Steganography, the science of concealing messages in graphic and sound files, came into the limelight after reports that Osama bin Laden and his network were hiding behind Web encryption.
Wired and New York Times described the process in detail, while ABC News demonstrated how it may have been used by the terrorists.
That's when Niels Provos and Peter Honeyman, from the University of Michigan's Centre for Information Technology Integration, decided to step in.
The two are currently on a unique mission: Analysing images from USENET archives in order to unearth hidden messages. They started by scanning thousands of images on eBay (none of which yielded any results) before moving on to USENET.
Will they succeed this time? The sceptics doubt it. Firstly, they say, if someone hides a message well enough, detecting it amid the huge amount of other Internet traffic will be next to impossible. Secondly, even if terrorists use encrypted passwords, these may not come from the standard dictionary of passwords Provos refers to.
A PhD student of computer science, Provos has also developed stegdetect and stegbreak, both automated tools for detecting hidden content in images.
In an interview, he talks about his work and the tools being used to set up a detection framework.
Firstly, in layman terms, can you tell us how messages are hidden in pictures?:
Suppose you want to invite a friend to dinner, with the message, "Hi Elke, meet me for stuffed peppers at Fassoliki tonight". To hide this message, you take a digital picture of your favourite pet. A steganography program can combine your message and the image to produce a new image that has the invitation hidden in it.
The steganography program achieves this by slightly modifying colours in the original image to represent data from the message. Each byte in the message is broken up into bits: H is represented by '0b1001000', I by '0b1101001', the space by '0b0100000', E by '0b1000101', and so on. If a bit is 0, a colour in the image is a bit darker, if it is 1, the colour is brighter. These slight differences are not visible to the eye, but the steganography program can extract the message. Careful mathematical analysis can often reveal that a digital object has been modified to hold a hidden message.
(For detailed information on statistical steganoanalysis, detection framework and the detection software used, visit the site).
Even if there is a hidden message, how easy is it for the receiver to decipher it? What kind of technology would be required, and is it easily available?:
The sender and receiver have to agree on a method before they start communicating. You can find a number of tools on the Internet that permit hidden communication.
(Chet Hosmer, President and Chief Executive, WetStone Technologies in New York, says he found more than 100 free programs online, and there have been over a million downloads of the technology.)
You are currently analysing images from USENET archives. Why USENET?:
It is a global bulletin board with discussion groups on almost every topic. There are also groups that carry images. As done earlier, Peter Honeyman and me are using stegdetect and stegbreak to find hidden messages. The former indicates the likelihood of a hidden message contained in the image, while the latter tries to guess a secret key.
Also, would it be possible to process all images on the Net and what kind of an effort and time period would be required for such a process?:
The Web according to google has about 250 million images. However, you do not see images that are transmitted in private email. Our interest is not in searching the whole web, but to demonstrate what a detection framework could look like.
What are the other applications of steganography? Is it used for any kind of constructive application or purpose?:
Provos: The CryptoRights Foundation says that steganography is useful for human rights activists. In countries where all communication is monitored, it becomes the only method of reporting human rights violations.
More Like This:
-- What is steganography?
-- What is cryptography?
-- Can Carnivore track down terrorists?