by Samantha Beres
If terrorists aren't already using it, it's only a matter of time. It's called steganography, a way to hide messages in seemingly innocent digital images. Apparently harmless JPEG files, such as family vacation photos containing hidden data, could be e-mailed or posted on the Web -- possibly activating terrorist cells.
To help catch the bad guys, two Iowa State University mathematicians have developed software that will detect secret files in images. Jennifer Davidson and Cliff Bergman, both professors in the math department, are fine-tuning the artificial neural net (ANN). When plopped into a computer, the ANN will work like radar that culls out suspicious images.
The software was created with local law enforcement in mind. Plans to have it field-tested in Iowa are under way.
"Any forensic tool you can get your hands on is valuable," said Michael Morris, special agent supervisor with the Division of Criminal Investigation in Iowa. "The whole Internet and computer world changes by the minute. That's why having new tools to combat the changing technology is important."
Morris added that an application for the ANN would be terrorist-type investigations.
So how does it all work?
"An image is just a series of dots," Bergman said. "One way to embed data is to just change the value of those dots. If you change those numbers slightly, that change contains the hidden data."
There are steganography, or "stego" programs that criminals can download for free to embed a secret file, or payload -- which can be another image or text. The programs look at the payload as represented by a string of zeroes and ones. The program then adjusts pixel values (or dots) in the "cover" image to even-odd numbers that represent the zeros and ones from the secret file. For instance, it may adjust a grayscale value of 146 to 145. The receiver on the other end can look at the even-odd pixel values to reconstruct the secret file's string of zeros and ones.
Adding another complication for investigators, there is a good chance secret files would be encrypted.
"We're hopeful that just the fact that you've found, say, a cache of suspicious images, ought to be enough to at least warrant further investigation," Bergman said.
"When you insert this information into the image file, encrypted or not, there are certain statistical values or measures of images that will change from one that has a message in it and one that doesn't," Davidson said. The ANN is trained to use sophisticated pattern recognition as it takes multiple measures of statistical values in an image.
The ANN program was trained on a database of more than 10,000 images. The database was built using 1,300 clean images, a certain percentage of which were altered using various stego embedding techniques. In preliminary tests, the ANN identified 92 percent of the stego images and flagged only 10 percent of the innocent images.
Bergman and Davidson hope to improve those results to come up with statistics convincing enough for forensic scientists to use in a court of law. The two foresee the evidence being used much in the way DNA evidence is used to establish a link between the defendant and the crime.
Their research was initially funded through the Midwest Forensic Resource Center, operated by Ames Lab and the university. The center provides research and support to crime laboratories and forensic scientists throughout the Midwest.