Steganography for Python Programmers

Contents

1. What is this book?
2. Why Python
3. Basic concepts
4. Book approach and excluded techniques
5. Installing the required libraries
6. Examples repository

What is this book?

This book is an introduction to steganography designed specifically for programmers with knowledge of Python who want to take their first steps in this discipline. Throughout its chapters, we explore the theoretical foundations of steganography, how it differs from other techniques such as cryptography and watermarking, and its relationship with steganalysis—the discipline in charge of detecting and extracting hidden information.

Unlike more academic or mathematically dense texts, this book takes a practical and accessible approach. No prior experience in computer security or advanced knowledge of signal processing is required, although some familiarity with Python programming will be very helpful. We present detailed examples and step-by-step explanations that let readers apply the concepts in practice through code.

One of the main goals of this book is to show how steganography can be implemented in different digital media, such as images, audio files, video, and text. Through concrete examples, we explore various information-hiding techniques, from the simplest ones—like modifying least significant bits (LSB)—to more advanced methods based on mathematical transforms and modern techniques used today.

Beyond implementation, we also analyze tools and strategies used in steganalysis, enabling readers not only to learn how to hide information, but also to understand some of the methods used to detect it. This provides a more complete and balanced view of the discipline.

Throughout the book, Python code takes center stage, allowing each technique to be understood from a practical and applicable standpoint. We use popular libraries for image and signal processing, as well as specific tools that make experimentation and learning easier.

In short, this book is an ideal starting point for any programmer who wants to get into the fascinating world of steganography in a practical and effective way. Beyond theory, the goal is for the reader to finish with a clear understanding of how to implement steganographic techniques in Python, with examples that can serve as a basis for future research or applications in the field of information security.

Why Python

Python has become one of the most powerful and versatile tools for developing applications in the field of steganography. Its popularity and effectiveness stem from several reasons that make it especially suitable for this discipline.

The simplicity and readability of Python code are notable. Python is known for its clear and concise syntax, which makes writing and understanding code easier. This is crucial in steganography, where algorithms can be complex and require readable code to facilitate review and maintenance.

In addition, Python offers a wide range of tools and libraries that simplify the development of steganography techniques. Libraries such as NumPy and SciPy provide a solid foundation for data processing and analysis, which is essential for developing steganographic algorithms. These tools provide robust functions that accelerate development and allow you to focus on implementing steganography algorithms.

However, in some cases, the existing tools do not cover all the specific needs of the field. For this reason, the author of this book has developed some libraries needed for image steganography that were not available in the Python ecosystem. One of these libraries is python-jpeg-toolbox, which allows access to low-level information in JPEG images, essential for working with steganography in this format. Another is PySTC, a library created to facilitate the use of Syndrome Trellis Codes (STC) in steganography, an advanced technique that allows embedding information while minimizing the number of modifications made. Both libraries are used throughout this book to illustrate and put into practice various steganography techniques.

The Python community is one of the largest and most active in the programming world. This means there are a great many resources available—from tutorials and documentation to discussion forums and open-source projects. The availability of these resources makes it easier to solve problems and continuously improve steganography techniques.

Python is a high-level language that is compatible with multiple operating systems, including Windows, macOS, and Linux. This is fundamental for developing steganography applications that must work in different environments. In addition, Python can easily interact with other languages and technologies, allowing steganography techniques to be integrated into larger and more diverse systems.

In steganography, it is important not only to embed data but also to analyze and detect that data. Python offers powerful tools for data analysis and visualization, which are essential for steganalysis and for evaluating the effectiveness of hiding techniques.

Thanks to its simplicity and the availability of existing tools, Python enables rapid prototyping. This is especially valuable in research and development of new steganography techniques, where the ability to test and refine ideas quickly can lead to significant discoveries and improvements.

Python has been widely adopted in both academia and industry. This adoption ensures that techniques and tools developed in Python are relevant and applicable in real-world contexts. It also facilitates collaboration between researchers and professionals working in the field of steganography.

In summary, Python is the ideal choice for developing steganography applications due to its simplicity, versatility, and the vast ecosystem of available tools. These characteristics not only allow complex algorithms to be implemented efficiently but also ensure that applications are robust, maintainable, and easy to extend.

Basic concepts

In the study of steganography, it is common to encounter terms that may seem similar but actually have different purposes and applications. Concepts such as cryptography, watermarking, and steganalysis are closely related to hiding and protecting information, but they differ in their focus and functionality. This chapter aims to clarify these differences, providing a solid foundation for understanding how each technique operates, where they are similar, and where they differ within the field of information security.

Steganography and steganalysis represent two opposing approaches within information security. While steganography focuses on hiding information within a carrier medium so that its presence is not detected, steganalysis aims to detect and possibly extract these hidden messages.

Steganography seeks discretion. Its purpose is not to encrypt the information but to hide it so that it appears nonexistent. This is achieved through various techniques, such as modifying the least significant bits (LSB) in images and audio, inserting data in the frequency domain through mathematical transforms, or hiding information in metadata and communication protocols.

