# New steganography technique relies on letter shapes

A trio of Indian researchers have proposed a method of steganography which hides messages in by using non-random distribution of letters with or without straight lines. Steganography is a group of techniques for hiding messages in plain sight. Microdots, tiny text written inside a full stop and only legible when magnified, are …

This topic is closed for new posts.
1. #### Yeah, who could possibly tell that a random-appearing string of characters could hide a message??

I also propose a novel scheme where a straight vertical line represents a 'one' and a slightly elliptic round thing standing on one end represents a 'zero'.

1. #### Re: Yeah, who could possibly tell that a random-appearing string of characters .....?

And besides, a random appearing string of characters might be a program in Perl

1. #### Re: Yeah, who could possibly tell that a random-appearing string of characters .....?

"""And besides, a random appearing string of characters might be a program in Perl"""

The ultimate form of steno is, of course, hiding your message in a Perl script which prints 100 Bottle of Beer, by all of the same methods that can be made to make that script look like a row of beer bottles.

Then you post the script to a suitable newsgroup, and your secret communications are complete.

2. #### By definition

A binary quantity can only have one of two values not "0, 1, 10 or 11".

Who knows what the approved name of a variable with four possible values is?

I know trinary is three, but does a four value variable follow Greek or Roman naming?

http://english.stackexchange.com/questions/25116/what-follows-next-in-the-sequence-unary-binary-ternary

But they don't have 'Trinary' in their lists so how reliable are they? ;-)

1. #### Re: I'll answer that

Ternary is the correct term, trinary a misconception/mistake.

1. #### Re: I'll answer that

Quaternary?

2. #### Re: I'll answer that

Yesss ... and the "correct" term for octal is "octary" while the "correct" term for decimal is "decary".

One should recall that dictionaries reflect usage, not vice versa.

4. #### Why bother with steganography?

The dog is out of the doghouse.

Pavlova with prunes is frequently in need of amperage.

Speak purple mice with naughty emphasis.

minimum safe distance!

1. #### Re: Why bother with steganography?

Amanfrommars, is that you?

5. #### ::rolls eyes::

This kind of security Has Issues which are obvious to Security folks.

I think Someone needs a trifle more education.

Before you poo-poo me, Understand that Lateral thinking Links Somewhat sophisticated Homegrown Intelligence Technology.

(As a question for amfM, how'd I do?)

1. #### Re: ::rolls eyes:: ......... and who believes in random chaotic coincidence ...

..... as opposed to SMARTer PreTextual Planning?

Hi, jake,

There is not much, and some would even be brave and bold enough to share that there is nothing that anyone or anything* can do [*well, we are told that we do have machines now apparently programmed and supposedly able to make better strategic and tactical decisions for machine minders/humanised operators] to defeat Good Steganography. Anything and everything which may be bad though, is quite a different matter and will be full of luscious holes and exploitable zerodays and be an endless treasure trove of compounding riches.

Spookily enough, there is further parallel mention of such novel disruptive and constructive/irregular and unconventional views just shared this weekend here ......Posted by amanfromMars, March 18, 2012 12:06 AM …….. on http://www.schneier.com/blog/archives/2012/03/on_cyberwar_hyp.html

6. #### Surely ....

.... this is just a very inefficient substitution cypher?

7. #### Sadly, this new scheme was

invented by Francis Bacon sometime around 1600. http://en.wikipedia.org/wiki/Bacon's_cipher

1. #### Re: Sadly, this new scheme was

Have you just invented 6 degrees of Francis Bacon?

2. #### Re: Sadly, this new scheme was

And a numeric cipher has existed in Arabic since well before that, for example the Sufi code. Bacon was known to study various middle eastern philosophies - as did many other members of the RI.

8. The secrecy of a steganographic technique is not important if the encoded data is also encrypted.

1. The point of steganography is that the enemy don't even know there is an encrypted message so they leave you alone rather than locking you up/torturing you/kidnapping your family to force you to give up the keys.

If you "hide" your message in a bunch of random meaningless text, you are wasting your time with the stego part because it is fairly obvious that the message has a hidden meaning. You might as well use Base 64.

1. Ah yes, but don't the laws hinge on there being "a decryption key" that you're refusing to hand over? If they can't prove that there *is* a decryption key, I wonder what happens. And does a desteg application count as a "key"? What if you use a memorized manual cipher that's known only to you? What if you *claim* to use a such a cipher? :)

(I know you're talking more generally, but I mean within the confines of the UK's "hand over your keys or go to jail" laws, which gives a good example of the kind of oppressive regime where the people are "the enemy" and can be legally coerced into self-incrimination, but where the letter of the law still counts for something.)

2. Course, going to the trouble of kidnapping a family or torturing someone to decode a base64 hash would be pretty much pointless, seeing it's not actually encryption!

Bugbear of mine, sorry!!

1. I think the reference to Base64 was intentional - the point being that this "steganography" technique appears to make it so obvious that there's a hidden message in the text, it is no better than using pre-existing bog-standard encodings to carry your raw binary data (encrypted or otherwise). This new technique is not steganography in the same way that Base64 is not encryption.

