Steganography If you're sensitive about people even knowing you're sending or receiving encrypted information, you should take a look at steganography, the ancient art of concealing the very existence of a message. Steganography, from the Greek words meaning covered writing, is as old as cryptography itself and can be as simple as writing with invisible ink made from vinegar or lemon juice. Computerized applications of steganography have truly breathtaking implications, including hiding large data files inside digital graphic or audio files or even on ordinary- looking and sounding CD-ROMs and digital audio tapes. Though they may not always be able to crack your code, those who monitor communications for a living can usually tell if a message has been encrypted using the DES, PGP, IDEA, RSA, or other standard cryptosystem. Unfortunately, in some circles, the very fact that you're sending an message encrypted makes you automatically suspect. What, after all, do you have to hide? Never mind that there's no such stigma attached to sending paper mail in envelopes. Certainly, in places where sending encrypted messages is clearly illegal, steganographic methods become essential. Steganography Through The Ages Steganographic methods have long been a favorite of military and political leaders, who have been devising ingenious ways of hiding secret messages for thousands of years. Herotodus tells the story of nobleman of Medea who hid a message to a potential ally in the belly of an unskinned hare and had it delivered by a messenger disguised as a hunter. According to another Herotodus story, a Persian nobleman named Histiaeus shaved the head of a trusted slave and tattooed a secret message on his scalp. Once the man's hair had grown back in, Histiaeus dispatched him to his destination with the instruction to shave his head. Drawings have often been used to conceal information. It is a simple matter to encode a message by varying the lengths of lines, shadings, or other elements of the picture. Invisible inks were described by Pliny the Elder as far back as the first century A.D. and were used to great advantage by German spies as recently as World War II. Common fluids used for invisible inks include urine, milk, vinegar, and fruit juices. With these inks, one need only heat the page on which the message is written to reveal the secret communication. More sophisticated invisible inks may require the receiver of the message to apply another chemical substance to reveal the secret. During World War II, the Nazi spy George Dasch wrote messages on his handkerchief using a solution of copper sulfate, which remained invisible until it was exposed to ammonia fumes. The Nazis also developed the microdot, which J. Edgar Hoover called "the enemy's masterpiece of espionage." A microdot was a photograph the size of a printed period that, when developed, could reproduce a standard-sized typewritten page with perfect clarity. Aside from being extremely difficult to detect, microdots permitted the transmission of large amounts of printed data, including technical drawings. Also during World War II, US Marines in the Pacific frequently called on Navajo Indian "codetalkers" to "encrypt" secret radio messages using their notoriously difficult and obscure native tongue. It was thought that only 28 non-Navajos could speak the language, and none of these were German or Japanese. And just to make it even more difficult for potential eavesdroppers, the codetalkers spoke a slangy, cryptic lingo that even Navajo speakers unfamiliar with the jargon could not understand. The Japanese didn't stand a chance. A half century later, the military had not lost its respect for the Navajo tongue's ability to hide information from nonspeakers, nor had it gained any significant understanding of language's mysteries. So it was that when Saddam Hussein threw a party for half a million US soldiers in 1990-1991, a few Navajos in the States wanted to broadcast greetings to their loved ones serving in the Arabian desert. Armed Forces Radio censors, however, saw something altogether different in these messages. They considered them to be "a threat to national security" (Where have we heard that phrase before?) and refused to broadcast the messages. Explained the officer in charge, "If I don't know what it says, I can't control it." Eventually, Congressional pressure shamed the military into lifting the ban.1 The threat of microdots, secret tongues, and other forms of steganography during World War II caused the Office of Censorship to institute a series of seemingly bizarre restrictions. Banned in advance were the international mailing of postal chess games, crossword puzzles, newspaper clippings, knitting instructions, lovers' X's and O's, children's drawings, and report cards, all of which, it was thought, could serve as a communications medium for spies. It was also illegal to send cables ordering that specific types of flowers be delivered on a specific date, and eventually all international flower orders were banned by the U.S. and British governments. All classified advertising was suspect, as were music requests phoned in to radio stations. Government censors even went so far as to change or rearrange stamps on envelopes and even to rewrite letters, using different words. Steganographic software Steganographic software is very new, but its potential for disguising data is awesome. Most encrypted messages make it perfectly clear they are encrypted, and they may even tell you which algorithm was used to scramble them. While knowing the algorithm in no way makes it easier to crack a good cipher, some people might want to hide the very fact that they're sending or receiving encrypted messages or storing secret data. It's natural in these situations to bury your data inside the code of a standard digital graphic (eg, *.BMP or *.GIF) or audio (eg, *.WAV) file, making them invisible. Of course, an alert enemy might be suspicious of graphic or audio files sent over the Net or stored on a disk. Thus, to be doubly safe, it's a good idea to first encrypt messages with PGP or some other cipher before hiding them inside another file. According to retired (at age 30) Intel physicist and author of "The Crypto-Anarchist Manifesto," Tim May, an ordinary digital audio tape (DAT) could secretly hold hundreds of megabytes of information, enough to fill a good-sized hard drive, in addition to its advertised music. This digital data disappearing act is accomplished by taking advantage of the imprecision of the human ear. Digital music is recorded in 16-bit blocks, but the sound information stored on the sixteenth bit is beyond the normal perception of the human ear. Thus, evicting that bit of information and replacing it with the plans to blow up the US Capitol would be undetectable. A similar logic applies to steganographic algorithms that store data in graphic files. If you play the tape, all you hear is music, or whatever is recorded on the tape. If you look at the picture, all you see is a picture. Notes May, "What this means is that already it is totally hopeless to stop the flow of bits across borders. Because anyone carrying a single music cassette bought in a store could carry the entire computerized files of the Stealth bomber, and it would be totally imperceptible."1 Several steganographic software programs are available. Here are reviews of just a few: * Go to a review of S-Tools (Steganography Tools) for Windows 3.1. * Go to a review of Hide/Unhide for DOS systems. * Go to a review of Stego for Macs Return to Table of Contents [Want to keep the snoopers out of your private life? Wantcontinued access to this HyperBook? Then beam us $9.95 now!Here's how!] We want to hear from you. Send us feedback! And/or submit your writing and art to Smart Publications for inclusion in Tools For Privacy! Tools For Privacy copyright 1995 Smart Publications smart@crl.com