Hide information in images using Steg

Antonio Guillem, 123RF

Antonio Guillem, 123RF

Camouflaged

Encrypted files are always of interest to inquisitive parties. However, hardly anyone comes up with the idea that harmless-looking images could contain hidden information.

Even before the revelations by Edward Snowden, many users worried about how to effectively protect their private databases stored locally or in the cloud. Since minor weaknesses became apparent in the well-known TrueCrypt encryption software in a large-scale audit [1], many people have been searching for alternatives. Steganography is a little-known technology that not only protects data from prying eyes but also obfuscates its very existence.

Basics

The technique of steganography relies on hiding sets of data in a carrier medium. An image or audio file in which the message is embedded in the form of a text file is usually used for this purpose. With steganographically modified carrier media (unlike with encrypted files or encrypted file containers), it isn't usually possible for outsiders to detect that it contains a message – this significantly reduces the risk of a possible attack.

Some steganographic tools offer an extra option for particularly cautious individuals; you can, for example, encrypt the data before embedding it and add password protection. Then, the embedded content cannot be read by the attacker even after a successful attack on the data carrier and a second cryptographic attack would be needed.

Another possible use of steganography software is to provide a data carrier with an invisible digital watermark to, for example, identify copyrighted works. This means the origin of a piece of work can be proven beyond doubt in case of a dispute. However, steganographic watermarks are lost as soon as you edit the target file after embedding the watermark – by converting to a different format, for example.

Technology

Image files with high color depth are usually used as steganographic carrier media because they are particularly good at embedding messages without a detectable change in the image. It does not matter whether the data carrier is a medium with lossless or lossy compression. Photos taken with a digital camera and images that you digitize with a scanner are equally suitable for steganographic purposes.

Popular steganographic programs embed the message in a pixel's least significant bit of the color value as this is where modifications are least noticeable. The software automatically determines suitable pixels for avoiding striking changes with areas of the same color. Additionally, the algorithm disperses the embedded messages across the whole image area to prevent discovery by attacks using statistical methods.

The limited capacity of the carrier medium is the biggest disadvantage of steganographic encryption: Several megabytes of information can only be hidden in very large image files with high color depth. Image distortions would otherwise be visible to the naked eye with smaller images.

Getting Started with Steg

A whole range of steganographic applications are available to choose from in Linux, the most famous being OutGuess [2] and Steghide [3]. Both are command-line programs and therefore tend to deter beginners.

The Steg program [4], by contrast, is aimed at users who don't want to switch to a terminal to laboriously enter parameters, but who still want to configure the software manually in spite of the graphical user interface.

Steg is available for both 32- and 64-bit systems in the form of TGZ-compressed binaries. You need to download the appropriate, almost 8MB archive, extract it, and then switch to the newly created directory. Here you will find a shell script and a binary file as well as the various Qt libraries. If you are working with a Qt-based graphical user interface, such as KDE or TDE, you can launch Steg in the terminal using the ./steg call.

However, with systems without a Qt environment, you should execute the accompanying shell script to set the appropriate variables and then activate the tool. Steg displays the versions of the Qt libraries you're using on the home screen (see the "Version Problems" box).

Version Problems

Caution is advised with Linux distributions that natively use Qt libraries in version 4.8.6: They clash with version 4.8.4 used by Steg and make the software unusable, which then doesn't save steganographically modified container files. The only possible remedy is to uninstall the libqt4 libraries via the package manager. However, you should only interfere with the system like this if no other programs use Qt 4.8.6.

Instead of starting the software in the terminal, you can also manually create a corresponding menu item. Confirm the license when you first start it because Steg is not free software, but rather "freeware." A nondescript program window (Figure 1) with a menu and a button bar then opens; inactive buttons for improving orientation are grayed out.

Figure 1: Before loading the image, the program window is limited to the essentials.

You will find some information about the images in the gray boxes directly under the two images. The Available Space lines is at the bottom right in the program window. This specifies how many messages can be hidden up to what size in the active image without conspicuous inconsistencies in the color representation (Figure 2).

Figure 2: The window shows the original image on the left and the one with the hidden information on the right. Any differences are immediately noticeable.

Configuration Dialog

After importing the carrier medium, the tool activates the fourth button from the left in the upper button bar. It acts as a configuration dialog for the text to be embedded and is therefore also labeled Configuration .

The corresponding dialog consists of two tabs arranged horizontally at the top; the left one, named Common Options , is active. Enter an additional descriptive text up to 256 characters in the large input field.

