List of steganography techniques

Steganography (/ˌstɛɡəˈnɒɡrəfi/ ⓘ STEG-ə-NOG-rə-fee) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. Generally, the hidden messages appear to be (or to be part of) something else: images, articles, shopping lists, or some other cover text. The following is a list of techniques used in steganography.

Physical

edit
  • Hidden messages on a paper written in invisible ink.
  • Hidden messages distributed, according to a certain rule or key, as smaller parts (e.g. words or letters) among other words of a less suspicious cover text. This particular form of steganography is called a null cipher.
  • Messages written in Morse code on yarn and then knitted into a piece of clothing worn by a courier.[1]
  • Messages written on envelopes in the area covered by postage stamps.
  • During World War II, Velvalee Dickinson, a spy for Japan in New York City, sent information to accommodation addresses in neutral South America. She was a dealer in dolls, and her letters discussed the quantity and type of doll to ship. The stegotext was the doll orders, and the concealed "plaintext" was itself encoded and gave information about ship movements, etc. Her case became somewhat famous and she became known as the Doll Woman.
  • During World War II, photosensitive glass was declared secret[by whom?], and used for transmitting information to Allied armies.
  • Jeremiah Denton repeatedly blinked his eyes in Morse code during the 1966 televised press conference that he was forced into as an American prisoner-of-war by his North Vietnamese captors, spelling out "T-O-R-T-U-R-E". That confirmed for the first time to the US Naval Intelligence and other Americans that the North Vietnamese were torturing American prisoners-of-war.
  • In 1968, crew members of the USS Pueblo intelligence ship, held as prisoners by North Korea, communicated in sign language during staged photo opportunities, to inform the United States that they were not defectors but captives of the North Koreans. In other photos presented to the US, crew members gave "the finger" to the unsuspecting North Koreans, in an attempt to discredit photos that showed them smiling and comfortable.
  • In 1985, a klezmer saxophonist smuggled secrets into and out of the Soviet Union by coding them as pitches of musical notes in sheet music.[2]
  • The art of concealing data in a puzzle can take advantage of the degrees of freedom in stating the puzzle, using the starting information to encode a key within the puzzle/puzzle image. For instance, steganography using sudoku puzzles has as many keys as there are possible solutions of a Sudoku puzzle, which is 6.71×1021.[3]

Printed

edit

Digital steganography output may be in the form of printed documents. A message, the plaintext, may be first encrypted by traditional means, producing a ciphertext. Then, an innocuous cover text is modified in some way so as to contain the ciphertext, resulting in the stegotext.

  • The letter size, spacing, typeface, or other characteristics of a cover text can be manipulated to carry the hidden message. Only a recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon developed Bacon's cipher as such a technique.
  • In the early days of the printing press, it was common to mix different typefaces on a printed page because the printer did not have enough copies of some letters in one typeface. Thus, a message could be hidden by using two or more different typefaces, such as normal or italic.
  •  
    A microdot camera
    During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots were typically minute (less than the size of the period produced by a typewriter). World War II microdots were embedded in the paper and covered with an adhesive, such as collodion that was reflective and so was detectable by viewing against glancing light. Alternative techniques included inserting microdots into slits cut into the edge of postcards.
  • Printing introduces noise in the ciphertext, at times rendering the message unrecoverable. There are techniques that address this limitation, one notable example being ASCII Art Steganography.[4]
 
Yellow dots from a laser printer
  • Some types of modern color laser printers integrate the model, serial number, and timestamps on each printout for traceability reasons using a dot-matrix code made of small, yellow dots not recognizable to the naked eye — see printer steganography for details.

Social steganography

edit

In communities with social or government taboos or censorship, people use cultural steganography—hiding messages in idiom, pop culture references, and other messages they share publicly and assume are monitored. This relies on social context to make the underlying messages visible only to certain readers.[5][6] Examples include:

  • Hiding a message in the title and context of a shared video or image.
  • Misspelling names or words that are popular in the media in a given week, to suggest an alternate meaning.
  • Hiding a picture that can be traced by using Paint or any other drawing tool.[citation needed]

Digital

edit
 
Image of a tree with a steganographically hidden image. The hidden image is revealed by removing all but the two least significant bits of each color component and a subsequent normalization. The hidden image is shown below.
 
