As communities have increasingly moved online, so has the machinery of the authoritarian and surveillance state. As demonstrated by Apple’s recent removal of the Taiwanese flag emoji and HK Maps from its platforms, the state often uses their power to curtail access to content it deems reprehensible. This makes platforms extremely vulnerable to censorship, as they can be easily banned. For example, Signal and Tor are less than effective in China because they can be blocked by the state.

To get around this problem, one needs to be able to send secret messages in a way that observers cannot detect. If the state can see that a secret message is being sent, they can block it or begin targeting the sender. To this end, we present Stegasaurus. With Stegasaurus users can embed encrypted text into otherwise benign images and post those to any content hosting platform.

Stegasaurus uses an OpenPGP encryption scheme and a research-informed method for text embedding that is resistant to JPEG compression. Stegasaurus is careful to encode secret messages into images in a way that is both resistant to statistical attacks and imperceptible to the human eye. As a result, a person with a copy of Stegasaurus can embed text into an innocuous selfie, post it on a platform like WeChat, and secretly encode a message to anyone who has a public PGP key.

How we built it

Stegasaurus intentionally avoids dependencies on external libraries for the sake of portability and platform agnosticity. We imagine it being used in a world where access to libraries and other tools may be extremely censored. Under the hood, Stegasaurus runs in a web browser. Its backend server is written entirely in standard library python and it's only external dependencies are OpenCV and Numpy. In the future, we’d like to port Stegasaurus to Javascript so that literally anyone with a web browser can run it.

Challenges we ran into

Encoding text in JPEG images is very difficult as JPEG employs a lossy compression scheme. Stegasaurus supports JPEG though by embedding text in the coefficients of the DCT of an image. In order to encode text into JPEG images, Stegasaurus performs the DCT over 8x8 pixel blocks in the image. It then encodes text according to the relationship between the coefficients in the DCT. This work isn’t in the main branch of Stegasaurus yet, but it is working in the zeke-DCT branch.

Accomplishments that we're proud of

It works, and it's pretty. What more could you want?

What we learned

It was neat to apply our math classes to a project. Much of Stegasaurus is an exploration of error correction, redundancy, and interacting with the frequency domain. This was a very direct application of our coursework in EE16B and CS70.

What's next for Stegasaurus

We'd like to make Stegasaurus more platform agnostic and more easily distributed the future. To this end, we plan to port it to Javascript and explore distribution techniques that don't rely on the internet. For example, distributing it via self replicating flash drives or embedding its source code into the blockchain.

What's next for us

If any of us disappear, you can probably guess who did it.

Built With

Share this project: