Hide And Seek Exploring Steganography Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Abstract: In today's world, sending & receiving the hidden information especially in public places, has received more attention. Therefore, different techniques have been proposed for hiding information in different cover media. It is well known that encryption provides secure communication between sender and receiver. However, an eavesdropper can identify encrypted streams through different tests like statistical test and capture them for cryptanalysis. Steganography is an ancient art. It is a science of communicating in a way which hides the existence of the communication. In this paper, My aim is to pinpoint different secret communication techniques, different methods for hiding data in text, image, audio/video and IP datagram as cover media, steganalysis, and steganography attacks.

Keywords: Encryption, steganography, steganalysis


With the development of computer and its extending use in different areas of life and work, the issue of information security has become increasingly important. One of the grounds discussed in information security is the exchange of information through the different cover media. To this end, different methods such as cryptography, steganography, coding, etc have been used [1]. The method of steganography is among the methods that have received attention in recent years.[2] The main goal of steganography is to hide information in the other cover media so that other person will not notice the presence of the information. This is a major distinction between this method and the other methods of covert exchange of information because, for example, in cryptography, the individuals notice the information by seeing the coded information but they will not be able to comprehend the information. The enemy is allowed to detect, intercept and modify messages. However, in steganography, the existence of the information in the sources will not be noticed at all. i.e. messages are hide inside other harmless messages in a way that does not allow any enemy to even detect that there is a second message present. Most steganography jobs have been carried out on images, video clips ,texts, music and sounds Nowadays, using a combination of steganography and the other methods, information security has improved considerably.[1] In addition to being used in the covert exchange of information, steganography is used in other grounds such as copyright, preventing e-document forging.

Steganography is derived from the Greek for covered writing and essentially means "to hide in plain sight". The main goal steganography is to hide information well enough such that the unintended recipients do not suspect the steganographic medium of containing hidden data. Simple steganographic techniques have been in use for hundreds of years, but with the increasing use of files in an electronic format new techniques for information hiding have become possible.[1]

Table 1: Comparisons of Secret Communication Technique [1]

Secret Communication Technique









Digital Signature



Steganography [3] & encryption are both used to ensure data confidentiality. However, the main difference between them is that with encryption anybody can see that both parties are communicating in secret. Steganography hides the existence of a secret message and in the best case nobody can see that both parties are communicating in secret. This makes steganography suitable for some tasks for which encryption aren't, such as copyright marking. Table 1 shows a comparison of different techniques for communicating in secret [5]. Encryption allows secure communication requiring a key to read the information. An attacker cannot remove the encryption but it is relatively easy to modify the file, making it unreadable for the intended recipient.[1]

Following Terminology is used in steganography

1)Payload:-the data that is desirable for transport.

2)Carrier: -signal, stream or data file into which the payload is hidden.

There are three different aspects of information-hiding System as follows,

Capacity - amount of information that can be hidden in the cover medium.

Security - eavesdropper inability to detect hidden information.

Robustness - amount of modification the stego medium can withstand before an adversary can destroy hidden information.


There are many different protocols and embedding techniques that enable us to hide data in a given object. However, all of the protocols and techniques must satisfy a number of requirements so that steganography can be applied correctly [5].

The following is a list of main requirements that steganography techniques must satisfy:[1]

a) The integrity of the hidden information after it has been embedded inside the stego object must be correct.

b) The stego object must remain unchanged or almost

unchanged to the naked eye.

c) In watermarking, changes in the stego object must have no effect on the watermark.

d) Finally, we always assume that the attacker knows that there is hidden information inside the stego object.

Hiding and Detecting Secret Information [1, 6]

Figure 1 shows a simple representation of the generic

embedding and decoding process in steganography. In this example, a secret image is being embedded inside a cover image to produce the stego image. The first step in embedding and hiding information is to pass both the secret message and the cover message into the encoder. Inside the encoder, one or several protocols will be implemented to embed the secret information into the cover message.

Having produced the stego object, it will then be sent off via some communications channel, such as email, to the intended recipient for decoding. The recipient must decode the stego object in order for them to view the secret information. The decoding process is simply the reverse of the encoding process. It is the extraction of secret data from a stego object. In the decoding process, the stego object is fed in to the system. The public or private key that can decode the original key that is used inside the encoding process is also needed so that the secret information can be decoded. After the decoding process is completed, the secret information embedded in the stego object can then be extracted and viewed.

