All of us have asked our best friend to keep a secret, but if our best friend is a geek, he might have thought of encrypting the information. Encryption is the process of transforming clear text into something that cannot be understood without the right key. For instance, Julius Cesar used a simple cipher (i.e., encryption algorithm) which is to replace every letter by the third following letter in the alphabet (the key is "third letter" and it could have been any other number). There is a lot to be said about encryption but today's topic is even more interesting because steganography is the process of keeping the information in clear but in a way that, if you don't know what you are looking for, you won't find it. Ancient greeks used it, Al Qaeda uses it, and flickr and twitter can use it.
Humans are really good at perceiving movements. In fact, Massive (the software which animated the armies in The Lord of the Rings) puts more effort in credibly simulating the movements than the actual image (or texture) which represents the people. We are also really good at finding patterns. However, apart from that, we are fairly oblivious to any other kind of change. The following video illustrates my point.
Herodoto mentions two examples of steganography in ancient times. Demaratus, former Spartan king and advisor of Darius I and Xerxes I, was said to write in a wooden plaque and cover it up with wax. In this way, the writing was not obvious and he managed to warn the Spartans about the imminent Persian attack. Another interesting but slower method was to shave the head of a slave, tattoo the message in his head and wait till the hair grows. In one way you have to heat the wood, in the other you have to shave his head again, but in both methods the message is clear if you know where to look. Funny thing is that you might probably used it as well, but not with wax or tattoos, but with some lemon juice and a candle.
Afterwards, steganography was considered old-fashioned but it has become trendy in modern times again. Internet has boosted global communications, but also global steganography. The most common example are pictures. There are several advanced techniques to include hidden information in pictures but the most straightforward approach is to change pixels in precise parts of the image. In addition, these hidden messages should be tolerant to resizing and cropping operations, therefore the message is usually hidden in the middle of the picture and it continues in an outgoing spiral.
Images are composed of pixels, the tiniest point of the image and the ones responsible for the resolution of your camera (i.e., how many pixels are in the picture). Each pixel usually has, again, three points of color (red, green and blue or RGB) that, together, they can represent most of the range of colours we can perceive. To put it simple, these red-green-blue points can be brighter or darker to display every other color and, in this case, we can include the hidden information by modifying these points and putting them a little bit darker or lighter (for advance readers, we change the least significant bits of their RGB values). These differences cannot be seen if they are subtle and they are not present in homogeneous images or patterns, that is, you would notice changes in a big black square but not in a picture of a flower. For instance, in the following picture of some trees, if you take the least significant part of the colours of every pixel and you increment the brightness, you obtain the cute cat on the other side. Cool.
It works for hidden images but it works even better for hidden text. Just imagine how many secret messages you could put in your profile images in Facebook, twitter, ... By the way, there are also several ways to hide information just in 140 characters. Unnecessary blank spaces (as Álvaro pointed out, this recalls the Whitespace programming language) and different capitalisation schemas are two posible ways to accomplish it but, the one that will catch your attention is to hide information in shortened urls. You can encode in base64 any text and put it as if it were a valid shortened url like this (http://bit.ly/cGxzY29tbWVudA==). It's even better when the urls can be customised, therefore you can make them valid. I let you figure out what is the hidden message in the previous link (use this). If you find the answer, comment it. If you need help, comment for help ;-)
Herodoto mentions two examples of steganography in ancient times. Demaratus, former Spartan king and advisor of Darius I and Xerxes I, was said to write in a wooden plaque and cover it up with wax. In this way, the writing was not obvious and he managed to warn the Spartans about the imminent Persian attack. Another interesting but slower method was to shave the head of a slave, tattoo the message in his head and wait till the hair grows. In one way you have to heat the wood, in the other you have to shave his head again, but in both methods the message is clear if you know where to look. Funny thing is that you might probably used it as well, but not with wax or tattoos, but with some lemon juice and a candle.
Afterwards, steganography was considered old-fashioned but it has become trendy in modern times again. Internet has boosted global communications, but also global steganography. The most common example are pictures. There are several advanced techniques to include hidden information in pictures but the most straightforward approach is to change pixels in precise parts of the image. In addition, these hidden messages should be tolerant to resizing and cropping operations, therefore the message is usually hidden in the middle of the picture and it continues in an outgoing spiral.
Steganography examples from the wikipedia. The cat is hidden in the trees, literally.
It works for hidden images but it works even better for hidden text. Just imagine how many secret messages you could put in your profile images in Facebook, twitter, ... By the way, there are also several ways to hide information just in 140 characters. Unnecessary blank spaces (as Álvaro pointed out, this recalls the Whitespace programming language) and different capitalisation schemas are two posible ways to accomplish it but, the one that will catch your attention is to hide information in shortened urls. You can encode in base64 any text and put it as if it were a valid shortened url like this (http://bit.ly/cGxzY29tbWVudA==). It's even better when the urls can be customised, therefore you can make them valid. I let you figure out what is the hidden message in the previous link (use this). If you find the answer, comment it. If you need help, comment for help ;-)
Related:
- Lost and Numbers Stations. Real wold example of allegedly steganographic messages
- The Moon, iPod Headphones and Nazis
References:
- Wikipedia - Crowd Simulation. The same techniques to animate armies is used to plan emergency exits and architecture planning
- Luke Hebbes' blog: RLR-UK - Twitter Steganography. Luke gave a extra-official talk during IPICS'10 where he introduced us to steganography in a very illustrative way.
- Wikipedia - Steganography
- Symantec - Steganography Revealed
You might like:
- [Book] Simon Singh - The Code Book: The Secret History of Codes and Code-breaking. I personally recommend this book. It mixes cryptography, history, side-stories and quantum computers all in the same pot. A page turner for geeks.
- Steganography Online. Do it yourself ;-)
- Online steganography service, hide message or file inside an image
I din't know what steganography was, but now I have been able to remember some examples of that in different movies, The cutthroat island, the name of the rose, even in Stalag 17, there is a sort of password with the bulk, but this one is not exactelly a steganography case.
ReplyDeleteDo you think Mercury rising could be an example of steganography or criptography?.
Congratulation on this entry.
I like very much this entry. But i want to share something. If you receive a message under criptography, perhaps you can´t understand what the message says, but you have the certanty that there is a message in it. but if you intercept a message under steganography perhaps is just a cat or a landscape, you aren´t sure that there is a secret message. this is the real advantge of the steganography. bye
ReplyDeleteIt has taken me a long time to understand what i have to do to send a message but i have got it this time.
ReplyDelete