Digital Invisible Ink Toolkit

BACKGROUND

Steganography is the art and science of hiding information. Most people have probably used it as a child - writing on a blank sheet of paper using lemon juice. The lemon juice appears "invisible" until the paper is heated - and because it burns before the paper does the invisible writing magically appears. More modern applications have become much more sophisticated, and in the last 10 years there has been more and more people using computers to hide information.

Electronically, the idea is to replace some redundant information in a cover object with the hidden message. With the lemon juice example the paper is the "cover". In this project, images are used as the cover to hide the information. There are programs available that hide in other digital mediums such as email content, word documents, music/sound files, unused diskspace and many others. Regardless of what type of cover is used, the resulting stego-object (the cover containing the hidden information) should have nothing noticeably wrong with it.

When using images it's possible to change the colours a little bit so that the message can be hidden. It's possible to completely overwrite the 4 least significant bits of each colour value (there are 8 possible bits - meaning half of the picture is overwritten) without the picture suffering too much degradation. However, there are techniques known as "steganalysis" which can look at the image and provide a probability of it containing hidden information. If you are using least significant steganography the steganalysis can very often get it right. There is a notion of security here - steganography is secure if even knowing how the message was embedded does not necessarily mean you can retrieve it - or even tell that there is something hidden.

Steganography is often confused with watermarking. Watermarking often uses similar techniques - but there are two big differences. Firstly, watermarking is highly robust. If a watermarked picture is rotated, resized, flipped, recoloured - it should still be possible to retrieve the watermark. If the same is done to a picture that has had steganography applied it is highly unlikely you will be able to get any of the message out at all. Secondly, watermarking isn't necessarily hidden. It may be possible to look at a watermarked item and see the watermark. With steganography we are hiding information - so if it's hidden well, we shouldn't be able to see anything.

In this project, least significant bit steganography is being used. The reason that this method was chosen over others is as follows:

It allows a huge amount of information to be hidden compared to other techniques.
Techniques that hide in the discrete cosine transform coefficients of jpeg's leave a very predictable marking on the file format - because we are changing the colours and not the file format this can be avoided.
If the right algorithm is used, it can be extremely secure.
There are no free user-friendly applications that I've found that implement this technique using a graphical interface and a selection of techniques.

Digital Invisible Ink Toolkit allows you to pick from several different hiding techniques and hide a file of any type (message) inside an image. It can currently handle reading 24-bit colour JPG, PNG and BMP formats, and allows you to save the stego-image as either a 24-bit PNG or BMP. As long as you know what algorithm was used to hide the message (and the password used) it is possible to retrieve the hidden file intact. The toolkit also provides some benchmarking and steganalysis information on any given pictures. There is more information on the documentation page about how this is done.