Personal tools




by Karen Korhorn

University of Illinois, Undergraduate

Sponsor: Chip Bruce


This paper will explain the technical processes behind steganography as well as emphasize the benefits and drawbacks of using this technology through the viewpoints of different interest groups.



Although the use steganography began many centuries ago, this field recently became an important area of interest for individuals, corporations, and governments because of technology. People are constantly transferring important information online due to the increased connection caused by computers and the Internet. This concept is the backbone of steganography today. Steganography is the art of hiding information in a cover document or file. Therefore, today, steganography is usually accomplished by electronic encryption, which is the encoding of information that can only be decoded by the person possessing the correct electronic key. A cover document contains this hidden encoded information, and usually the transfer of this secret information is very secure. This paper will explain the technical processes behind steganography as well as emphasize the benefits and drawbacks of using this technology through the viewpoints of different interest groups.


Steganography now is accomplished in the digital world using mathematical algorithms to encrypt data. First, one scrambles the information using an algorithm. This algorithm creates a key later used to transform the encrypted data back to its original form so that the receiver can understand it. For example, we could use the multiplication of two 50-digit prime numbers to create a 100-digid product, which becomes the key (Daniel). There are public and private keys. Private key cryptography uses the same key for both the encryption and decryption process. Therefore, the sender and receiver of the secret information have the same key. Public key cryptology uses both a public and private key. The sender uses the public key, which may be published in directories. The private key is necessary for the receiver to decrypt the message (Petitcolas).

One may hide information in a variety of files. Steganography replaces unused parts of data with the secret information. It is possible to hide information in text, for example, in the spaces between words. This type of information hiding is more successful than steganography that consists of hidden information in infrequent spelling errors and in words replaced by synonyms. One of the main requirements for hiding information in digital sounds and images is redundant, repetitive information. Steganography uses this part of the sound or image to hide the secret information. One unique example of hiding information is the embedding of a mobile telephone conversation into an Integrated Services Digital Network (ISDN) video conferencing system. It is possible to do so without seriously changing the quality of the video, and with the correct key, one could decode the conversation (Petitcolas).

The easiest way to hide information is to replace the least significant bit (LSB) of every element with one bit of the secret message. For example, when a picture is the desired cover document, each pixel of the picture contains 24 bits of information, which, to the computer, consists of 0s and 1s. To insert the secret information, one can change these 0s and 1s to bits of secret information (Castelluccio). The most useful way to insert these bits is do to do so in a random way according to the secret key. This makes it harder for others to break the code. The updated picture should not appear noticeably different, or else attackers may become suspicious (Petitcolas). When attempting this type of encryption, one should also choose a cover image that does not contain a large area of solid colors because any slight change caused from the embedded information will be more apparent (Johnson, 1).


Watermarking is a type of steganography used when other parties know of the existence of hidden information and may have the desire to remove or change it (Johnson, 1). Therefore, copyright protection is a common use of watermarks. One can protect the validity and originality of information by embedding information about the source of the data into files. In this case, the watermark provides information about the author, copyright, or license information. Another application of watermarking is fingerprinting, which involves inserting a different watermark into each copy of a file in order to monitor the recipients of the file. Therefore, one can trace back illegally produced copies to the original receiver. Watermarks are also useful in providing information on the copy status of the document. A final application of watermarks is to detect manipulation of the original file. Certain important characteristics about the file are stored in the file itself in the form of a watermark and make it possible to check if the image later has altered characteristics (Petitcolas).


Attackers of steganography systems use a process called steganalysis when finding and disabling the use of hidden information. Therefore, breaking a steganography system requires two steps. The detecting phase is the first step (Johnson,3). Although one may detect unusual or repetitive patterns without aids, disk analysis programs also can find unused areas in a file and report on the hidden information. Attackers often search for ‘perceptible noise’ that is detectable when embedded information distorts sounds or images (Petitcolas). Attackers may also detect hidden information using filters that find TCP/IP packets whose headers contain hidden or invalid information. One may also look for unusual color schemes and patterns in images (Johnson, 3). Once the attacker has knowledge of the existence of hidden information, he must disable the embedded information. In considering the attack on a watermark, one may disable the watermark’s readability by simply cropping the image if the watermark is visible. However, if it is invisible, one could insert unknown watermarks to the image to disable the correct watermark so that it is no longer effective. Only if additional unused space exists within the image can one accomplish this process without changing the original visible image. Alternatives include rotating, blurring, or stretching the image (Johnson, 2).

