ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Steganography

Updated on October 22, 2011

Data security has been a cat-and-mouse game between those for whom data hiding is the ultimate goal, and for those who would prefer being capable of deciphering hidden data. The history of this quest goes back centuries as substitution cipher was practiced in ancient battlefronts. Such schemes are called encryption in which useful information is transformed in such a way that only authorised persons can decrypt information.

But the problem is that even this encrypted or scrambled form of information is a tell-tale sign that something fishy is going on. For example, there are security firms specialising in protecting companies' data, so that unruly employees do not subvert policies of data disclosure. Encryption poses a risk for the business to be successful, which is why they try to identify and restrict any encrypted data that attempts to travel in or out of defined security parametre.

But here comes the real twist in the story: what about the situation when it becomes very difficult to actually to identify the presence of encrypted data?

Origins and the concept

The study of steganography explains this as the events of heads shaved off to write engraved messages on the skin, and then sneaking the informer after hairs had grown again are common in old-aged espionage tales. Or hiding valuables in fridge or other unsuspecting places to ward off robber's attention are among the examples of steganogrpahy applied in the real world.

The same notion applies in the digital world as well, where an apparently normal file, say an image, a document or a sound file is used as a host to hide information in it. As these files are exchanged very frequently over the internet and other communication channels, it becomes very time consuming to scan each and every file to detect the presence of hidden communication in them. Nonetheless, there also exist techniques that apply checks to detect steganography in ostensibly innocent data files.

How does it work?

How does steganography actually work and what are its practical uses in today's world? The first question is really simple to answer if we just recall how data is stored in a computer. At a lower level, the units of data storage are bits and bytes, and in some formats, there are header and footer information that ‘read' these bits and bytes to construct the information that we see, say in word processors and image editors. To see this in action, open an image file in Notepad and watch a junk of special characters appear.

There have been instance of cheat codes for games that relied on opening up an EXE file and altering the bits that governed licensing, or applying other cheats by by-passing the instruction code responsible for executing a particular part of whole programme. Same logic applies in steganography but in a much simpler way since it mostly deals with multimedia content in which bits and bytes represents colours. If pixel information is contained in an eight digit number, altering the least significant bit would create alteration in colour which may not be detectable to a human eye. That is, such small changes would not introduce noticeable ‘noise' in image or sound file, where there could be a natural noise present already.

For example, where two colours get separated in an image, a slight blurring of line may be taken as natural photography phenomenon rather than insertion of a few extra bits of information in the file. Similarly, slightly darker or lighter shades may not be noticeable at all as colour depth has gone up to staggering 16.7 million since a very long time now.

Uses

There are several industrial uses of steganography. Firstly, it can be used as a way of introducing bookmark information to thwart copyright infringement. The hidden information can be used as a proof of ownership of digital content - say videos, MP3s and even PDF files. In an event of dispute, the real owner can use the same tool he used initially to hide information in the file to reveal it, thus proving his right on the content.

Another use of this technology is exchanging confidential data over insecure protocols. One of the tools available for USB disk protection is called ‘True Crypt', this also has an option that accomplishes same result by creating a hidden partition inside another but whose presence can not be identified - they call it ‘plausible deniability'.

This is needed in cases of ATM robberies where a person is asked on a gun-point to show his real balance and take it out. If there would be some other secret PIN, the ATM could automatically show ‘service is down' or some other message to prevent the real balance being shown.

Yet another use is private communication in a way that other members of the group do not get to know about it. For instance, if a group of students in a class has to share a report with everyone else, the grade can be hidden in the report and password could be provided to the group members to access this information. So, only the group members can be notified about the grade obtained.

Tools

There are plenty of steganography tools available for free over the internet, or if you happen to be a little more interested, you can write your own. It takes nominal programming knowledge - C or Java preferably - and familiarity with file format in which information is to be contained. All the tools available ask for a host file (like an image file), the information to be hidden (for example, a text file) and a password for encrypting the data. The output is the same host file but now containing the secret information. Size of the file may be a little larger than before, and there could be a limit to the max size of information that can be contained in a particular format. Some common tools are Hide in Picture, Stego and S-Tools. Such Windows based programmes offer standard encryption along with steganography.

working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://corp.maven.io/privacy-policy

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)