Unbeknownst to the common Internet user, electronic images can be altered to hold digital code or secret files that are invisible to the naked eye.
Steganography-the hiding of digital files within other files-is becoming more common thanks to software programs easily available for purchase and download, such as Covert.tcp and Stego. The technology itself is harmless and can actually be a force for good. In countries such as Saudi Arabia, Myanmar (Burma), Laos, Yemen, the United Arab Emirates, and China, pro-democracy dissidents use Steganography to circumvent government censorship policies. However, researchers with the U.S. government’s Ames Laboratory are concerned that criminals under surveillance could use coded electronic pictures to send child pornography or possibly to exchange information in the planning of terrorist acts.
Images files such as jpegs offer an effective camouflage for encrypted data because they are extremely common, can be sent in an unattached form through e-mail, and can be posted on otherwise innocuous Web sites, including eBay. The secret files, or “payloads,” are hidden in the jpeg by altering the color values of the picture just slightly so that even pixel values represent zero and odd pixel values represent one. This slight alteration does not change the picture in any visible way. The recipient of the file decodes the even-odd string of pixel values to reveal a new string of zeros and ones-a completely new computer file that can be reassembled into a message or picture. One stego program can purportedly hide data at the end of a line of text or an e-mail message.
“At the simplest level, consider a black and white photo-each pixel has a grayscale value between zero (black) and 255 (white),” says Jennifer Davidson, an Iowa State University math professor working on the project. “The data file for the photo is one long string of those grayscale numbers that represent each pixel. Visually, you won’t see any difference between the before and after photo because the shift in pixel value is so minor.”
Davidson and project partner Clifford Bergman are developing a pattern recognition system called an artificial neural net, or ANN, to distinguish between banal images and stego images through the use of algorithms. In initial tests, their ANN identified 92% of stego images and misidentified only 10% of regular pictures.
“If you can detect that there’s something there, and better yet, what method was used to embed it, you could extract encrypted data,” Bergman says. “But then you’re faced with a whole new problem of decrypting the data, . . . and there are ciphers out there that are essentially impossible to solve using current methods.”
In other words, an ANN may help to “tip off” law enforcement to suspicious e-mails, but will do relatively little to actually prove guilt or exonerate the innocent. Bergman hopes that will change in the future. He comments, “Hopefully we can come up with algorithms that are strong enough, and the statistics are convincing enough, for forensic scientists to use in a court of law, so they can say, There’s clearly something suspicious here,’ similar to the way they use DNA to establish a link between the defendant and the crime.” -Patrick Tucker
Source: Ames Laboratory, Office of Public Affairs, 111 TASF, Ames, Iowa 50011. Telephone 515-294-1405; Web site www.ameslab.gov.
Originally published in THE FUTURIST, September-October 2006.