October 17, 2006
IEEE Delaware Bay Section Meeting

Steganography and Steganalysis: From Antiquity to the Present
Speaker: Dr. Charles Boncelet

Dr. Boncelet holds a joint appointment as Professor in the departments of Electrical & Computer Engineering and Computer & Information Sciences at the University of Delaware. He has held visiting appointments at the University of Michigan, the Tampere University of Technology (Tampere, Finland), and the Australian Defence Force Academy (Canberra, Australia). He holds a MS and PhD from Princeton University and a BS from Cornell University. His research interests include data compression, signal and image processing, security, and computer science.

Steganography is the art of hiding messages so that the very act of communicating is secret. Steganalysis is the search for hidden messages. 

In the area of "hidden messages" there are three segments:

  • Watermarking denotes ownership. Many electronic images have watermarks to preserve the ownership information. The coding of ownership information in electronic images in a way that cannot be altered is an important and lucrative market for the software profession.
  • Fingerprinting identifies a picture as to who it's recipient should be. For example, movies are sent out with fingerprints to indicate who the recipient is for purposes of identifying where a black market copy originated.
  • Steganography (i.e. "covered writing") means there is a message in plain sight, but normally you wouldn't see it. Some non-photo examples are:

      In the Sherlock Holmes story, "The Dancing Men", pictographs were drawn on buildings so that the average observer wouldn't notice them and were in code so that if noticed, they wouldn't be understood.
     
      A man's head is shaved and tattooed. When his hair grows back, he is sent to a recipient. 
     
      The use of wax tablets with underlying messages.
     
      Pinpricks on maps to indicate present location.
     
      POW who was forced to make a denial video, but blinked "tortured" in Morse code.
     
      NTSC color video standard "hides" color information so that a B/W TV can use only the B/W part of the signal; a color set can "find" the color signal.
     
      Messages hidden in ordinary looking text; e.g. using the first letter of every word to form the message; called the "null cipher" code.
     
      Geometrical Open Code uses an overlay sheet with holes where the code words appear. The sender and receiver each have a code sheet.
It is suspected that steganography is used by terror groups to hide messages in video pictures, but no case of this has been shown or admitted to. To embed a message in a picture, the least important bit in the 8 bit pixels is changed by a value of 1. This is so small a change that it cannot be observed by a viewer.

Dr. Boncelet is concentrating on the science of steganalysis, which is the detection of whether codes exist in pictures. Since most images on Internet are in JPEG format using the jpg extension, he is concentrating on detection of the presence of codes in JPEG images. The presence of a code can likely be detected, but the message itself cannot be uncoded at the present time unless the coding algorithm and password are known. Since the JPEG format relies on data compression, the best way to determine presence of an alien influence or code in the image data is to analyze the compressibility of the image. Compression relies on the predictability of the values of neighboring pixel pairs. JPEG images are likely less compressible if they have code added to image data. 

For more information, google steganography or look in wikipedia. Other interesting search terms are "spam mimic," which hides a message in an ordinary looking spam message, and "stir mark" which is a free program that will do a test attack on a watermarking scheme to see how well it will survive.