Types of Steganography:

1) Pure steganography: A steganographic system that does not require the exchange of a cipher such as a stego-key is called pure steganography. This method of Steganography is the least secure means by which to communicate secretly because the sender and receiver can rely only upon the presumption that no other parties are aware of this secret message.

2) Secret key steganography: A steganographic system that requires the exchange of a secret key (stego-key) prior to communication is called secret key steganography. It takes a cover message and embeds the secret message inside of it by using a secret key (stego-key). Only the parties who know the secret key can reverse the process and read the secret message. The benefit to Secret Key Steganography is even if it is intercepted, only parties who know the secret key can extract the secret message.

Figure 1(a)

Figure 1(b)

Figure 1: Steganography

3) Public key steganography:

Public Key Steganography is defined as a steganographic system that uses a public key and a private key to secure the communication between the parties wanting to communicate secretly. The sender will use the public key during the encoding process and only the private key, which has a direct mathematical relationship with the public key, can decipher the secret message.


Steganography can be split into two categories:

a) Fragile: This steganography involves embedding information into a file which is destroyed if the file is modified.

b) Robust: Robust marking aims to embed information into a file which cannot easily be destroyed.

The common modern technique of steganography exploits the property of the media itself to convey a message. The following media are the candidate for digitally embedding message [8]: -

1) Plaintext

2) Still imagery

3) Audio and Video

4) IP datagram.

1) Plaintext steganography

In this technique the message is hidden within a plain text file using different schemes like use of selected characters, extra white spaces of the cover text etc.

1.1) Using selected characters of cover text [7]

Sender sends a series of integer number (Key) to the recipient with a prior agreement that the secret message is hidden within the respective position of subsequent words of the cover text. For example the series is '1, 2, 3, 2, 1, 1,' and the cover text is "Failure is the key of success". So the hidden message is "Fseeos". A "0" in the number series will indicate a blank space in the recovered message. The word in the received cover text will be skipped if the number of characters in that word is less than the respective number in the series (Key) which shall also be skipped during the process of message unhide.

1.2) Using extra white space characters of cover text [7]

A number of extra blank spaces are inserted between consecutive words of cover text. This numbers are mapped to a hidden message through an index of a lookup table. For example extra two spaces between adjacent words indicate the number "2" which subsequently indicates a specific text of a look-up table which is available to the both communicating parties as a prior agreement.

2) Still imagery steganography

The most used technique today is hiding of secret messages into a digital image. This steganography technique exploits the weakness of the human visual system (HVS). HVS cannot detect the variation in luminance of color vectors at higher frequency side of the visual spectrum. A picture can be represented by a collection of color pixels. The individual pixels can be represented by their optical characteristics like 'brightness', 'chroma' etc. Each of these characteristics can be digitally expressed in terms of 1s and 0s. For example: a 24-bit bitmap will have 8 bits, representing each of the three color values (red, green, and blue) at each pixel. If we consider just the blue there will be 28 different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Hence, if the terminal recipient of the data is nothing but human visual system (HVS) then the Least Significant Bit (LSB) can be used for something else other than color information. This technique can be directly applied on digital image in bitmap format as well as for the compressed image format like JPEG. In JPEG format, each pixel of the image is digitally coded using discrete cosine transformation (DCT). The LSB of encoded DCT components can be used as the carriers of the hidden message.

Figure 2: Image Steganography

The details of above techniques are explained below:

2.1) Modification of LSB of a cover image [9] : In this method binary equivalent of the message (to be hidden) is distributed among the LSBs of each pixel. For example we will try to hide the character 'A' into an 8-bit color image. We are taking eight consecutive pixels from top left corner of the image. The equivalent binary bit pattern of those pixels may be like this: -

00100111 11101001 11001000 00100111 11001000 11101001

11001000 00100111

Then each bit of binary equivalence of letter 'A' i.e. 01100101 are copied serially (from the left hand side) to the LSB's of equivalent binary pattern of pixels, resulting the bit pattern will become like this: -

00100110 11101001 11001001 00100110 11001000 11101001

11001000 00100111

The only problem with this technique is that it is very vulnerable to attacks such as image compression and formatting.

