Steganography Analysis and Research Center
Thoughtful . Insightful . Precise : The Global Leader in Steganalysis

Welcome to the Steganography Analysis and Research Center

A Backbone Security Center of Excellence

Home > About Steganography



What is Steganography?

Steganography is derived from the Greek words "steganos" which means "covered" or "protected and "graphein" which means "writing." When the two words are combined, the result is literally "covered writing" or "protected writing."

Essentially, stegaongraphy is a means of communicating secretly or covertly. Over the years the art of information hiding has presented itself in many ways, for example:

  • The Chinese hid secret messsages on slips of paper and baked them in moon cakes
  • Mary, Queen of Scots, hid encrypted information in the bunghole of beer barrels
  • Gaspar Schott hid information in musical symbols used to write sheet music
  • George Washington used invisible ink to communicate secretly
  • Microdots, the size of a period, were used in World War II to conceal information

For a comprehensive history of secret communication from ancient times to the present, the interested reader should read The Code Breakers by David Kahn.

In the internet era, steganography has evolved from to a digital form of information hiding. Accordingly, when talking or writing about steganography today, it is generally presumed the speaker or writer is refering to digital steganography.

Digital steganography is essentially about hiding a file in, or appending a file to, another file, called the carrier file, such that the carrier file is not altered enough to raise suspicion that something may be hidden within it or appended to it. A basic steganography model can be seen below.

Basic Steganography Model

There are a number of techniques used for information hiding for example a technique called spam mimicry where information is hidden by disguising it as spam or disguising the information as a nonsensical but often humorous one-act play as does Sam's Big G Playmaker.

A technique exists where hiding information in the unused fields of communication protocols such as IPv4 and IPv6. Using a tool called voodoon3t you can hide information in unused IPv6 fields encapsulated in IPv4 packets. The tool, introduced at DEFCON in 2006, effectively creates a tunnel for funneling hidden information though current generation network security appliances because most have yet to be programmed to inspect IPv6 packets.

Another very new technique emerging is the ability to hide information in digitized voice streams generated by the growing number of Voice over Internet Protocol (VoIP) systems being deployed. Modifying the low order bits of digitized voice signals ever so slightly hides information in a way that the hidden information does not affect the quality of the digitized voice signal.

Next Topic: Why Use Steganography?