Pics may be dangerous ;)

Steganography- If there’s one thing that history and popular culture has taught us about spies and secrets, it’s that often, the best hiding spot is the one in plain sight. After all, if a nosy intruder is searching for valuable information, surely the last place he’d check is right under his nose.

This logic forms the basis for steganography, itself an ancient historical practice of concealing information within images. This practice differs greatly in purpose from cryptography. The latter employs code to hide message. This appears as jumbled letters and numbers, unless a cipher (or key) was used to decrypt the information back to its original state. However, while cryptography is great for sending messages securely across unsafe channels, the very nature of the encrypted message will tip off anyone to its true form. In short, just because it’s hard to break into, doesn’t mean you want to leave it in plain sight. What if sending encrypting messages itself is against law?

This is where steganography comes in. Using basic freeware tools like OpenPuff, it’s possible to hide audio files, video, messages and images within a file (usually an image).

In Steganography, the file or image used to deliver the hidden data is called the carrier. The hidden data is referred to as payload. A carrier is usually required to hold up against different steganalysis methods, as well as common sense. Several digital artists use Steganography to embed digital watermarks into their work. In case anyone else tries to lay their claim to his or her property, the decrypted watermark can reveal the true owner. You can download OpenPuff from http://embeddedsw.net/OpenPuff_Steganography_Home.html  it’s a freeware, so you do not have to pay anything for it, which is the best part. You can also find its source page and other related documentation on http://embeddedsw.net/libObfuscate_Cryptography_Home.html. You can download it as pdf. The source can be modified and used further more too. After downloading and installing OpenPuff- currently at version 3.40-  you’ll see two primary options for Steganography: Hide or Unhide.

Select Hide and you’ll be taken to a menu divided into four steps. The first step entails entering up to three different passwords to secure your data. You can choose to enter only one password as well, if keeping up with them all becomes tough. Next, you’ll have to select your payload or target that you’ll be transferring. Use the browse button and select the target to see its overall size in a bar below the name. In third step, you’ll have to choose a carrier. Keep in mind that the carrier can’t be smaller than the target (since this will no doubt raise suspicions). You can attach multiple carrier bits if one file isn’t big enough. Hit the Add button to navigate to files designated as the carriers and select them to see their space. If the carrier space is greater, the red status bar will turn green.

 The Bit Selection Option allows you to properly encode the carrier’s size until it matches with the target. Keep in mind that some formats would be better suited than others (obviously I suppose that comes from common sense). OpenPuff will alert you if the file type isn’t supported for being a carrier.After bit selection, hit “Hide Data!” and new file will be created. On the outside, the carrier will look like a normal image file. Navigate to Unhide option in the main menu and proceed to enter all the relevant details used to encrypting the file. Ensure that the passwords and bit selection option are exactly the same as those used before, else the file won’t open. Select your carrier file then, hit “Unhide!” and voila! The payload is now revealed.

You can also choose to fool any attackers by using the “Add Decoy” option (obviously smart attackers won’t fall prey). Simply head over the hide menu, and after the Previous four steps, select “Add Decoy”. You can add a file, just like when adding the payload, and set multiple passwords for it. When you’re done, hit “Hide Data”. The decoy can be revealed in the same way as the payload, only you have to use the details entered for decoy.

Selecting the SetMark option and adding a mark to a specified carrier can add watermarks. Similarly, CheckMark allows you to verify the watermark by selecting the carrier in question. You can also use CleanUp to erase a watermark from the image.

Steganography obviously has its own pros and cons. But when used effectively, it becomes an invaluable tool to convert transmissions. Not to mention those times when you want to claim right to your work.

For further information and study on the topic, you can refer to http://www.jjtc.com/Steganography/stego.html Also some books link are provided if you want to do further research on this amazing technology, which is catching up fast on young researchers.