OTP-Steg (One-Time Pad Steganography) — Free Digital Forensics Educational/Research Software Tool, see download options below.
OTP-Video.htm - 18 minutes (Opens in new page)
MP4 Video File - Download Version
Sample Test Files: Each image file in this directory contains the entire US Constitution as a text payload. Using the key file in the directory, you can extract the content. Can you develop a steganalysis techique to identify image files containing payloads?
OTP-Steg is free software that allows you to embed a message into a PNG, BMP, TIF, WEBP, JXR, J2K, or JP2 image file. OTP-Steg uses one-time pad (OTP) encryption in conjunction with adaptive least significant bit (LSB) image encoding.
There are three programs included:
1. Encrypt — Allows you to encrypt/embed a Unicode message (any language alphabet or characters are acceptable).
2. Decrypt — Decrypt the message using the selected image and key files.
3. Generate Keys — Allows you to generate extremely secure (mathematically unbreakable) one-time pad image keys for use with encryption and decryption.
The “One-Time-Pad” encryption methodology is regarded historically and currently as the most secure of all forms of encryption. When used properly, it has never been broken.
Download [Last Update: 04DEC2015]:
1. Zip File of Software (31MB): OTP-Steg.zip <-This can run off a USB drive.
2. Windows Setup File (30MB): OTP-Steg_Setup.exe <-If you prefer a full installer.
Encrypt program:
Decrypt program:
Generate Keys program:
Contact: michael@mauisolarsoftware.com
This software was created as a demonstration and educational software for computer forensics students. Using OTP-Steg, students can study the steganographic science of embedding messages in images as well as using forensic software tools to detect hidden messages. Typically, sophisticated statistical analysis is completed that may involved a variety of software to detect payload messages.
A good example of open-source Python software used to detect steganographic efforts (i.e., “steganalysis“) can be found from NYU here: RS steganalysis. Please feel free to download OTP-Steg software and use it for your own computer forensics or security courses! Let us know if it is useful to you. Competitions between student teams, some teams embedding images, and other teams trying to detect them using steganalysis tools of their own choosing, is one possibility for usage.
An example of a professional “Steg” competition and results is here (“BOSS”; “Break our Steganographic System”). Major research efforts have been underway for several decades by the Air Force and several other government agencies regarding both steganography and steganalysis.
Slides and MP3 recording (several updates to the software have been completed since this time, including adaptive encoding and data compression):
OTP-Steg.MP3 (54 minutes)