Steganography

The steganography (including steganography ) is the art or science of the hidden storage or transmission of information in a carrier medium (container). The word can be traced back to the Greek components στεγανός steganós 'covered' and γράφειν gráphein 'write', meaning literally “covered writing” or “secret writing”. The modified medium is called a steganogram .

Image of a tree (88 kB ) into which an additional (invisible) image of a cat has been inserted using computer-aided steganographic methods

Image of the cat (19 kB), which in the above image is hidden in the two least significant bits of each color channel of each pixel

Goals of steganography

The use of steganography aims at secrecy and confidentiality. Information is hidden in such a way that a third party does not become suspicious of the carrier medium. This also ensures that the hidden information does not become known to third parties, i.e. This means that secrecy is guaranteed (as with cryptography).

The classification of steganography is usually carried out in two possible ways: Either it is viewed as a sub-chapter of cryptography or as an independent scientific area. The latter is supported by the fact that the objective of cryptography (secrecy) does not correspond to the objective of steganography (confidential secrecy by hiding the secrecy). In practice, cryptography and steganography are often combined because, for example, ciphertexts have interesting statistical characteristics for steganography.

Delimitations

The functional principle of steganography is based on the fact that an outsider does not recognize the existence of the steganographed information. This is how steganography differs from cryptography , in which an outsider knows about the existence of information, but is unable to understand the content due to the encryption.

example: If Alice sends a message to Bob , but replaces each letter with the one five digits further in the alphabet before it is sent, it is cryptography ( Caesar cipher ). Walter, an outside person (perhaps a prison guard), intercepts the message while it is being transported, but cannot understand it without knowing the encryption method. But he sees that a message has been sent from Alice to Bob. If it is in his power, he will either change the message or not deliver it to Bob.; If, on the other hand, Alice sends Bob a message in the form of a (unimportant) poem, in which the first letters of the lines read one after the other form the actual message, the outside Walter can see that Alice Bob is sending a message. The content that Walter perceives does not correspond to the relevant message from Alice to Bob. The probability that Walter changes or blocks the message is low due to a lack of interest. This is steganography.

In steganography, the scenario usually used is the sending of messages from a sender to a recipient. Data storage can also be mapped on it; in this case it is about communication with oneself (sender = receiver). However, this special case is usually neglected.

Imperceptible digital watermarks are very similar to steganography, but their purpose is different. Steganography wants to ensure confidentiality, whereas digital watermarks place the main focus on robustness: Depending on the intended use, the robustness property of a watermark is selected so that it is destroyed by small changes (to prove that the carrier's integrity has been violated) or withstands very strong changes (for the marking of the carrier, e.g. with important information such as owner, author, performance location, etc.). If the watermark is destroyed in the latter case, the carrier is so degraded that it can no longer be used. Depending on the intended use, the robustness can be varied between the described poles. Digital watermarks use steganographic techniques and therefore also perform the other properties of these techniques such as B. Confidentiality with yourself. If necessary, these other properties are degraded in order to maintain robustness, just as with steganography and the like. a. the robustness can be relaxed in order to ensure confidentiality.

safety

A steganographic method is considered safe if, after the method has been applied to a medium, third parties cannot draw any conclusions as to whether non-obvious information is hidden in a given medium . Another, but subordinate, security feature is that embedded information cannot be read by third parties, even if they are known to exist. By uncovering steganographic content and the analysis method, the steganographic employs Steganalysis (analogous to the cryptanalysis in cryptography).

Furthermore, if the message is encrypted before it is embedded, an encrypted message is usually indistinguishable from random data. For the uninitiated, it cannot be distinguished from the material irregularities of image and sound carriers (e.g. texture of the carrier fabric, background noise, etc.).

Kerckhoffs' principle in steganography

Kerckhoffs' principle states that the security of a system must not depend on the secrecy of the algorithms, but only on the secrecy of a key. In the case of secure processes, only knowing the correct key is important for recognizability .

The consideration of the Kerckhoffs principle in steganography is historically considered only of secondary importance, since it was initially a matter of establishing the undetectability of the human senses. Therefore, older steganography algorithms in particular are inherently insecure as soon as they are accessible from an open source.

In steganography, more effort has to be made than in cryptography in order to fulfill Kerckhoffs' principle and at the same time not to miss the main goal of steganography, the preservation of imperceptibility or undetectability.

Symmetrical steganography

Similar to symmetric cryptography , symmetric steganography is based on the fact that the sender and recipient of a message have exchanged a secret key prior to covert communication . Both know how and where a message is hidden.

Asymmetric steganography

Asymmetric steganography (also known as public key steganography ) is based - like asymmetric cryptography - solely on the fact that every potential recipient of a concealed message provides a (as authentic as possible ) public key which is used to hide a message. This public key is used to encrypt and embed the message. The message can only be read by the recipient who has his own private key. The sender cannot decrypt the message again. If the algorithm used is based on Kerckhoffs' principle, it is not even able to find out whether a message is hidden in a medium. The only exception is that he compares the carrier medium directly with the steganogram .

