stegasaurus

Alternate, more helpful description.
Original image in which to encode an encrypted message.
Modified image encoded with encrypted message
The encoder.
The decoder.

Stegasaurus

As communities have increasingly moved online, so has the machinery of the authoritarian and surveillance state. As demonstrated by Apple’s recent removal of the Taiwanese flag emoji and HK Maps from its platforms, the state often uses their power to curtail access to content it deems reprehensible. This makes platforms extremely vulnerable to censorship, as they can be easily banned. For example, Signal and Tor are less than effective in China because they can be blocked by the state.

To get around this problem, one needs to be able to send secret messages in a way that observers cannot detect. If the state can see that a secret message is being sent, they can block it or begin targeting the sender. To this end, we present Stegasaurus. With Stegasaurus users can embed encrypted text into otherwise benign images and post those to any content hosting platform.

Stegasaurus uses an OpenPGP encryption scheme and a research-informed method for text embedding that is resistant to JPEG compression. Stegasaurus is careful to encode secret messages into images in a way that is both resistant to statistical attacks and imperceptible to the human eye. As a result, a person with a copy of Stegasaurus can embed text into an innocuous selfie, post it on a platform like WeChat, and secretly encode a message to anyone who has a public PGP key.

How we built it

Stegasaurus intentionally avoids dependencies on external libraries for the sake of portability and platform agnosticity. We imagine it being used in a world where access to libraries and other tools may be extremely censored. Under the hood, Stegasaurus runs in a web browser. Its backend server is written entirely in standard library python and it's only external dependencies are OpenCV and Numpy. In the future, we’d like to port Stegasaurus to Javascript so that literally anyone with a web browser can run it.

Challenges we ran into

Encoding text in JPEG images is very difficult as JPEG employs a lossy compression scheme. Stegasaurus supports JPEG though by embedding text in the coefficients of the DCT of an image. In order to encode text into JPEG images, Stegasaurus performs the DCT over 8x8 pixel blocks in the image. It then encodes text according to the relationship between the coefficients in the DCT. This work isn’t in the main branch of Stegasaurus yet, but it is working in the zeke-DCT branch.

Accomplishments that we're proud of

It works, and it's pretty. What more could you want?

What we learned

It was neat to apply our math classes to a project. Much of Stegasaurus is an exploration of error correction, redundancy, and interacting with the frequency domain. This was a very direct application of our coursework in EE16B and CS70.

What's next for Stegasaurus

We'd like to make Stegasaurus more platform agnostic and more easily distributed the future. To this end, we plan to port it to Javascript and explore distribution techniques that don't rely on the internet. For example, distributing it via self replicating flash drives or embedding its source code into the blockchain.

What's next for us

If any of us disappear, you can probably guess who did it.

Built With

Submitted to

Cal Hacks 6.0
- Winner Second Place Prize
trial

Created by

I gave shape to the overall presentation of our product and managed the implementation of the backend, for example writing all the function definitions and docstrings to specify the overall flow of our program in order to set a foundation for modularity and flexibility in our code. I also assisted in designing the algorithm itself and the implementation of some of its particulars, eg. duplication via flashdrive, extracting relevant image data, encode/decode functions.

Alec Zhou
I implemented the encryption/decryption functions using the PGP library, and then wrote an encoding/decoding scheme with redundancy that stores data in a specific (variable) bit of randomized locations in the image data. After compressing the encoded image, I was able to retrieve 400+ characters exactly as encoded with undetectable visual differences. I also worked on the frontend to make it smooth, pretty, and easy to use.

Noah Saso
I wrote the DCT code to encode text in JPEG images, did a decent amount of work on the frontend, and came up with the idea for the project.

zeke m
I worked on the image steganography algorithms and the encryption scheme. This included reading a lot of research papers about RSA and discrete fourier transforms.

Alexander Kristoffersen