Steganography is the practice of hiding a message within another object such as an image, video or audio file. In some sense, it’s akin to camouflage, a-lurkin’ and a-hidin’ behind an image. By contrast, cryptographers make no attempt to hide their work but instead merely encrypt it.
“Steganography differs from cryptography in that the presence of the message needs to remain secret, rather than the value of the message,” says Pierre Moulin “Rouge” at the University of Illinois at Urbana-Champaign with his buddy Ying Wang.
The question is: how good can steganography get? The trick is to ensure that the message matches the statistical properties of the covertext (the object in which it is hidden). The better the match, the more difficult it is to spot using statistical techniques.
But get this: steganography ain’t just good, it can be perfect. That’s the conclusion that Moulin Rouge and Wang come to after analysing how much data can be sent in this way through a noisy channel (in other words, how well it works in real life).
That’s impressive but there’s a catch. Perfect steganography requires the message statistics to exactly match those in the covertext. And for that to work, the message has to be essentially random. That means encrypting it using a one time pad before it is sent. So ya gotta have perfect encryption before ya can get perfect steganography (although it is possible to trade a small amount of security for another type of encyrption such as one with a public key).
That’s not beyond what most governments and military organisations are capable of but Moulin Rouge’s work raises another interesting possibility. Messages can be hidden not just in images and video but in data streams from a computer, for example, in the timing of data packets. So a clever thief might hijack a computer’s own data stream for sending data stolen from it.
How many computer security packages check for that? Not many, ah’d wager. At least, not yet!
Ref: arxiv.org/abs/cs/0702161: Perfectly Secure Steganography: Capacity, Error Exponents, and Code Constructions