Types of steganography

Historical

A somewhat time-consuming process is known from antiquity : There the head of a slave was shaved and a message was tattooed on the scalp. As soon as the hair grew back, the slave was sent to the recipient.

Well-known examples are also wax tablets , which usually contain messages carved into wax. In contrast, the secret messages were scratched into the wood underneath, the wax poured over them and given an unsuspicious message.

Further historical examples are imperceptible or difficult to recognize watermarks in paper or banknotes.

Friedrich L. Bauer describes a soldier in the war who, in his letters home, uses the first letter after the salutation to inform his parents of his whereabouts in Tunis . He does not pay attention to the (randomly different) transit times of the individual letters. When his parents asked some time later where Nutsi was , the procedure, which was inconspicuous in itself, was revealed .

There are numerous classic methods of steganography, u. a .:

the "invisible" secret ink on paper (for example lemon juice)
a false bottom in parcels or envelopes
hollow heels of shoes and the like
the microdot
secret writing with light: stenographia
embedding one message in another below the threshold of perception.

Technical steganography

Examples are:

The use of microfilms is known from older crime novels, whereby sometimes an A4 page can be hidden on the size of a typewriter dot. Such a point ( called "microdot" or micropoint in technical terminology ) can be easily hidden.

Ancient hidden tattoo falls under this term.

Identification of copies or printouts using machine identification codes .

Linguistic steganography

Letter-word substitution table at the beginning of Book I of the Polygraphia by Johannes Trithemius

In books I and II of Johannes Trithemius' Steganographia (1499/1500), the individual letters of the text to be kept secret are stretched to new words, first in unsubstituted form, then by means of monoalphabetic substitution, in a given rhythm, often including empty spaces, and these new words are syntactically and grammatically correct to form a thematically coherent text. In books I and II of Trithemius' Polygraphia (1508/1515), the words that replace the letters of the plaintext no longer have to be invented by the cipher themselves; in the nominative 24 corresponding adjectives, then 24 participles, then 24 accusative objects, then 24 predicates, then 24 dative objects etc. where the word tables are to be used once per letter, from left to right. So z. B. the encryption of preferring directly the text "Illustrator sapientissimus gubernans celestia concedat requirentibus". The sentence "Salvator sapientissimus dirigens angelica deferat nobis charitas potentissimi creatoris" is a cipher of the word Wikipedia .

Spammimic is a program that encrypts a short typed message into harmless-looking text that is similar to spam.

Nicetext turns a binary file into pseudo-natural text. The program uses context-free grammars for this . The program includes a dictionary and writing styles. The dictionary contains English words classified into five grammatical types (article, noun, verb, adjective, preposition). The style determines the syntactic rules for different sentence types. A simple sentence has e.g. B. the structure ART-SUBST-VERB-ART-SUBST.

The coder chooses a style for the transformation. The input bits serve as pointers to the words in the various classes of the dictionary. The decoding is based on a simple reverse codebook search.

Example of the principle: Assume the dictionary contains four words in the class ART (with the binary indices 00 to 11) and 32 words in SUBST (with the binary indices 00000 to 11111). The input is the bit sequence 0101110. The first two bits of the input (01) are replaced by the second word in ART. The next word corresponds to the 15th word in SUBST.

Semagram

A subclass of linguistic steganography is the semagram. Information is transmitted through small details in an inherently harmless message, a picture or a drawing.

In a text, the characters of a secret message can be masked by choosing different fonts, such as the coded characters in the original form of the Bacon cipher . However, these small differences are clearly visible even to the untrained eye. Are less noticeable as the use of presence or swabs, small Tintenpatzern , seemingly hanging typewriter types and the like.

In addition to text seminars, messages can be hidden in images. The length of blades of grass on a stream could be a Morse code , the number and arrangement of the clouds in a landscape that appears to have been drawn by children could represent a letter . Sending a box of clocks can be a semagram. The arrangement and pointer position could contain important information.

Open Code

It is more time-consuming to develop your own secret language . For example, secret symbols are interspersed according to a certain pattern . The advantage of these methods is that, unlike a semagram, they cannot be easily identified as secret messages by third parties.

Masked cipher, jargon code

Masked cipher is a kind of secret language. Certain phrases , words or signs are assigned a special meaning ; this must be agreed between the partners in advance. Some expressions of such secret languages have already found their way into everyday language as jargon , just think of:

"Coal", "gravel" → money
"Hole", "ports" → prison
“Substance” → drugs
"Rat" → traitor

Unfair card players can use show of hands to indicate with whom and what they want to play. It is also possible to use sentences or words that begin with “H”, which could indicate that “heart” should be played. The more individual such a code is, the less conspicuous it is. However, the created or spoken text can appear slightly artificial and bloated.

