[Introduction and News]   [Background]   [Download]    [Sourceforge Project Page]   [Links]
[DIRT]    [Forum]    [Examples]    [HowTos]    [Documentation/FAQ]    [Screenshots]   

Digital Invisible Ink Toolkit

DOCUMENTATION / FAQs

Quicklinks:

  1. Will it work on my computer?
  2. What can be hidden?
  3. What can it hide in?
  4. What's the stego-image?
  5. Can I get my hidden file out again?
  6. What are the algorithms and how do they work?
    1. BlindHide
    2. HideSeek
    3. FilterFirst
    4. BattleSteg
    5. Dynamic FilterFirst and BattleSteg
  7. How much can be hidden?
  8. What are the different filters and what do they do?
  9. What is the embedding rate?
  10. Can I add my own algorithms/filters?
  11. Why is it so slow?
  12. Other documentation

If you are curious about anything not listed here, please get in touch with me at: kah18 |at| users |dot| sourceforge |dot| net

 

Will it work on my computer?
The toolkit is platform independent and will work on Windows, Linux and Mac OSX (and others). It is written in Java - so if you have Java installed (most people using the internet will) all you have to do is download the .jar file from the download page and double-click it. Java 1.5 or newer is best because it has inbuilt image reading and this toolkit is more likely to work using 1.5. You can get Java from java.sun.com

What can be hidden?
Any sort of electronic file you like. When you come to decode the message it helps to know the file type so you can make sense of it. Encrypted files provide a higher level of security but since most of the algorithms randomly distribute the message across the image - you would have to try every combination of pixel values to "crack" the steganography - it's fairly secure anyway. Besides, it is only going to be found if people are looking for it - and because of the computational cost most people aren't going to bother scanning everything.

What can it hide in?
Any image file that Java can read. Java 1.5 can handle JPG, PNG and BMP files, so can Java 1.4 if you install the "Advanced Imaging Toolkit". Java 1.4 should be able to handle PNG and JPG files. There is a check that is performed by the program and when you first run it you will be told what is missing.

What's the stego-image?
The stego-image is the result we get by running the algorithm you select on the message (file to hide) and cover (image). It can be saved into BMP or PNG format. The reason that it can only be saved in these formats is because they are lossless - there is no information lost as part of the file formatting. Because DIIT changes the colours of the pixels if we encode to a lossy format, such as JPG, we might lose some of the hidden information and we won't be able to retrieve the message again.

Can I get my hidden file out again?
Of course! You just have to know how you hid it, and what the password was (assuming you used a password of course).

What are the algorithms and how do they work?
There are four algorithms currently implemented in diit - each use least significant bit steganography and some filter the image first.

BlindHide
This is the simplest way to hide information in an image. It blindly hides because it just starts at the top left corner of the image and works it's way across the image (then down - in scan lines) pixel by pixel. As it goes along it changes the least significant bits of the pixel colours to match the message. To decode the process the least significant bits starting at the top left are read off. This is not very secure - it's really easy to read off the least significant bits. It also isn't very smart - if the message doesn't completely fill up the possible space then just the top part of the image is degraded but the bottom is left unchanged - making it easy to tell what's been changed.

HideSeek
This algorithm randomly distributes the message across the image. It is named after "Hide and Seek" - a Windows 95 steganography tool that uses a similar technique. It uses a password to generate a random seed, then uses this seed to pick the first position to hide in. It continues to randomly generate positions until it has finished hiding the message. It's a little bit smarter about how it hides because you have to try every combination of pixels in every order to try and "crack" the algorithm - unless you have the password. It's still not the best method because it is not looking at the pixels it is hiding in - it might be more useful to figure out areas of the image where it is better to hide in.

FilterFirst
This algorithm filters the image using one of the inbuilt filters and then hides in the highest filter values first. It is essentially a fancier version of BlindHide as it doesn't require a password to retrieve the message. Because we are changing the pixels we need to be careful about filtering the picture because we don't want to use information for filtering that might change. If we do, then it may be difficult (if not impossible) to retrieve the message again. So this algorithm filters the most significant bits, and leaves the least significant bits to be changed. It is less noticeable on an image because using the filter ensures we are hiding in the parts of the image that are the least noticeable.

BattleSteg
The best of all worlds. This algorithm performs "Battleship Steganography". It first filters the image then uses the highest filter values as "ships". The algorithm then randomly "shoots" at the image (like in HideSeek) and when it finds a "ship" it clusters it's shots around that hit in the hope of "sinking" the "ship". After a while it moves away to look for other ships. The effect this has is that the message is randomly hidden, but often hidden in the "best" parts to hide in thanks to the ships. It moves away to look for other ships so that we don't degrade an area of an image too greatly. It is secure because you need a password to retrieve the message. It is fairly effective because it is hiding (if you set the values right) the majority of the information in the best areas.

Dynamic BattleSteg and FilterFirst
These two algorithms do the same as BattleSteg and FilterFirst, except they use dynamic programming to make the hiding process faster and less memory intensive. They are NOT compatible with the original algorithms because the order of pixels kept in the dynamic array is not exactly the same.

How much can be hidden?
It depends on the settings you choose - but as an example if you hid in the 2 least significant bits then you can hide:
MaxBytes = (image.height() * image.width() * 3 * 2) / 8
i.e. the number of pixels, times the number of colours (3), times the number of bits to hide in, all divided by 8 to get the number of bytes. It helps to hide a bit less than this because the algorithms may take a while to find places that haven't had anything hidden in it when you are close to the threshold.

What are the different filters and what do they do?
There are 2 different filters - the Laplace filter and the Sobel filter. Traditionally these filters are used for detecting edges in pictures. As a side effect they happen to pick the "best areas" to change. This is because an edge has a really light pixel next to a darker one. If we make the lighter pixel darker and the darker pixel lighter we aren't going to notice as much as if we make two pixels the same colour different. The Sobel filter is better at detecting edges, but the Laplace filter is better at picking up noise.

What is the embedding rate?
The embedding rate bar shown on the encoding and simulation panels shows the percentage of space available for steganography that will be written to. Anything less than 10% is a good rate. You can decrease the embedding rate by using a smaller message, a larger image or by changing the number of bits that will be written to (in the algorithm options). For steganalysis, the embedding rate is an approximation of the percent of space available that has been written to. However, the steganalysis techniques only use the very least significant bit in each colour for their calculation.

Can I add my own algorithms/filters?
Yes! You are more than welcome to change/modify my code - as long as you don't break the GPL license. If you want to add your own algorithms/filters you just need to put them in the same package as I have and add the name of the algorithm to the listboxes in the interface (there's some comments in the code that show you where to add it). If you do modify it, I'd be interested to hear from you - my email is kah18 |at| users |dot| sourceforge |dot| net

Why is it so slow?
Java is an interpreted language so isn't very fast by nature. Most of the time it will hide in a few seconds - unless you are using a big picture, a message with a size close to the maximum bytes, and a filtering algorithm. It takes a while on the big pictures because when it filters it has to look at all the different pixels at least once - for a 1000x1000 pixel picture that's a million pixels to look at! It's reasonably fast (<10 seconds) for images less than this size. I recommend using smaller pictures - they are easier to send and you still have heaps of space to hide in. Java is also a good memory hog, and whilst I've tried to optimise everything, it still likes to use a lot of memory.

Other documentation:
The javadoc can be found here. If you're interested in reading my honours proposal, it's here.
There is also this paper that was recently accepted into the Computing Womens Congress conference in Hamilton, New Zealand.

 

 

(c) K. Hempstalk, University of Waikato, 2005