Pixelcryption

Steganography is the technique of hiding messages within plain sight. The message is usually encrypted within something oridnary to avoid detection, and is decoded by the reciever with a special set of instructions. The messages itself are usually codified for an additional layer of security. An example of steganography is the use of invisible ink, which is used to write messages on a piece paper which is then overlayed with a standard innocuous message in real ink. Upon exposure to heat, the hidden message is revealed. The invisible ink wouldn't be noticeable to someone who opens the letter without knowing of the existence of the hidden message or the instructions of how to access it.

I didn't have to look to far to think of a context to design a steganograph technique for. According to the UK based research firm Comparitech, India ranks third on a list of surveillance states, closely following Russia and China. Not that a UK based firm needed to make me aware of this. The Indian government is applying finishing touches to a National Social Registry of all its citizens, created partly with the help of the Aadhaar identification system. This will help the government track every movement and event of its citizens. The BJP led Modi government is also pushing forward with its plans to implement a National Registry of Citizens, in a reported attempt to identify illegal citizens. However, initial signs show that the government is using this data to target ethnic and religious minorities. The Act was passed under heavy protest, with the Delhi Police employing various surveillance measures to frame protestors with false evidence.

This government has also passed the Unlawful Activities Prevention Act (UAPA), with allows for the arrest of anyone on mere suspicion, and without any proof or evidence. This law has been used with impunity on the leaders of the protest against the Citizenship Amendment Act and on other political opponents. India currently has no data protection laws in place, and there isn't a data protection authority in place. The government has also been accussed of using an Israeli software called Pegasus to illegaly obtain Whatsapp chats from Indian citizens. Although this claim has been denied, they are working with Whatsapp to track certain messages. A Social Media Communication Hub (SMCH) is being set up to collect and analyse content of social media profiles. There are concerns that the purpose of the SMCH is to "create a technology platform to collect digital media chatter from all core Social Media Platforms as well as digital platforms."

In an ongoing investigation of the death of Sushant Singh Rajput, Whatsapp chat histories were obtained by the Narcotics Control Bureau by simply cloning the mobile phones of those involved, bypassing Whatsapp's end-to-end encryption. These transcripts were then used to charge implicate certain individuals for the use of marijuana, in what was mostly a media led trial, supported by the BJP led government in an effort to draw attention away from the poor response to the COVID-19 pandemic and high rates of unemployment.

There's good reason to believe that the Indian government has systems and frameworks in place to not only track and collect communications and digital media shared by it's citizens, but to also punish those it percieves to be opponents.

There is a need for a secure, yet easily accessibly steganographic system which can leverage existing networks to communicate and share information without detection from the government.

The Medium

Whatsapp is the most widely used messaging app in India, with about 400 million users as of 2019. Everyone with a smartphone will usually use Whatsapp as their main platform of communication. A popular method of keeping in touch with each other and larger groups is with the help of 'Good Morning messages.' These are in the form of both images and text. The images usually contain a cheery message with colourful visuals of flowers, babies, mountains, and lakes. These messages are sent so frequently that they are often the cause of many phones filling up their memory. On the eve of 2018, users in India sent about 20 billion messages, causing slowdowns and server outages.

Although usually innocuous, some messages contain xenophobic, casteist, and sexist content. These images are forwarded hundreds of times, causing them to be shared exponentially. Some of these Whatsapp forwards and messages have incited mob lynchings which have led to deaths of several innocent people. To combat the spread of misinformation, Whatsapp has imposed limits on the number of message forwards.

In an effort to subvert the medium of good morning messages on Whatsapp, the Instagram account @sodonechilling (now defunct) collects and creates good morning messages with positive and socially aware messaging, using the same aesthetic and visual look. People often don't read or scrutinise the content of the images they share and forward, which makes this medium a great way to share positive messaging.

I was keen to use a system of steganography which would use popular mediums and communication channels, but would escape detection even from those looking to find any kind of evidence. Using good morning images through Whatsapp is a great way to smuggle messages through, since the rate at which images are created and shared would make it near impossible to track down. I forsee this system being used to communicate and broadcast sensitive or incriminating information without the detection of the government.

Steganography

Hiding messages within the source code of image files is a commonly used technique, and as such would be detected with easily accessible software and decryption algorithms. This method involves editing the bits of an image to encrypt messages, with minimal change to the image itself.

