Everyone knows — or at least everyone SHOULD know — that email is not a secure form of communication. It’s a lot like yelling across a parking lot. Your message is sent “in the clear” along most of the connections that lie between you and the recipient. For the times when you want to send a message that does NOT stand out in the open for others to read, StegaGram is your answer.
StegaGram protects your communication in two ways. First, it locks the message so that it can only be read by the person to whom you’re sending the message. Then, it hides the locked message inside a picture, so that it doesn’t even look like a locked message is being sent. As an analogy, consider keeping your valuables in a strong safe, located in your front yard. It’s a great safe, but why invite attention to the fact that you have it? Using StegaGram is like keeping that strong safe hidden in a secret panel behind a picture in your house.
No Password, No Problem
Short passwords are not very secure because they can be quickly guessed by computer programs. Long passwords are better, but can be hard to remember. We chose to avoid these problems altogether by using long strings of random numbers, known as keys. If you want more details you can read more below. Otherwise, suffice it to say that it’s stronger than a password but you don’t need to remember anything. You just need to pass a key to your friend using a QR Code — those barcode-looking squares you see all over the place.
Under the Hood
You know those cars that look cool from the outside but lack actual power and performance when driving? Yeah, that’s not us. StegaGram is clean and easy to use, but also employs the latest methods of cryptography and steganography. In fact, our initial version was denied for public distribution because it was too strong. We had to tone it down a bit. As for our hiding methods, they don’t just avoid detection by the human eye. We use a technique that passes well under the radar of digital analysis programs which search for anomalies in histograms.
For the Nerds
StegaGram uses a combination of asymmetric cryptography and an optimized version of the Graph-Theoretic approach to steganography. The asymmetry of the cryptographic keys allows for a distributed authentication model, similar to that used in the PGP community. Our initial version uses 2048-bit RSA encryption. As for the key exchange, the QR-Code method prevents the classic ‘Man-in-the-Middle Attack’ used against the Diffe-Helman pattern, because there is no communication over a network during the exchange. In addition, our steganographic algorithm preserves first-order statistics, unlike most other freely-available steganographic software. For more details, take a look through our research paper.
This application was created for academic and recreational purposes, and comes with no guarantees or warrantees for its information protection. It’s pretty burly, as mentioned above, but is used at your own risk. Thank you to Alex Renger for the idea of StegaGram and for the steganographic algorithm. Thank you to Dr. Yue from the University of Colorado at Colorado Springs for his teaching and support.