Image of a cat extracted from the tree image above.
  • Concealing messages within the lowest bits of noisy images or sound files. A survey and evaluation of relevant literature/techniques on the topic of digital image steganography can be found here.[7]
  • Concealing data within encrypted data or within random data. The message to conceal is encrypted, then used to overwrite part of a much larger block of encrypted data or a block of random data (an unbreakable cipher like the one-time pad generates ciphertexts that look perfectly random without the private key).
  • Chaffing and winnowing.
  • Mimic functions convert one file to have the statistical profile of another. This can thwart statistical methods that help brute-force attacks identify the right solution in a ciphertext-only attack.
  • Concealed messages in tampered executable files, exploiting redundancy in the targeted instruction set.
  • Pictures embedded in video material (optionally played at a slower or faster speed).
  • Injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data.
  • Changing the order of elements in a set.
  • Content-Aware Steganography hides information in the semantics a human user assigns to a datagram. These systems offer security against a nonhuman adversary/warden.
  • Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are added as comments of orphaned web-logs (or pin boards on social network platforms). In this case, the selection of blogs is the symmetric key that sender and recipient are using; the carrier of the hidden message is the whole blogosphere.
  • Modifying the echo of a sound file (Echo Steganography).[8]
  • Steganography for audio signals.[9]
  • Image bit-plane complexity segmentation steganography
  • Including data in ignored sections of a file, such as after the logical end of the carrier file.[10]
  • Adaptive steganography: Skin tone based steganography using a secret embedding angle.[11]
  • Embedding data within the control-flow diagram of a program subjected to control flow analysis[12]
  • The text or multimedia output of some generative artificial intelligence programs, such as ChatGPT, can be altered to include steganographic data that is impossible to detect, even in theory, when compared with the natural output of the program.[13][14]

Digital text

edit
  • Using non-printing Unicode characters Zero-Width Joiner (ZWJ) and Zero-Width Non-Joiner (ZWNJ).[15][16] These characters are used for joining and disjoining letters in Arabic and Persian, but can be used in Roman alphabets for hiding information because they have no meaning in Roman alphabets: because they are "zero-width" they are not displayed. ZWJ and ZWNJ can represent "1" and "0". This may also be done with en space, figure space and whitespace characters.[17]
  • Embedding a secret message in the pattern of deliberate errors and marked corrections in a word processing document, using the word processor's change tracking feature.[18]
  • In 2020, Zhongliang Yang et al. discovered that for text generative steganography, when the quality of the generated steganographic text is optimized to a certain extent, it may make the overall statistical distribution characteristics of the generated steganographic text more different from the normal text, making it easier to be recognized. They named this phenomenon Perceptual-Statistical Imperceptibility Conflict Effect (Psic Effect).[19]

Hiding an image within a soundfile

edit

An image or a text can be converted into a soundfile, which is then analysed with a spectrogram to reveal the image. Various artists have used this method to conceal hidden pictures in their songs, such as Aphex Twin in "Windowlicker" or Nine Inch Nails in their album Year Zero.[20]

Images hidden in sound files
1. The word "Wikipedia" is drawn using computer software
2. The image is converted into an audio file
3. Finally, the audio is analysed through a spectrogram, revealing the initial image
Spectrogram of a hidden image encoded as sound in the song "My Violent Heart" by Nine Inch Nails from the Year Zero album (2007)

Streaming media

edit

Since the era of evolving network applications, steganography research has shifted from image steganography to steganography in streaming media such as Voice over Internet Protocol (VoIP).

  • In 2003, Giannoula et al. developed a data hiding technique leading to compressed forms of source video signals on a frame-by-frame basis.[21]
  • In 2005, Dittmann et al. studied steganography and watermarking of multimedia contents such as VoIP.[22]
  • In 2008, Yongfeng Huang and Shanyu Tang presented a novel approach to information hiding in low bit-rate VoIP speech stream, and their published work on steganography is the first-ever effort to improve the codebook partition by using Graph theory along with Quantization Index Modulation in low bit-rate streaming media.[23]
  • In 2011 and 2012, Yongfeng Huang and Shanyu Tang devised new steganographic algorithms that use codec parameters as cover object to realise real-time covert VoIP steganography. Their findings were published in IEEE Transactions on Information Forensics and Security.[24][25][26]

Cyber-physical systems/Internet of Things

edit

Academic work since 2012 demonstrated the feasibility of steganography for cyber-physical systems (CPS)/the Internet of Things (IoT). Some techniques of CPS/IoT steganography overlap with network steganography, i.e. hiding data in communication protocols used in CPS/the IoT. However, specific techniques hide data in CPS components. For instance, data can be stored in unused registers of IoT/CPS components and in the states of IoT/CPS actuators.[27][28]

Network

edit

All information hiding techniques that may be used to exchange steganograms in telecommunication networks can be classified under the general term of network steganography. This nomenclature was originally introduced by Krzysztof Szczypiorski in 2003.[29] Contrary to typical steganographic methods that use digital media (images, audio and video files) to hide data, network steganography uses communication protocols' control elements and their intrinsic functionality. As a result, such methods can be harder to detect and eliminate.[30]