2.2) Applying LSB technique during discrete cosine transformation (DCT) [4] on cover image.[10]

The following steps are followed in this case: -

1.The Image is broken into data units each of them consists of 8 x 8 block of pixels.

2.Working from top-left to bottom-right of the cover image, DCT is applied to each pixel of each data unit.

3.After applying DCT, one DCT Coefficient is generated for each pixel in data unit.

4.Each DCT coefficient is then quantized against a reference quantization table.

5.The LSB of binary equivalent the quantized DCT coefficient can be replaced by a bit from secret message.

6.Encoding is then applied to each modified quantized DCT coefficient to produce compressed Stego Image.

3) Audio and Video Steganography [11, 12, 13]

In audio steganography, secret message is embedded into digitized audio signal which result slight altering of binary sequence of the corresponding audio file. Several methods are available for audio steganography. Some of them are as follows: -

3.1)LSB Coding: Sampling technique followed by Quantization converts analog audio signal to digital binary sequence.

In this technique LSB of binary sequence of each sample of digitized audio file is replaced with binary equivalent of secret message. For example if we want to hide the letter 'A' (binary equivalent 01100101) to an digitized audio file where each sample is represented with 16 bits, then LSB of 8 consecutive samples (each of 16 bit size) is replaced with each bit of binary equivalent of the letter 'A'.

3.2) Phase Coding:

Human Auditory System (HAS) can't recognize the phase change in audio signal as easy it can recognize noise in the signal. The phase coding method exploits this fact. This technique encodes the secret message bits as phase shifts in the phase spectrum of a digital signal, achieving an inaudible encoding in terms of signal-to- noise ratio.

3.3) Spread Spectrum [14] :

Two approaches are used in this technique: the direct sequence spread spectrum (DSSS) and frequency hopping spread spectrum (FHSS). Direct-sequence spread spectrum (DSSS) is a modulation technique used in telecommunication. As with other spread spectrum technologies, the transmitted signal takes up more bandwidth than the information signal that is being modulated. Direct-sequence spread-spectrum transmissions multiply the data being transmitted by a "noise" signal. This noise signal is a pseudorandom sequence of 1 and −1 values, at a frequency much higher than that of the original signal, thereby spreading the energy of the original signal into a much wider band.

The resulting signal resembles white noise. However, this noise-like signal can be used to exactly reconstruct the original data at the receiving end, by multiplying it by the same pseudorandom sequence (because 1 Ã- 1 = 1, and −1 Ã- −1 = 1). This process, known as "de-spreading", mathematically constitutes a correlation of the transmitted Pseudorandom Noise (PN) sequence with the receiver's assumed sequence. For de-spreading to work correctly, the transmit and receive sequences must be synchronized. This requires the receiver to synchronize its sequence with the transmitter's sequence via some sort of timing search process. In contrast, frequency-hopping spread spectrum pseudo-randomly retunes the carrier, instead of adding pseudo-random noise to the data, which results in a uniform frequency distribution whose width is determined by the output range of the pseudo-random number generator.

3.4) Echo Hiding:

In this method the secret message is embedded into cover audio signal as an echo. Three parameters of the echo of the cover signal namely amplitude, decay rate and offset from original signal are varied to represent encoded secret binary message. They are set below to the threshold of Human Auditory System (HAS) so that echo can't be easily resolved.Video files are generally consists of images and sounds, so most of the relevant techniques for hiding data into images and audio are also applicable to video media. In the case of Video steganography sender sends the secret message to the recipient using a video sequence as cover media.