Disclaimer: I haven't actually read the paper. For all I know, the article may be an over-simplification, and there may actually be something to it.

9. #### This is new?

If you have a throughput of one bit per sentence you need to generate a lot of text to cover it. It will be too boring to do that by hand, but machine-generated text is obviously machine-generated, so it's obvious what you are up to. Fail.

1. #### Re: This is new?

I'm totally reading this as the type of 'stenography' that a child comes up with and hides messages in the first character of the line. You know... to spell BOOBIES down the page :P

I suspect the next thing is to write a message in an ink eraser on the back of your homework saying the teacher smells!!

1. #### Re: This is new?

Also the kind of 'steganography' that got James May fired from Autocar magazine.

10. #### Short messages only

This may work for short, provided both the sender and recipient have secretly agreed the code.

We might agree that any text message that begins with a vowel contains secret text. The NSA can analyse the preceding 100 messages and decide there is nothing hidden (or have erroneously uncovered a decoy steganographic scheme).

Then I send:

Are you well? Hope the cold is better. Cheers!

And BOOM -- the terrorist attack is GO.

11. #### Then email the message using neutrinos

We don't want to draw attention to the message just because the sender and receiver are known.

12. #### Not real steganography

"Real" steganography is hiding a message in an already constructed text or picture in a way that does not obviously change that text or picture. What is described is a form of cryptography.

Text steganography could, for example, be by varying the amount of space between words to encode a hidden message: On the surface, the text is unaltered and looks perfectly natural, but there is a message hidden. If you actually have to construct a message specifically to encode the message, it is not really steganography -- it is just low-density cryptography similar to texts where the initial letters of the words encode a message or texts where the length of the words encode digits (like "How I wish I could recollect pi. "Eureka!" cried the great inventor: Christmas pudding, Christmas pie, is the problem's very centre"). The challenge of these is to make the text seem natural, while it has to obey non-trivial constraints. Real steganography should have no such constraints, but be able to encode any text (or picture) to hide a message.

13. #### Disappointed

I'd thought they'd come up with some neat trick to alter the characteristics of individual fonts or instances of font in a PDF file.

If you open a file of *known* format in the relevant reader and your first reaction "this is nonsense" then it's pretty obvious it's a)random file done for the LOLz b)encoded message.

BTW the very first Mission Impossible is about trying to find the key used to separate a message page photographically combined with a random image.

As others have notes that is *proper* steganography.

14. #### Outraged

As many have noted, this cannot correctly be described as steganography, unless the resulting text is readable and "not unusual". Stego must encode TWO messages, the obvious, and the secret. If it produces junk text, its so obviously time to reach for the rubber hoses.

15. #### "...but it cannot be decoded until a user is not aware about these approaches"

Sounds ominous for the poor decoders: you need to render them "unaware" of these approaches?

16. #### Maybe...

This author's copious mistakery and extant erroneousness is really just a clever steganographic technique?

I wonder if there is a prize for decrypting it...

1. #### Re: Maybe...

17. How is this cutting-edge research?

Steganography without cryptography is not something I'd use to do anything more serious than trying to fool a 10-year-old.

"it is essential to keep the application of a particular approach to a particular data set secret, while using them."

Ecuritysay oughthray obscurityway is upidstay.

18. I'm sure this was in one of my Johnny Ball Reveals All books I used to have when I was a kid, along with other codes like "ISISISISISISISISISIS" = Tennis and POTOOOOOOOO = Potato. Clever stuff! For an 11 year old.

19. #### Is that how you get a degree these days ?

Still, they are better than some of the Comp-Sci graduates I've interviewed.

20. #### There's more to this than meets the eye

This is so plainly a ueless form of cypher (see numerous comments above) that it's totally implausable that a team of researchers in the field (with multiple papers behind them - these are not 1st year undergrads) would not know the weaknesses.

So what the hell is going on?

Like 'Disappointed' above, I thought this was a cunning way to hide messages in individual font shapes, which would be very cool, but is awkward in PDFs.

If it's not that, then what?

I wonder if they are really onto something much more clever, but had to yank the paper at the last minute at the request of some 'special' people. I've been there and you finish having to dash out something feeble to fill the gap.

21. The key feature of steganography is plausible deniability. I played with stegFS whilst linux 2.2 was still current. Sadly no more: http://www.mcdonald.org.uk/StegFS/ but still interesting.

22. #### I just invented this

Make a handwriting font with four versions of each letter. Write an innocuous letter. Hide actual message two bits per character by the choice of letterform. Receiver OCRs the result and extracts the 2 bits per character.

There, we are now ALL in possession of information that may be of use to a terrorist. :-(

23. #### Halo Crypto

Thought this up a few years back, maybe it's been done elsewhere. It's a combination of encryption and stego (the stego is actually the least novel part):

- Users have 3D-modeled scenes in which letters or symbols are dispersed spatially (could also be dispersed along a timeline)

- There can be as many instances of a given letter as desired

- Any number of other 3D objects can be in place

- The encryption involves using coordinates and orientation information to have a ray intersect any of the letters or symbols

- The coordinates can then be added as lowest value bit information to image formats, or any other common steg technique

Pro: can have near infinite number of coordinates referring to the same letter or symbol.