In regards to encryption that uses keys for the decoding of hidden information, an option exists to use computer programs that try every possible key until they find the correct one. Therefore, it is important to continue using larger algorithms in order to prevent attackers from finding correct keys and illegally decoding hidden information. Governments are beginning to give large grants to mathematical centers to fund the search for stronger algorithms, and these funds are expected to increase in the future (Daniel). Additional research is also required in order to create more secure watermarks. Stronger watermarks may be required in order to withstand the altering of the image by the attacker (Johnson, 2). In order to create more secure watermarks, it is important to evaluate the watermarks that exist today and form a standard for creating watermarks. StirMark is a program that helps to illustrate the problems with current watermarks by showing how to disable them (Petitcolas). Hopefully, in creating a standard for secure watermarks, companies will continue to improve their watermarking technology.

One of the most important points regarding steganalysis is that often, the most difficult steganography to detect is also the simplest form to create. It is possible to accomplish steganography through very low-tech means, as long as the receiver of the cover file understands or knows the method of decoding the information. For example, a picture of a man with his hand raised could potentially mean something such as the location of a future bomb. According to Ben Venzke, a terrorism specialist at the security analyst firm IntelCenter, "Sometimes the best technologies are the simplest ones" (Cohen).


In the past, the government’s views on controlling steganography usage have greatly conflicted with the opinions of individuals and businesses. Until recently, the U.S. maintained export laws limiting the sale of strong encryption products overseas (Dam). These laws existed in order to deny foreigners the technology to encode their own information. With these laws in place, the U.S. had greater access to information that might be related to potential terrorist and criminal actions against and within the U.S (Dam). The government, at first, kept most information concerning digital steganography secret from the public. For example, one of the first meetings about exporting electronic encryption products, held in 1992, demonstrates the government’s opinion that this is a private matter. One member of the National Computer Security and Privacy Advisory Board, Steven Lipner, stated, "A substantial amount of material is not appropriate for a public meeting" (Power). The Board, in a written statement, agreed by saying, "National security concerns cannot be publicly debated without damaging the very interest we seek to protect" (Power). Despite the fact that the meeting intended to bring the subject to public light, many highly criticized their choice to keep the detailed matters private (Power).

Although individuals and businesses understand that the ban on strong encryption products may, at present, deter foreigners from using the encryption process to hide information, the overall viewpoint of these two groups remains that the benefits outweigh the disadvantages. First of all, eventually researchers outside of the U.S. will develop similar technology and the U.S. would be the disadvantaged country in terms of encryption processes. By limiting the market share potential for companies in the U.S. that develop such programs, the government is also decreasing the incentive for U.S. researchers to create stronger programs (Dam). There is a strong push for the U.S. to remain a leader in this field because of national security as well as economic superiority. On a more separate level, businesses support the elimination of the ban on strong encryption products because they transfer important information with customers, suppliers, and partners, and want to ensure that the information does not end up in the hands of competitors, criminals, foreign governments, and other customers (Dam). Individuals agree because they also want to protect their important information, including banking information, financial information, and medical records (Dam). Both businesses and individuals send such critical information over insecure transactions daily, through the use of the Internet and cell phones. Their main objective is to increase their privacy and security in these transactions. Another major viewpoint is that although the government will give up access to some information from foreign countries, allowing stronger encryption technologies will decrease fraud and other illegal activity. Individuals and businesses will know with greater certainty that their information is reaching the appropriate parties. Bank fraud, securities trading based on the illegal interception of relevant corporate data, and copyright fraud are just some of the crimes that may decrease from more relaxed controls on encryption products.

Once individuals and businesses began to object to the idea that the government should limit steganography tools available for public use, the government began a push for escrowed encryption. Escrowed encryption brings a trade-off between government intervention and relaxation of policies. With an escrowed encryption policy, corporations could export stronger encryption products, but at the same time, they must give a copy of the key for the hidden data to a third party (Dam). If it is necessary as part of a criminal investigation, it would be possible for law enforcement officials to obtain a copy of the key. Yet, businesses and individuals do not accept this possible solution because of the risks involved with third party knowledge of the key. Escrowed encryption, in the minds of these groups, defeats the concept of steganography that only those intended to have access to the information can actually decode the information (Dam).

The most effective movement of individuals against the ban on strong encryption products began with a lawsuit in 1995. Bernstein, a previous graduate student of Berkeley, and Gilmore, a supporter of the Electronic Frontier Foundation, filed a case based on the grounds that computer source code is speech. Therefore, the government’s limitations on the public’s use of encryption products are a violation of the Free Speech Amendment. Finally, in 1999, Bernstein won his case and the government now allows public access to steganography applications (Levy).


