Encode to BMP
   Steganography is the art of hiding data.  When it comes to cryptography, steganography is a way to transfer "sercet" data without anyone knowing the data is present.  Conventional encryption simply aims to stops someone without the key from obtaining the orignal data.  More than likely, if the encrypted data was intercepted durring transfer or found at all, the ones who found it know it is encrypted.
   The idia behind steganography is to store and transfer data without anyone being aware the data is present.  This is done by "hidding" the privliged data in inside some other "harmless" data. 
   There are many ways this can be acomplished.  Some are more detectable than others.  Some are nearly imposibal to detect.
   Encode to BMP is a program designed to hide data inside an image.  More specificly, a "real-world" image saved in 24-bit BMP format.  Encode to BMP is able to store data inside the BMP image by making tinny changes to the image-- changes too suttle to be seen in the result.  In fact, the changes made to the image are so small, it is nealy imposibal to deduce the modified image wasn't the orignal image.  More on that latter.
   Encode to BMP works best on "real-world" images.  That is, a BMP image not computer generated such as a scanned photograph or digital camera image.  24-bit images have so much color detail that the color resolution exceeds that of the hummen eye.  One can change much of the fineite data and visualy leave the image unchanged.  Encode to BMP uses the fineite data to store the "hidden" information.
   The way this works reduces the color resolution from 16.8 million colors down to around 1 million.  4-bits of fineite data is taken from of each pixel.  In this manner, it will take two pixels for ever one byte of data to be hidden in the bitmap.

   In a real world image, the finite vareations from pixel to pixel apear random.  That is, one can not predict how the finite vareations will change from pixel to the next.  Now, the output of a good encryption algorithm is also random.  If one were to take an image and replace the ture finite vareations with random ones, there would be no way to tell which image was the orignal (with out knowing prehand of corse).
   Encode to BMP encrypts all data stored in the BMP with a strong stream cipher.  Reguardless the input, the data stored in the BMP apears random-- just like the orignal.  If the an orignal image was being transfered with hidden data, there is no way to know if that image contains the data or not.  Even if one suspects the image of holding secret data and has Encode to BMP, without the key, they can not prove it.
   Now, I asked the people of "sci.crypt" if the above statment was true.  I mostly got a lot of off the subject replys (as usual), but I did get a bit of useful information.  Basicly, it might be posibal to predict how LSBs should move near edges in an image.  By anilysing the sharp edges of an image, one may be able to find that there might be iregularities caused by hidden data.  Unforchently, I wasn't able to find good information about how this process is done, how much change is requiered for detection or how sharp the edges need to be before detection is posibal.  There is a system for detecting hidden data in JPEG images.  However, I wasn't able to deduce from the write up if the detection was based on anylise of the image or if detection was done by checking iregulearitys in the commen findings of the JPEG format itself.  That is, this system of detection may only aply to images using JPEG compression. 
   In any case, there isn't an off the shelf method for detecting data hidden in .BMP files.  If someone has one, they don't talk about it.

   This steganography system has some ovious weaknesses.  The data is likely safe, but an atacker could stop the data from getting to a recepiant. 
    The simplest and easyest method would be to fill the finite data of the image with random data.  It will not effect the visual quality of the image, but it will distroy any "hidden" data by making it imposibal to extract.
   The second weakness is lossy compression.  This system only works on 24-bit BMP files.  The files could be saved in other formats, transfered and converted back into BMP with the hidden data intact only if no or lossless compression is used.  Lossy compression, such as JPEG, take advantage of the fact 24-bit color is too good and use this as part of the compression.  Lossy compression changes the image to make it easyer to compress.  An atacker could simple use JPEG compression on all BMP images and distroy all hidden data.

A note from Punkroy:
   Steganography with encryption is probly one of my favroit feilds of encryption.  It's hits a would be atacker with two problems.  One, cracking encryption.  But harder, trying to find the encrypted data to crack.  Steganography is defently sneaky.  It alows secret data to be stored in plain sight, amonst harmless data.  The data can exist without anyone knowing it's there.  And the best way to stop an atacker is not to let them have anything to atack.

Copyright ©2001-2005, Punkroy. Bla, bla, bla...