By Gemma Penson - Computer Science Student @ Trinity Hall, Cambridge
Did you ever write secret messages in lemon juice as a child? In the artistic and computational industries, this practice is known as steganography. It is the art of hiding secret data within a file, message, or image in order to avoid detection. The process of shining a UV light on your message - the practice of detecting hidden information - is called steganalysis. The technique has been used for generations for a variety of purposes including protests, art such as Da Vinci’s ‘The Last Supper’, and even undertaking discrete illegal activity.
It is sometimes incorrectly misidentified as cryptography, which differs in that while cryptography conceals the contents of a message, steganography conceals the very existence of that message. The intended secret message in steganography is unlikely to attract attention to itself, whereas plainly visible encrypted messages (no matter how unbreakable they are) may still arouse unwanted interest. In order to perform steganalysis, not only do you have to work out how to extract the hidden message from an image, but you also first have to locate that image amongst the millions of images that are transferred over the internet every day.
A vast number of steganography techniques are used globally, with the most secure often being those that are least known about and most creative. One well-known technique is that of the least significant bit, due to its simplicity and and its ability to be undetectable to the naked eye.
An image may use a byte (8 bits) to represent each of the three colour values (red, green, and blue) used to colour each pixel using RGB. This means that there are 256 possible hues of blue, red, and green for each colour. Altering the value for red intensity from 11111111 to 11111110, where the least significant bit has been changed from a 1 to a 0, creates an indistinguishable colour difference for the human eye.
This means that the red, green, and blue least significant bits can be used for a secret message rather than for colour, with it being possible to encode one letter per every three pixels.
For cybercrime police, a critical part of their role is distinguishing between images that have been modified for legitimate reasons and ones that have been changed to contain malicious and secret information. “Nothing is the same twice, there’s no pattern to look for, and the steg itself is completely undetectable,” says Simon Wiseman, the chief technology officer of the British network security firm Deep Secure, which works on steganography defence. “With advanced statistics, if you’re lucky, you might be able to get a hint that something’s strange. But that’s no good as a defence, because the false positive and false negative rate is still enormous.”
For others, steganography is often harnessed in online challenges, to engage fans in finding out about a new launch, or to create artwork. One instance of steganography’s use in this manner was in the alternate reality game (ARG) released by YouTube channel “The Game Theorists”, where hidden messages are often revealed when audio files are converted to spectrograms.
Further reading:
Kitchin, J., 2019. Do Job Titles Really Matter? Aquent.co.uk. Available at: https://aquent.co.uk/blog/do-job-titles-really-matter
Newman, L., 2017. What Is Steganography? Wired. Available at: https://www.wired.com/story/steganography-hacker-lexicon/
Comments