As communities have increasingly moved online, so has the machinery of the authoritarian and surveillance state. As demonstrated by Apple’s recent removal of the Taiwanese flag emoji and HK Maps from its platforms, the state often uses their power to curtail access to content it deems reprehensible. This makes platforms extremely vulnerable to censorship, as they can be easily banned. For example, Signal and Tor are less than effective in China because they can be blocked by the state.
To get around this problem, one needs to be able to send secret messages in a way that observers cannot detect. If the state can see that a secret message is being sent, they can block it or begin targeting the sender. To this end, we present Stegasaurus. With Stegasaurus users can embed encrypted text into otherwise benign images and post those to any content hosting platform.
Stegasaurus uses an OpenPGP encryption scheme and a research-informed method for text embedding that is resistant to JPEG compression. Stegasaurus is careful to encode secret messages into images in a way that is both resistant to statistical attacks and imperceptible to the human eye. As a result, a person with a copy of Stegasaurus can embed text into an innocuous selfie, post it on a platform like WeChat, and secretly encode a message to anyone who has a public PGP key.
How we built it
Challenges we ran into
Encoding text in JPEG images is very difficult as JPEG employs a lossy compression scheme. Stegasaurus supports JPEG though by embedding text in the coefficients of the DCT of an image. In order to encode text into JPEG images, Stegasaurus performs the DCT over 8x8 pixel blocks in the image. It then encodes text according to the relationship between the coefficients in the DCT. This work isn’t in the main branch of Stegasaurus yet, but it is working in the
Accomplishments that we're proud of
It works, and it's pretty. What more could you want?
What we learned
It was neat to apply our math classes to a project. Much of Stegasaurus is an exploration of error correction, redundancy, and interacting with the frequency domain. This was a very direct application of our coursework in EE16B and CS70.
What's next for Stegasaurus
What's next for us
If any of us disappear, you can probably guess who did it.