Hiding in Plain Sight. Steganography and the Art of Covert
ISBN 0-417-44449-9. Two appendices, index. $35.00
Reviewed by Robert Bruen June 7, 2003
Steganography, has generally received a bad rap from the crypto community which has relegated it to the "security through obscurity" heap. However, there is a place for all things and sometimes times change so that another look is in order. The idea of hiding things has always had a value, even going back in history a millennium or more. Encryption is better for secret communications, but that does not mean that stego should be completely ignored. This is not a zero sum game, but rather the appropriate tool for the given situation. One also must consider that even if you think something is not worth using, someone else might use it, so you should understand it just for self-defense.
Over the past decade interest has picked up significantly resulting in more use, more tools and more improvements. The books from five years ago presented less sophisticated techniques than Hiding in Plain Sight. Some of the tools available in the mid 90s are still around though, better than ever. Hiding has a companion CD with a collection of tools so you can started right away. In additions there is an abundance of source code for some of the tools in case you want see how it is all done.
This is an accessible, introductory level book with stories from the field to illustrate points along the way. There are color images for comparison between before and after a stego application on the CD, but unfortunately color is lacking in book itself.
The demand for digital watermarking for images and music has given a boost to stego, since the techniques and the principles are the same. And digital watermarking suffers from the same shortcomings of steganography. For example, Cole shows how the distribution of bits can give away the hidden message within an image. Music files have become notorious for containing something other than music, often blamed on the RIAA and friends to discourage the sharing of the files. Scanning of these files could be stego related topic that deserves a little attention.
Steganography requires one to know about file formats, as well as compression, in spite of the ease that some of the tools provide. It is helpful when folks understand details of technology because they can make informed judgments. For example, when the stories of terrorists using images to pass information around the world, there was a bit of a media flurry. Some stego experts look at a large number of random images from the net to find nothing. Cole states that he has done something similar with the opposite results. Perhaps terrorists are not using it, but maybe some others are. The more of us who learn about it, the better we will be able to decide what is happening.
The future looks interesting. As the field develops, expect to see more improvements in methodologies. Cole neglected to add a bibliography, but there is some serious research being done by some serious people. Stay tuned.
"Hiding in Plain Sight" is a good introduction to steganography. It is clearly written with extras and a low price, so it is recommended.