What is Steganography?
Steganography is derived from the Greek words "steganos" which means "covered" or
"protected and "graphein" which means "writing." When the two words are combined,
the result is literally "covered writing" or "protected writing."
Essentially, stegaongraphy is a means of communicating secretly or covertly. Over
the years the art of information hiding has presented itself in many ways, for example:
- The Chinese hid secret messsages on slips of paper and baked them in moon cakes
- Mary, Queen of Scots, hid encrypted information in the bunghole of beer barrels
- Gaspar Schott hid information in musical symbols used to write sheet music
- George Washington used invisible ink to communicate secretly
- Microdots, the size of a period, were used in World War II to conceal information
For a comprehensive history of secret communication from ancient times to the present,
the interested reader should read The Code Breakers
by David Kahn.
In the internet era, steganography has evolved from to a digital form of information
hiding. Accordingly, when talking or writing about steganography today, it is generally
presumed the speaker or writer is refering to digital steganography.
Digital steganography is essentially about hiding a file in, or appending a file
to, another file, called the carrier file, such that the carrier file is not altered
enough to raise suspicion that something may be hidden within it or appended to
it. A basic steganography model can be seen below.
There are a number of techniques used for information hiding for example a technique
called spam mimicry where information is hidden by disguising it as spam or disguising
the information as a nonsensical but often humorous one-act play as does Sam's Big
A technique exists where hiding information in the unused fields of communication
protocols such as IPv4 and IPv6. Using a tool called voodoon3t you can hide information
in unused IPv6 fields encapsulated in IPv4 packets. The tool, introduced at DEFCON
in 2006, effectively creates a tunnel for funneling hidden information though current
generation network security appliances because most have yet to be programmed to
inspect IPv6 packets.
Another very new technique emerging is the ability to hide information in digitized
voice streams generated by the growing number of Voice over Internet Protocol (VoIP)
systems being deployed. Modifying the low order bits of digitized voice signals
ever so slightly hides information in a way that the hidden information does not
affect the quality of the digitized voice signal.
Next Topic: Why Use Steganography?