Optional secret key 'K' can also be used during embedding the secret message to the cover media to produce 'stego-video'. After that the stego-video is communicated over public channel to the receiver. At the receiving end, receiver uses the secret key along with the extracting algorithm to extract the secret message from the stego-object. The original cover video consists of frames represented by Ck(m,n) where 1 k N. 'N' is the total number of frame and m,n are the row and column indices of the pixels, respectively. The binary secret message denoted by Mk(m, n) is embedded into the cover video media by modulating it into a signal. Mk(m, n) is defined over the same domain as the host Ck(m, n).The stego-video signal is represented by the equation Sk(m, n) = Ck(m, n)+k (m, n) Mk(m, n) , k = 1, 2, 3 . . .N where k (m, n) is a scaling factor. For simplicity k (m, n) can be considered to be constant over all the pixels and frames. So the equation becomes: Sk(m, n) = Ck(m, n)+(m, n) Mk(m, n) , k = 1, 2, 3 . . .N

4) IP datagram steganography [15, 16]

This is another approach of steganography, which employs hiding data in the network datagram level in a TCP/IP based network like Internet. Network Covert

Channel is the synonym of network steganography. Overall goal of this approach to make the stego datagram is undetectable by Network watchers like sniffer, Intrusion Detection System (IDS) etc. In this approach information to be hide is placed in the IP header of a TCP/IP datagram. Some of the fields of IP header and TCP header in an IPv4 network are chosen for data hiding. First we will demonstrate how 'Flags' and 'Identification' field of Ipv4 header can be exploited by this methodology.

4.1) Covert Channel Communication using 'Flags' field:

The size of Flag field is 3 bit. There are 3 flags denoted by each bit. First bit is reserved. Second and third one denoted by DF (Don't fragment) and MF (More Fragment) respectively. An un-fragmented datagram has all zero fragmentation information (i.e. MF = 0 and 13-bit Fragment Offset = 0) which gives rise to a redundancy condition, i.e. DF (Do not Fragment) can carry either "0" or "1" subject to the knowledge of the maximum size of the datagram. Now if sender and recipient both have a prior knowledge of Maximum Transfer Unit (MTU) of their network then they can covertly communicate with each other using DF flag bit of IP header. Datagram length should be less than path MTU otherwise packet will be fragmented and this method will not work.

The following table shows the how the sender communicates 1 and 0 to the recipient by using DF flag bit.[1]

This is an example of covert communication since there is no way to the network monitoring devices like IDS or sniffer to detect the communication because cover datagram is a normal datagram. As the payload is untouched, there is no way an IDS or any other content filtering device could recognize this activity. In major constraint of this approach is both parties should have prior knowledge of path MTU and datagram from sender should not be fragmented further in the way.

4.2)Covert Channel Communication using 'Identification' field:[10]

The '16-bit identification field' in Ipv4 header is used to identify the fragmented packed of an IP datagram. If there is no fragmentation of datagram, then this Identification field can be used to embed sender specified information.

4.3)Covert Channel Communication using ISN (Initial Sequence Number) field:[14]

ISN (Initial Sequence Number) in TCP header is another candidate for cover media for network steganography. Initial sequence number is a 32-bit digit generated during three-way TCP/IP handshaking between client and server, which is as follows: -

(a) Client sends a TCP/IP packet with SYN flag is ON. This is segment 1 where client specifies the port number of the server that it wants to connect to, and the client's ISN.

(b) Sever responds with a TCP/IP packet with SYN flag is ON and also containing the server's ISN. Server also acknowledges the client's SYN by ACK flag is ON in this packet with acknowledgement number which is client's ISN+1. This is segment 2.

(c) The client must acknowledge this server's SYN packet by sending a packet with ACK flag is ON with acknowledgement number, which is server's ISN+1. This is segment 3.

The large 32-bit address space of the Sequence Number field can be used for covert channel. The sender will craft a TCP/IP packet where the secret binary message can be embedded over the Sequence Number field and the passively listening receiving party will then extract the data. Source Port and Checksum in UDP header[15] Code field in ICMP header[13] are also good candidate for Cover item for Network Steganography.


Steganalysis is the process of identifying steganography by inspecting various parameter of a stego media. The primary step of this process is to identify a suspected stego media. After that steganalysis process determines whether that media contains hidden message or not and then try to recover the message from it. In the cryptanalysis it is clear that the intercepted message is encrypted and it certainly contains the hidden message because the message is scrambled. But in the case of steganalysis this may not be true. The suspected media may or may not be with hidden message. The steganalysis process starts with a set of suspected information streams. Then the set is reduced with the help of advance statistical methods.

