FS Grodzinsky, K Miller and M J. Wolf
Steganography is the art and science of placing information within a seemingly unrelated artifact in order to hide the information. The term steganography comes from the Greek meaning “covered writing.” The Greeks etched messages in wooden tablets and covered them with wax. Another Greek technique was to tattoo a shaved messenger’s head, let his hair grow back, then shave it again when he had traveled to the recipient of the message.
There are important connections between steganography and cryptography. However, the two activities are separate, and it is important to understand the technical details that distinguish these two techniques. A user of cryptography often assumes that attackers are aware of the message being transmitted and seeks to make the message unintelligible to the attackers. On the other hand, a user of steganography is (typically) intent on hiding even the existence of the intended message from possible attackers.
As an additional security measure, the steganographer can encrypt a message first and then hide it using steganography to further thwart an attacker; similarly, a message can be embedded using steganography and the resulting media can itself be encrypted. Thus, steganography is a technique for providing private and potentially anonymous communication. (This anonymity can extend to the sender, the receiver or both.)
This paper reviews historical uses of steganography and the impact that advances in information and communication technology have had on steganographic techniques. In particular, we note that computing has put steganography in the hands of just about everyone with a computer and an Internet connection. There are digital steganographic tools freely available on the Web.
The ability to hide messages using steganography has social and ethical implications similar to those of cryptography. Some governments have taken steps to ban the use of cryptography or certain types of cryptography. These bans are often in place to allow authorities to monitor communications; the security of people is thought to require restrictions on the privacy of communications. Currently, steganographic techniques can be used when encryption is prohibited.
Since steganography is considered part of the cyber warfare landscape we will consider whether restrictions on steganography similar to those already in place for encryption are warranted. We will analyze the ethical tradeoffs inherent in people having unfettered access to steganography. We will also consider legal, political, and economic questions surrounding the use and possible abuse of steganography.
While there may be much to be gained in terms of security (both cyber and physical), restricting the private use of steganography restricts free speech. We will argue that there is an important benefit to society when government and private business are not always aware of who is communicating with whom, and when the communication itself is closely held. This argument is even stronger when we realize that even though current steganographic techniques are good, they are not perfect.
Steganalysis, the detection of steganographic messages in electronic media can often detect the presence of steganographic messages. Thus, it is possible for outside parties (such as governments) with effort, to detect and possibly track down both the sender and receiver of steganographic messages. These detection techniques, if used fairly, would give law enforcement and security officials the means to fulfill their responsibilities under the watchful eye of the courts, while allowing citizens, as a rule, to communicate freely. Despite the strong public benefit of unfettered communication, there are also significant risks associated with an inability to detect such messages in the case of criminals, terrorists and those who threaten civil liberties.
While steganography has the property of allowing parties to communicate with greater privacy, it also can be used in a ways that can threaten civil liberties. For example, certain printer manufactures have designed certain color printers, copiers and fax machines to encode the serial number of their machine into every printed document it produces. Our analysis will include a discussion of companies that employ steganography to track documents and other artifacts, including their responsibilities to their customers, to society in general, and to the government.
In summary, the issue of digital steganography, its relation to cryptography, and the differences in how these two techniques are viewed and regulated, are all important intersections of technical details and human values. Our paper will examine these intersections.
Cryptology: Classical Steganography. http://library.thinkquest.org/27993/crypto/steg/classic1.shtml?tqskip1=1 Accessed January 7, 2005.
Franz, Elke , and Schneidewind, Antje. (2004) Steganography II: Adaptive steganography based on dithering. Proceedings of the 2004 multimedia and security workshop on Multimedia and security, September 2004.
Schneier, Bruce. (2003) Beyond Fear: Thinking Sensibly about Security in an Uncertain World. New York: Copernicus Books.
Tuohey, Jason.(2004) Government uses color laser printer technology to track documents PC World (November 22,2004) http://www.pcworld.com/news/article/0,aid,118664,00.asp Accessed January 3, 2005.
Wang Huaiqing, Wang ,Shuozhong. (2004) Cyber warfare: steganography vs. steganalysis Communications of the ACM, Volume 47 Issue 10, October 2004.