Steganalysis, on the other hand, is responsible for detecting and analyzing files for subtle alterations that may reveal the presence of hidden information. It relies on statistical methods, machine learning, and signal processing techniques to identify irregularities in the suspected file. Some strategies include looking for anomalies in the distribution of pixel values or analyzing patterns in image encoding.

As steganography advances, more sophisticated hiding techniques emerge that challenge the capabilities of steganalysis. Likewise, detection methods evolve to counter new forms of concealment. This ongoing struggle makes both fields dynamic disciplines within computer security.

Applications of steganography range from hiding malware, data exfiltration, and covert communication in criminal activities to secure communication in censored environments. Meanwhile, steganalysis is used in forensic investigations, cybersecurity, and in detecting malware that employs hiding techniques.

Steganography and steganalysis are intrinsically linked in continuous competition. While one seeks to hide information imperceptibly, the other develops advanced techniques to expose its existence. Both play a crucial role in information security and will continue to evolve with technological advances.

Cryptography and steganography are two information security disciplines that, while sharing the goal of protecting data, differ in their focus and fundamental purpose. Whereas cryptography focuses on transforming information to make it unreadable to unauthorized third parties, steganography seeks to hide the very existence of the information within another medium.

Cryptography uses mathematical algorithms to encrypt data so that only those with the proper key can decrypt it. Its strength lies in the mathematical soundness of algorithms such as AES, RSA, or ECC, which ensure security even if an attacker intercepts the encrypted message. However, the main weakness of cryptography is that, although it protects the content of the message, it does not hide its existence. If an attacker detects encrypted communication, they may suspect that sensitive information is being transmitted and attempt to break the encryption using brute-force attacks, cryptanalysis, or social engineering. In addition, they may infer that two parties are communicating and therefore that a relationship exists between them.

In contrast, steganography does not alter the content of the message but hides it within another carrier medium, such as images, audio files, videos, or digital documents. Its goal is for the information to go unnoticed, preventing an attacker from even suspecting its existence. A steganographic message, if well implemented, can look like an innocuous file that arouses no suspicion. However, its potential weakness is that, once discovered and extracted, the security of the message may be compromised if the hidden information is in plaintext or only minimally protected.

Cryptography and steganography are not mutually exclusive and, in fact, can be combined to increase the security of a communication. A message can first be encrypted and then hidden inside a digital file so that, even if the hidden message is discovered, the attacker would still have to decrypt its content. This combination offers an additional layer of security, mitigating the weaknesses of both techniques.

In terms of applications, cryptography is widely used in secure communications, online banking, data storage, and privacy protection on networks. Steganography, for its part, has applications in communication in censored environments and hiding information in digital files. However, both technologies can be used for malicious purposes, such as hiding malware or covert communication of illegal activities.

Steganography and watermarking are techniques that involve inserting information inside digital files such as images, audio, and videos. Due to this similarity, they are often confused, but their purpose and application are fundamentally different.

The main objective of steganography is to hide information imperceptibly so that its existence goes completely unnoticed. The goal is that no one suspects that there are hidden data within the carrier file. For this reason, the information inserted in a file by steganography must be undetectable.

Watermarking, on the other hand, is not designed to hide information but to embed it within the file for a specific purpose, such as copyright protection, authentication, or integrity verification. Unlike steganography, where the hidden message is generally arbitrary and intended for a specific recipient, in watermarking the inserted information is usually related to the identity of the content or its owner.

One essential property of watermarking is imperceptibility, since in most of its applications the goal is to protect a digital file without degrading its quality. If an image, video, or audio file suffered perceptible alterations due to the watermark, its usefulness would be compromised. For this reason, watermarking techniques are designed to insert information without affecting the perception of the original content.

Another key difference is robustness against modifications. Depending on the application, a watermark may be robust or fragile. Robust watermarking must withstand transformations such as compression, editing, or manipulation attacks, ensuring that the mark remains even if the file is copied or modified. This type of watermarking is used to verify the intellectual property of a file. In contrast, fragile watermarking is designed to disappear or change with the slightest modification to the file, allowing any attempt at tampering or forgery to be detected. This type of mark is used to verify the authenticity and integrity of the content.

Technically, steganography and watermarking can share similar data insertion methods, such as modifying least significant bits (LSB) or manipulating in the frequency domain using techniques such as the Discrete Cosine Transform (DCT) or the Discrete Wavelet Transform (DWT). However, steganography prioritizes the undetectability of the message, whereas watermarking usually balances imperceptibility and robustness depending on its purpose.

In terms of security, detection of a watermark does not imply that the file has been compromised, since its purpose is not concealment but content protection. In contrast, in steganography, if a third party detects the presence of a hidden message, its purpose is immediately compromised, since its effectiveness lies in avoiding any suspicion.

Book approach and excluded techniques

This book is oriented toward developing steganography tools that are functional and resistant to detection techniques. For this reason, we do not include methods that, although historically used to hide information, present known vulnerabilities and can be easily detected through forensic analysis or steganalytic attacks.

