Steganography

Steganography is about smuggling information. It is the process of hiding one message inside another in such a way that a person finding the outer message will not realise that a second message is hidden within.

Consider a prisoner who needs to receive a secret message. They know the message will be read. So if secret messages are to arrive safely, they must be encrypted. But more than that: the interceptors must not even be aware that they are viewing a hidden message. If the people who intercept the message can see that it contains an encoded message then the letter will certainly be confiscated, and the receiver possibly punished. Further messages from that sender will never be delivered. It is crucial that the code is not only unbreakable: but completely invisible!

This extra layer of hiding: an encrypted message inside a plain message, this is steganography.

As an interceptor, how can you tell if the message you are inspecting hides an invisible message within it? How can you be sure that it doesn't?

Let's take a few simple forms of steganography as an example.

The sender has used lemon juice to write a second message in invisible ink on the back of the page. The receiver, in Cell 15, is expecting this, and knows that the lemon juice message will become visible when they heat the page against the oven door in the prison kitchen. The message reads: "Kill the prisoner in Cell 13"

In another case, the sender has placed tiny pin pricks above certain letters in the message. The interceptors did not notice the tiny pin pricks. The receiver, in Cell 13, holds the page up to the light, so the pin pricks are obvious. Copies down the letter beneath each pin prick and then reads out the plain text. "Beware Cell 15."

In both cases, having the interceptor transcribe the message by hand would obliterate the hidden message. But this process would take considerable effort. Supervising prisoners during a limited time when they read their messages would be equally effective, cheaper to execute, but would allow other steganographic methods to succeed.

There are an infinite number of steganographic methods.

The technique may be this: if a sentence has an even number of words then it means "1", otherwise it means "0". Every five sentences produces a 5 bit binary number, which produces a number from 0 to 32, which are mapped to the letters A-Z and a few other characters. This would take a lot of writing to produce a short message. Perhaps instead every second word means either a 1 or a 0, depending on whether it has and odd or even number of letters.

Or the message can be read out by reading just the first letter of the first word of each sentence. Can you decode this message:

Bryan is okay. Ewan is still annoying. What do you expect? Anyway, I haven't got much else to say. Regards. Except I just remembered some news. Claire is have another baby! Everyone's excited except Claire. Larry from down the street is the father. Larry, what a character. 1 month until the baby arrives. 5 hungry mouths to feed, I don't envy them at all.

How can you ever be sure that a steganographic message has been erased? If you do find a message, can you ever be certain that your are witnessing an embedded message? Could it simply be a coincidence? If you apply 1 million different algorithms to a million pieces of text, and one of those algorithms on one of those messages decodes into a new plain text message... is it just a coincidence?

External links