. A gray pixel in the cat’s uniformly gray fur, for example, is coded as a number that looks something like 00 10 01 00. By changing the least significant bits—the last two—you introduce one-millionth of a color change, an absurdly subtle alteration that no human eye could detect.

Okada notes that the casual user can't verify that the extraction program is legit and, what's worse, that program's existence leaves it vulnerable for reverse engineering.

His alternative starts with an original black-and-white image and a separate message. The embedding algorithm modifies the brightness of the original image to encode the message. If a pixel is white, it increases the brightness, and, if a pixel is black, it decreases the brightness--all by an amount according to the brightness of the message. 

To decode, all you need is a semi-transparent inverse of the original. Drag it on top of the encoded original, and you'll reveal the watermark.

In this case, it's a dog hidden in peppers!

Okada's team has created two test sites where you can try this for yourself (one for PCs and another for iPhones and iPads--it's currently not working for Macs). He has also cropped, compressed, and added noise to the picture to show the robustness of the system. 

For top secret messages it seems would-be steganographers have less-traceable options (as described IEEE Spectrum's February of 2010 article Vice over IP: The VoIP Steganography Threat). I do wonder how secure Okada's system is--or how easy it is for counterfeiters also to add the brightness-based watermark. If he could provide some guarantees to the system's security it definitely has its ease of use going for it--along with its inclusion of puppies.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less