Typical network steganography methods involve modification of the properties of a single network protocol. Such modification can be applied to the protocol data unit (PDU),[31][32][33] to the time relations between the exchanged PDUs,[34] or both (hybrid methods).[35]

Moreover, it is feasible to utilize the relation between two or more different network protocols to enable secret communication. These applications fall under the term inter-protocol steganography.[36] Alternatively, multiple network protocols can be used simultaneously to transfer hidden information and so-called control protocols can be embedded into steganographic communications to extend their capabilities, e.g. to allow dynamic overlay routing or the switching of utilized hiding methods and network protocols.[37][38]

  • In 1977, Kent concisely described the potential for covert channel signaling in general network communication protocols, even if the traffic is encrypted (in a footnote) in "Encryption-Based Protection for Interactive User/Computer Communication," Proceedings of the Fifth Data Communications Symposium, September 1977.
  • In 1987, Girling first studied covert channels on a local area network (LAN), identified and realised three obvious covert channels (two storage channels and one timing channel), and his research paper entitled “Covert channels in LAN’s” published in IEEE Transactions on Software Engineering, vol. SE-13 of 2, in February 1987.[39]
  • In 1989, Wolf implemented covert channels in LAN protocols, e.g. using the reserved fields, pad fields, and undefined fields in the TCP/IP protocol.[40]
  • In 1997, Rowland used the IP identification field, the TCP initial sequence number and acknowledge sequence number fields in TCP/IP headers to build covert channels.[41]
  • In 2002, Kamran Ahsan made an excellent summary of research on network steganography.[42]
  • In 2005, Steven J. Murdoch and Stephen Lewis contributed a chapter entitled "Embedding Covert Channels into TCP/IP" in the "Information Hiding" book published by Springer.[43]
  • Steganophony – the concealment of messages in Voice-over-IP conversations, e.g. the employment of delayed or corrupted packets that would normally be ignored by the receiver (this method is called LACK – Lost Audio Packets Steganography), or, alternatively, hiding information in unused header fields.[44]
  • WLAN Steganography – transmission of steganograms in Wireless Local Area Networks. A practical example of WLAN Steganography is the HICCUPS system (Hidden Communication System for Corrupted Networks)[45]

