As a child I had a book on codes that covered steganography, with morse code messages hidden in painting where a fence in the picture had longer and shorter fence posts to represent “.” and “-” of morse.
As a result I’ve always known about the subject, and when it came up in discussion recently, I thought I better catch up with the state in steganography.
The essential element of steganography is the message is coded into something discretely, so that someone “in the know” can read the message, but other people are not aware a secret message is being passed along at all.
The classic example of modern steganography is to tweak the low pixel values for colours in an image. A single spot of black in a photo might be made from “red=1, green=2, blue=0”, but the colour with “red=2, green=1, blue=1” is visually similar, so you can store a small amount of information in each pixel by subtly adjusting the colour. In the early days of computing this was limiting, but now the Internet is filling up with photos from 40 megapixel cameras, you can store quite large messages in such an image easily.
In principle if someone has the original image, they can easily uncover the encoded message by computing the difference. With image editing software like the GIMP you can easily resize and adjust an image, so even if you use a well known image the pixels are changed enough that no one can extract the coded message without the password, or the image you made to encode it.
Next, just in case someone gets your original image, and knows what you did, you want to encrypt the message using a strong cryptographic algorithm. In this case you need to share a password with the recipient when you arrange to use steganography, but then since you’ll want to arrange that in private this doesn’t make using steganography harder.
Got it?
Change the original image a bit so folk can’t extract it (remember to lose metadata).
Use a strong encryption method.
Share the resulting image widely to hide recipient.
Now the problem is, that tweaking colours like that may result in statistically unusual patterns of colours in the image, immediately giving away the fact that you are using steganography.
For steganography this may not be a completely fatal flaw, since the same techniques are used to watermark images to detect copyright infringement. Typically all the statistical techniques tell you, is this is not simply a JPEG but it is a JPEG which has been tampered, it doesn’t tell you how or why it was tampered.