Crypto: Steganography - Not a dinosaur version of crypto
When discussing cryptography, i.e. the practice of hiding information, it is common to think of ciphers and public keys and other protective measures. Steganography is another information hiding strategy.
Recall that in the discussion on parties, there was the "unaware party". The unaware party was any party who does not know that information exists. As a cryptographer, this is an ideal situation. If an adversary is unaware that I have information to convey, there is less risk to that information. The "closed and determined adversary" will never be unaware, because they believe that all information from an originator is valuable in some form. How can I in the face of a closed and determined adversary, still convey information that they are unaware of because they capture all of my communications?
Steganography is one answer to this problem. Steganography is the hiding of information by means, such that, no one other than the receiver of the information is aware of the existence of the message. So you may ask "Hey Scalper, ummmmmmmm, if someone is already capturing all of my communications (information), aren't they aware of all of the information?" The answer is no. Consider the simple example.
I (originator) would like to email the following message to my friend (recipient):
"Don't buy xyz stock today. Bad news."
I also don't want any one to know of the existence of this message. Through another means of communications, whether it be in person, on the phone or otherwise, we agree, that we'll transmit any hidden messages of this nature as the low order bit in jpg images that we transmit.
So now I need to send this message. Lets' assume that I have a jpg of my kid and I want to hide the above message in that picture. I construct a simple program which takes the ASCII (Unicode or otherwise agreed upon encoding for the exchange) and I take the bits from each character, one at a time, and substitute them into the jpg picture's pixels, one at a time, in the lowest order bit for red, green, blue or some other agreed upon position. I modify the jpg so that it retains its integrity for display in any other informational fields due to changes that I have introduced. Because I'm modifying the low order bits of the colors, the image maintains its fidelity (to the naked eye).
With my image modified, I compose the email: "Dear so-and-so, Here's my kid in her latest karate match. She permanently injured her opponent. See you this weekend. -O" and attach the picture.
The recipient receives the email. Without prompting, the recipient runs a program that looks at the low order bits of the pixels of the jpg and attempts to construct a message. In doing so, the recipient can recover the message. If there is no message, the results will be garbage.
So in doing this communications transaction, the closed and determined adversary can assume that my kid is a mean karate student and can even see my kid in a picture. But the adversary is unaware that I'm transmitting another hidden message.
If I constantly send pictures through email to the same recipient, the adversary will likely find this communications to be consistent and will likely not look for steganography. If on the other hand, I had a large message to send, e.g. source code and binaries for a project, and used steganography to hide the information, it may require 20-30 pictures. An email with 20-30 pictures in a channel where the typical email has between 0 and 2 pictures would raise suspicion with an adversary.
NOTE: Any stego that I transmit would be done in clear text in my writings here. With "verbose=on" there is plenty of room for hiding.