Steganalysis Techniques

The properties of electronic media are being changed after hiding any object into that. This can result in the form of degradation in terms of quality or unusual characteristics of the media: Steganalysis techniques based on unusual pattern in the media or Visual Detection of the same. For example in the case of Network Steganography unusual pattern is introduced in the TCP/IP packet header. If the packet analysis technique of Intrusion Detection System of a network is based on white list pattern (usual pattern), then this method of network steganography can be defeated. In the case of Visual detection steganalysis technique a set of stego images

are compared with original cover images and note the visible difference. Signature of the hidden message can be derived by comparing numerous images. Cropping or padding of image also is a visual clue of hidden message because some stego tool is cropping or padding blank spaces to fit the stego image into fixed size. Difference in file size between cover image and stego images, increase or decrease of unique colors in stego images can also be used in the Visual Detection steganalysis technique.

Steganography Attacks

Steganographic attacks consist of detecting, extracting and destroying hidden object of the stego media. Steganography attack is followed by steganalysis. There are several types of attacks based on the information available for analysis. Some of them are as follows: -

Known carrier attack: The original cover media and stego media both are available for analysis.

Steganography only attack: In this type of attacks, only stego media is available for analysis.

Known message attack: The hidden message is known in this case.

Known steganography attack: The cover media, stego media as well as the steganography tool or algorithm, are known.


In this paper, different methods are discussed for hiding data in text, image, audio/video signals and IP datagram as cover media. All the methods have some limitations. The stego multimedia produced by mentioned methods for multimedia steganography are more or less vulnerable to attack like compression etc. In this respect, IP datagram steganography technique is not susceptible to that type of attacks.Steganography is used for watermarking. Steganalyis is the technique to detect steganography or defeat steganography. The research to device strong steganographic and steganalysis technique is a continuous process.


[1]Shashikala Channalli, Ajay Jadhav" Steganography An Art of Hiding Data" International Journal on Computer Science and Engineering Vol.1(3), 2009

[2] Mohammad Shirali-Shahreza , "A new method for real time steganography", ICSP 2006 Proceedings of IEEE .

[3] Yuk Ying Chung, fang Fei Xu , "Development of video watermarking for MPEG2 video" City university of Hong Kong ,IEEE 2006.

[4] C. Lu, J. Chen and K. Fan, "Real-time Frame-Dependent Video Watermarking in VLC Domain", Signal Processing : Image Communication 20, 2005, pp. 624-642.

[5]. Jonathan Cummins, Patrick Diskin, Samuel Lau and Robert Parlett,"Steganography and digital watermarking" School of Computer Science, TheUniversity of Birmingham. 2003.

[6] Ravi shah , Abhinav Agraval & subramaniam Ganesham, "Frequency domain real time digital image watermarking " Oakland university.

[7] Soumyendu Das," Steganography and Steganalysis: Different Approaches"

[8] Steganography Primer - Ruid, Computer Academic underground,2004

[9] Robert Krenn, Internet Publication, March 2004,"Steganography and steganalysis"

[10] Ken Cabeen and Peter Gent,Math (1998) ," Image Compression and Discrete Cosine Transform"

[11] Mark Noto "MP3Stego: Hiding Text in MP3 Files" The Information Security Reading Room, SANS Institute 2001


[12] Udit Budhiaa and Deepa Kundur" Digital video steganalysis exploiting collusion sensitivity, SPIE (vol. 5403), Orlando, Florida, April 2004.


[13] Methods of Audio Steganography, Internet Publication on www.snotmonkey.com


[14]Direct-sequence spread spectrum (DSSS), Frequency-hopping spread spectrum (FHSS) Wikipedia, the free encyclopedia

[15] Kamran Ahsan and Deepa Kundur, "Practical Data Hiding in TCP/IP" Multimedia and Security Workshop at ACM Multimedia, Juan-les-Pins, France, Friday, Dec 6th, 2002

[16] Niels Provos and Peter Honeyman," Hide & Seek: An Introduction to Steganography", IEEE Security & Privacy Magazine, May/June 2003.

[17] Brigitte Si,"Introduction to steganography, "Athabasca University, COMP607 Project, July, 2004