One excluded technique is EOF (End of File)-based steganography, which consists of adding hidden data at the end of a file without modifying its original content. Although this technique is extremely simple to implement, it is also trivial to detect, since the additional data remain outside the normal structure of the file and can be identified through manual inspection or automated tools. Due to this weakness, its use in practical applications is limited and it will not be covered in this book.

Another commonly used but highly insecure method is steganography in metadata, where the hidden information is stored in the metadata fields of image, audio, or document files. Although this technique does not alter the visible content of the file, metadata can be easily inspected with standard tools, making this technique unreliable in scenarios where effective concealment of information is crucial.

The use of drawn text is another method that, although creative, proves insecure in practice. In this technique, hidden messages are represented within an image using drawn characters or subtle patterns that can only be interpreted by the recipient. However, this type of concealment is highly dependent on the visual content and can be easily detected using specialized filters.

Another image steganography technique not covered in this book is hiding data in the alpha channel of images with transparency. In this method, information is embedded in areas where the alpha channel is completely transparent, so that the modified pixels do not affect the visible appearance of the image. However, this technique is extremely easy to detect, since it is enough to force the alpha channel to be displayed as opaque to reveal possible modifications. Because of this fundamental weakness, its use in practical steganography is limited and it will not be addressed here.

Although this book studies techniques based on modifying the least significant bits of the pixels of an image, it does not use LSB replacement as a general embedding method. This method, which consists of directly replacing a pixel’s least significant bit with a bit of the hidden message, is highly vulnerable to so-called structural attacks [Fridrich:2001:rs, Dumitrescu:2003:spa, Ker:2005:sstructural], which analyze the statistical characteristics of the image to detect artificial alterations. Instead, we use LSB matching, which is more difficult to detect through statistical analysis.

In conclusion, this book focuses on steganography methods that offer a higher degree of security and resistance to detection techniques. The techniques mentioned above have been excluded due to their vulnerability to forensic analysis and their limited applicability in real-world scenarios. Throughout the chapters, we explore more advanced and resilient approaches, with practical examples in Python that allow readers to develop secure tools for hiding information.

Installing the required libraries

Throughout this book, we will use several Python libraries to implement and test steganography techniques. To make installation easier and to ensure that the code runs smoothly, we will use Python’s package manager: pip. This manager allows you to install and update libraries easily and is the recommended option for handling dependencies in Python. In this chapter, we explain how to install the fundamental libraries we will use.

To install NumPy, which provides support for multidimensional arrays and advanced mathematical operations, run the following command in your terminal:

pip install numpy

To install SciPy, an extension of NumPy that provides tools for signal processing, optimization, and other advanced scientific operations, use:

pip install scipy

To install Matplotlib, a visualization library that allows you to plot data, including audio file waveforms:

pip install matplotlib

To install reedsolo, a library that implements Reed–Solomon error-correcting codes, use:

pip install reedsolo

To install PyDWT, a library that performs the Discrete Wavelet Transform (DWT) on images and signals, use:

pip install pydwt

To install imageio, a library for reading and writing images in multiple formats, use:

pip install imageio

To install PySTC, a library that implements Syndrome Trellis Codes (STC) for efficient steganography, use:

pip install pystcstego

To install python-jpeg-toolbox, a library that provides access to the DCT coefficients of JPEG images (as well as other low-level information), use:

pip install python-jpeg-toolbox

To install Numba, a library that speeds up Python functions using just-in-time compilation, use:

pip install numba

To install PyAV, a library that provides access to audio and video data using FFmpeg from Python, use:

pip install av

To install Scapy, a tool for creating, manipulating, and analyzing network packets in Python, use:

pip install scapy

To intercept packets and manipulate them from user space, you also need the NetfilterQueue library. This library acts as a bridge between Linux’s Netfilter queue system (kernel) and Python. Install it with:

pip install NetfilterQueue

In addition to installing the library, make sure the nf_netlink_queue kernel module is available. In most modern Linux distributions, it can be loaded automatically when first used. If it is not present, you can check for it with:

lsmod | grep nfnetlink_queue

If it does not appear, you can load it with:

sudo modprobe nfnetlink_queue

Both Scapy and NetfilterQueue require administrator privileges, so it is common to run scripts with sudo.

Examples repository

To make learning easier and to let readers try the examples without having to write the code manually, all the examples used in this book are available in the following GitHub repository:

https://github.com/daniellerch/books/introstego

This repository contains the source code for each example, organized by chapters and sections. In this way, users can copy and paste the code directly into their development environments instead of writing it from scratch. In addition, access to the repository’s files allows faster exploration of the examples and makes it easy to modify them for tests and experiments.

We recommend cloning the repository to have local access to all files. To do this, run the following command in your terminal:

git clone https://github.com/daniellerch/books/introstego

This command downloads a complete copy of the repository to the user’s machine, allowing structured access to all examples. It is also possible to download files individually from the GitHub web interface.