Sign In

Communications of the ACM

Review articles

Trends in Steganography

Trends in Steganography, illustration

Credit: Andrij Borys Associates

The mass media anointed 2011 as the "year of the hack"23 due to the numerous accounts of data security breaches in private companies and governments. Indeed, the sheer volume of stolen data was estimated in petabytes (that is, millions of gigabytes).2

A large fraction of the security breaches that year could be attributed to the so-called Operation Shady RAT.49 These actions were targeted at numerous institutions around the world and the inflicted damage lasted, in many cases, for months. The mechanism of infection was mainly by means of conning an unaware user to open a specially crafted email message (phishing) and implanting a back door on the victim's computer. The next step was to connect to a website and download files that only seemed to be legitimate HTML or JPEG files. What cybercriminals had actually done was encode commands into pictures or crafted Web pages so they were invisible to unaware third parties, and smuggled them through firewalls into the system under attack. These control commands then ordered a victim's computer to obtain executable code from remote servers, which in turn permitted an outsider to gain access to local files on the compromised host.32 In numerous cases, the side channel to the confidential resources remained accessible for months, thus deeming the security breach severe. The villains were so daring they did not even put much effort into obscuring the fact that information hiding techniques were involved in the attack. One of the pictures used as a vector for control commands was the famous "Lena," a cropped picture of a Playboy model, which is the standard test image for any digital image processing or steganographic algorithm.


CACM Administrator

The following letter was published in the Letters to the Editor in the May 2014 CACM (
--CACM Administrator

In their Review Article "Trends in Steganography" (Mar. 2014), Elbieta Zieliska et al. included a good survey of the history of data hiding and a comprehensive list of methods for inserting bits into cover objects but omitted an important actor from the scene the enemy. In computer security, a system is secure only if it prevents the enemy from achieving certain specified goals. If the primary aim of steganography is to communicate covertly (as the article said correctly), then the enemy is someone a "steganalyst" who is able to monitor communications to detect covert communication. Such a scenario reflects reality in light of today's pervasive monitoring of the Internet by intelligence agencies and criminals.

Researchers would do well to identify new media that supports covert communication but only if they also prove it is not actually detectable by an enemy using the tools (such as statistical analysis and machine-learning algorithms) needed to unmask hidden data. I would not want a Communications reader to imagine steganographers forget they indeed have enemies, far from it. But few steganography methods survive long once researchers start trying to detect them through statistical methods. The only exceptions are ultra-low-bandwidth mechanisms that find perfectly random parts of the cover (where hiding is trivial) or highly refined methods that exploit coding theory and distortion minimization applied (at least in recent years) to image steganography.
Trends in steganography research have advanced past finding new bits to twiddle in communications streams, focusing instead on the enemy and asking important theoretical questions: Can a steganographer use information theory to provide an upper bound on an adversary's powers? (Yes.) Must the number of steganographic changes be proportional to the size of the hidden message? (Surprisingly, no.) Can a researcher say something about secure capacity relative to the size of the cover? (Yes.) And can a steganographer identify parts of the cover medium that are better to hide in? (Yes, but at the moment only heuristically.) Answers lead to further fascinating game-theoretic questions: If a steganographer embeds secret information only in the "best" places, the enemy would likely look only there and catch it out, so steganographer and steganalyst alike should randomize their behavior. The questions also represent today's most interesting research challenges.

Andrew D. Ker
Oxford, U.K.

Displaying 1 comment

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account