Stegosaurus

Secure. Discreet. Convenient.

Inspiration

People are always looking for better ways to securely store their personal information. As the digital age continues, people have an ever increasing number of usernames, passwords, sensitive files, and data in general to manage, yet there's still no secure, inconspicuous, and convenient to store all of them. Reusing passwords to make it easier to remember them is a serious security risk, and writing them down in plain text is just as bad. Similarly, storing sensitive documents in plain text is a disaster waiting to happen.

The advent of password managers and convenient encryption tools has helped improve this situation, but they aren't perfect. So far, nothing has been able to offer the perfect combination of security, inconspicuousness, and convenience that is needed. Password managers reduce the number of passwords people have to remember, but online password managers like LastPass are inconvenient in that they require an internet connection and have suffered from security breaches in the past. Local password managers like KeePass improve those issues, but having a KeePass database on a USB or in cloud storage is a dead giveaway that you have something you don't want other people to see. Similarly, simple file encryption will prevent people from getting into sensitive files without the password, but does nothing to conceal the presence of sensitive files in the first place. Furthermore, all of these techniques still have a single point of failure unless they require a password and key file to unlock. Even then, people are likely to keep that key file in the same place as the password database or encrypted file, defeating its purpose. There has to be a better way.

Enter Stegosaurus.

What it does

Stegosaurus combines powerful encryption and nearly invisible image steganography to create a secure, discreet, and convenient information storage mechanism that works well both with and without internet. Stegosaurus can store any type of raw data and can also parse Excel, CSV, and JSON files to extract and efficiently store the information they contain.

When storing data, the user sets a password and optionally enables 2-factor authentication with a cellphone. Similarly, when extracting data stored in an image by Stegosaurus, the user simply enters the password and enters the 2-factor authentication code, if applicable. Note that if 2-factor authentication is used, encrypting and decrypting the data will require an internet connection, whereas password-only encryption and decryption can be done offline.

Stegosaurus can be used through a website for maximum ease-of-use or through a command line tool for portability and offline use.

How we built it

Stegosaurus uses AES-256 encryption to encrypt user information to ensure maximum security - assuming a good master password is chosen. Stegosaurus then hides that encrypted information in an image file using a customized DCT-based image steganography technique that is resistant to virtually any visual attack and nearly all statistical attacks.

Challenges we ran into

Due to the way that we encode information in JPEGs, the upper limit for how much information can be stored in an image is rather small - a 1 MP image can store about 100 KB. Fortunately, when working with text-only information, this limit is rarely a problem.

Accomplishments that we're proud of

Making it actually work. Also making the website despite neither of us having experience with Flask (or web dev in general).

What we learned

Multiple different steganographic and encryption techniques. Flask. Web dev. Basically everything we did.

What's next for Stegosaurus

Stegosaurus becomes extremely slow when processing images 2 MP or larger, so some speed and efficiency improvements would definitely be welcome. Some code cleanup wouldn't hurt either.

Built With

• flask
• html
• javascript
• json
• python
• steganography