Masked secret scripts are susceptible to censorship : a censor who rewrites texts with the same content, for example by using synonyms, can unknowingly destroy the secret content.

Disguised secret scripts

Hiding secret messages in a text in such a way that they do not interfere with the normal flow of text can be laborious. The secret characters are in a certain pattern in the inconspicuous text, for example every second character after a comma could be a letter of a secret word. With the Westerlinck or “one, one, one” code , the secret message is encoded by the number of syllables in the text words .

Stencils that are placed over a text, the openings of which only allow the relevant secret words to shine through, are called cardan grids . Since the gaps in between have to be filled geometrically with text, this usually results in a cumbersome sentence structure and strange choice of words.

Similar procedures

Wheat-and-chaff algorithm : A technique used to hide secret messages like needles in a haystack from irrelevant but similar-looking data.
Covert Channel : A parasitic communication channel that uses the bandwidth of a legitimate communication channel to convey information.

literature

Friedrich L. Bauer : Deciphered Secrets. Methods and maxims of cryptology. 3rd, revised and expanded edition. Springer, Berlin et al. 2000, ISBN 3-540-67931-6 , (former title Kryptologie ).
Neil F. Johnson, Zoran Durić, Sushil Jajodia: Information Hiding: Steganography and Watermarking - Attacks and Countermeasures. Springer, Berlin a. a. 2001, ISBN 978-0-7923-7204-2 .
Fabien Petitcolas, Stefan Katzenbeisser: Information Hiding Techniques for Steganography and Digital Watermarking. Artech House, Boston, Mass. 2000, ISBN 978-1-58053-035-4 .

Web links

Wiktionary: steganography - explanations of meanings, word origins, synonyms, translations

Individual evidence

^ Wilhelm Gemoll : Greek-German school and hand dictionary . G. Freytag Verlag / Hölder-Pichler-Tempsky, Munich / Vienna 1965.
↑ Auguste Kerckhoffs : La cryptographie militaire. In: Journal des sciences militaires. Vol. 9, pp. 5-38 (Jan. 1883), pp. 161-191 (Feb. 1883).
↑ Stephan Spitz, Michael Pramateftakis, Joachim Swoboda: Cryptography and IT Security: Principles and Applications . Springer, 2011, ISBN 978-3-8348-8120-5 , pp. 15 ( google.com ).
^ Günter Müller, Kai Rannenberg, Manfred Reitenspieß: Reliable IT systems: Between key escrow and electronic money . Vieweg + Teubner, 2013, ISBN 978-3-322-86842-8 , pp. 215 ( google.com ).
^ Fabien Petitcolas, Stefan Katzenbeisser: Information Hiding Techniques for Steganography and Digital Watermarking. Artech House, Boston, Mass. 2000, ISBN 978-1-58053-035-4 .
↑ Trithemius Polygraphiae LIBRI SEX , Frankfurt 1550 .
↑ Richard Eier: Cryptography and Information Theory . PDF
↑ Linguistic steganography with Spammimic
↑ Eric Cole: Hiding in Plain Sight. Steganography and the art of covered communication. Wiley, New York 2003, ISBN 0-471-44449-9 .

This version was added to the list of articles worth reading on November 12, 2005 .

[1] Wilhelm Gemoll : Greek-German school and hand dictionary . G. Freytag Verlag / Hölder-Pichler-Tempsky, Munich / Vienna 1965.

[2] Auguste Kerckhoffs : La cryptographie militaire. In: Journal des sciences militaires. Vol. 9, pp. 5-38 (Jan. 1883), pp. 161-191 (Feb. 1883).

[3] Stephan Spitz, Michael Pramateftakis, Joachim Swoboda: Cryptography and IT Security: Principles and Applications . Springer, 2011, ISBN 978-3-8348-8120-5 , pp. 15 ( google.com ).

[4] Günter Müller, Kai Rannenberg, Manfred Reitenspieß: Reliable IT systems: Between key escrow and electronic money . Vieweg + Teubner, 2013, ISBN 978-3-322-86842-8 , pp. 215 ( google.com ).

[5] Fabien Petitcolas, Stefan Katzenbeisser: Information Hiding Techniques for Steganography and Digital Watermarking. Artech House, Boston, Mass. 2000, ISBN 978-1-58053-035-4 .

[poly71-6] Trithemius Polygraphiae LIBRI SEX , Frankfurt 1550 .

[7] Richard Eier: Cryptography and Information Theory . PDF

[8] Linguistic steganography with Spammimic

[9] Eric Cole: Hiding in Plain Sight. Steganography and the art of covered communication. Wiley, New York 2003, ISBN 0-471-44449-9 .