References

edit
  1. ^ "The Wartime Spies Who Used Knitting as an Espionage Tool – Atlas Obscura". Pocket. Retrieved 4 March 2020.
  2. ^ Newman, Lily Hay. "How a Saxophonist Tricked the KGB by Encrypting Secrets in Music". Wired. ISSN 1059-1028. Archived from the original on 8 June 2022. Retrieved 9 June 2022.
  3. ^ B.r., Roshan Shetty; J., Rohith; V., Mukund; Honwade, Rohan; Rangaswamy, Shanta (2009). "Steganography Using Sudoku Puzzle". 2009 International Conference on Advances in Recent Technologies in Communication and Computing. pp. 623–626. doi:10.1109/ARTCom.2009.116. ISBN 978-1-4244-5104-3. S2CID 7850622.
  4. ^ Vincent Chu. "ASCII Art Steganography". Pictureworthsthousandwords.appspot.com.
  5. ^ Social Steganography: how teens smuggle meaning past the authority figures in their lives, Boing Boing, 22 May 2013. Retrieved 7 June 2014.
  6. ^ Social Steganography, Scenario Magazine, 2013.
  7. ^ Cheddad, Abbas; Condell, Joan; Curran, Kevin; Mc Kevitt, Paul (2010). "Digital image steganography: Survey and analysis of current methods". Signal Processing. 90 (3): 727–752. doi:10.1016/j.sigpro.2009.08.010.
  8. ^ "Archived copy". Archived from the original on 6 November 2018. Retrieved 17 September 2019.{{cite web}}: CS1 maint: archived copy as title (link)
  9. ^ "Secure Steganography for Audio Signals" (PDF). Wseas.us. Retrieved 14 December 2021.
  10. ^ Bender, W.; Gruhl, D.; Morimoto, N.; Lu, A. (1996). "Techniques for data hiding" (PDF). IBM Systems Journal. 35 (3.4). IBM Corp.: 313–336. doi:10.1147/sj.353.0313. ISSN 0018-8670. S2CID 16672162. Archived from the original (PDF) on 11 June 2020.
  11. ^ Cheddad, Abbas; Condell, Joan; Curran, Kevin; Mc Kevitt, Paul (2009). "A skin tone detection algorithm for an adaptive approach to steganography". Signal Processing. 89 (12): 2465–2478. doi:10.1016/j.sigpro.2009.04.022.
  12. ^ El-Khalil, Rakan; Keromytis, Angelos D. (2004), "Hydan: Hiding Information in Program Binaries", Information and Communications Security, Lecture Notes in Computer Science, vol. 3269, Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 187–199, doi:10.1007/978-3-540-30191-2_15, ISBN 978-3-540-23563-7, retrieved 4 October 2020
  13. ^ "Secret Messages Can Hide in AI-Generated Media". No. Quanta Magazine. 2023. Retrieved 17 June 2023.
  14. ^ de Witt, Christian Schroeder, Samuel Sokota, J. Zico Kolter, Jakob Foerster, and Martin Strohmeier. "Perfectly Secure Steganography Using Minimum Entropy Coupling." arXiv preprint arXiv:2210.14889 (2022).
  15. ^ Akbas E. Ali (2010). "A New Text Steganography Method By Using Non-Printing Unicode Characters" (PDF). Eng. & Tech. Journal. 28 (1).
  16. ^ Aysan, Zach (30 December 2017). "Zero-Width Characters". Retrieved 2 January 2018. In early 2016 I realized that it was possible to use zero-width characters, like zero-width non-joiner or other zero-width characters like the zero-width space to fingerprint text. Even with just a single type of zero-width character the presence or non-presence of the non-visible character is enough bits to fingerprint even the shortest text.
  17. ^ Aysan, Zach (1 January 2018). "Text Fingerprinting Update". Retrieved 2 January 2018.
  18. ^ T. Y. Liu and W. H. Tsai, "A New Steganographic Method for Data Hiding in Microsoft Word Documents by a Change Tracking Technique," in IEEE Transactions on Information Forensics and Security, vol. 2, no. 1, pp. 24–30, March 2007. doi:10.1109/TIFS.2006.890310 [1]
  19. ^ Yang, Z., Zhang, S., Hu, Y., Hu, Z., & Huang, Y. (2020). VAE-Stega: Linguistic Steganography Based on Variational Auto-Encoder. IEEE Transactions on Information Forensics and Security.
  20. ^ Dachis, Adam (June 2011). "How to Hide Secret Messages and Codes in Audio Files". Lifehacker. Retrieved 17 September 2019.
  21. ^ Giannoula, A.; Hatzinakos, D. (2003). "Compressive data hiding for video signals". Proceedings 2003 International Conference on Image Processing (Cat. No.03CH37429). Vol. 1. IEEE. pp. I–529–32. doi:10.1109/icip.2003.1247015. ISBN 0780377508. S2CID 361883.
  22. ^ Dittmann, Jana; Hesse, Danny; Hillert, Reyk (21 March 2005). Delp Iii, Edward J; Wong, Ping W (eds.). "Steganography and steganalysis in voice-over IP scenarios: operational aspects and first experiences with a new steganalysis tool set". Security, Steganography, and Watermarking of Multimedia Contents VII. 5681. SPIE: 607. Bibcode:2005SPIE.5681..607D. doi:10.1117/12.586579. S2CID 206413447.
  23. ^ B. Xiao, Y. Huang, and S. Tang, "An Approach to Information Hiding in Low Bit-Rate Speech Stream", in IEEE GLOBECOM 2008, IEEE, pp. 371–375, 2008. ISBN 978-1-4244-2324-8.
