Detection and Countermeasures

Detecting and preventing steganographic messages from being transmitted is an extremely difficult task. Depending on the circumstances, it may be impossible to prove that someone is even sending messages in the first place!

When it comes to combating (or rather detecting) physical steganographic messages, the key is really to understand all of the possible ways a message could be hidden in or on an object. For example, invisible ink that only visible when exposed to certain chemicals or ultraviolet light. There is a great history of steganography used in the real world eventually being discovered — hidden messages sent through newspapers, media, and seemingly normal communications. Detecting steganography when you don’t know what you’re looking for is partially a guessing game, and partially a pattern finding exercise.

In computing, detection of steganographically encoded packages is called steganalysis. The simplest method to detect files that may have been modified to send steganographic messages is to compare the files to known, clean originals of the files. For example, if one wanted to see if a website had been modified to hide a message in it’s image files, one could compare the image files currently on the site with the original files intended to be there. The differences in the file (if any) would reveal the steganographic message in it’s entirety.

Another common method of combating steganography is data compression. Lossful data compression (such as the JPEG image format) can completely ruin any hidden modified data bits within the file. Reducing the size of the file through compression will also significantly decrease the amount of space available for a hidden message to reside.