Hiding messages with the Outguess steganography tool
Double Secrets
Steganography tools let you hide secret messages in ordinary files. Outguess brings steganography to the
Linux command line - and even lets you conceal two messages in a single file. By Erik Bärwaldt
By Erik Bärwaldt
bungo, photocase.com,
Cryptography is essential for anyone who cares about communicating privately over the Internet. In the
classic cryptography scenario, the message is encrypted and transmitted, and the receiver decrypts and reads it
on the other end. This approach has various drawbacks, including the overhead for the encryption, the danger
of lost keys, and the fact that any evidence of encryption actually makes the message a potentially interesting
target. In some situations, even standard encryption is too conspicuous. What if you don't just want to conceal
the text of your message, but you actually want to conceal the fact that the message was even sent?
Steganography provides an elegant approach to the problem of concealing message content. The goal of
steganography is to embed a message in a carrier medium so that it is invisible to third parties. The carrier
medium could be an ordinary digital photo, an audio file, or even a text file. Not only is the message
impossible for an eavesdropper to read using conventional techniques; the very existence of the message is
hidden from the unauthorized viewer. (See the box titled "Steganography.")
Linux offers a number of tried-and-trusted steganography tools, all of which compare well with commercial
solutions. This article describes how to conceal your messages with the steganography application known as
Outguess [1].
More on Steganography
By Outguess creator Niels Provos
Steganography is the art and science of hiding the presence of communication. A steganographic system
embeds hidden content into unremarkable cover media that can then be sent without arousing the suspicion
of an eavesdropper. Once, hidden tattoos and invisible ink were used to convey steganographic
communication. Now, computer and network technologies provide easy-to-use communication channels for
steganographic techniques.
In general, the hiding process identifies redundant parts in a cover medium. Redundant parts are those that
can be modified without destroying the integrity of the cover medium. The embedding process creates the
stego medium by replacing redundant parts with data from the hidden message.
Double Secrets 1
Although classical steganographic systems depend on the secrecy of the encoding system, modern
steganography tries to be undetectable unless a secret key is known. Yet, because of their invasive nature,
steganographic systems can leave detectable traces within a medium's characteristics, which coud allow an
eavesdropper to detect media that have been modified, revealing the occurrence of secret communications.
Even if secret content is not revealed, its existence is exposed, which defeats the sole purpose of
steganography.
A steganographic system is considered secure if an eavesdropper intercepting the stego medium has no
algorithm better than random guessing to determine whether hidden content is present. However, because
modifications to the cover medium might change the its statistical properties, it is often possible to discover
such distortions in the stego medium. This analysis process is called statistical steganalysis. To date, most
commonly used steganographic systems are detectable.
Function
The Outguess steganography tool is a command-line program. Outguess does not offer much in the line of
optional settings or parameters. For example, Outguess does not allow users to choose an encryption method
from the large number of available methods - users have to rely on the RC4 cypher algorithm. This said, RC4
has proved resilient against various cryptoanalysis techniques and is thus a safe choice. Additionally,
Outguess is mainly designed to embed messages employing an image as the carrier: it only supports PPM,
PNM, and JPEG files.
Restricting the choice of formats has the advantage that the steganogram is safe against visual or statistical
attacks caused by an incorrect choice of carrier file format. The most important unique selling feature that
Outguess has going for it is its ability to hide two text files in a single carrier at the same time.
The program starts by investigating the carrier file to discover redundant information that could be modified
without causing visible changes to the overall image. If you are embedding two text files in the same carrier,
Outguess additionally checks before embedding the second text to see whether some bits are reserved; that is,
whether the program has already decided to use them for embedding part of the first text, which would mean
that they are not available for modification with a second text. After discovering sufficient redundant data, it
is extracted. The embedding process relies on the LSB method: The least significant bit of each color value in
a pixel is modified and then written back to the file. At the same time, error correction ensures that the
modification is as slight as possible.
Installation
Outguess is included with many Linux distributions. On Ubuntu and other Debian derivatives, you can easily
install the program using Synaptic. For other distros, you'll find additional binary packages at the Rpmseek
repository [2]. If none of these packages work for you, the source code package is available [1] for any
distribution that does not offer a prebuilt binary.
Getting Started
Outguess is ready to run after you install the binary. The first step is to find a suitable carrier for the text file
you want to hide. You should choose an image without sharply contrasting colors. As a general rule, the more
fuzzy the image is and the more homogeneous its overall appearance, the better it protects you against visual
attacks. Fuzzy images have more potential in the form of redundant data; redundant bits are just what you
need to to hide information and can be modified without even a experienced observer noticing the distance.
Additionally, it is definitely a bad idea to take an image off the Internet, especially from a popular site. A
potential attacker who suspects you are using steganography will try to get hold of the original image. And if
the attacker succeeds in doing so, it is fairly easy to see the manipulation based on the different file sizes, and
to assume that the image contains some other information. Additionally, compressed JPEG photos make it too
easy to identify a steganogram compared with the original, especially if the image is recompressed.
Double Secrets 2
After finding a suitable carrier, you can embed your secret text with the command line outguess -k password
-d textfile carrierfile steganogram. In this case, textfile is encrypted with a password of password and
embedded in carrierfile; the results are stored in a file called steganogram (Figure 1).
Figure 1: Outguess embeds a message in an image in a matter of seconds.
The recipient can run the command outguess -k password -r steganogram textfile to reverse the process,
choosing any name for textfile (Figure 2).
Figure 2: The message is extracted and written to a text file.
The process for embedding two files with Outguess is similar. The command line is outguess -k password1 -d
text1 -E -K password2 -D text2 carrierfile steganogram (Figure 3).
Figure 3: You can even write two messages into the same carrier image.
Of course, the recipient does not need to extract both texts. To extract just the second message, the recipient
would type outguess -k password2 -e -r steganogram textfile.
Conclusions
Outguess is fast, stable, and really easy to use after you negotiate the initial learning curve. Above all, the
software is effective:
Assuming you select a suitable carrier file, and assuming the file is large enough, you can easily hide two text
messages in one file without changing the appearance of the image that conceals the text. Outguess does not
suffer from the problem that affects many steganography tools: visibly lighter pixels in the steganogram.
If the text message you want to embed is too large for the carrier, the software will stop the process and issue
a warning. Outguess is also well protected against statistical attacks: It automatically spreads the embedded
content over the carrier, thus spreading the changes evenly across the whole image.
Even if an attacker manages to retrieve the hidden text from the carrier image, the battle is not over: Outguess
does not embed clear text in the carrier but encrypts before the event with the RC4 cypher algorithm, which is
still considered safe today.
Double Secrets 3
Other steganography tools are also available for the Linux environment. For instance, the tool known as
Steghide [3] has achieved some popularity with Linux users.
INFO
[1] Outguess: http://www.outguess.org
[2] Outguess binaries packages: http://rpmseek.com/rpm-pl/outguess.html?hl=com&cs=Outguess:PN:0:0:0:0
[3] Steghide: http://steghide.sourceforge.net/
Double Secrets 4