  24. ^ Huang, Yong Feng; Tang, Shanyu; Yuan, Jian (June 2011). "Steganography in Inactive Frames of VoIP Streams Encoded by Source Codec" (PDF). IEEE Transactions on Information Forensics and Security. 6 (2): 296–306. doi:10.1109/tifs.2011.2108649. ISSN 1556-6013. S2CID 15096702.
  25. ^ Huang, Yongfeng; Liu, Chenghao; Tang, Shanyu; Bai, Sen (December 2012). "Steganography Integration Into a Low-Bit Rate Speech Codec" (PDF). IEEE Transactions on Information Forensics and Security. 7 (6): 1865–1875. doi:10.1109/tifs.2012.2218599. ISSN 1556-6013. S2CID 16539562.
  26. ^ Ghosal, Sudipta Kr; Mukhopadhyay, Souradeep; Hossain, Sabbir; Sarkar, Ram (2020). "Application of Lah transform for security and privacy of data through information hiding in telecommunication". Transactions on Emerging Telecommunications Technologies. 32 (2). doi:10.1002/ett.3984. S2CID 225866797.
  27. ^ Wendzel, Steffen; Mazurczyk, Wojciech; Haas, Georg. "Don't You Touch My Nuts: Information Hiding In Cyber Physical Systems Using Smart Buildings". Proceedings of the 2017 IEEE Security & Privacy Workshops. IEEE.
  28. ^ Tuptuk, Nilufer; Hailes, Stephen. "Covert channel attacks in pervasive computing". Proceedings 2015 IEEE International Conference on Pervasive Computing and Communications (PerCom).
  29. ^ Krzysztof Szczypiorski (4 November 2003). "Steganography in TCP/IP Networks. State of the Art and a Proposal of a New System – HICCUPS" (PDF). Institute of Telecommunications Seminar. Retrieved 17 June 2010.
  30. ^ Patrick Philippe Meier (5 June 2009). "Steganography 2.0: Digital Resistance against Repressive Regimes". irevolution.wordpress.com. Retrieved 17 June 2010.
  31. ^ Craig Rowland (May 1997). "Covert Channels in the TCP/IP Suite". First Monday Journal. Archived from the original on 26 January 2013. Retrieved 16 June 2010.
  32. ^ Steven J. Murdoch & Stephen Lewis (2005). "Embedding Covert Channels into TCP/IP" (PDF). Information Hiding Workshop. Retrieved 16 June 2010.
  33. ^ Kamran Ahsan & Deepa Kundur (December 2002). "Practical Data Hiding in TCP/IP" (PDF). ACM Wksp. Multimedia Security. Archived from the original (PDF) on 29 October 2012. Retrieved 16 June 2010.
  34. ^ Kundur D. & Ahsan K. (April 2003). "Practical Internet Steganography: Data Hiding in IP" (PDF). Texas Wksp. Security of Information Systems. Archived from the original (PDF) on 29 October 2012. Retrieved 16 June 2010.
  35. ^ Wojciech Mazurczyk & Krzysztof Szczypiorski (November 2008). "Steganography of VoIP Streams". On the Move to Meaningful Internet Systems: OTM 2008. Lecture Notes in Computer Science. Vol. 5332. pp. 1001–1018. arXiv:0805.2938. doi:10.1007/978-3-540-88873-4_6. ISBN 978-3-540-88872-7. S2CID 14336157.
  36. ^ Bartosz Jankowski; Wojciech Mazurczyk & Krzysztof Szczypiorski (11 May 2010). "Information Hiding Using Improper Frame Padding". arXiv:1005.1925 [cs.CR].
  37. ^ Wendzel, Steffen; Keller, Joerg (20 October 2011). "Low-Attention Forwarding for Mobile Network Covert Channels". Communications and Multimedia Security. Lecture Notes in Computer Science. Vol. 7025. pp. 122–133. doi:10.1007/978-3-642-24712-5_10. ISBN 978-3-642-24711-8. Retrieved 4 September 2016.
  38. ^ Mazurczyk, Wojciech; Wendzel, Steffen; Zander, Sebastian; Houmansadr, Amir; Szczypiorski, Krzysztof (2016). Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications (1 ed.). Wiley-IEEE. ISBN 978-1-118-86169-1.
  39. ^ Girling, C.G. (February 1987). "Covert Channels in LAN's". IEEE Transactions on Software Engineering. SE-13 (2): 292–296. doi:10.1109/tse.1987.233153. ISSN 0098-5589. S2CID 3042941.
  40. ^ M. Wolf, “Covert channels in LAN protocols,” in Proceedings of the Workshop on Local Area Network Security (LANSEC’89) (T.A. Berson and T. Beth, eds.), pp. 91–102, 1989.
  41. ^ Rowland, Craig H. (5 May 1997). "Covert channels in the TCP/IP protocol suite". First Monday. 2 (5). doi:10.5210/fm.v2i5.528. ISSN 1396-0466.
  42. ^ Kamran Ahsan, “Covert Channel Analysis and Data Hiding in TCP/IP,” MSc Thesis, University of Toronto, 2002.
  43. ^ Murdoch, Steven J.; Lewis, Stephen (2005), "Embedding Covert Channels into TCP/IP", Information Hiding, Springer Berlin Heidelberg, pp. 247–261, doi:10.1007/11558859_19, ISBN 9783540290391
  44. ^ Józef Lubacz; Wojciech Mazurczyk; Krzysztof Szczypiorski (February 2010). "Vice Over IP: The VoIP Steganography Threat". IEEE Spectrum. Retrieved 11 February 2010.
  45. ^ Krzysztof Szczypiorski (October 2003). "HICCUPS: Hidden Communication System for Corrupted Networks" (PDF). In Proc. of: The Tenth International Multi-Conference on Advanced Computer Systems ACS'2003, pp. 31–40. Retrieved 11 February 2010.