I took a simpler approach toward this problem, and decided to use the pixels themselves as a way to encode messages. Each pixel has 3 channels—Red, Green, and Blue–each with a capacity of 256 (0-255) spaces. By assigning the value of each space, or a combination of spaces to a particular character, data can be stored. Although this will lead to a change in colour of the pixels of the image, the colour channels can be adjusted for each image to ensure that there are minimal changes in the visual. Most images shared on Whatsapp are usually of poor quality, with plenty of artefacts such as colour shifting and fringing. The length of the message and the complexity of encryption can also be adjusted to ensure that the changes made are minimal.

The pixels on the outer edges of the image are usually not as prominently seen, and are ideal spaces to edit pixels and encrypt information. Additional layers of encryption can also be added by using multiple channels to encrypt characters, which can be further encrypted to hide the real message.

The encryption and decryption process is very simple. Upload the image, type in your message, and hit encrypt button to download. Similarly, to decrypt, upload the image and hit decrypt button to see the message. The length of the message and the contents of the cipher can be adjusted within the code, and potentially be shared as a key to decrypt the base message, which itself can be further encrypted for increased security.

Try it out for yourself! Use this example image to encode and decode your messages.

Design Process

I initially explored ideas of both visual and aural steganography, before settling on the visual approach. Using pixel based encoding seemed like an ideal solution, especially since the encoding is not mathematical, and there is plenty of scope for changing the variables and creating highly secure encryption systems. This is also uses the artefacts created by the compression used by Whatsapp to hide the deformities of the pixels based encryption.

Before I wrote a single line of code, I started laying out the different functions or blocks of code, which would be needed at different steps of the process, such as Image Upload, Pixel Processing, Coding and Decoding Engines and Image Download.

Once I had figured out an outline of the code, I started writing out the different blocks. I wasn't quite sure of how the different blocks would interact with each other, and so I first used global variables so that the different functions could speak to each other. The Image Upload and Image Download blocks were easy to figure out, but it was the pixel manipulation which was difficult to crack. I first attempted to use the pixels[] method, but that seemed a little complicated. I ended up using the get() method, which was far easier to use, and worked perfectly, even though it's not as efficient as pixels[].

Using a for() loop, I located the first row of pixels, and stored their value in a local array. Currently, the function only captures 160 pixels on the top right of the image, but theoretically, the entire rows of the image can be used. The value of these pixels were transferred to the encryption and decryption engines, which were two separate functions to either encrypt a message or decrypt an image.

Both these engines needed a cipher which would be the key needed for both encryption and decryption. Initially I used a long list of if and else if loops to assign values to each character which ended up taking 150 lines of code (see here). Later I switched to using the charAt() function, which was also being used to break down the message to be encrypted into individual letters. This reduced the length of the cipher function to just a single line of code, and could potentially be used as a custom key to be input by the user.

To keep the sketch running smoothly, and to trigger functions only when needed, I removed the draw() function, and used a series of callbacks. This not only led to a much cleaner and intuitive interface, but also allowed the code to run much quicker. I used a few hacks such as drawing rect() to overwrite text where needed, and changed the colour of the input text to hide certain unwanted elements. I added little indication lights and helpful text prompts where needed to help the user with the encryption and decryption process.

Reflections

This form of steganography is defined by the context and the people who will most likely use it. Good morning messages shared via Whatsapp is a medium unto itself, and a channel that can be used for covert communications. It is troubling that such a system would ever have to be used, but given the current circumstances, there is a need for such systems especially when digital privacy is non-existent. India is in a crisis, and being governed by a ruling party with xenophobic, casteist and patriarchal values, which will go to great lengths to stop any kind of opposition against it. When faced with an ethically corrupt Supreme Court, dubious parlimentary practices, widespread censorship and unchecked police brutality, Indian citizens will have to get smarter in their methods to rally and organise dissent.

Using existing mediums such as Whatsapp is a great way to spread awareness and work collectively to undo the damage done. We will have to evade the personal armies of those in power, and continue to fight day after day. It certainly helps if the technology and the mediums are used are the ones we are familiar with, all while employing methods to avoid detection.

References

• https://scroll.in/article/956586/the-government-has-stopped-even-trying-to-justify-mass-surveillance-as-necessary-for-the-public-good
• https://www.thehindu.com/news/national/what-are-the-surveillance-laws-in-india/article29993602.ece
• https://feminisminindia.com/2020/03/23/surveillance-state-data-safe-india/
• https://www.financialexpress.com/india-news/does-government-want-to-tap-whatsapp-messages-create-a-surveillance-state-asks-supreme-court/1243924/
• https://thewire.in/media/cab-bjp-whatsapp-groups-muslims
• https://www.newslaundry.com/2020/10/03/how-do-you-solve-a-problem-like-navika-for-starters-protect-your-chats