This description does not display the application separately when extracting the message file. The software transfers the additional text to the steganogram if you place a checkmark in front of the Embed a text message: option via the input field (Figure 3).

Figure 3: You can define the type of encryption and an associated password, among other things, in the configuration dialog.

You can set up the encryption mode in the Crypto Options section below. Steg inherently encrypts all data to be embedded and provides different methods to do so. You can decide the method you want in the Crypto Mode selection field. The Auto option automatically encrypts the message file and the inputted additional text without having to specify a password or a key pair.

However, if you select the Symmetric PassPhrase option, you will need a password for encrypting and decrypting the steganogram, which you enter in the PassPhrase: input field below. The field initially appears with a red background.

The background color changes to green when you enter a suitable password. This prevents the use of weak passwords because Steg only accepts the password once the color has changed.

You will need the receiver's public key to embed data for the Asymmetric Unsigned option (which separates encryption and decryption), and you'll need your own private key to receive data.

The Asymmetric Signed option is the most secure form of encryption with which you use the receiver's public key and your own private key to embed data. However, when receiving a steganogram, embedded messages are encrypted using your private key.

The software expects you to specify the sender's public key for verifying data after successfully reconstructing embedded data. If this key is missing, Steg will inform you that the sender's identity couldn't be verified. The software provides you with an appropriate tool for generating the key. You can access it in the menu at Tools | RSA key-pair generator… .

You will find some options for embedding data in the Special Options tab in the configuration window. Different configurations options will appear here depending on the format you're using.

If you're using a compressed JPEG, in Smart Distribution , you can set up whether Steg should preferably embed the message file over the entire data carrier – this makes the statistical process of localizing steganographic modifications more difficult. The routine proceeds very conservatively when embedding data – meaning that less data can be hidden.

For uncompressed image formats, you should instead determine the intensity at which Steg should modify individual pixels separately by individual color percentages.

The software always works with the least significant bit. The higher you set the values in this dialog, the more likely the embedded message is to stand out. It is worth choosing the smallest possible values to avoid striking – and thus statistically valuable – changes to the container file.

Clicking OK at the bottom left of the dialog window applies the settings to the image on the right. If any changes to the original (shown on the left) stand out, you should modify the settings. A small button bar directly below both image windows lets you zoom in to each picture. Clicking the sixth button from the left in the main window, Hide Noise , will fill all the pixels with random data based on the current configuration so that you can see at a glance how the modified image when using the full embedding potential.

This step allows you to check the current settings before embedding real texts. If the results don't meet your expectations because, for example, the image modifications are noticeable (Figure 4), undo the last action by clicking the Revert option from the Edit menu in the menu bar at the top of the program window.

Figure 4: If the carrier file contains too much hidden data, this will be unpleasantly obvious through color distortions.

Data Acquisition

After adjusting all the options, the next step is to embed the message in the carrier file. To do this, either click the seventh button from the left in the button bar or select the Hide Data… option from the Hide menu. Then, determine the content to be embedded in the next dialog in the file manager. Steg immediately merges the two files and displays a corresponding message upon completion.

The software also accepts archives as files to be embedded. Compressing beforehand doesn't just save space, it also makes it possible to hide more source files in a single data carrier.

Steg will issue a corresponding message if the size of the data file exceeds the maximum storage volume of the data carrier. It's a good idea to split the data and to embed it in multiple carrier files or to use a data carrier that provides a larger storage volume.

Finally, you need to save the container file you've just created. To do this, click the disk icon in the button bar and enter the storage path and file name in the file manager. Steg support the TIFF, PNG (uncompressed), and JPG (compressed) formats for the containers.

Extracting

It's pretty easy to extract content from a steganographically modified container file. First, load the container file in the program. If you've also encrypted the file symmetrically or asymmetrically, call up the Configuration menu and enter the authentication data here.

Second, click the Extract entry in the menu line of the program window, followed by Extract Data…. . Then, enter the target path to which Steg should extract the content in the file manager that opens separately. In the final step, the application extracts the data in the target directory and, in doing so, might manually store additional entered text in a separate file.

Conclusions

Steg is an easy-to-use graphical steganography program to help keep your confidential data really confidential. Most people viewing the steganographically modified image files aren't even suspicious that the images might contain additional information. However, steganographic methods are not generally suitable for larger sets of data, because the capacities of the carrier files are extremely limited in comparison to other cryptographic methods.