Computer Systems Laboratory Colloquium

4:15PM, Wednesday, November 07, 2001
NEC Auditorium, Gates Computer Science Building B03

Detecting Steganographic Content on the Internet

Niels Provos
CITI, University of Michigan
About the talk:

Steganography is used to hide the occurrence of communication. Recent suggestions in US newspapers indicate that terrorists use steganography to communicate in secret with their accomplices. In particular, images on the Internet were mentioned as the communication medium. While the newspaper articles sounded very dire, none substantiated these rumors.

To determine whether there is steganographic content on the Internet, this talk presents a detection framework that includes tools to retrieve images from the world wide web and automatically detect whether they might contain steganographic content. To ascertain that hidden messages exist in images, the detection framework includes a distributed computing framework for launching dictionary attacks hosted on a cluster of loosely coupled workstations. We have analyzed two million images downloaded from eBay auctions but have not been able to find a single hidden message.

The slides for this talk are available at

Background Materials and Pointers:

Interested Colloquium attendees may wish to look at the following CITI technical reports and papers:

pdf ps
Niels Provos, "Probabilistic Methods for Improving Information Hiding," January 2001.
pdf ps
Niels Provos, "Defending Against Statistical Steganalysis," February 2001. [USENIX Security Symposium, Washington, D.C. (August 2001)]
pdf ps
Niels Provos and Peter Honeyman, "Detecting Steganographic Content on the Internet," August 2001.

pdf ps
Niels Provos, "Defending Against Statistical Steganalysis"

A recent article in the New York Times speaks to the possible use of steganographic cyphers by terrorists.

The Digital Beat: The Debate Over Online Steganography provides some interesting background and links.

Teleoplis (Germany) provides a critical review of current claims at

Peter Wayner's Steganogaphy 101 posting provides a summary of current research.

Is the the poster showing Bin Laden and Bert of the Muppets together some form of steganographic communication?

The CryptoRights Foundation, ttp://, is a non-governmental (NGO) nonprofit 501(c)(3) organization promoting the use of communications security tools to protect Human Rights workers and their data, and also provides active support for the rights and freedoms of Security Researchers & Developers who create those tools.

UK based covers policy issues related to cryptography and privacy with a somewhat different perspective than US sites. About the speaker:

Niels Provos is a Ph.D. candidate at the Center for Information Technology Integration of the University of Michigan. His research interests are focused around computer security.

Contact information:

Niels Provos
CITI, University of Michigan
535 W. William Street, 3rd floor
Ann Arbor, MI
GPS: 42.2775 N, 83.754167 W.
734 764 5207


Thanks to the Computer Forum for funding support for this talk. The Computer Forum is the industrial affiliate program for the Computer Science Department and the Computer Systems Laboratory. Contact Suzanne Bentley if your company is interested in participation.