One of the government’s greatest concerns of eliminating the ban on strong encryption products was the possibility that terrorist information might reach a receiver without the government’s interception and knowledge. This fear intensified immediately after the attacks on the World Trade Center on September 11, 2001. Many suspect that the al-Qaeda used steganography to hide terrorist plans on online porn sites (Cohen). Senator Judd Gregg, only two days after the attack, "called for international cooperation to create tighter controls over the use of strong encryption and for decryption products to be put in the hands of government so that communications and documents could be cracked when circumstances required"(Castelluccio). He also immediately proposed a new global law to give law enforcement officials access to private keys (escrowed encryption). However, soon after, Gregg retracted this remark (Gair).

After the attacks, the developers of electronic encryption, who had previously been strong proponents for no government control of the technology, questioned if they had done the right thing by pushing to release the technology to the public. They wondered if terrorist groups would have developed the technology by now or not (Kolata). However, in the end, these developers and other individuals feel that other countries would have created the technology, even if the U.S. had a ban on the strong encryption products (Kolata). Again, by limiting the use and exportation of these products, the U.S. will lose its status as a leader in encryption technology. If this occurs, the U.S. faces more of a threat to its national security.

On the other hand, many have already experienced the benefits steganography brings to society. Steganography software has been useful for many countries under oppressive governments. Human rights organizations utilize this technology to collect data from witnesses who saw government officials murdering or harming civilians. This represents a change in the ideas concerning the users of technology. Previously, it was a common thought that governments use technology to spy on individuals, yet in these examples, citizens use technology against repressive governments (Dreyfus). One interesting example concerns the civil war in Guatemala that killed over 100,000 people. A majority of those killed were Mayan Indians, and many survivors refused to give testimonies out of fear. However, the International Center for Human Rights Research collected over 5000 testimonies in one year, with the help of data encryption. Researchers gathered testimonies in isolated mountain areas and encrypted all data before sending it to their headquarters (Dreyfus). Therefore, with the help of steganography technology, civilians could safely provide accurate accounts of what they saw without fear of their government harming them.


Although steganography is not a new concept, its recent application with technology instigates many new ideas. First, substantial research is necessary to create algorithms that are strong enough to withstand the many unique forms of steganalysis. Although in the past, the government disagreed with individuals and businesses on the issue of public use of strong encryption products, each group must recognize the benefits that this technology brings to society. Further research in this field will not only help to decrease the effects of the drawbacks of public use, but it will also create possibilities for even more individual identity protection and a more secure nation.


Castelluccio, Michael. "Hidden Writing and National Security." Strategic Finance Nov 2001: 59.

Cohen, Adam. "When Terror Hides Online." 21 Apr. 2002.,8599,182917,00.html

Dam, Kenneth and Herbert Lin. "National Cryptology Policy for the Information Age." Issues in Science and Technology Summer 1996: 33(6).

Daniel, Dianne. "The Invisible Yet Pervasive World of Cryptosystems." Computing Canada 14 Dec. 2001 : 13.

Dreyfus, Suelette. "The Quiet Revolution." UNESCO Courier Mar 2001: 27.

Gair, Cristina. "Hidden Messages: Terrorists aren’t the only ones with encryption tools." Black Enterprise Feb 2002: 56.

(1) Johnson, Neil and Sushil Jajodia. "Exploring Steganography: Seeing the Unseen." George Mason University. 21 Apr. 2002.

(2) Johnson, Neil. "An Introduction to Watermark Recovery from Images." George Mason University. 21 Apr. 2002.

(3) Johnson, Neil and Sushil Jajodia. "Steganalysis of Images Created Using Current Steganography Software." George Mason University. 21 Apr. 2002.

Kolata, Gina. "Scientists Debate What to Do When Findings Aid an Enemy." New York Times 25 Sept 2001.

Levy, Steven. "Courting a Crypto Win." Newsweek 17 May 1999: 85.

Petitcolas, Fabien A. P. and Stefan Katzenbeisser. Information Hiding Techniques for Steganography and Digital Watermarking. Boston: Artech House Books, 2000.

Power, Kevin and Vanessa Jo Grimm. "Broad hopes review will douse DSS flames." Government Computer News 20 Jul. 1992: 10(2).


Archived CPSR Information
Created before October 2004

Sign up for CPSR announcements emails


International Chapters -

> Canada
> Japan
> Peru
> Spain

USA Chapters -

> Chicago, IL
> Pittsburgh, PA
> San Francisco Bay Area
> Seattle, WA
Why did you join CPSR?

This is an excellent forum for developing positions and learning detailed information.

Andy Oram