An introduction to Steganography

Controlling the flow of information is a central issue for the security of any system: whether it's a company, a government or a private individual, they all have documents to protect from the eyes of others. This entails, for example, the need to ensure the confidentiality of information transfer, nowadays supported by cryptographic mechanisms. If we don't know exactly what will happen to the communication, we can protect ourselves against indiscretions by encrypting the data. However, such cryptographic mechanisms may not be available, as was the case in France until the late 1990s, where only weak cryptography could be used without special provision. In such circumstances, confidentiality can only be ensured by other techniques, such as steganography.

Etymologically, steganography means "hidden writing". In other words, the main objective is to communicate without being seen. To achieve this, there's no mystery: there must already be some form of communication that steganography will divert from its traditional use, so as to include additional information as discreetly as possible. Unfortunately, steganographic algorithms are highly dependent on the structure of the data into which the insertion is made: this is quite logical, since modifications must be imperceptible, the data must be altered in the most discreet places, which is highly dependent on the type of data (audio, image...) and its representation format (JPEG, GIF, MP3...). So, unlike cryptography, we're dealing with a highly varied set of techniques that depend on the different formats, even if certain characteristics may persist from one format to another for the same type of data.

The first argument we mentioned to justify a study of steganography is that it plays a key role in ensuring confidentiality. Of course, when this confidentiality is used to conceal illegal actions from the eyes of the law, this role is already less clearly positive. But the real problem posed by steganography is that of information leakage: the very purpose of steganography is to conceal the existence of the message, which is in obvious contradiction with any reasonable security policy, since a system must be able to know what kind of information is circulating (if not exactly what it contains) in order to prevent the disclosure of sensitive data.

It was precisely this problem that the USA and the Soviet Union were confronted with during a treaty on the proliferation of nuclear weapons (SALT 2). The protagonists were studying a device designed to detect the presence of missiles in silos, without revealing the locations of the silos. Among the constraints imposed on the system, it had to prevent manipulation of the information to be transmitted, and also not be able to transmit more information...